TCP/IP Ports of SharePoint 2016

SharePoint 2016 huh?!
(Long time since I last posted anything real here…)

Actually, this post is by popular demand 🙂 This is the 2016 version of the post a wrote when SHarePoint 2013 was new, as you can see, not much has changed…I have updated a few lines with what I know now that I did not know then, thats it. Please let me know if I missed something.

The recommended approach is to create a GPO with these firewall rules and apply that rule to the SharePoint servers in your farm. Add all of them, best that way to avoid extreme t-shooting in the future.

Another but related recommendation is to configure the Loopback check funktion in Windows server to allow the FQDN’s of your web applications (Use the Loopback check tool).

List of ports used by SharePoint 2013 and its related services.
Reference links at the end.

Protocol	Port	Usage	Comment
TCP	80	http	Client to SharePoint web server traffic (SharePoint – Office Online Server/Office Web Apps communication)
TCP	443	https/ssl	Encrypted client to SharePoint web server traffic (Encrypted SharePoint – Office Online Server/Office Web Apps communication)
TCP	1433	SQL Server default communication port.	May be configured to use custom port for increased security
UDP	1434	SQL Server default port used to establish connection	May be configured to use custom port for increased security
TCP	445	SQL Server using named pipes	When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP port 445
TCP	25	SMTP for e-mail integration	Cannot in 2016 be configured (Use SMTP ports other than the default (25).)
TCP	16500-16519	Ports used by the search index component	Intra-farm only Inbound rule Added to Windows firewall by SharePoint. (GPO may override this change)
TCP	22233-22236	Ports required for the AppFabric Caching Service	Used by the Distributed Cache…
TCP	808	Search – Query processing component Windows Communication Foundation communication	Search – Query processing component (WCF)
TCP	32843	Communication between Web servers and service applications	http (default) To use custom port, see references section Inbound rule Added to Windows firewall by SharePoint
TCP	32844	Communication between Web servers and service applications	https Inbound rule Added to Windows firewall by SharePoint
TCP	32845	net.tcp binding: TCP 32845 (only if a third party has implemented this option for a service application)	Custom Service Applications Inbound rule Added to Windows firewall by SharePoint
TCP	32846	Microsoft SharePoint Foundation User Code Service (for sandbox solutions)	Inbound on all Web Servers Inbound rule Added to Windows firewall by SharePoint Outbound on all Web and App servers with service enabled.
TCP	636	User Profile Synchronization Service/Active Directory Import	Synchronizing profiles between SharePoint 2016 and AD using SLDAP (Secure LDAP)
TCP	5725	User Profile Synchronization Service	Synchronizing profiles between SharePoint 2016 and Active Directory Domain Services (AD DS)
TCP + UDP	389	User Profile Synchronization Service	LDAP Service
TCP + UDP	88	User Profile Synchronization Service	Kerberos
TCP + UDP	53	User Profile Synchronization Service	DNS
UDP	464	User Profile Service	Kerberos change password
TCP	809	Office Online Server/Office Web Apps	Office Online Server/Office Web Apps intra-farm communication.

References:

Security for SharePoint Server 2016
https://technet.microsoft.com/en-us/library/mt683473(v=office.16).aspx

TCP/IP Ports of SharePoint 2013
https://blog.blksthl.com/2013/02/21/tcpip-ports-of-sharepoint-2013/

___________________________________________________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 – DTD is prohibited in this document issue

SP2013logo

Got trouble Connection PowerShell to SharePoint online? This could be the resolution to your troubles.
I had this myself, or we had it in our Company tenant. This is what the issue was and this is how I fixed it:

When trying to connect to PowerShell for SharePoint Online, using the Connect-SPOService command, we got a error that did not tell us anything.

The error is:
Connect-SPOService : For security reasons DTD is prohibited in this document. To enable DTD processing set DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.

Well, its almost a joke right…
When searching the web for information on this particular, I struck zero…all I could find related to the ISP and the default search provider something. I quickly dismissed them as unrelated.
Then after some time had passed, I found a similar issue, this seemed related and it was a connectivity issue same as mine (If I still had the link I would give credit to where credit is due). This fellow had resolved the issue by adding a missing DNS record.
This made me think, since our tenant has existed since way Before Office 365 existed (BPOS) perheps we were also missing some of the required DNS records?
I checked with my collegues, and apparently we were missing the record as well.

So, if you ever see or get the ‘DTD prohibited’ issue, remember to check the DNS for the following record:

Type: CNAME
Alias: MSOID
Target: clientconfig.microsoftonline-p.net
Info: Used by Office 365 to direct authentication to the correct identity platform More Information

After I added this to DNS, Connect-SPOService works just fine!

Microsoft’s official explaination on the DNS record:
What’s the purpose of the additional Office 365 CNAME record?

When you run a client application that works with Office 365 such as Lync, Outlook, Windows PowerShell or Microsoft Azure Active Directory Sync tool, your credentials must be authenticated. Office 365 uses a CNAME record to point to the correct authentication endpoint for your location, which ensures rapid authentication response times.If this CNAME record is missing for your domain, these applications will use a default authentication endpoint in the United States, which means authentication might be slower. If this CNAME record isn’t configured properly, for example, if you have a typo in the Points to address, these applications won’t be able to authenticate.

If Office 365 manages your domain’s DNS records,, Office 365 sets up this CNAME record for you.

If you are managing DNS records for your domain at your DNS host, to create this record, you create this record yourself by following the instructions for your DNS host.

References and Credits‘
Nope, not this time…Credits & many thanks to To all of you.

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Function to resolve a users OneDrive for Business URL

SP2013logo

Hi SharePoint Online PowerShellers!

This time I will give you a Quick but great function to use if you are working with OneDrive for Business:

Function to resolve a users OneDrive for Business URL

‘

Simple solution, great to have, unbelievably efficient…

Ok, this is perhaps my shortest post ever…I’ll just explain real Quick.
OneDrive for Business gets it URL from the tenantname and the users UserPrincipalName. Creating this every time can be troublesome…
This is what I use, a function I created last summer when I was tired of doing them one at the time…

It works even with users that have a different domain in the UPN than what is the tenant name.
This is it:

Function GetODfBURL($UserPrincipalName, $TenantName)
# Creates a correct ODfB URL from email and TenantName/OrgName, returns URL as a String
{
    # ConStructing OneDrive personal URL from the UPN/Email address
    $StrUser = $UserPrincipalName
    $pos= $StrUser.IndexOf("@")
    $len = $StrUser.Length -1
    $StrUser = $StrUser.SubString(0, $pos)
    $StrUser = $StrUser -replace "\.", "_"
    $Orgpos = $pos + 1
    $Orglen = $len - $pos
    $StrOrg = $UserPrincipalName.SubString($Orgpos, $Orglen)
    $StrOrgNamePos = $StrOrg.IndexOf(".")
    $StrOrgName = $StrOrg.SubString(0, $StrOrgNamePos)
    $StrOrgSuffixPos = $StrOrgNamePos +1
    $StrOrgNameLen = $StrOrg.Length - $StrOrgSuffixPos
    $StrOrgSuffix = $StrOrg.SubString($StrOrgSuffixPos, $StrOrgNameLen)
    $StrOrg = $StrOrg -replace "\.", "_"
    $PersonalOrgURL = "https://" + $TenantName + "-my.sharepoint.com/personal/"
    $SiteUrl= $PersonalOrgURL + $StrUser
    $SiteUrl= $SiteUrl+ "_" + $StrOrg
    return $SiteUrl
}
$ODfBURL = GetODfBURL "thomas.balkestahl@blksthl.se" "blksthl"

This will give the URL: https://blksthl-my.sharepoint.com/personal/thomas_balkestahl_blksthl_se

Thats it. Use it or not 🙂

References and Credits

‘
Nope, not this time…

Credits & many thanks to

To all of you.

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Verify Provisioned OneDrives using PowerShell

SP2013logo

Hi SharePoint Online administrators!

This time I will show you how to:

Verify if a provisioned OneDrive for Business site was provisioned.

