harbar.net component based software & platform hygiene
SharePoint 2013

SharePoint 2013

Azure AD & SharePoint (On-Premises) update following SPS Lisbon and ESPC

Here’s a quick update on the issue that occurred during my recent Azure AD and SharePoint sessions at SharePoint Saturday Lisbon and ESPC. For those interested, once I had configured the AAD Enterprise Application and created a Trusted Identity Provider in SharePoint to use it – and attempted a (seemingly successful) login via AAD the glorious Yellow Page of Death was returned by the SharePoint Web Application. It was, perhaps obviously, a basic error – albeit one that is not *that* obvious, especially when you are brutalised by a head cold and a very dodgy furry podium!...

Adding the SharePoint “stubs” to your VS Code PowerShell profile

[update] if you use OneDrive to store your Documents – the default on a new install of Windows 10 - you must ensure the WindowsPowerShell folder exists and is set to be “always on this device”. Ahh, SharePoint. Ahh, SnapIns. Yeah. 2009 faxed and before the ink faded, told us the old crap is hanging around like a bad hangover. I hate SnapIns more than most, but that’s a story for another day. For the time being we are stuck with them when working with our “built from the cloud up” versions of SharePoint Server. One of...

RPC Server Unavailable when creating a SharePoint Farm… the curse of dodgy legacy NetDOM!

Every so often a real blast from the past comes back to haunt me. Usually it’s some obscure “infrastructure” gubbins – you know, the sort of thing that 80% of so called IT Pros knew in 1999. These days thou. Not so much. With SharePoint in particular there is a whole boat load of legacy. Not that legacy is bad. Lot’s of it is awesome. That’s why the product remains so successful. On the other hand some of it is real, real, real nasty!  :) It always seems to come in waves. Over the last two weeks...

Welcome to our family!

The building block of every community is a family. Welcome to our family. See you in Mainz! Your browser does not support the video tag.

Resolving Catastrophic Distributed Cache Failures on VMWare vSphere or ESX guest virtual machines

Ahh, Distributed Cache, everybody’s favourite SharePoint service instance, the most reliable and trouble-free implementation since User Profile Synchronization. I jest of course, it’s the most temperamental element of the current shipping release, not to mention the most ridiculous false dependency ever introduced into the product and should be killed as soon as possible. However, it is extremely important to a SharePoint Farm in terms of both functionality and ensuring maximum performance. Even in simple deployments the impact of the Search and LogonToken related caches can provide ~20% performance and throughput improvements. But what to do when it’s busted? Once...

Using PowerShell to import Profile Photos when using Active Directory Import and SharePoint Server 2013/2016/2019

One of the most common requests I have received over the last couple years has been how to leverage PowerShell to get User Photos from Active Directory (or any other location really) into the SharePoint User Profile Store. With the removal of User Profile Synchronization (UPS) in SharePoint 2016 this need has increased significantly. For most mid market customers this is a key requirement, and implementing Microsoft Identity Manager (MIM) for this purpose is not practical. I did spend a whole bunch of time before the release of SharePoint 2016 attempting to convince the powers that be, that Active...

User Profile Photo Import from thumbnailPhoto using MIM and the SharePoint Connector

When leveraging Microsoft Identity Manager (MIM) and the SharePoint Connector for User Profile Synchronization, some customers have a requirement to import profile pictures from the thumbnailPhoto attribute in Active Directory. This post details the correct way of dealing with this scenario, whilst retaining the principle of least privilege. The configuration that follows is appropriate for all of the following deployments: SharePoint 2016, MIM 2016, and the MIM 2016 SharePoint Connector SharePoint 2013, MIM 2016, and the MIM 2016 SharePoint Connector SharePoint 2013, FIM 2010 R2 SP1 and...

