user | Bugra Postaci's Blog

Getting Last Accessed user for a SharePoint Site

02/04/2013 Leave a comment

Assume that you would like to get last accessed users for a specific site or web in SharePoint. The correct approch is creating a custom IIS Module to get update statistics by every request. If you dont want to do that there you may alternatively use following method.

But we have some conditions:
1) Usage and Health Data Collection Service Application is running.
2) And Microsoft SharePoint Foundation Usage Data Import job running in a small interval (one hour maybe). (Because the data first stores in a Usage file in file System and when the timer job has been executed that data transfered to you Logging Database) Thats mean it is not real time. (If you would like a statistics in real time i suggest that use a custom IIS module)

Than you can search the last 5 accessed user from SQL Server Management Studio by quering Logging Database Server (It would be delayed by interval of Import Timer Job)

Declare @serUrl as nvarchar(MAX), @sitUrl as nvarchar(MAX) , @wUrl as nvarchar(MAX)
Declare webcursor CURSOR FOR select serverurl,siteurl,weburl from RequestUsage group by ServerUrl,SiteUrl,WebUrl
Open webcursor

FETCH NEXT FROM webcursor INTO @serUrl,@sitUrl,@wUrl
WHILE @@FETCH_STATUS = 0 
BEGIN
PRint 'ServerUrl: ' + @serUrl + ' Site Url:' + @sitUrl +  ' Web Url:' + @wUrl
select Top 5 LogTime, UserLogin,ServerUrl,SiteUrl,WebUrl from RequestUsage 
where ServerUrl = @serUrl and SiteUrl = @sitUrl and WebUrl =  @wUrl
--Dont Forget to Exclude SharePoint\system , Central Administration Web Site, Crawler Account, And Timer Service Account for correct results.
and ServerUrl <> 'http://contoso.com:32843'  and UserLogin <> 'SHAREPOINT\system' and UserLogin<> 'Contoso\Crawler'
order by LogTime desc 
FETCH NEXT FROM webcursor INTO @serUrl,@sitUrl,@wUrl
END
CLOSE webcursor
DEALLOCATE webcursor

Filed under Sharepoint Tips & Tricks Tagged with Accessed, Analytics, Health, Sharepoint, TimerJob, user

Failed to create the Pages library – SharePoint 2010

21/04/2012 1 Comment

When try to create a new site ( Publishing Site ) under your site collection Event log message was: ‘Failed to create the ‘Pages’ library.’.
Exception was: ‘Microsoft.SharePoint.SPException: User cannot be found.
at Microsoft.SharePoint.SPUserCollection.get_Item(String loginName)
at Microsoft.SharePoint.Workflow.SPWorkflowNoCodeSupport.LoadWorkflowBytesElevated(SPFile file, Int32 fileVer, Int32& userid, DateTime& lastModified)

the error caused by the user who created the latest revision of the workflow no longer exists in the site collection.

1) Download and install Sharepoint Designer 2010 if you already do not have it on your system.
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16573

2)In Sharepoint Designer, please open the root web

3)Go to All files > _Catalogs> wfpub

4)Check out and then Check in all Publishing Workflow configuration files:

5)De-activate and re-activate the publishing Feature from Site Settings

Important: Please proceed with a full farm backup before proceeding with this . It would also be beneficial for your users if you could implement the action plan outside of your regular business hours.

Filed under Sharepoint 2010 Tagged with Feature, Library, Pages, Publishing, SPS2010, user, wfpub

Sharepoint 2010 How to give “Replicate Directory Changes” permission to User Profile Sync Account

28/03/2012 2 Comments

in Technet sometimes is getting hard to find what you are seeking because of it separated more than one article. So i decided that create and collect in one article for this issue for easy share. As you know the synchronization account for a connection to Active Directory Domain Services (AD DS) must have the following permissions:
Before do apply this permissions you already decided which account is your user profile sync account and needless to say it must be an AD account .

1) It must have Replicate Directory Changes permission on the domain that you will synchronize with.
Important: The Replicate Directory Changes permission allows an account to query for the changes in the directory. This permission does not allow an account to make any changes in the directory

To grant Replicate Directory Changes permission on a domain:

On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
On the first page of the Delegation of Control Wizard, click Next.
On the Users or Groups page, click Add.
Type the name of the synchronization account, and then click OK.
Click Next.
On the Tasks to Delegate page, select Create a custom task to delegate, and then click Next.
On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then click Next.
On the Permissions page, in the Permissions box, select Replicating Directory Changes (select Replicate Directory Changes on Windows Server 2003), and then click Next.
Click Finish.

2) If the NetBIOS name of the domain differs from the fully qualified domain name, the synchronization account must have Replicate Directory Changes permission on the cn=configuration container

To grant Replicate Directory Changes permission on the cn=configuration container:

On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
If the Configuration node is not already present, do the following:
1. In the navigation pane, click ADSI Edit.
2. On the Action menu, click Connect to.
3. In the Connection Point area of the Connection Settings dialog box, click Select a well know Naming Context, select Configuration from the drop-down list, and then click OK.
Expand the Configuration node, right-click the CN=Configuration… node, and then click Properties.
In the Properties dialog box, click the Security tab.
In the Group or user names section, click Add.
Type the name of the synchronization account, and then click OK.
In the Group or user names section, select the synchronization account.
In the Permissions section, select the Allow check box next to the Replicating Directory Changes (Replicate Directory Changes on Windows Server 2003) permission, and then click OK.

