Thursday, December 2, 2010

SharePoint 2010 October Cumulative Updates Re-Released

Microsoft have re-released the SharePoint 2010 October Cumulative Updates after fixing the issues I discussesd in my previous post (http://imperfectit.blogspot.com/2010/11/dont-install-sharepoint-2010-october.html).

You can get the updated bits here:

http://support.microsoft.com/kb/2449183

Cross your fingers and deploy! If you have problems, we'd love to hear about them.

If you want to see all updates available for the SharePoint suite, the following is a good place to start: http://technet.microsoft.com/en-us/office/ee748587.aspx

Friday, November 12, 2010

Don't Install the SharePoint 2010 October Cumulative Update!!!

****Update: December, 2010**** The October update issues have been addressed. See http://imperfectit.blogspot.com/2010/12/sharepoint-2010-october-cumulative.html

Just when we were thinking how it had been ages since a Microsoft update had broken our servers there are widespread reports of the October cumulative update wreaking havoc (User Profile Application in particular). Read the following from the SharePoint Team Blog to learn more:

http://blogs.msdn.com/b/sharepoint/archive/2010/11/06/details-and-workaround.aspx

We recommend installing http://support.microsoft.com/kb/2266423 followed by http://support.microsoft.com/kb/2352342 for now. As always, be sure to apply regular server OS security updates through Windows Update.

Thursday, September 23, 2010

SharePoint 2010 Network Load Balancing

In an effort to make my web front end severs a little more redundant, I introduced Windows Server 2008 R2 Network Load Balancing to my environment. After configuring the environment as per Microsoft documentation, I was not able to connect to the virtual IP I'd setup for my test site collection. After banging my head against the wall and rebuilding the servers a couple of times, I opened a ticket with Microsoft.


It turns out that you can't use NLB in the recommended unicast configuration if your cluster nodes are on two separate VMWare ESX hosts as per this article: http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1556&sliceId=1&docTypeID=DT_KB_1_1&dialogID=26310418&stateId=0 0 26304946


To learn more about the potential problems you might encouter if you use Cisco switches, have a look at the following:


http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml


And from Microsoft:


http://technet.microsoft.com/en-us/library/cc781305(WS.10).aspx

In the end, I reconfigured the NLB nodes to use Multicast mode and then utilized the Cisco documentation to create a static entry for the MAC of the NLB cluster virtual IP at the local gateway.


Tuesday, September 21, 2010

DocAve Version 5 for SharePoint 2010

Up until recently I've been running my backups using the built in backup and recover tool and Powershell (see http://imperfectit.blogspot.com/2010/03/automate-sharepoint-2010-farm-backups.html), but my environment has started to grow and become more complex. That, and it's larger than the recommended 150 GB limit "suggested" by Microsoft. As a result I had to find a more robust data protection solution. After much testing I went with AvePoint's DocAve v5.

DocAve Backup and Recovery for SharePoint 2010 offers two types of backup and recovery: Granular and Platform


Granular Content and Data Protection

• Supports SharePoint 2010, Microsoft Office SharePoint Server (MOSS) 2007 and Windows SharePoint Services 3.0 environments (via DocAve v5), and SharePoint Portal Server 2003 and Windows SharePoint Services 2.0 (via DocAve 4.5). Support for SharePoint 2001 is available – please contact an AvePoint representative).

• Full fidelity backup and restore of all lists, libraries and items (including Events, Links, Tasks, Contacts, Announcements, Discussion Boards, Surveys, Issues, Custom Lists, Areas, Sub Areas, Portal Links, Workflow Definitions, Layout Templates, and Site Definitions, along with access permissions, metadata and version histories)

• Backs up and restores SharePoint workflow definitions

• Full fidelity item-level restore from DocAve, SQL native backups created by T-SQL script or a maintenance plan, DPM, IBM-TSM, HP Data Protector, as well as third-party embedded SQL backup engines, including HyperBac and LiteSpeed Engine

• Granular, item-level restore with sliding timeline view, along with full text keyword search and identification criteria mask search

• Restore content to different SharePoint instances or locations, including file systems and networked file shares with DocAve's "out-of-place restore" functionality

• Manual and Automated Data Pruning feature helps manage historic SharePoint backup data and improve access speed to more recent backups

• Data Coalescing feature allows collapsing incremental backups into one backup data set for easy retrieval.

• Item-level "out-of-place restore" for complete hardware failure

• Fast granular backup speeds, up to 60GB/hour

Comprehensive Platform Protection

• Backup and recover entire SharePoint farms or selective components including all servers and back-end SQL databases with all configurations, Index/Job servers, as well as front-end IIS settings and file system resources

• Quickly and selectively restore individual or a combination of farm components (content databases, web applications, SSP, etc.)