‘

Is this really right…? What did they…(Åminne bruk, Värnamo, Sweden)

If you followed my previous post, Office 365 guide series – Provision OneDrive for Business using PowerShell then you will mst likely have a bunch of sites that you Think you have provisioned and are not really sure if it worked?
There are obviously ways to verify manuelly but if the list of users was long, then that is not the funniest work out there…

I suggest you use this script instead…:-)

If you have a single emaildomains in your oranization use the first one, if you have multiple emaildomains, use the second.
All you have to do is copy or retype the script to a Prompt/ps1 or ISE session, then run the script. You have the option to save some time by entering your account name in the script(see start)

1. Script 1	Use this script if your organization only uses one domainname as email domain. For example, if you use only ‘contoso.com’ then you should use this script.
2. Script 2	Use this script if your organization only uses multiple domainnames as email domains. For example, if you use ‘contoso.com’, ‘microsoft.com’, northwindtraders.com’ as UPN names within your O365 tenant, then use this script. You will here be asked for the domain used in the O365 tenant address.
3. Example 1	Example of a usecase with multiple emaildomains and script 2.
4. Example 2	Example of a usecase with a single emaildomain and script 1.

Note: If you copy paste the code from here into a PowerShell promt or ISE, please verify that all quotes and doublequotes are copied correctly, character coding may cause problems.

‘

Single email domain in your oranization:

***** SCRIPT 1 STARTS HERE *****

#
# By Thomas Balkeståhl - http://blog.blksthl.com
#
$o365cred = Get-Credential -Username "thomas.balkestahl@cramo.onmicrosoft.com" -Message "Supply a Office365 Admin"
$Userlist = read-host "submit your list of users that have been provisioned"
$Userlist = $Userlist -replace " ", ""
$Emails = $userlist -split ","
#Splitting list into Array
Foreach($Email in $Emails)
{
    # Constructing URL from the UPN/Email address
    $struser = $Email
    $pos= $strUser.IndexOf("@")
    $len = $struser.Length -1
    $strUser = $strUser.SubString(0, $pos)
    $strUser = $strUser -replace "\.", "_"
    $orgpos = $pos + 1
    $orglen = $len - $pos
    $strOrg = $Email.SubString($orgpos, $orglen)
    $strOrgNamePos = $strOrg.IndexOf(".")
    $strOrgName = $strOrg.SubString(0, $strOrgNamePos)
    $strOrgSuffixPos = $strOrgNamePos +1
    $strOrgNameLen = $strOrg.Length - $strOrgSuffixPos
    $strOrgSuffix = $strOrg.SubString($strOrgSuffixPos, $strOrgNameLen)
    $strOrg = $strOrg -replace "\.", "_"
    $PersonalOrgURL = "https://" + $strOrgName + "-my.sharepoint.com/personal/"
    $SiteUrl= $PersonalOrgURL + $strUser
    $SiteUrl= $SiteUrl+ "_" + $strOrg
    write-host "Verifying user:" $Email
$HTTP_Request = [System.Net.WebRequest]::Create($SiteUrl)
$HTTP_Request.UseDefaultCredentials = $true
$HTTP_Request.Credentials = $o365cred
try {
    $HTTP_Response = $HTTP_Request.GetResponse()
}
catch [System.Net.WebException] {
    $HTTP_Response = $_.Exception.Response
}
$HTTP_Status = $HTTP_Response.StatusCode
If ($HTTP_Status -eq 200 -or $HTTP_Status -eq 403 )   { 
    Write-Host -ForegroundColor Green "Site for user $Email exists!" 
}
Else {
    Write-Host -ForegroundColor Yellow "The OneDrive site for user $Email does not respond, try again later or provision it again"
}
$HTTP_Request = $null
$HTTP_Response = $null
$HTTP_Status = $Null
}

***** SCRIPT 1 ENDS HERE *****

‘

If you have multiple email domain in your oranization, use this second script:
***** SCRIPT 2 STARTS HERE *****

#
# By Thomas Balkeståhl - http://blog.blksthl.com
#
$O365Admin = read-host "Supply your Office 365 Admin username(UPN)"
# Add you admin account below, uncomment and comment out the line above to save time...
# $O365Admin = "admin.user@domain.com"
$o365cred = Get-Credential -Username $O365Admin -Message "Supply a Office365 Admin"
$strO365OrgName = read-host "submit your O365 orgname (Only organization, like 'contoso')"
$Userlist = read-host "submit your list of users that have been provisioned"
$Userlist = $Userlist -replace " ", ""
$Emails = $userlist -split ","
#SPlitting list into Array
Foreach($Email in $Emails)
{
    # Constructing URL from the UPN/Email address
    $struser = $Email
    $pos= $strUser.IndexOf("@")
    $len = $struser.Length -1
    $strUser = $strUser.SubString(0, $pos)
    $strUser = $strUser -replace "\.", "_"
    $orgpos = $pos + 1
    $orglen = $len - $pos
    $strOrg = $Email.SubString($orgpos, $orglen)
    $strOrgNamePos = $strOrg.IndexOf(".")
    $strOrgName = $strOrg.SubString(0, $strOrgNamePos)
    $strOrgSuffixPos = $strOrgNamePos +1
    $strOrgNameLen = $strOrg.Length - $strOrgSuffixPos
    $strOrgSuffix = $strOrg.SubString($strOrgSuffixPos, $strOrgNameLen)
    $strOrg = $strOrg -replace "\.", "_"
    $PersonalOrgURL = "https://" + $strO365OrgName + "-my.sharepoint.com/personal/"
    $SiteUrl= $PersonalOrgURL + $strUser
    $SiteUrl= $SiteUrl+ "_" + $strOrg
    write-host "Verifying user:" $Email
$HTTP_Request = [System.Net.WebRequest]::Create($SiteUrl)
$HTTP_Request.UseDefaultCredentials = $true
$HTTP_Request.Credentials = $o365cred
try {
    $HTTP_Response = $HTTP_Request.GetResponse()
}
catch [System.Net.WebException] {
    $HTTP_Response = $_.Exception.Response
}
$HTTP_Status = $HTTP_Response.StatusCode
If ($HTTP_Status -eq 200 -or $HTTP_Status -eq 403 )   { 
    Write-Host -ForegroundColor Green "Site for user $Email exists!"
}
Else {
    Write-Host -ForegroundColor Yellow "The OneDrive site for user $Email does not respond, try again later or provision it again"
}
$HTTP_Request = $null
$HTTP_Response = $null
$HTTP_Status = $Null
}

***** SCRIPT 2 ENDS HERE *****

‘

Example 1

‘

Multiple emaildomains
O365 Orgname: contoso
Users: test.user1@contoso.com, test.user2@northwind.com, test.user3@contoso.com, test.user4@contoso.com, test.user5@contoso.com

Like you can see, the list contains users with different emaildomains, contoso and northwind. THe submitted O365 orgname is however used to verify the OneDrive site, contoso.
In this example, the user test.user@contoso.com does not seem to have the OneDrive site provisioned.

‘

‘

Example 2

‘

Single emaildomain
Users: test.user1@contoso.com, test.user2@contoso.com, test.user3@contoso.com, test.user4@contoso.com, test.user5@contoso.com

Like you can see, the list contains users with only contoso as emaildomain.
In this example, the user test.user2@contoso.com does not seem to have the OneDrive site provisioned. Try to provision again/verify manuelly.

‘

‘

References and Credits

Office 365 guide series – Provision OneDrive for Business using PowerShell
https://blog.blksthl.com/2014/08/07/office-365-guide-series-provision-onedrive-for-business-using-powershell/

Credits & many thanks to

‘

Jörgen Andersson, Xperta

Always, Mattias Gutke at CAG

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Provision OneDrive for Business using PowerShell

SP2013logo

Hi SharePoint Online administrators!

This time I will show you how to:

Provision OneDrive for Business using only PowerShell.

‘

Get the people up there…into the Clouds…(Liseberg, Gothenburg, Sweden)

Time to roll out OneDrive for Business in the Enterprise? Or maybe you just want to implement OneDrive for Business in a controlled way, and you may not be a hardcore developer either.

If you want to do any kind of preparation before letting the users into their OneDrives, then you will need to have them created/provisioned first, after that you can go ahead and give yourself permission (separate blogpost) and migrate a users files (separate blogpost), preconfigure, brand, and so on.
I have in this guide tried to offer a way to provision the OneDrive for Business to your users in a way that do not require you to know C#, Visual Studio or any development at all, how does that sound? All you need to do is follow this guide to the letter, and you will be sucessfull.