Enabling multiple OUs and avoiding credential touch up with the MIMSync “toolset” for SharePoint Server 2016

As many of you are aware there is a “toolset” published on GitHub which provides one way to get up and running using Microsoft Identity Manager 2016 (MIM) for profile synchronization with Active Directory. This Windows PowerShell Module and exported MA configurations basically provisions a base capability more or less akin to what shipped with SharePoint 2013’s User Profile Synchronization capability. I’m not much of a fan of this Module or it’s approach. Seriously, if a customer is going down the road of implementing MIM they better be sure they have the right skills in place – and right...

Distributed Cache Service Identity: Turning the Playbook into real Tools

A couple of weeks ago I posted about the Playbook Imperative and Changing the Distributed Cache Service Identity, which generated a lot of interest and feedback regarding the “tooling approach” presented. The original intention of the post was to articulate the importance of understanding the playbook when performing operational service management of SharePoint farms. I had never intended to show “how to do it” in terms of creating tooling in Windows PowerShell. The PowerShell examples were created purely to demonstrate the playbook and were deliberately done in a way that meant the focus was on the tasks being performed rather...

The Playbook Imperative and Changing the Distributed Cache Service Identity

Introduction One of the most common challenges facing those operating production SharePoint environments is the “missing playbook”. Even for deployments where operational service management (OSM) skills are strong it is impossible to deliver quality operational service without the playbook. It’s generally pretty uncommon for practitioners to factor OSM considerations into the design, or at least to do it well. Indeed, in many cases it is also impossible to do so completely as so much about the environment will not be known or understood prior to broad platform adoption. Whilst the playbook is imperative for any system, there is...

Configuring Kerberos Constrained Delegation with Protocol Transition and the Claims to Windows Token Service using Windows PowerShell

Recently I’ve done a few pieces of work with SharePoint 2013 Business Intelligence and I have also delivered the “legendary”* Kerberos and Claims to Windows Service talk a few times this year. This reminded me to post my Windows PowerShell snippets for the required Active Directory configuration. This topic area is perhaps one of the most misunderstood areas of SharePoint Server, and there is an utterly staggering amount of misinformation, out of date information, single server documentation and good old fashioned 100% bullshit out there. That’s a surprise with SharePoint stuff, huh? Every guide or document out there...

Insight to what’s going on, information keeps us strong

…what you don’t know can hurt you bad, take it from me you’ll be walkin’ around sad. Great tune, but Terry Lewis’ bass can’t help you or your customers when Office 365 hits the skids. Most of you will now be familiar with the common valid arguments against “cloud” services such as Office 365, particularly those from the enterprise. However one of the common invalid arguments is around service availability and reliability. I can’t count the number of times I have had this conversation with customers over the last two years or so. In almost all cases it’s a...

Updated ULS Viewer

If you haven’t already grabbed it, just a quick note to let you know that Microsoft put an update of the ULS Viewer tool out recently. For quite a while the tool had been removed from code.msdn.microsoft.com and those who had “lost” a copy had to resort to annoying others to get it. ULS Viewer, as I’ve written previously is an essential tool for working with SharePoint.  The new version has a number of tweaks including viewing across a farm, rather than manually having to configure that up. Go get it! ULS Viewer download Bill’s post...

Support for SQL Server Always On Async Replication with SharePoint 2013

One of the most significant “IT Pro” or infrastructure related announcements at the recent SharePoint Conference in Las Vegas was related to a change in supportability for using SQL Server Always On for SharePoint databases, and in particular the use of Asynchronous replication in Business Continuity Management (BCM) scenarios. This is a HUGE deal. Of course, it’s not sexy, it doesn’t directly provide SharePoint IT Pros with a new tool in their belt, and it doesn’t expand deployment scenarios like the announcement relating to 1TB site collections in Office 365. However it is perhaps the single most important piece...

Online Workshop: SharePoint Advanced Infrastructure: Distributed Cache

Audience: SharePoint Administrators, Infrastructure Architects and Support Professionals. The esteemed Microsoft Certified Master certification is no longer obtainable... but you can still get master-class mentoring through our collection of Advanced Workshops. Delivered by one of the world's foremost SharePoint authorities, this workshop is a rare opportunity to learn from a recognised master in the field. This module provides 360 coverage of Distributed Cache, the new foundational and pre-requisite service instance in SharePoint 2013 which is an implementation of Windows Server AppFabric Caching, and provides in memory caching across a farm. Understand the background of this service, its...