• Safeguard front-end web server resources (IIS settings, Template files, user selected resources, local file systems, etc.)

• Backup InfoPath form templates, Project Server content and Site Definitions

• Support for SharePoint Features

• Up-to-the-minute restore using SQL logs restoration

• Leverages Volume Shadow Copy Service (VSS) to ensure consistent point-in-time backups

• Fast platform backup speeds, up to 100 GB/hour

• Efficient data streaming via open standards, including VDI and VSS without staging location requirements

If you've worked with this product or others, I'd be interested to hear your opinions.

Thanks!

SharePoint 2010 Anitvirus Exclusions

I recently updated the local antivirus on my SharePoint 2010 server and noticed users were getting "access denied" errors when trying to upload documents. Turns out I had forgotten to update the folders my antivirus solution should ignore.

A quick search turned up this: http://support.microsoft.com/kb/952167

Basically go to the drive you installed SharePoint 2010 on (D: drive in my case) and exclude the following:

Drive:\Program Files\Microsoft Office Servers\14.0\Data
Drive:\Program Files\Microsoft Office Servers\14.0\Logs
Drive:\Program Files\Microsoft Office Servers\14.0\Bin

The above folders handle indexing for your farm.

Tuesday, June 22, 2010

SharePoint 2010 Granular Backup and Restore - Recovering Data from an Unattached Content Database

he built-in backup tool in SharePoint 2010 accommodates backing up the following:

• Back up a farm
• Back up a farm configuration
• Copy configuration settings from one farm to another
• Back up a Web application
• Back up a service application
• Back up search
• Back up the Secure Store service
• Back up a content database
• Back up databases to snapshots
• Back up customizations
• Back up a site collection
• Export a site, list, or document library
• Back up or archive logs

See here for more detail: http://technet.microsoft.com/en-us/library/ee428315.aspx

Sounds pretty good right? What if you have a user who deleted a list, library or even an individual document? If it's not sitting in the recycle bin for the site collection, then what?

The answer is a new feature called granular restore which gives you one more option to use before you have to go to an expensive third party backup and restore solution. The only catch is that you have to have a SQL backup of the content database in question that you can mount in SQL using SQL Management Studio. To be safe, I use the built-in SharePoint 2010 backup tool to run farm backups (How to Automate SharePoint 2010 Farm Backups), but I also do regular SQL backups. In the event of some type of disaster, I've given myself a few options for doing a restore.

Step 1

In SQL highlight the content database you want to restore, right-click it and select Tasks - Restore -Database. In the "To Database" field, type a name for the new database (ex: DatabaseName_restore). Specify the point in time you want to do the restore from.

Step 2

Go into Central Admin on the SharePoint server and select Backup and Restore - Recover data from an unattached content database. Specify the SQL server and database name you created above during the restore. Select Browse Content and hit next.


Step 3

Select the site collection, site, and list or library you want to restore. Specify that you want to export the selected content, and specify a location for the file. I find the best way to locate the library, list, etc that I want to restore is to use the Search field that's presented to you.
When you hit Next, you'll be prompted for the location you want to export the site to. I just use a local folder. Next, hit Start Export.
Step 4

Now that you exported the data from the restored database, you can import the data into the production site to restore the missing list, library, document, etc.

Open SharePoint PowerShell while logged in as Farm Admin and run the Import-SPWeb command to specify the identity of the web you're working with, and the path to the restore file you created above:

Note that you specify the root web, and it will restore the data you specified when you browsed the restored database to its original location. To learn more about what options are available when importing data visit http://technet.microsoft.com/en-us/library/ff607613.aspx.

Wednesday, June 16, 2010

New Look for Imperfect IT!!!

I recently changed the template used for my blog. Let me know what you think of the look and the layout. I found the old layout was a little cramped.

Regards

Wednesday, June 9, 2010

SharePoint Manager 2010

Although SharePoint 2010 offers the Central Administration Site and PowerShell as methods to expose current settings in your SharePoint environment, they can often be a little clunky to work with.

If you've never seen it, you're going to love SharePoint Manager 2010. It's a free download from codeplex. As the description for the tool states, "SharePoint Manager 2010 is a SharePoint object model explorer. It enables you to browse every site on the local farm and view every property. It also enables you to change the properties".

To get your very own copy for free, simply visit http://spm.codeplex.com/.

I first stumbled on this tool when I was going through application event logs on my SharePoint 2010 server and couldn't figure out what site certain errors were referring to. As many of you know event logs simply use the ID of a site (ex: 0a90494e-c226-4067-9762-7d75f952c803). A simple Google search for linking ID's to names turned up SPM 2010. Now I can simply drill down to my Site Collections with the tool and it's easy to see:

The tool is also very handy for finding all your application pool and IIS settings, not to mention having a look at what's in a sites recycle bin. You can also look at quota settings, as well as what features or services are deployed. Curious to know who has permissions on a site or what lists are in a site? Just drill down and the information is there!