The only way I have found so far to provision a users OneDrive for Business as a administrator is to use code developed by the Office AMS Community Project. This includes among other things, a great Visual Studio sample Project for provisioning users OneDrive for business, and this is really spot on. But…it is not that easy to get going, for a non-developer it may prove to be impossible.

I have used code developed in the samples but I will only use PowerShell to execute it. This is what will make it easy for others (such as you?) to use.
The Office AMS Project also includes the SharePoint client assemblies needed to do anything with SPO using CSOM, Client Side Object Model(Code executed on the client).

In order to get started provisioning your users OneDrive for Business sites(or we can just as well call them MySites, since this is wat they really are…), you just follow these steps:

‘

Quickguide
1. Download	Download and unpack the Office App Model Samples from Codeplex, last tested version is currently 2.0 found here: DOWNLOAD Office AMS.
2. Get assemblies	Locate the Microsoft.sharepoint.client assembles in the unpacked Office App Model Samples folders, located in <unpack location>\Office App Model Samples v2.0\Assemblies\16\ Copy the files Microsoft.SharePoint.Client.dll, Microsoft.SharePoint.Client.UserProfiles.dll and Microsoft.SharePoint.Client.Runtime.dll and put them in a folder of your choice, I used C:\Temp\ in my sample. (You can also leave the files as is, but then you have to alter the PowerShell code to reference the path in the Office AMS folders)
3. Run the script	In a PowerShell prompt/ISE running as admin, run the PowerShell script available below and‘HERE (Download as Word file), this will load the code needed to access SPO and start provisioning. (Verify and update if needed the $MyAssemblies line at the very bottom)
4. Execute	Execute the code in your PowerShell prompt/ISE running as admin (It has to be the same prompt/ISE used to execute the script), use this syntax: Syntax: [OneDriveforBusiness.Provision]::Execute(<SharePointAdminURL>,<GlobalTenantAdminAccount>,<AdminAccountPassword>,<ListofUsersEmailSeparatedbyCommas>)
5. Done – Verify…	Done! Verify that the sites have been provisioned by entering the address in your browser of choice.
References/Credits	Reference links and credits

The detailed Guide:

‘

1. Download

New!
Download the latest version of SharePoint Server 2013 Client Components SDK x86 or x64. This SDK contains the dll’s needed.
During the install, the dll’s will be added to the following path:
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\

Download the latest version (Office App Model Samples 2.0 – July 2014 – Update 1) of the Office App Model Samples, the Project has been renamed to the more formal Office365 Developer Patterns & Practices but it is still the same.
The last tested version is currently 2.0 found here: DOWNLOAD Office AMS

Back to Menu
‘

2. Get the assemblies

‘

Unpack the files to a location of choice. (The files will ironically enough not synch very well if stored in a OneDrive for Business synchronized folder – long path among other issues).
Locate the ‘assemblies\16’ folder, in this folder you will find the 3 files we need, Microsoft.SharePoint.Client.dll, Microsoft.SharePoint.Client.UserProfiles.dll and Microsoft.SharePoint.Client.Runtime.dll. Either you put these Three files in a better location, or you make a note of the path to the folder.

Back to Menu
‘

3. Run the script

‘

Start a PowerShell prompt/ISE running as administrator. This is where all the magic will happen. Copy the powershell script below, or download the scriptfile HERE (Word file), then add the script to the Prompt/ISE.
Before executing the script, you will need to alter one thing, the path to the assembly files. Update the line where we give a value to the $MyAssemblies to reflect where you have your SharePoint.client dll files. This is crucial since the code needs to be able to access these asseblies during execution.

$MyAssemblies = (‘C:\Temp\Microsoft.SharePoint.Client.dll’,’C:\Temp\Microsoft.SharePoint.Client.Runtime.dll’,’C:\Temp\Microsoft.SharePoint.Client.UserProfiles.dll’,’System’,’System.Security’)

Unless you have stored your SharePoint.client.dll’s in C:\Temp folder, you will have to update the Three paths to reflect where the files are stored. Example:

$MyAssemblies = (‘C:\Users\Thomas\Documents\Office App Model Samples v2.0\Assemblies\16\Microsoft.SharePoint.Client.dll’,’C:\Users\Thomas\Documents\Office App Model Samples v2.0\Assemblies\16\Microsoft.SharePoint.Client.Runtime.dll’,’C:\Users\Thomas\Documents\Office App Model Samples v2.0\Assemblies\16\Microsoft.SharePoint.Client.UserProfiles.dll’,’System’,’System.Security’)

Once this is done, you can go ahead and execute the script.

‘HERE (Download as Word file)

# By Thomas Balkeståhl - blog.blksthl.com August 6 2014
#
# 1. Run script to load the C# code into the Assembly
# 2. Execute using the following syntax:
#
# Syntax:  [OneDriveforBusiness.Provision]::Execute(<SharePointAdminURL>,<GlobalTenantAdminAccount>,<AdminAccountPassword>,<ListofUsersEmailSeparatedbyCommas>)
# Example: PS C:\> [OneDriveforBusiness.Provision]::Execute("https://donkeymind-admin.sharepoint.com","globaladmin@donkeymind.com","MyVerySecretPassWord1!","user1@donkeymind.com,user2@donkeymind.com,user3@donkeymind.com")
# Input:            
# adminurl = The Tenanat Admin URL for your SharePoint Online Subscription, example: "https://donkeymind-admin.sharepoint.com".
# adminuser = The Credentials of the user who has tenant admin permission, example: "admin@donkeymind.com".
# password = The password in cleartext to your tenant admin account(I know, not ideal...but it was a quick and dirty to make it work).
# users = The email IDs for users who's personal site you want to create in the form of a comma-separated string, example: "user1@donkeymind.com,user2@donkeymind.com,user3@donkeymind.com". Do not enter more than 200 users at a time.
$MyCSharpSource = @" 
using Microsoft.SharePoint.Client;
using Microsoft.SharePoint.Client.UserProfiles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security;
using System.Text;
using System.Threading.Tasks;
namespace OneDriveforBusiness
{
    public class ProvisionOneDrive
    {
        public static void Execute(string adminurl, string adminuser, string password, string users)
        {
        
            string siteUrl = adminurl;
            string userName = adminuser;
        
            SecureString pwd = GetPassword(password);
            string[] emailIds = GetEmailId(users);
            /* End Program if no Credentials */
            if (string.IsNullOrEmpty(userName) || (pwd == null) || emailIds == null || string.IsNullOrEmpty(siteUrl))
                return;
            SharePointOnlineCredentials _creds = new SharePointOnlineCredentials(userName, pwd);
            CreatePersonalSiteUsingCSOM(_creds, siteUrl, emailIds);
            Console.Read();
        }
        public static SecureString StringToSecure(string nonSecureString)
        {
            SecureString _secureString = new SecureString();
            foreach (char _c in nonSecureString)
                _secureString.AppendChar(_c);
            return _secureString;
        }
        // tenantAdminUrl = The Tenanat Admin URL for your SharePoint Online Subscription
        // spoCredentials = The Credentials of the user who has tenant admin permission.
        // emailIDs = The email IDs for users whos personal site you want to create.
        public static void CreatePersonalSiteUsingCSOM(SharePointOnlineCredentials spoCredentials, string tenantAdminUrl, string[] emailIDs)
        {
            using (ClientContext _context = new ClientContext(tenantAdminUrl))
            {
                try
                {       
                    _context.AuthenticationMode = ClientAuthenticationMode.Default;
                    _context.Credentials = spoCredentials;
                    ProfileLoader _profileLoader = ProfileLoader.GetProfileLoader(_context);
                    _profileLoader.CreatePersonalSiteEnqueueBulk(emailIDs);
                    _profileLoader.Context.ExecuteQuery();
                    Console.Write("Provisioning of the users supplied has been initiated, please allow for the provisioning to finish, this can take up to 5 minutes.");
                }
                catch (Exception _ex)
                {
                    Console.WriteLine(string.Format("Provisioning failed, find the problem and try again. The error message is {0}", _ex.Message));
                }
            }
        }
        
        public static SecureString GetPassword(string password)
        {
            SecureString sStrPwd = new SecureString();
            foreach (char ch in password) sStrPwd.AppendChar(ch);
            return sStrPwd;
        }
        public static string[] GetEmailId(string users)
        {
            string[] emailID;
            try
            {
                string Output = "Provisioning the supplied list of users: " + users;
                Console.WriteLine(Output);
                string emailInput = users;
                if (!string.IsNullOrEmpty(emailInput))
                {
                    emailID = emailInput.Split(new char[] { ',' });
                    return emailID;
                }
                else
                {
                    return null;
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
            return null;
        }
    }
}
"@
$ass1 = [System.Reflection.Assembly]::LoadFile("c:\temp\Microsoft.SharePoint.Client.dll") 
$ass2 = [System.Reflection.Assembly]::LoadFile("c:\temp\Microsoft.SharePoint.Client.Runtime.dll") 
$ass3 = [System.Reflection.Assembly]::LoadFile("C:\temp\Microsoft.SharePoint.Client.UserProfiles.dll")
$MyAssemblies = @( $ass1.FullName, $ass2.FullName,$ass3.Fullname,"System","System.Core","System.Security")
Add-Type -ReferencedAssemblies $MyAssemblies -TypeDefinition $MyCSharpSource -Language CSharp -PassThru