Da Big Daddy: SharePoint Conference 2014

[Updated 19/02 with session timeslots and an additional session] Vegas, March, 10,000 SharePoint people. What could possibly go wrong?! The big daddy is back, SharePoint Conference 2014 promises to be another great event, and I am once again happy to be speaking at the biggest SharePoint conference on the planet. I get asked a lot about which conferences are worth the money and so on, and of course being the official show, and with the associated travel and accommodation expenses SPC is often in the “requires justification” bucket. Seriously there is no debate, it’s worth it. If you...

Updated Antivirus for SharePoint 2013 options

Just a quick note to let you know I’ve updated my Antivirus and SharePoint 2013 post, with the details of all the current available options. Instead of the *single* option we had shortly after RTM, there are now four options with hopefully another one in the near future.   s.

SharePoint & Exchange Forum: somewhere in the Baltic Sea!

I’m delighted to announce that I will again be speaking at the excellent SharePoint and Exchange Forum (SEF), coming up September 30th through October 2nd. This year, the 10th anniversary, will be a little bit extra special as it’s taking place on board Silja Symphony – a (rather large) cruise ship running between Stockholm and Helsinki. SEF is always an excellent event, with a great crowd, top quality speakers, great networking and superb evening entertainment. Head on over to the SEF website to find out more, I look forward to seeing you at the event!   ...

Article: Workflow Manager Farms for SharePoint 2013 Part Four: End to End Configuration using Domain CA issued Certificates

In the previous parts of this article we covered the core concepts and critical considerations, creating a Workflow Manager Farm using Auto Generated Certificates and converting that farm to use Domain CA issued certificates. This part will cover the end to end configuration of a Workflow Manager Farm using Domain CA issued certificates. This is of particular importance to those who have an organisational policy in force which prohibits the use of self signed or auto generated certificates. Whilst we can change an existing farm which uses auto generated certificates to use Domain CA issued certificates, it is NOT...

Article: Workflow Manager Farms for SharePoint 2013 Part Three: Switching an existing farm to use Domain CA issued certificates

In the previous parts of this article we covered the core concepts along with high availability, certificate and SharePoint considerations for Workflow Manager Farms, and the end to end configuration using Auto Generated Certificates. If you are not familiar with this material, make sure to read it before continuing as I assume you have done so! This part will cover switching the existing Workflow Manager farm to using Domain CA issued certificates. Whilst this part is intended as primarily step by step configuration guidance, I will take the opportunity to also explain a few things which didn’t make...

Article: Workflow Manager Farms for SharePoint 2013 Part Two: End to End Configuration using Auto Generated Certificates and NLB

This second part will cover the deployment of a highly available, SSL, Workflow Manager Farm for SharePoint 2013 using auto generated certificates and Network Load Balancing. As discussed in part one, this is the most suitable deployment model for the majority of SharePoint On-premises customers. In addition it is also the easiest way to deploy for production. Whilst this part is intended as primarily step by step configuration guidance, I will take the opportunity to also explain a few things which didn’t make sense to cover in part one. Workflow Manager Farms for SharePoint...

Article: Workflow Manager Farms for SharePoint 2013 Part One: Core Concepts, High Availability, Certificate and SharePoint considerations

There’s not a lot of high quality documentation for Workflow Manager 1.0. What exists is generally accurate, however it’s the key missing information and lack of detail which presents challenges in the field. During the initial content development work for the MCSM: SharePoint it became clear there is a very large gap with respect to actually implementing the high level deployment guidance provided by the vendor. Following recent discussions in the MCSM: SharePoint community more generally, the topic again raised its head and led to the publication of this article. This guide is an attempt to help address that...