Some additional points:
  • The application has to be installed on the SharePoint Server you want to work with.
  • You have to be logged in as a SharePoint administrator.
  • The tool has multilingual support. 
  • It uses the SharePoint object model and doesn't access SQL directly.
  • It was architected and designed by Carsten Keutman - http://www.keutmann.dk/. Thanks Carsten!
Download it today and let me know what you think. If you know of any other tools other admins might be interested in, pleas let me know.

Tuesday, June 1, 2010

SharePoint 2010 Farm Backup Fails

I was successfully running backups of my SharePoint 2010 server for a few weeks, then all of a sudden I noticed they weren't finishing properly. They'd run through most of the backup process, then stall trying to backup the Search Service Application. When I looked at the backup log file it showed the following:

I also noticed the following event log error (Event ID: 67, Source: SharePoint Server Search) :



















After some investigation, I realized I had deleted my original Search Application and created a new one, but for some reason the old object still existed in SQL.

I tried a few methods to delete the old object, but nothing was working. When I manually tried to delete it through Central Admin it would pop up a screen saying it was processing, but it never did anything. A Google search turned up the following article: http://prequest01.wordpress.com/2008/08/16/unable-to-delete-shared-services/

I used the following stsadm command:

Stsadm -o deleteconfigurationobject -id “object GUID

To find the object GUID, simply go into Central Admin - Manage Service Applications and highlight the offending legacy service application (Search Service Application in my case). You should now be able to see the GUID in the IE address bar. Run the command above, and try your backups again and all should be well.

You can also run the following command from the SharePoint PowerShell: Get-SPServiceApplication

If your backups are still failing, you can always increase the logging level to get more details about the Backup and Restore Process in the Diagnostics Logging Settings, from Errors only to Verbose. This will help troubleshooting. Once you find out the exact issue, you can bring logging back to default levels to reduce I/O and storage required for this extra activity.



Wednesday, May 12, 2010

List All SharePoint 2010 Databases

If you're like me you've setup numerous SharePoint 2010 test boxes in order to get comfortable with all the great new features. Because I'm running in a test environment I hadn't been paying too much attention to the SQL server I was using. Yesterday I logged in and found a staggering number of similarly named databases which were no longer being used because the test boxes were done.

So how do you figure out which databases are which? There's a great SharePoint Powershell cmdlet you can run on your SharePoint server that will give you a list of all the databases your server is using:

Get-SPDatabase | Sort-Object disksizerequired -desc | Format-Table Name

When you run the command, you'll get a list of all the databases similar to the following:

Now that you have your list, log into SQL Server Management Studio and delete the corresponding databases:

Get-SPDatabase | Sort-Object disksizerequired -desc | Format-Table Name | out-file c:\databases.txt

You can also see how big the databases are by running the following:

Get-SPDatabase | Sort-Object disksizerequired -desc Format-Table Name, @{Label ="Size in MB"; Expression = {$_.disksizerequired/1024/1024}}



Tuesday, May 11, 2010

Installing the RTM Version of Microsoft Office Web Apps 2010 (OWA)

I recently had a request from my users to test Office Web Apps in our new SharePoint 2010 RTM environment. This feature comes in very handy if you have a number of users who don’t have Microsoft Office 2010 installed on their client computers yet. Most of my users are running legacy versions of Office.

For my test environment, we set apps to open in the client by default (not the browser) so we don't break existing document links in the site collections. You can achieve this by following this procedure.

1. Go to Central Administration and select Site Actions - Site Settings – Site Collection Administration and click on Site Collection Features.

2. Activate the Open Documents in Client Applications by Default feature.

Run the OWA setup

1. Run setup.exe from the root of the OWA installation source, and input your product key.

2. Accept the license agreement and specify an install path and hit Install Now.




When the install finishes, you’ll be prompted to open the Configuration Wizard. Click Next when the Wizard opens and answer yes to the service re-start warning. Let the configuration finish and perform the following steps:

Start the service instances

A service instance provides the physical location for a service application. For each server that you want to run the Office Web Apps service applications; you must start the service instances. You can start the service instances by using SharePoint Central Administration or by using Windows PowerShell.

Procedures in this task will start the service instances on those servers specified. This task must be completed after you have run WCSetup and PSConfig on each server in the farm.

To start the service instances by using Central Administration

1. Click Start, point to All Programs, Microsoft SharePoint 2010 Products, and then SharePoint 2010 Central Administration.