HERE (Download as Word file)

Back to Menu
‘

4 Executing the provisioning code

‘

We have now loaded the code into memory (a .NET Framework class in your Windows PowerShell session), where it will be available just like if we had created a C# DLL and loaded it into the GAC. Remember though, the code is now static and connot be altered. If you need to make any Changes, have a look in the references section where I will show how to be able to alter the code after it has been loaded once.

Now, we have to call on the code laoded into memory, this is done from the same prompt/ISE used to load the code, the code only exists in that prompt session so it will not be available in any other prompt.

Use the following syntax to execute:

Syntax: [OneDriveforBusiness.ProvisionOneDrive]::Execute(<SharePointAdminURL>,<GlobalTenantAdminAccount>,<AdminAccountPassword>,<ListofUsersEmailSeparatedbyCommas>)

Example: PS C:\> [OneDriveforBusiness.ProvisionOneDrive]::Execute(“https://donkeymind-admin.sharepoint.com”,”globaladmin@donkeymind.com”,”MyVerySecretPassWord1!”,”user1@donkeymind.com,user2@donkeymind.com,user3@donkeymind.com”)

What you need to supply when running the code, is your SharePoint online admin address, a tenent admin account and password, plus a list of emailadresses to the users that will be provisioned with a OneDrive for Business.

Start by typing in this:

[OneDriveforBusiness.ProvisionOneDrive]::Execute

What this does is call the code we just loaded from PowerShell, The Namespace is OneDriveforBusiness, the Class is ProvisionOneDrive and finally, the void or function is Execute.

<SharePointAdminURL>: The Admin address is available if you go the the Admin/SharePoint administration web. This will be visible in the address field of your browser:

Note the address: https://donkeymind-admin.sharepoint.com.

<GlobalTenantAdminAccount>: An account that is a global Office 365 Tenant Administrator.
The account must have this setting in Office 365 Admin Center/Users & Groups – User object:

<AdminAccountPassword>: The password of the <GlobalTenantAdminAccount>. This will be entered in cleartext, not the ideal security solution but this is the only way I could solve it.
(Suggestions on how to prompt for the password in a secure way is welcome!)

<ListofUsersEmailSeparatedbyCommas>: This is the users that will have provisioned with OneDrive for Business. A list of UPN’s (User Principal Name) separated by commas. The UPN must be the one registered in Office 365. The UPN is in the form of a emailadress, for example: user@domain.com. Enter the string using double quotes on both sides.

This is what the string should look like: “user1@donkeymind.com, user2@donkeymind.com, user3@donkeymind.com, user4@donkeymind.com, user5@donkeymind.com”

When you have all the values in order, type in the command with your parameters and execute the provisioning:

PS C:\PSScripts> [OneDriveforBusiness.ProvisionOneDrive]::Execute(“https://donkeymind-admin.sharepoint.com”,”thomas@donkeymind.onmicrosoft.com”,”**********”,”testaccount@donkeymind.onmicrosoft.com”)

When executed ok, you will see this:

The limit for submitting users to be provisioned have been set by Microsoft to 200 at the time. This code do allow more but it will cause issues. Better to do them 200 at the time, wait unitl done and then do 200 more, alternatively, alter the code to include a check so that every user have been provisioned ok Before moving onto the next.

Now, you can execute the commend again and again. You can also use the code obviously for other tenants. Simple provide the commend with a different account, a different admin URL and you are good to go. Good luck!

Back to Menu
‘

5. Done! Verify….

‘

For a tool to verify your list of users directly, check out this guide: Office 365 guide series – Verify Provisioned OneDrives using PowerShell

Verify that the sites have been provisioned by browsing to the direct URL using your admin account. The URL will look like this:

User: thomas.balkestahl@donkeymind.onmicrosoft.com
URL: https://donkeymind-my.sharepoint.com/personal/thomas_balkestahl_donkeymind_onmicrosoft_com/

User: han.solo@alliance.org
URL: https://donkeymind-my.sharepoint.com/personal/han_solo_alliance_com/

Since you are using your admin account, you have access to the private part of the OneDrive/MySite.

Note: All the steps in this guide have been verified on a Windows 8.1 Update 1 machine, using PowerShell ISE and the Office AMS July 2014 Update 1. All tests have been done during August of 2014, the functionality of Office 365 may change over time and may thus cause this guide to fail. If this happens I will try to be alert and update the guide accordingly.

‘

Possible errors

‘

1. You need to alter the script, then run the script again?

You have two choices if this happens, you have loaded the code once and you need to edit it and run again. If you do this you may get the error message saying that the ‘Type has already been added’ or similar. If you get this, simply restart your PowerShell prompt/ISE, OR, Change the name of the public class:

Add for example a number after, so that the class is called: ProvisionOneDrive1, then 2 and so on.

2. Nothing happens, no OneDrive shows up?

Verify all your values, then execute the command again. Remember though, that the time it takes for a site to show up may vary and can take up to 5 minuter PER SITE. Wait a moment longer, try it again

If you have the wrong address when verifying, you will see either of these pages depending on the URL used:

A link like:
https://donkeymind-my.sharepoint.com/personal/testuser4_donkeymind_onmicrosoft_com/_layouts/start.aspx#/Documents/Forms/All.aspx?LoadProfile=TRUE

A link like:
https://donkeymind-my.sharepoint.com/personal/testuser4_donkeymind_onmicrosoft_com

404 could also just mean that the site is in queue and has not been provisioned yet.

References and Credits

‘
Stefan Gossners old post: Using CSharp (C#) code in Powershell scripts
http://blogs.technet.com/b/stefan_gossner/archive/2010/05/07/using-csharp-c-code-in-powershell-scripts.aspx

Office365 Developer Patterns & Practices/Office App Model Samples
http://officeams.codeplex.com/

TechNet Add-Type
http://technet.microsoft.com/en-us/library/hh849914.aspx

Credits & many thanks to

‘

Kimmo Forss, Microsoft

Jörgen Andersson, Xperta

All the contributors of Office AMS

Always, Mattias Gutke at CAG

Stefan Gossner, Microsoft (Blog) for that short and concise post written a few years back.

My love for putting up with me while solving this problem and writing this post!

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Information Rights Management in SharePoint Online

Hi folks, long time no blogging…

A lot has happened in my life since I last updated my blog, I switched jobs so I have a slightly new focus now in my workplace, it has shifted more against SharePoint Online and Office 365. Say what you want about the cloud service named Office 365 but Microsoft is determined…to make it work and piece by piece it gains in value.