Configuring a Dedicated “Crawl Front End” with Request Management

I keep getting asked about how to use Request Management in SharePoint 2013 to configure a dedicated “crawl front end”. In other words how to use RM to ensure that your search crawl traffic gets sent to a specific machine or machines in the farm, which do not serve end user requests. Hopefully you already know that by simply turning on RM on your Web Servers in your farm and with no additional configuration, you get health based routing for free. And this is health based routing that actually works, unlike the default configuration of the most popular “intelligent”...

SharePoint Evolution Conference 2013

In just over two weeks time we are back in London, for the fifth year, with the SharePoint Evolution Conference 2013. Simply the best SharePoint event outside of North America, with the best speakers, the best content, and the best entertainment, this year’s conference promises to live up to past events. It will be a little less stressful this year, returning to a regular content schedule with a few surprises thrown in! Aside from mature content on both SharePoint 2013 and SharePoint 2010, the conference features four of the five MCAs, twelve MCMs and a boatload of MVPs. It...

Antivirus and SharePoint 2013

With the discontinuation of Forefront Protection for SharePoint, Microsoft no longer provides a streaming antivirus solution for SharePoint. This has lead to an ever increasingly common customer question, “what do I use for SharePoint antivirus?”. This post aims to detail the options (right now there is only one) as opposed to answering the question repeatedly. It is NOT intended to be a discussion on why you need a streaming antivirus solution for SharePoint, which is potentially a post for another day. For now, assume you have that requirement, so what are the options? SharePoint 2013 introduces NO CHANGES to...

Default Active Directory Import User Profile Property Mappings in SharePoint Server 2013

When using the Active Directory Import (ADI) mode of the SharePoint 2013 User Profile Service, you may be wondering what the default Profile Property Mappings are. Whilst the capability is neat, the use of a shared UI with User Profile Synchronization (UPS) leaves a *lot* to be desired. Manage User Properties won’t display the mapped attributes, as you can see from the example below. The highlighted rows are some of the properties which are mapped by default. Similarly when we edit a property, the Edit User Profile Property page does not display the mapped attribute: ...

Quick and dirty test results: Active Directory Import versus User Profile Synchronization

One of the most common questions I get regarding the Active Directory Import mode in the SharePoint 2013 User Profile Service is "just how quick is it?" As previously detailed Active Directory Import (ADI) is very fast, especially in comparison to User Profile Synchronization (UPS). But saying it is quick doesn't really mean anything. Each time I present on the topic, the question comes up, "do you have any numbers". Sadly it's still early, too early, to provide real, solid proven numbers across a range of deployments. In lieu of such appropriate data I put together a very quick and...

Article: Configuring SharePoint 2013 for the Forefront Identity Manager 2010 R2 Service Pack 1 Portal

Recently Service Pack 1 for Forefront Identity Manger (FIM) 2010 R2 shipped. For IdM heads, this is really good news. Along with a bunch of interesting updates and new bits and bobs it is now possible to run FIM on Windows Server 2012 and also to run the FIM Portal component on SharePoint 2013. This article discusses why this is important in a FIM deployment along with the key design considerations. We will also cover how to prepare SharePoint 2013 for the deployment of the FIM Portal, and finally the installation of the Portal itself. ...

Using SSL for Central Administration with SharePoint 2013

One of the most common requests I get is for an update to my article SharePoint Central Administration: High Availability, Load Balancing, Security & General Recommendations to cover SharePoint 2010 and 2013. Most folks are interested in the SSL parts, which has changed a little bit mainly due to the introduction of Windows PowerShell management in SharePoint 2010. This reasonably short post will walkthrough the configuration steps necessary. It’s all very straightforward, however there are a couple of critical considerations which I will point out as we go through the steps. Updated 14/02/2013 to include Windows PowerShell for...