2. On the SharePoint Central Administration home page, in System Settings, click Manage services on this server.

3. On the Services on server:page, in Server, select a server, and then start Excel Calculation Services, Word Viewing Service, and PowerPoint Service. Repeat this step for each server in the farm you want to run Office Web Apps services. The OneNote Web App does not use a SharePoint service.


Now to test.

Upload an Office document into a document library and select the drop down menu:


When you select "Edit in Browser", the web app version of Word will open and you're free to edit your document.


Try it out for yourself and let me know how it works for you!

Monday, April 19, 2010

Microsoft Office SharePoint Server 2007 Event ID Errors 6396 and 6482

I recently had a Microsoft Office SharePoint 2007 server start to generate the following event log errors:



I didn't really notice any issues with the SharePoint site itself, but when I tried to run a backup it would error out. Upon closer examination, I noticed that one of our admins had changed the account Office SharePoint Server Search service was using to run. Although the service was started, it wasn't using the account I'd specified when setting up the Office SharePoint Server Search service through Central Administration.

After setting the service to use the orriginal account through Central Administration - Operations - Services on Server and doing a re-boot the event log errors disappeared and my backups worked again. While looking for the cause of the error on Google, I noticed several other people had a similar issue caused by the search service account not having log on locally rights on the server.

Monday, April 12, 2010

SharePoint 2010 Server Search Vs. FAST Search Server 2010

I've been working with some of the members of our internal SharePoint 2010 team to try and determine if there's any benefit to rolling out FAST search in our new SharePoint 2010 environment. We're currently using WSS 3 and SharePoint Portal 2003 so our current search isn't great, but after a little investigation, I don't think we really have a driver to roll out FAST search. The new functionality found in basic SharePoint 2010 Search looks like it will meet our needs for now.

If you're curious to know what feeatures FAST adds to the basic out of the box SharePoint 2010 install, have a look at the following table (click on it to enlarge the image):

You can also find a lot more detail on both versions of search in their respective evaluation guides:

Basic

FAST

Finally, there's an additional cost per server to install FAST, although I'm not entirely sure what it is? If anyone has more info, I'd love to hear from you.


Wednesday, April 7, 2010

Installing Microsoft Project 2010 Beta on a Microsoft SharePoint 2010 Beta Farm

• Add the SharePoint setup account to local admin. Also needs “log on locally permissions”. Also add it to the required SQL roles http://technet.microsoft.com/en-ca/library/cc262243(office.14).aspx.


• Run SharePoint 2010 Enterprise pre-requisite install:


• Run SharePoint 2010 Enterprise setup and chose Server Farm:

Chose Complete and change the file locations if you like. I move them to the D and E drive on the server.


When Setup finishes, run the Configuration Wizard. Click Next, then Yes, then select Create a New Server Farm.

Next, enter your database and farm account information:
Next, enter your farm passphrase (make one up).

Enter a port number for your Central Admin site (I use 1111 for all my servers) and chose NTLM:





Run the setup wizard and enter service application account:

Reboot the server and login with the SharePoint farm admin account.

Run the Project 2010 install (Run As Administrator), and select Install Project Server. The pre-requisites were installed when SharePoint was installed.

Enter your product key, accept the license, and hit Install Now.

When it finishes, run the SharePoint Configuration Wizard.

Hit Next, then Yes to the warning:


Next


To refresh installed products on the farm

Click Start, click All Programs, click Microsoft SharePoint 2010 Products, and then right-click SharePoint 2010 Management Shell and click Run as administrator.

At the Windows PowerShell command prompt (that is, PS C:\>), type:

Set-SPFarmConfig –InstalledProductsRefresh

Press ENTER.

Close the Windows PowerShell window.

To start the Project Application Service

On the SharePoint Central Administration home page, in the System Settings section, click Manage services on server.

On the Services on Server page, select the server where you want to run the Project Application Service from the Server drop-down list.

On the Service list, click Start next to Project Application Service.

To start the PerformancePoint Service

On the Central Administration home page, in the System Settings section, click Manage services on server.

On the Services on Server page, select the server where you want to run the PerformancePoint Service from the Server drop-down list.

On the Service list, click Start next to PerformancePoint Service.

Once you have started the Project Server and PerformancePoint services on the desired computers in the farm, you must create a service application for each service.

To create a Project Server service application

On the Central Administration home page, in the Application Management section, click Manage service applications.

On the Manage Service Applications page, on the ribbon, click New, and then click Project Server Service Application.

On the Create Project Web App service application page:

Type a name for the service application in the Project Web App service application name box.

In the Application Pool section, choose an existing application pool or type the name of the application pool you want to create in the Application pool name box.

Select the Configurable option, and choose the managed account you want to use to run the application pool.


Click OK.

To create a PerformancePoint service application

On the Central Administration home page, in the Application Management section, click Manage service applications.