One of the great things offered in Office 365 that is also part of the SharePoint Online offering, is Information Rights Management. Thru the use of the other cloud service Azure Rights Management Service (Azure RMS), real IRM protection can be offered to all SharePoint Online customers on the adequate subscription plan. There is still a lot to be done with the service, but as is, it is way, WAY better than nothing, which is what most people have available today in their current solution. IRM or RMS is available to all customers with an onpremises solution as well, but setting RMS up is a challenge for any administrator. In SharePoint online, you will have it up and running in a total of 5 clicks…(depending on what you count as a click…)

IRM – Its all about stopping unwanted access

And what is so great about this IRM, RMS or DRM you may wonder? A beloved child has many names (Old saying in Sweden), well…it is fantastic. IRM offers you the possibility to set a policy on documents (and email messages) that allows you to specify what the user may or may not do with the document, you may also specify exactly what user or grop may or may not read, write, print, download and so on. The really great thing with IRM is that even if you put a document on a USB drive and someone gets their hand on that USB drive, they still need to authenticate against the Azure RMS service before getting any access at all to the document, and even then, what you may do is controlled by the IRM policy. You are in Control of the data even after the document leaves your controlled environment…not bad huh?

So, how is all this greatness achieved you ask? Well, I will not go into all the magic behind the scenes in this post, but I will show you how you can do it yourself, in your current Office 365 tenant or if you prefer, in an evaluation tenant to avoid the risk of affecting your users (which is virtually impossible anyway but just as a precaution…and to make your bosses feel safe).
Lets get started, jump drectly to a section using the links below:

The complete guide to enabling IRM protection in a SharePoint document library	Jump straigt to the guide, a step by step on how you implement RMS and IRM protection in SharePoint Online.
Who gets access to RMS, license plans listed	Get the list of what subscription plan includes RMS and what does not.
What works and what doesn’t?	The cmplete list of supported OS’s and Applications that support Azure RMS and the ones that do no yet support Azure RMS.
About the IRM/RMS technology – How does it work, what does it do?	The functionality explained.
References/Links – Find the information online	Link to when you get all the info you need in the sometimes difficult Microsoft TechNet way…

–

The complete guide to enabling IRM protection in a SharePoint document library

This is done in four steps:
– Activate Azure RMS in the Office 365 administration portal.
– Activate RMS in SharePoint online
– Create and set a IRM policy in a document library
– Quickly verify your Information Rights Management

Step 1. Activate Azure RMS in the Office 365 administration portal.

1.1 Log on to your Offcie 365 tenant as a global administrator, go to the Office 365 admin center. You will find the shortcut in the admin dropdown.

1.2 The Office 365 admin center

1.3 Now select on the lefthand menu, service settings

1.4 In the top menu select ‘rights management’

1.5 Click on the link to Manage your ‘Azure Rights Management’

1.6 This is where you leave your Office 365 tenant, note the URL you now se in your browsers address field:

1.7 In Azure RMS you will be met by this text saying that yiou have not activated Rights Management yet.

1.8 In order to activate the RM feature, click on ‘activate’…DUH! Then click on ‘activate’ again…if you are absolutely sure…

1.9 Wait for it….

1.10 Now you should see this, A nice green checkmark telling you that Rights Managemen has been activated.

1.11 Done! Now you can move on with activating Rights Management in your SharePoint Online admin portal. The steps you have now taken makes the RMS service available in all parts of your Office 365 tenant, like in Exchange, SharePoint (and Lync).
(As you can see, you can lso make some additional configurations of RMS, for example you can create your own custom policys, fr some reason though, you are required to sign up for a separate Azure RMS suscription for this…the link to where you sign up is added to the page to make things simpler for you)

Step 2. Activate RMS in SharePoint online

2.1 Go to the SharePoint administration portal. Find the shortcut in the Admin dropdown.

2.2 In the lefthand pane, select Settings.

2.3 Scroll downto the section named ‘Information Rights Management (IRM)’

2.4 Under Information Rights Management (IRM), on the right side, select ‘Use the IRM service specified in your configuration’

2.5 Click on the ‘Refresh IRM Settings’ button. (Buttons…welll…maybe they are touch buttons?)

2.6 In ashort while, you will see the text ‘We successfully refreshed your settings’ below the button.

2.7 Done! This means that IRM functionality has been enabled in your SharePoint Online tenant and the IRM settings will now be available in SharePoint.

Note! If you have not previously activated IRM in your Office 365 admin portal, then you will see this massage instead:

If that is the case, simply go back to Step 1 in this guide and activate IRM in Office 365 first.

Step 3. Create and set a IRM policy in a document library

3.1 Go to a site in your SharePoint Online site collection of choice (can be the rootsite or a subsite), go to a document library (default is probably ‘Documents’).
Now, click on the ‘Library’ tab.

3.2 To the right in the ribbon, click on ‘Library Settings’

3.3 Click on ‘Information Rights Management’

3.4 This is the Information Rights settings for the current Document Library, what you change here will only affect this document library and the documents in it. Remember though, that what you change here will affect ALL documents in this library, in all folders, of all types. By default, IRM is disabled and has no affect at all.

3.5 What you see here, is only the name and the description and the activate button. In order to see more of the settings, click on SHOW OPTIONS. This offers all the settings that are currently available for a document library in SharePoint Online.
Start now by giving your policy a name and type in a description, this is what will be shown to the user, so its better to use a good explainatory description.

3.6 Click on ‘SHOW OPTIONS’. Configure what the policy is and what is allowed and what isn’t. For the sake of easily verifying the functionality, only configure that the document cannot be opened in a browser. In the first section, ‘Set additional IRM library settings’ check the box to prevent the documents from opening in the browser.

3.7 The two other sections has even more options, ‘Configure document access rights’…

3.8 …and ‘Set group protection and credentials interval’.

3.9 When you have configurd the policy like you want it, hit Ok.

3.10 Done! All document in your library are now protected uing the IRM policy you configred. THat IRM is used cannot be seen unless you have access to the IRM setting in the Library Settings. What a regular user can see, is the effect of the policy alone.

3.11 Whithout the policy activated you get a preview of the document(offered by Office Web Apps) and the option to view and edit in browser like below:

3.12 When the policy has been activated, you do not get any preview and the view and edit in browser options are gone.

3.13 You are now done, your document library is IRM protected using Azure Rights Management Service.

Step 4. Quickly verify your Information Rights Management

4.1 Upload a Word document to the document library. (Your document is now IRM protected)

4.2 Click on Edit, you should be prompted to download the document. Cancel the dialog.

4.3 Click on the three dots, you should see a notice that a preview is prevented by RMS.

4.4 You will also notice that the dropdown many does not offer any choice to open in browser or preview in browser.

4.5 Done!

Note: A good bestpractise is to Always verify that your IRM protection policy is activated and works as expected. Some settings must be tested using a Office client application andsome can be tested onin like in this scnario.

–

Who gets access to RMS, license plans listed

Licensing option	Office 365 Small Business	Office 365 Small Business Premium	Office 365 Midsize Business	Office 365 Enterprise E2Office 365 Education A2	Office 365 Enterprise E3Office 365 Education A3Office 365 Government G3	Office 365 Enterprise E4Office 365 Education A4Office 365 Government G4	Office 365 Enterprise K1	SharePoint Plan 2	Exchange Online Plan 2
Information Rights Protection (IRM)	No	No	No	No	Yes	Yes	No	No	No

Like you can see, far from all license plans include RMS.

In addition to the Ofice 35 subscptions that include RMS, there is also a RMS for individuals subscription that will allow a user outside of the organization to open and access IRM protected documents from an organizaton that uses IRM protection using RMS.

Note: If you have a subscription plan that does not include RMS, like a Office 65 E1 or E2, then you can get the RMS functionality as an add-on from Micosoft (Azure RMS Standalone). Talk to you account represenative or your LAR/license vendor. This optio cos a lot less than to upgrade to a E3 plan simply for the RMS functionalty.

–

What works and what doesn’t?

So, we wat to use RMS and IRM protection, but what is supported, can we use it whereever we want and whenever we want? No, you can’t…
There are some things that work and sometings that don’t work, I have tried to list them all blow, as time goes by, Micrsoft will most likely subtract from the No list and add to the Yes list *.