Article: Request Management in SharePoint Server 2013

SharePoint Server 2013 introduces a new capability called Request Management. Request Management allows SharePoint to understand more about, and control the handling of, incoming requests. Request Management employs a rules based approach, which enables SharePoint to take the appropriate action for a given request based upon administrator supplied configuration. This new article series will provide comprehensive coverage of the new Request Management capability in three parts: Feature Capability and Architecture Overview Example Scenario and Configuration Step by Step Deployment Considerations and Recommendations Please...

Speaking Engagements – Autumn 2012

It’s once again silly season with SharePoint conferences (when isn’t it? :)) but this autumn it’s a bit more fun as we are able to discuss SharePoint 2013. I’ll be doing a few events over the next couple months. SharePoint and Exchange Forum 2012 – Stockholm, Sweden. October 22-23. This is a great event in a very cool place. Looking forward to going back to Stockholm for a few days and catching up again with some good friends and meeting some new ones. I’ll be presenting a couple of breakouts: Host Named...

What's new in SharePoint 2013 for IT Professionals: Critical Path SharePoint 2013 Office Hours

Critical Path Training have been running a series of SharePoint 2013 Office Hours, where you get a chance to ask your burning questions regarding the new version. I’m happy to be doing one of these along with my good friend Andrew Connell on September 18th at 2pm Eastern – that’s 7pm GMT or 8pm CET. The subject is What’s new in SharePoint 2013 for IT Professionals. Ask your infrastructure and operations questions about the new version of SharePoint here! We'll look at the highlights for IT Pros in the 2013 release along with coverage of...

Article: Request Management in SharePoint Server 2013 Part Two: Example Scenario and Configuration Step by Step

In the first part of this article series I covered the feature capability and provided an architecture overview of Request Management, a new capability introduced with SharePoint Server 2013. Request Management allows SharePoint to understand more about, and control the handling of incoming requests. This second part details an example scenario and provides a step by step of the necessary configuration. Please note that this article applies to SharePoint Server 2013 RTM. Feature Capability and Architecture Overview Example Scenario and Configuration Step by Step (this article) Deployment...

Enabling Office Web Apps Preview editing with SharePoint 2013 Preview Licensing

As you maybe aware there are a veritable ton of cool new capabilities in the latest release of Office Web Apps Preview. It really is a killer piece of tech. This post walks you through how to configure Office Web Apps editing in your SharePoint farm, which is not as “automatic” as you may imagine. We’ll also take a look at an interesting new capability in SharePoint 2013 Preview for license enforcement. Please note that this article applies to the Office Web Apps Server and SharePoint 2013 Preview release. Things are likely to change between now and the final...

Article: Multi Tenancy with SharePoint 2013: What’s new and changed

SharePoint 2013 Preview introduces a number of new elements and considerations for multi tenancy deployments. This article is intended as a companion to my Rational Guide to Multi Tenancy with SharePoint 2010 article series and will cover what’s new and changed in this release with respect to configuration and functionality. It is assumed you are familiar with the material in the article series. This article is verified against SharePoint 2013 RTM. Multi Tenancy with SharePoint 2013: What’s new and changed     s.

A quick note on User Profile Synchronization in SharePoint Server 2013 Preview

I will be posting an update to my UPS guide for SharePoint Server 2013 Preview in the near future. I had long planned to update it with better writing and more up to date details anyway. However as I’ve already received a bucket load of questions on this already I wanted to post a quick note to hopefully stem the flow a little bit. When I say UPS, I mean the User Profile Synchronization service instance. The wrapper for FIM along with it’s configuration UI in Central Administration (which is part of the UPA). This is distinct from the...

First Look: SharePoint Server 2013 Active Directory Import

SharePoint Server 2013’s User Profile Service Application includes a “new” method for performing an import of user attributes from Active Directory into the SharePoint Profile store called Active Directory Import. You may also hear or see this referred to as “AD Direct Mode” in pre-release materials. This method provides numerous advantages over the Forefront Identity Manager based approach (which is still available, more on that at a later date) for certain common scenarios. This article provides an introductory overview of the feature and why it might be useful in your deployments. Please note that this article applies to...