On the Manage Service Applications page, on the ribbon, click New, and then click PerformancePoint Service Application.

On the New PerformancePoint Service Application page:

Type a name for the service application in the Name box.

Select the Add this service application’s proxy to the farm’s default proxy list check box.

In the Application Pool area, choose an existing application pool or type the name of the application pool that you want to create in the Application pool name box.

Select the Configurable button, and choose the managed account that you want to use to run the application pool.

Click Create.

When the service application has been successfully created, click OK.
The next step is to create a top-level Web site if one does not yet exist, and give users read permission to that site. If there is not yet a top level Web site, create one using the following procedure.

To create a top-level Web site

In Central Administration, in the Application Management section, click Create site collections.

Choose a Web application from the Web Application drop-down menu.

Note:

If no Web application is available, you will need to create one. For more information, see Create a Web application (SharePoint Server 2010).


Type a title for the site collection in the Title box.

In the Template Selection section, choose a template for the site.

Note:

Project Server 2010 does not require a specific template. You can choose one appropriate for your organization.

In the Primary Site Collection Administrator section, type the name of the account you want to use for the site administrator.

Click OK.

To set Read permissions on the top-level Web site

Navigate to the root site (that is, Error! Hyperlink reference not valid.>).

Click Site Actions.

Click Site Permissions.

Click Grant Permissions.

In the Users/Groups box, type NT AUTHORITY\Authenticated Users.

Under Give Permission, select Visitors [Read].

Click OK.

The next step is to create a Project Web App site. Go to the next article, Create a PWA site (Project Server 2010).

Create a PWA site

The Project Web App site requires a Web application to host it. You can use an existing Web application or create a new one for PWA. For more information about creating a Web application, see Create a Web application (SharePoint Server 2010).

Important:

Due to a Project Server Beta issue, you must run the psconfig command before creating the first PWA site. Use the following procedure to run the psconfig command. You do not need to rerun this command for additional PWA sites on the same farm.

To run psconfig

Open a Command Prompt window as an Administrator.

Navigate to \program files\common files\Microsoft shared\Web server extensions\14\bin.

Run the following command:

psconfig -cmd upgrade -inplace b2b


Create a PWA site

The Project Web App site requires a Web application to host it. You can use an existing Web application or create a new one for PWA. For more information about creating a Web application, see Create a Web application (SharePoint Server 2010).

Important:

Due to a Project Server Beta issue, you must run the psconfig command before creating the first PWA site. Use the following procedure to run the psconfig command. You do not need to rerun this command for additional PWA sites on the same farm.

To run psconfig

Open a Command Prompt window as an Administrator.

Navigate to \program files\common files\Microsoft shared\Web server extensions\14\bin.

Run the following command:

psconfig -cmd upgrade -inplace b2b

To create a PWA site

In SharePoint Central Administration, in the Application Management section, click Manage service applications.

On the Manage Service Applications page, click the Project Server Service Application.

On the Manage Project Web Access Sites page, click Create Project Web Access Site.

Complete the Create Project Web Access Site page as designated in the table below:

Option Description

SharePoint Web Application to Host Project Web App - The Web application for the PWA site.

Project Web App path - The path from the root site for this PWA site.

Select a language - The user interface language for this PWA site.

Use Project Web App path as host header - Use this option if you want to host PWA on a root URL (for example, https://www.contoso.com).

Administrator Account - The user account that will be added to the Project Server Administrators security group in this instance of PWA.

Primary database server - The instance of SQL Server where you want to host the Project Server databases. If your database administrator has already created Project Web App databases, specify the names of those databases below. If the databases were not previously created, they will be created automatically.

Published database name - The name of the Project Server Published database for this instance of PWA.

Draft database name - The name of the Project Server Draft database for this instance of PWA.

Archive database name - The name of the Project Server Archive database for this instance of PWA.

Reporting database server - The name of the Project Server Reporting database for this instance of PWA.

Use primary database server - Select the check box to deploy the Reporting database to the primary database server specified above. Clear the check box to deploy the Reporting database to a different database server, and specify the instance of SQL Server that you want to use in the Reporting database name box.

Reporting database name - The instance of SQL Server where you want to deploy the Reporting database (if different from the primary database server).

Quota for SharePoint content in this site - The maximum site storage, in megabytes, for the PWA site.

Quota Warning for SharePoint content in this site - The site storage level, in megabytes, at which a warning e-mail message will be sent to the site administrator.

Click OK.

Project Server will start the PWA site creation process. This may take some time. When the site creation process is completed, the status shown on the PWA site list is Provisioned.
The URL can now be used to connect Internet Explorer, Microsoft Project Professional 2010, and custom-code–based clients to PWA.