Implementation	Supports Azure RMS
Operating Systems
Windows 7 Professional SP0	Yes
Windows 7 Enterprise SP0	Yes
Windows 7 Ultimate SP0	Yes
Windows 7 Professional SP1	Yes
Windows 7 Enterprise SP1	Yes
Windows 7 Ultimate SP1	Yes
Windows 8 Pro	Yes
Windows 8 Enterprise	Yes
Windows 8.1 Pro	Yes
Windows 8.1 Enterprise	Yes
Mac OS X (minimum 10.7, Lion)	Yes
Mobile Devices
Windows Phone 8	Yes
Android 4.0.3	Yes
iOS 6.0	Yes
Windows 8 RT	Yes
Windows 8.1 RT	Yes
Applications
Office 365
Office Professional Plus 2013	Yes
Office Professional 2010 (With RMS addon)	Yes
Microsoft Office for Mac 2011	No
Microsoft Office for iPad	No
Microsoft OneDrive (formerly SkyDrive)	No
Microsoft OneDrive for Business (formerly SkyDrive Pro)	No (!)
Sharing Applications
Minimum OS version of Windows 7 Service Pack 1	Yes
For Mac OS	No
On premise Servers
Exchange 2013	Yes
Exchange 2010	Yes
SharePoint Server 2013	Yes
SharePoint Server 2010	Yes
Windows Server 2012 (FCI)	Yes
Windows Server 2012 R2 (FCI)	Yes

* I asume that all else not listed here does not support Azure RMS.

The RMS connector is supported on Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2.

–

About the IRM/RMS technology – How does it work, what does it do?

(This section is a direct quote from Microsoft, they actually have a pretty good short and to the point explaination here.)

What is Azure Rights Management:

Azure Rights Management lets you encrypt and assign usage restrictions to content when your organization subscribes to Microsoft online services. Rights Management helps protect content that is created and exchanged by using Microsoft Office as well as other applications or services that have been updated to integrate with the Rights Management service. By implementing a cloud-based rights management service, Rights Management provides an alternative for organizations seeking information protection capabilities within Microsoft Office 365.

Rights management provides the following:

Safeguards sensitive information
Applications and services such as Microsoft Office 2010 and Microsoft Office Professional Plus 2013, SharePoint Online and Microsoft Exchange Online are enabled to help safeguard sensitive information. Users and administrators can define who can open, modify, print, forward, or take other actions with the information. Organizations are provided usage policy templates such as “Company Confidential – Read Only” that can be applied directly to the information.

Provides persistent protection
Rights Management persists protection of file data when at rest and in motion. Once information is locked, only trusted entities that were granted usage rights under the specified conditions (if any) can unlock or decrypt the information.

Supports closer management of usage rights and conditions
Organizations and individuals can assign usage rights and conditions using rights management that define how a specific trusted entity can use rights-protected content. Examples of usage rights are permission to read, copy, print, save, forward, and edit. Usage rights can be accompanied by conditions, such as when those rights expire.

Integrates rights management with Office 365
Rights Management is integrated with SharePoint Online, Exchange Online, and other Office 2010 and Office Professional Plus 2013 applications to provide rights management functionality across the Microsoft Office suite.

–

References

Office 365 Information Protection using Azure Rights Management
http://blogs.technet.com/b/rms/archive/2013/11/11/office-365-information-protection-using-azure-rights-management.aspx

Set up Information Rights Management (IRM) in SharePoint admin center
http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/set-up-information-rights-management-irm-in-sharepoint-admin-center-HA102895193.aspx

Azure Rights Management
http://technet.microsoft.com/en-us/library/jj585024.aspx

Administering Azure Rights Management by Using Windows PowerShell
http://technet.microsoft.com/en-us/library/jj585027.aspx

Requirements for Azure Rights Management
http://technet.microsoft.com/en-us/library/dn655136.aspx

Cloud subscriptions that support Azure RMS
http://technet.microsoft.com/en-us/library/dn655136.aspx#BKMK_SupportedSubscriptions

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Using your document templates in SharePoint online

SP2013logo

Greetings SharePoint Online users!

This is the third in the Office 365 and SharePoint Online series.

1. Office 365 guide series – Create a new list from an Excel spreadsheet

2. Office 365 guide series – A guide to SharePoint Navigation using metadata

3. Office 365 guide series – Using your document templates in SharePoint online (This post)

This time I will explain how to:

Use Office templates within your SharePoint Online document libraries. In every organisation, or at least the majority, you talk about templates and you know that you have them, somewhere, but in the end, you and everyone else end up using an existing document and make changes, like you take an agreement from one customer and make changes to the numbers and customer names…would it not be nice if you could get everyone to use the same template? And if a change to the template affected everyone? Wouldn’t that be just smashing eh?

Now I’ll show you the easy steps you have to follow to just get started, We’ll use a simple word template in this example, but you can use any template that you allready have.

Note: In this guide, I will show the quick and easy method, in a later post, I wil show how to use Content Types wich will also allow you to use custom templates, but in a much more controlled way. A link to that post will be added here when that guide has been posted.

Start by locating a word template, or create one, add some info to the header with logo and company name and address maybe, and add something to the footer for example and save the file as a dotx file. Save it locally so that you easily can access it when we want to upload it to our SharePoint online. – I have created a simple letter template for the company DonkeyMind, with their logo and some additional info in it. I’ll use this in my step by step guide below. I saved this as letter.dotx in my ..\documents\DonkeyMind templates\ folder.

In a SharePoint Online site, now do this:

1.0 Upload the template file. This is not the easies thing to do, unfortunately Microsoft has choosen to make it a lot harder in SPO and SharePoint 2013 than it really has to be (Browse button from 2010 has been removed), unknown to me why. But this is how you do it:

1.1 Browse to your document library in SharePoit online, where you want to use your own custom document template.

1.2 Click the tab, Library. This will present the ribbon for you with the settings available for a document library.

1.3 In the ribbon, click on Open with Explorer

Note: The site URL has to be added to the ‘Local intranet sites’ or ‘Trusted sites’ with added logon automatically, if it isn’t, you will get a popup telling you that it will not work otherwise.

1.4 Click ok on the Internet Explorer Security warning

1.5 The library will now open in a Explorer window, in this windows you will see a folder named forms which is a bit greyed out.

1.6 Double-click on the folder forms, now you will see the following list of files

1.7 Now, in a separate explorer window on your computer, locate your saved template file (dotx)

Note: In my case, I stored it under ..\Documents\DonkeyMind templates\

1.8 Put the tw0 explorer windows side by side

1.9 Drag and drop the template file from your local folder to the SharePoint library forms folder

1.10 The file will now be uploaded to the SharePoint forms folder

2.0 When the file is uploaded ok, go back to your browser and the document library

2.1 Now, we need to change the template used from the default template.dotx to our own template, in my case, letter.dotx. Again, click on the Library tab.

2.2 Click on Library Settings

2.3 In the Library Settings dialog, click on Advanced settings

2.4 Locate the Document Template section

2.5 Change the filename in the Template URL to reflect your template files name

2.6 Click on OK

2.7 Click on Documents in the ‘breadcrumbs’ to go back to the library again.

2.8 Click on the Files tab

2.9 Now, on the New Document button, click on the dropdown and New Document

2.10 Press Yes in the dialog asking if you really want to open this file, because you do…

Note: Avoid this by changing the Trust Center settings in your Office applications.
1. Allow trusted locations on my network.
2. Add new location
3. Type in the https path to your SharePoint Online tenant
(See references for 2007 and 2010)

2.11 You may also get prompted for your username/email address for the Office 365 account. Type it in and press Next

Note: This dialog only shows up if you are not logged into your office applications using your Office 365 account

2.12 And Password…Sign in

2.13 The new document opens, based on the template

2.14 When you have types your letter and are done, simply press Save, this will show you the save as dialog with the path to the SharePoint document library at the top

2.15 Select that and type in a filename and save the file

2.16 You are done, use the New Documents button to create your standard letters based on the custom template, again and again.

3.0 Done!

Note: All the same steps apply in SPO as well as SharePoint 2013 onpremise, exept for the ‘add site URL to trusted sites’ issue. In an onprem situation the URL is most of the time already considered Trusted or Local intranet.

References

Learn how to set up a template for a library.

How to enable or disable hyperlink warning messages in 2007 Office programs and in Office 2010 programs
http://support.microsoft.com/kb/925757

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – A guide to SharePoint Navigation using metadata

SP2013logo

Greetings SharePoint Online users!

This is the second in the Office 365 and SharePoint Online series.

1. Office 365 guide series – Create a new list from an Excel spreadsheet

2. Office 365 guide series – A guide to SharePoint Navigation using metadata (This post)

3. Office 365 guide series – Using your document templates in SharePoint online

This time, I will explain how to:

Use Managed metadata and the termstore to control your Navigation.