Wednesday, March 31, 2010

Setting Up the SharePoint 2010 User Profile Service Application to Synch AD Users –Part II

Now that we have our connection to AD configured and the user profile service application is up and running, we’re ready to do our first import of users from AD.
1. In order to perform the synchronization, you’ll need to verify you have the following permissions:

• You must be a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration Web site

• The Farm Administrator account must be a Service Administrator for the User Profile Service that you are configuring. For more information about how to set service permissions, see Assign administration of a User Profile service application (SharePoint Server 2010).

• The account that you use to synchronize profile information with Active Directory Domain Services (AD DS) must have Replicate Directory Changes permissions on the AD DS domains from which you want to import data. If the NETBIOS name is different from the domain name, the account that is used must also have Replicate Directory Changes permissions on the cn=configuration container. For more information about how to configure Replicate Directory Changes in AD DS, see How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account (http://go.microsoft.com/fwlink/?LinkId=47854). Create All Child Objects permission is needed to export properties, such as profile pictures, from SharePoint Server to AD DS.

2. On the Central Administration Web site, in the Application Management section, click Manage service applications.

3. On the Manage Service Applications page, click in the Title column of the User Profile Service Application row to select it.

4. In the Operations group of the ribbon, click Manage.

5. On the Manage Profile Service page, in the Synchronization section, click Start Profile Synchronization.

6. On the Start Profile Synchronization page, select Start Incremental Synchronization to synch only user and group profile data that has changed or select Start Full Synchronization to synchronize all user profile data.


The Start Full Synchronization option is time and resource intensive. We do not recommend it unless absolutely required to reset data that is stored in user profiles or to do an initial synchronization of user profiles.

When using AD DS, you must run full synchronization any time a new profile property mapping is created.

7. Click OK.

After the Profile Synchronization job is finished, you can search for a known profile or for accounts that begin with a known domain name from the Manage User Profiles page.

Because the import uses MIIS/FIM you can also open the miisclient.exe application from C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe to verify that the sync was successful:

Tuesday, March 30, 2010

Setting Up the SharePoint 2010 User Profile Service Application to Synch AD Users - Part I

As part of our demo environment, I’ve been working on our configuration for the user profile service application to import users from our AD so we can start using MySite’s , Profile Pages, Social Tagging, etc… Here are the steps I followed from Microsoft plus some of my own comments:


The Environment & Requirements


• SharePoint 2010 Enterprise Beta server acting as Web and App.


• SQL 2008 SP1 CU2 (separate from SP2010 server)


• AD (domain functional level 2003)


• The account you use to connect to AD must have at least Replicate Directory Changes permissions on the AD DS domain(s) from which you wish to import data and on the cn=configuration container are needed for SharePoint Server 2010. For more information about how to configure Replicate Directory Changes in AD DS, see How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account (http://go.microsoft.com/fwlink/?LinkId=47854). Create All Child Objects permission is needed to export properties, such as profile pictures, from SharePoint Server to AD DS.

For my lab environment, I'm ignoring profile pictures....for now.

•The farm is running either the Standard or Enterprise version of SharePoint Server 2010 and you have run the farm configuration wizard. Profile Synchronization does not work on a stand-alone installation for SharePoint Server 2010 Beta.


• An instance of the User Profile Service application exists and is started. For more information, see Create, edit, or delete a User Profile service application (SharePoint Server 2010).


• If you are using Microsoft SQL Server 2008, Microsoft SQL Server 2008 with Service Pack 1 (SP1) with Cumulative Update 2 (CU2) (http://go.microsoft.com/fwlink/?LinkId=165962) is required.


• The WCF hotfix (KB976462) for Windows Server 2008 R2 is installed.


• You must be a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration Web site.


• The Farm Administrator account, which is created during the SharePoint farm setup, must also be a Local Administrator on the server where the User Profile Synchronization service is deployed


• The Farm Administrator account must be a Service Administrator for the User Profile Service that you are configuring. For more information about how to set service permissions, see Assign administration of a User Profile service application (SharePoint Server 2010).


• The Service Administrator account can log on locally to the server where Profile Synchronization will be deployed.


• If you are using a Windows Server 2003 AD DS forest, the Service Administrator account must be a member of the Pre-Windows 2000 Compatible Access group for the domain with which you are synchronizing. For more information about adding accounts to the Pre-Windows 2000 Compatible Access group, see Some applications and APIs require access to authorization information on account objects (http://go.microsoft.com/fwlink/?LinkId=179420).


Start the Required Services


1. Start the User Profile Synchronization service through Central Administration


• Confirm that the user account performing this procedure is a member of the Farm Administrators SharePoint group.


• On the SharePoint Central Administration Web site, click System Settings, and then on the System Settings page, in the Servers section, click Manage services on server.


• To change the server on which you want to start or stop the service, on the Server menu, click Change Server, and then click the server name that you want.


• By default, only configurable services are displayed. To view all services, on the View menu, click All.


• To start the service, click Start in the Action column of the relevant service.


• Click OK to start or stop the service. Be sure to enter the account info for the SharePoint farm admin account.






Wait about 10 minutes and verify the both ForeFront Identity Management services start up properly in services.msc. Once they start, do an IISRESET.




Create a Profile Synchronization Connection


1. Verify that you have the following administrative credentials:


• You must be a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration Web site


• The Farm Administrator account must be a Service Administrator for the User Profile Service that you are configuring. For more information about how to set service permissions, see Assign administration of a User Profile service application (SharePoint Server 2010).


• If you are synchronizing profile information by using AD DS, the account that is used to connect to AD DS must have Replicate Directory Changes permissions in AD DS. This account must be the same as the farm administrator account or the User Profile Service administrator account and is required to do either full or incremental synchronization with AD DS. Create All Child Objects permission is needed to export properties, such as profile pictures, from SharePoint Server to AD DS.


2. Before proceeding, make sure that you have determined which directory service containers that you want synchronized with SharePoint Server. I have several test users already setup in an OU.


3. On the Central Administration Web site, in the Application Management section, click Manage service applications.


4. On the Manage Service Applications page, click the Name of the User Profile Service Application that you want to manage.


5. On the Manage Profile Service page, in the Synchronization section, click Configure Synchronization Connections.


6. On the Synchronizations Connections page, click Create New Connection.


7. On the Add new synchronization connection page, type a name for the synchronization connection in the Connection Name box.


8. From the Type list, select the kind of directory service to which you want to connect. AD in this case.


9. If the selected type is Business Data Connectivity, enter a name for the connection in the Name box. Select a Business Data Connectivity application from the Business Data Connectivity Entity box. Select whether the entity has a 1:1 mapping or a 1:many mapping, enter the appropriate profile property, and then click OK. Otherwise, continue with the following steps. - I'm ignoring this functionality for this post.

10. In the Connection Settings section, type the name of the directory service forest to which you want to connect (domain.com), the account credentials for the directory service (domain\admin), and the port that you want to use when you connect to the directory service (use the default) . Select Auto discover domain controller to automatically locate the domain controller for this forest or type the name of the domain controller in the Domain controller name box. - I don't recommend using the autodiscover. There have been other users who've reported problems, but I'll leave it up to you.


11. In the Connection Settings section, select the Use SSL-secured connection: check box, if needed, to use a Secure Socket Layer connection when you connect to the directory service.


12. In the Containers section, click Populate Containers and then select the containers from the directory service that you want to synchronize. Click Select All if you want to synchronize all containers. For example, if you only want to synchronize user information, you can select only those containers that have user profile information.



13. Click OK.


To configure Profile Synchronization settings




1. Verify that you have the following administrative credentials:


• You must be a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration Web site


• You must be a Service Administrator with Full Control permissions for the User Profile Service that you are configuring. For more information about how to set Full Control permissions, see Assign administration of a User Profile service application (SharePoint Server 2010).


• The Farm Administrator account, which is created during the SharePoint farm setup, must also be a System Administrator (sysadmin) on Microsoft SQL Server 2005 or Microsoft SQL Server 2008


• If you are synchronizing profile information with AD DS, the account that is used must have Replicate Directory Changes permissions. This account must be the same as the farm administrator account or the User Profile Service administrator account and is required to do either full or incremental synchronization with AD DS. Create All Child Objects permission is needed to export properties, such as profile pictures, from SharePoint Server to AD DS.


2. On the Central Administration Web site, in the Application Management section, click Manage service applications.


3. On the Manage Service Applications page, click the Name of the User Profile Service Application that you want to manage.


4. On the Manage Profile Service page, in the Synchronization section, click Configure Synchronization Settings.


5. On the Configure Synchronization Settings page, in the Synchronization Entities section, select Users and Groups to synchronize both user information and group information or select Users to synchronize only user information.


You should first do a full synchronization of users only. Once this is complete, run an incremental synchronization of both users and groups.


6. On the Configure Synchronization Settings page, in the Synchronize BDC Connections section, click to clear the Include existing BDC connections for synchronization? check box if you want to exclude data import from the Business Data Connectivity service. - No BDC for now.


7. On the Configure Synchronization Settings page, in the External Identity Manager section, select Use SharePoint Profile Synchronization to use the Profile Synchronization engine in SharePoint Server 2010 or select Enable External Identity Manager to use an external synchronization application such as Microsoft Identity Lifecycle Manager 2007.


Enabling an external identity manager disables all Profile Synchronization options and the status display in SharePoint Server 2010.