‘

This is not as complicated as it may seem, the difficult parts have been taken care of by Microsoft when setting up the ManagedMatadata Service Application for us.

Navigation is part of the Publishing Infrastructure features in SharePoint, so in order to manage Navigation, the Publishing features must be activated. So if you do not already have it activated, lets do so now.
In your SharePoint root site: https://orgname.sharepoint.com (in my case I’m using a separate Site Collection for this https://blksthl.sharepoint.com/sites/donkeymind) do this:
1. Go to Site settings.
2. In Site settings, locate the column Site Collection Administration, click on Site collection features

3. In the list of Site Collection features, scroll down to the one called SharePoint Server Publishing Infrastructure

4. On the far right, click on Activate

5. Wait for it, it will take a little while and then it will to show that it is Active. Scroll to the top while waiting, there you will see the ‘Working on it twirl’…

6. Next step is to go back to Site Settings, and locate the category Look and Feel and there you now have Navigation.

7. Click on Navigation.
8. The Navigation settings will by default be configured to use Structural Navigation

Note!
You have the same choice for both the Global Navigation (Top) and the Current Navigation (Left)
In this guide, we will focus on the global, but in order to manage the current navigation follow the same steps.

9. We want to change the Global Navigation setting to Managed Navigation as below.

10. Scroll down a bit past the Current Navigation setting to the area called Managed Navigation: Term set
11. Here you will see your Term Store content

12. Expand the Taxonomy node, and you will see the shared terms and the site collection specific node, in my example: Site Collection – blksthl.sharepoint.com-sites-donkeymind

13. Click on the button Create Term Set and a termset for your navigation will be created.

14. In the Term Store tree you will also see a new node:

15. This is were your navigation entries will be stored. Next we will go to the Term Store Management Tool to start on our new navigation.
16. Before you do, notice the setting below the term windows, these settings will allow you to control what happens when new pages are created.
17. Make changes if you want to, I’ll just leave them as is, I will be creating subsites, not pages.

18. Now, click on the link to the Term Store Management Tool

19. or if you go via Site settings, find the Site Administration Category

20. Click on Term store management
21. In the Term Store Management Tool, you will same as before, see some shared metadata and a site collection node.
22. Expand the site collection node, now you will see the Navigation node we just created.

23. In this example, I will add an entry to the global navigation that is for a subsite I have created, named SubDonkey. It will only be one entry in the navigation and that will open my subsite SubDonkey.
24. Right-click on orgname Navigation

25. Click on Create Term
26. Type in the name of the term, use the same name as you want to show up in the Navigation when done, in my case I named it SubDonkey, hit enter
27. A new empty termlabel will show up but simply click on the new term to make it go away.

28. When the new term is selected, you get a list of choices and configurations you can make.
29. You can here type in a description, add a second label, language and some more. Let this page be as it is.
30. Now click on the tab Navigation

31. This brings up a new page of navigation specific settings.

32. In here, I’m making a few modifications.
33. I add a Navigation Hoover Text: Take me to the SubDonkey.
34. I set Visible In Menus to: Show in Global Navigation Only (deselect the show in current)

35. I select Simple Link or Header, I hit browse and locate my subsite

36. select the icon for the subsite, like in my case, SubDonkey.

37. Click on Insert at the bottom right.

38. Verify your navigational settings for the new node. When done, hit the Save button.

39. Now you are done, go to your rootsite to verify the result.

40. Note the SubDonkey Navigational link with the Hoover Text showing (Mouse is over in image).
41. Repeat the steps 20 to 40 to add more terms and new nodes to your navigation.

Note!
Do not be afraid of trying new things, link to pages, to external sites, you can always delete the node if you don’t like the result.

42. Done!

‘

Note: All the same steps apply in SharePoint Online as well as SharePoint 2013 onpremise, you will need to first configure the Managed Metdata Sevice Application before any of these steps can be performed though.

‘

References

‘

None so far 🙂

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Create a new list from an Excel spreadsheet

SP2013logo

Greetings SharePoint Online users!

This is the first in a series of Office 365 and SharePoint Online guides primarily aimed at users and power users, my aim with these guides is to show in an easy to grasp way, how you do a few relatively easy but important tasks in SharePoint Online/Office 365. Tasks that will give you a lot of functionality with relatively little effort. Since a lot have been covered already for SharePoint onprem in blogs and other online documentation like TechNet, but not specifically for Office 365 or SharePoint Onlne, I feel that there is a gap to fill here.

1. Office 365 guide series – Create a new list from an Excel spreadsheet

2. Office 365 guide series – A guide to SharePoint Navigation using metadata

3. Office 365 guide series – Using your document templates in SharePoint online

This first time, I will explain how to:

Create a new custom list from an existing excel spreadsheet
This task is simple if everything goes smoothly, but if you have never done it before, or if you have tried but got stuck on any of the little hickups you may encounter, then this may be the perfect guide for you.

– Start by creating your Excel spreadsheet. Make sure that it is a xlsx file. You may also use an existing spreadsheet with your listdata, copy from an old file, save another format as xlsx.

In the spreadsheet, follow the following rules to get a good result:
– Make sure that you do not have any empty column headers between columns. This will cause all headers to be imported as row 1 instead of beeing headers, new column headers will be created as 1, 2, 3 and so on.
– Keep the spreadsheet ‘clean’, remove empty rows, empty columns and any text above the header row and to the right or under of the table or cell range.
– The first column to the left will be the default edit field in the SharePoint list. Make sure that it has values on all rows.
– For best result, avoid formulas with calculated values.
– Use Excel 2013.

In a SharePoint Online site, do this:
1. Decide on a name for the list, it will be the URL and name of the list.
2. Go to the ‘cogs’/Settings and select Add an app

3. You will now see a list of all available apps (installed)
4. Search for Import or scroll down until you find the app called Import Spreadsheet
5. Click on Import Spreadsheet

6. Type in the Name of the new list
7. Type in a optional Description
8. At the File location field, click Browse…
9. Browse to your xlsx file on your computer
10. Click on Import

11. The Import Wizard starts, by default, the Range type is set to Table Range
12. Change this to Range of cells
13. Click in the Select Range field
14. In the Spreadsheet, select the top left cell and then make sure that you select the entire table of data you want imported
15. It should now read something similar to: Sheet1!$A$1:$G$400 (top left : bottom right)

16. Now you click on Import
17. You may now get a logonprompt from Excel, enter the emailaddress for the SPO account and click next
18. Enter the account password and click on Sign in
19. Excel will now create the list and start importing the data, you will see a little progressbar at the bottom of the Excel application.
20. When the import is done, the new list will open and you will see the columns from the top

Note: You may note sometimes that a ‘mailto:’ has been added to the email column values.

This is added in excel but hidden when a cell is formatted as an email address. In the example above, note that the first row has the value of ‘Email’ which made the list field be formatted as single line of text instead of email.
The trick is most of the time to make sure that all fieldvalues in a column are consistent in format. One cell with a different format will cause the entire column to get a different formatting.

21. Done!

– You may now want to add a link in the left hand navigation to the list. Check the url in the addressbar of IE and copy it.
– Click on EDIT LINKS
– Click on +Link
– Type in the Text to display (will be seen in the navigation), for example ‘Contacts’ and paste the URL into Address
– Click OK
– Try the link out to make sure
– Done! (Again)

Error list

1
You get ‘The specified file is not a valid spreadsheet or contains no data to import’
When: When you browse to your Excel spreadsheet and click Import
Fix: Add site URL to trusted sites in Internet Explorer, it has to be in either trusted sites or Local Intranet sites.

2
A new header row is created instead of the headers I got (Column1, Column2, Column3…) and the headers becomes values if the first datarow
When: You have one or many empty headers in your cellrange
Fix: Remove all columns with blank headers, or add a value to them, this is only within your cell span.

3
If you get the error, ‘An unexpected error has occured. (-2147467259)’
When: Something is wrong with the SPO User session you have open
Fix: Sign out of your SPO session, close all IE windows, Close Excel – logon again to SPO, Add app…same procedure as last time.