8. Click OK.


In Part II of this blog I'll go through the steps to do the initial synchronization and show you how to use the MIIS client to verify it's working properly.

Monday, March 29, 2010

SharePoint 2010 Architecture Drawing

I've recently been working on an architecture drawing for our SharePoint 2010 environment and I thought I'd post it here. The drawing covers all aspects of our environment from development to our internal environment (intranet) to our external facing public website. Take a look and feel free to post your comments.


Friday, March 26, 2010

Automate SharePoint 2010 Farm Backups with Powershell

***Update (01/07/2013): We recently noticed that installing KB2506143 (Windows Management Framework 3.0) breaks the ability for SharePoint Powershell to run the backup. Uninstall it and the script should start working again.***

We've had a lot of requests for more details on how to setup automated SharePoint backups with PowerShell, so we've gone ahead and created a detailed ebook which outlines the steps and permissions you need to get your backups up and running. In addition to screen shots, there are also copies of the scripts we use as well as an email notification section that will let you know if your backups failed. Simply click on the Buy Now button below and you can pay with your Paypal account or credit card. At only $9.99 USD, it's thousands cheaper than a 3rd party solution and will let you sleep a little sounder at night. If you're not satisfied, we'll gladly refund your money! For the basic steps minus some of the more advanced funtionality, see below.


I recently built several server farms for our developers to work on. In order to make sure I could restore the farms to their original condition, I setup the following automated backup process. Below is a brief outline of the steps.

1. Create a folder on a local drive of the SharePoint 2010 server called backups (E:\backups). Share that folder as "backups" and give the account you used to install SharePoint as well as the farm and SQL database accounts full access (share permissions and NTFS).

2. Create a folder in E:\backups called Scripts. Inside there you create 4 files:

backupsharepointfarm.ps1 – This script will backup your entire farm to the share you created. This script will contain the following:

Add-PsSnapin Microsoft.SharePoint.Powershell
Backup-SPFarm -Directory \\ServerName\Backups -BackupMethod full

cleanbackups.ps1 – This script will check the spbrtoc.xml file and delete backups older than 7 days so you don’t run out of disk space. You can change $days value. This script will contain the following:

# Location of spbrtoc.xml
$spbrtoc = "E:\Backups\spbrtoc.xml"

# Days of backup that will be remaining after backup cleanup.
$days = 7

# Import the Sharepoint backup report xml file
[xml]$sp = gc $spbrtoc

# Find the old backups in spbrtoc.xml
$old = $sp.SPBackupRestoreHistory.SPHistoryObject |
? { $_.SPStartTime -lt ((get-date).adddays(-$days)) }
if ($old -eq $Null) { write-host "No reports of backups older than $days days found in spbrtoc.xml.`nspbrtoc.xml isn't changed and no files are removed.`n" ; break}

# Delete the old backups from the Sharepoint backup report xml file
$old | % { $sp.SPBackupRestoreHistory.RemoveChild($_) }

# Delete the physical folders in which the old backups were located
$old | % { Remove-Item $_.SPBackupDirectory -Recurse }

# Save the new Sharepoint backup report xml file
$sp.Save($spbrtoc)
Write-host "Backup(s) entries older than $days days are removed from spbrtoc.xml and harddisc."

Backup.bat – This is a simple batch file to run the above backupsharepointfarm.ps1 script. Create a scheduled task to run it every night. The file contains the following:

powershell -command E:\Backups\Script\BackupSharePointFarm.ps1

Clean.bat – This batch file will run the script to clean out older backup files (cleanbackup.ps1). The file contains the following:

powershell -command E:\Backups\Script\cleanbackups.ps1

3. Create a scheduled task that will run both of the .bat files you created and set them to run at night when no one’s around. You have to make sure the scheduled tasks are set to run with the SharePoint farm account. After a full week you’ll have a directory with 7 days worth of backups similar to the following:







Note: In order to run PowerShell commands on your server, you need to open powershell and execute the following command: Set-ExecutionPolicy Unrestricted

There are several factors involved in running a successful scripted backup which are covered by Todd Klindt in the following Microsoft SharePoint forum thread: http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/f755e7c1-bd0a-4c00-9be6-bbca83cf666b/.

1.Your Central Admin app pool account must have read/write access to the location of the backups.

2.Your SQL Service account must have read/write access to the location of the backups.

3.If you're running a farm backup from STSADM or Windows PowerShell, the account you're running it as must have read/write access to the location of the backups

4.The location must be accessible from the SharePoint machine the backup is running on.

5.The location must be accessible from the SQL instance that SharePoint is trying to back up.

6.This is why all the examples are UNCs, \\server\share, and not local paths, C:\backups

That’s about it. Give it a try and let me know if you have any problems. The file and share permissions are critical!