4
Very large files, field data types get wrong, you expect Single line of text but get Multiple lines of text
When: The cellrange probably contain one or more ‘special’ values that is interpreted by excel/SPO as something else than it is.
Fix: With large files, create a new excelfile with only header and one row, make sure that the header row or the data row do not contain any value or characters out of the ordinary. Then, copy paste the rest of the rows in quick edit or datasheet view.

5
The wrong Column becomes the default edit column with the ‘…’ for the edit dropdown meny.
When: The column you want to use for default edit is not the first from the left.
Fix: First column will be the default edit field with the …make sute the Cell range starts with the top left cell.

‘

Note: All the same steps apply in SPO as well as SharePoint 2013 onpremise, exept for the Excel logon prompt and the ‘add site URL to trusted sites issue. In an onprem situation the URL is most of the time already considered Trusted or Local intranet.

References

None so far 🙂

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Fixing the ScriptResource.axd Errors 500 Internal Server Error

ASP.NET Ajax client-side framework (ScriptResource.axd) failed to load.
The status code returned from the server was: 500
Status: 50 The request is not supported
An unknown error occurred while processing the request on the server
asp.net ajax client-side framework failed to load
or

Greetings SharePoint geeks!

The problem
This post is purely created from a little peice of reality. I just experienced this issue myself in a SharePoint setup published externally thru TMG.

It is not entirely easy to troubleshoot, with quite a few components involved, however, I managed in the end and I will here also give you a few hints on how to go about t-shooting something like this.
Anyway, the circumstanses look like all or some of these:

– An internal SharePoint webserver (sp01)
– A TMG 2010 Server connected to the internal network and the internet, used for many more services than SharePoint
– A Web Application, CollabSite, published using a Firewall policy (from the SharePoint publishing wizard)
– A MySite Web Application also published using the same wizard but a separate policy.
– Both sites are configured to only use https/SSL with a certificate issues by an internal CA.
– An external DNS record pointing both URLs to the eexternal interface of the TMG server.
– Internal DNS records also Points to the external interface of the TMG

When connecting to the sites, mysite.domain.com or collabsite.domain.com from a client on the internet. The site prompts for authentication, the site loads…almost…a popup appears that states:

‘asp.net ajax client-side framework failed to load’

The dialogbox popup

Most of the site loads, you see the blue banner at the top but nothing more.
Reloading the site does not give you the popup again, but soads the site without any of the AJAX functionality, like the ribbon and buttons in the top right area. The ribbon will on some pages show up but it only shows the ‘working on it’ twirl instead of the tools/buttons you would expect.

I will here describe why this happens and how you fix it. But first, I will give you a short version…

Short version
1. SharePoint/IIS offers the ScriptResource.axd files in a compressed format
2. TMG cannot inspect compressed files unless Compression filter/http Compression is enabled
3. Enable the ‘Compression filter’ in TMG under the ‘System’ node
4. Apply, done!

Long version
First we look at what is requested and what is delivered. I use IEs built-in F12 Developer Toolbar, IE later than IE9 will have a Network tab and this allows you to trace the traffic. Same thing if you use Firebug/Fiddler or Wireshark, whatever is available. Browse to the failing site, press F12 and select the Network tab. Here you click on the ‘Start Capturing’ button

This causes IE to collect and show all traffic coming to and from the browser.

The two /ScriptResource GET statements are what fails. This is all that is needed to stop all AJAX functionality, now we know that it has to do with something we do not get down to the browser ok, but why is that, how do we fix it? We need more info to be able to answer those questions.
We can get a bit more info from IE still, select one of the GET lines and click on ‘Go to detailed view’ to see more about the issue.

We get some more info here but not really something that tells us what is going on.

I now tried the same thing from a client on the inside, I added an entry to the local hosts file and added the url and pointed it directly to the IP address of the SharePoint Web Server. With this setup the problem is gone. What this tells me is that the problem is most likely something to do with TMG and how that is configured. Lets take a look.
Logon to the TMG server, make sure that you have permissions to manage TMG.

Since the site at least loads, we have toi assume that https and the publishing in general works as expected. It can’t be all bad.
You will find the logs by clicking on ‘Logs and reports’ in the left pane on TMG.

First add a filter, it should include a filter for:
‘Log record type’ = Firewall or Web Rule
‘Log time’ = Live
‘Action’ != Connection status
‘URL’ contains collabsite (Something that will identify the traffic to your site)

Now, you need to start a Query.
Click on start Query, Then go to your browser with the failing site and refresh the site again.
This should give you something like this in the TMG log

You get a few more pieces of info, but still no real answer to what is wrong…now..it is time.
Now we give up and ask a friend like I did or Google/Bing up this blog post.
Apperantly, this is due to SharePoint ‘offering’ these scriptresource.axd files, which by the way are files that do not exist, they are virtual…anyway, the files are offered in a compressed form, and when TMG is not configured to use compression, it can’t handled files beeing offered in a compressed format, at least that is a more or less accurate explaination to the what happens.
To soolve the issue, yup, it is easy.

Note! DO not make any Changes to the TMG if it is used in production, most Changes made will or can affect the functionality of other applications than SharePoint. Do this when it fits.

In TMG, go to the system node in the leftpane

Locate the Filter named Compression Filter and right click, Enable. It has to be enabled in order for TMG to ‘undersdtand’ compressed files…

Now, make sure that the filer shows an enabled state

You might Think that the Compression filter is now enabled…but no. You have to apply the Changes to TMG first, do this by clicking on the Apply button

The Apply/Discard buttons show app after you have made any change to anything in TMG. Obviously, Discard does nothing and does a reset on all Changes you have made, Apply makes it real. The Changes are commited.

Now. You should be ok. Check again in the browser. To be 100% sure, Close the browser and start a new one, browse to the address and logon if you have to.
Click on F12, Networking, ‘StartCapturing’ and refresh the browser.

Now, as you can see, the ScriptResource.axd files load ok with a 200 back from IIS. Test functionality and you will see that you have full AJAX functionality restored!

Failed Connection Attempt
Log type: Web Proxy (Reverse)
Status: 50 The request is not supported.
Rule: Sharepoint
Source: External (10.0.0.10:5656)
Destination: Local Host (collab.internal.domain.com 10.0.0.2:443)
Request: GET http://sp01.domain.com/ScriptResource.axd?d=j1ZhaacmuTdtaXKJmCKiL5N9BhFaiHjoyTepROfiG-dsvaranCGsbhWSAJThJOqErvtnV3f3JK-eai_4uSJCTTsp5WYkDzemQHrfpRrKq-8pIRNncb_vHcHCmvp1E9WFzbrvgUHEnQm3_A6TBJte_EfSWNQReBfix-6dygtTl0aL7MpGhhWiHQWrWzz1Cixd0&t=6119e399
Filter information: Req ID: 1658eda1
Protocol: https
User: Anonymous

Allowed Connection SERVERNAME DATE
Log type: Web Proxy (Reverse)
Status: 200 OK.
Rule: Sharepoint
Source: External (10.0.0.10:5656)
Destination: Local Host (sp01.internal.domain.com 10.0.0.2:443)
Request: GET http://sp01.domain.com/ScriptResource.axd?d=NPjpKZ25gaaa-UUxeA8GUGfiRsyQ0pvhyH-cklhXQDb_uZT9hy-ZNDagl3Gq5QHfhXPAOU_Ngxhu5H5qxWSnmMDCX-IUhKwtH01F785ZmXZ82_V3aeC5wX4aXxARfov8ZzG-FFwXtesO2xApQUCazxU3-FfqQL1NCZqTLM2ttQQhILR1azFbosx9-RCON3JR0&t=6119e399
Filter information: Req ID: 0670e57f
Protocol: https
User: anonymous

References

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Function to resolve a users OneDrive for Business URL

References and Credits

Credits & many thanks to

Verify if a provisioned OneDrive for Business site was provisioned.

‘

‘

Example 1

Example 2

References and Credits

Credits & many thanks to

Provision OneDrive for Business using only PowerShell.

Quickguide

The detailed Guide:

1. Download

2. Get the assemblies

3. Run the script

4 Executing the provisioning code

5. Done! Verify….

‘

Possible errors

References and Credits

Credits & many thanks to

The complete guide to enabling IRM protection in a SharePoint document library

Who gets access to RMS, license plans listed

What works and what doesn’t?

About the IRM/RMS technology – How does it work, what does it do?

References

References

References