3) If you will export property values from SharePoint Server to AD DS, the synchronization account must have Create Child Objects (this object and all descendants) and Write All Properties (this object and all descendants) permissions on the organizational unit (OU) that you are synchronizing with.

To grant Create Child Objects and Write permission:

On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
If the Default naming context node is not already present, do the following:
1. In the navigation pane, click ADSI Edit.
2. On the Action menu, click Connect to.
3. In the Connection Point area of the Connection Settings dialog box, click Select a well know Naming Context, select Default naming context from the drop-down list, and then click OK.
In the navigation pane of the ADSI Edit window, expand the domain, expand the DC=… node, right-click the OU to which you want to grant permission, and then click Properties.
On the Security tab of the Properties dialog box, click Advanced.
In the Advanced Security Settings dialog box, select the row whose value in the Name column is the synchronization account and whose value in the Inherited From column is <not inherited>, and then click Edit. If this row is not present, click Add, click Locations, select Entire Directory, click OK, type the synchronization account, and then click OK. This adds the appropriate row, which you can now select.
Important:Do not select the row for the synchronization account that is inherited from another location. Doing so would only enable you to apply the permissions to the OU and not to the contents of the OU.
In the Permission Entry dialog box, select This object and all descendant objects from the Apply to box, (select This object and all child objects on Windows Server 2003), select the Allow check box in the rows for the Write all properties and Create all child objects properties, and then click OK.
Click OK to close the Advanced Security Settings dialog box.
Click OK to close the Properties dialog box.
Repeat steps 3 through 8 to grant permissions on any additional OUs.

For default configuration, i mean if you just read from Active Directory and not planning to export , you may need to apply just first 2 permission.
If you want to test that 2 permissions are correct you can use fallowing script described fallowing article.
http://blog.bugrapostaci.com/2011/04/27/checking-replication-directory-changes-for-account-by-powershell/

For more information please read:
http://technet.microsoft.com/en-us/library/8451dde9-bbd1-4285-bc24-71bd795fb912
http://technet.microsoft.com/en-us/library/0eeb69e0-c799-4da1-b3ec-c0cc4efd585e

Filed under Sharepoint 2010 Tagged with Account, Active, AD, ADSI, Changes, CN=Configuration, Directory, Grant, Permission, Priviledge, Profile, Replicate, Syncronization, user

Could we create a second User Profile Service Application ?

07/02/2012 Leave a comment

Yes you can but ,
If you have only one server in your farm you can use just one User Profile Service Application (UPA) in this server because the windows Service of User Profile Syncronization Service just configurable only one UPA. So if you have more than one sharepoint server in your farm for example 3 server; you can create more than 3 UPA but you can only syncronize 3 of them.

For Another scenario, i assume that you have only one server and already provisioned one UPA and configured the syncronization connection. After adding second UPA as you know you can not able to add any Sycronization connection for Second UPA . But if you stop CA-> Services On Server -> User Profile Syncronization Service and restart it will prompt you to select UPA options mean you can change the relation for specific UPA . Still only one UPA can able to sync for one server.

Filed under Sharepoint 2010 Tagged with Application, Profile, provision, second, Service, Sharepoint, Syncronization, UPA, user

Create all users’ personal site via Powershell script – Sharepoint 2010

03/10/2011 2 Comments

#PowerShell Script - Create All Users Personel Sites - SharePoint 2010 #The scripts is distributet "as-is." Use it on your own risk. 
#Add SharePoint PowerShell SnapIn if not already added if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin "Microsoft.SharePoint.PowerShell"
}

[Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")

$mysiteHostUrl = "http://my"
$personalSiteGlobalAdmin = "DOMAIN\padm"
$personalSiteGlobalAdminNot ="padm@bugrapostaci.com"
$personalSiteGlobalAdminDisplayName = "Personel Site admin"
$mysite = Get-SPSite $mysiteHostUrl

$context = [Microsoft.Office.Server.ServerContext]::GetContext($mysite)
$upm =  New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context)

$AllProfiles = $upm.GetEnumerator()

foreach($profile in $AllProfiles)
{

    $DisplayName = $profile.DisplayName
    $AccountName = $profile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::AccountName].Value
       #Add your restrictions for users.        if($Accountname -like "YourDomain*")
       {
          if($profile.PersonalSite -eq $Null)
          {
               write-host "Creating personel site for ", $AccountName
               $profile.CreatePersonalSite()
               #Adding an extra admin for personel sites                $pweb = $profile.PersonalSite.OpenWeb()
               $pweb.AllUsers.Add($personalSiteGlobalAdmin,$personalSiteGlobalAdminNot,$personalSiteGlobalAdminDisplayName,$null);
               $padm= $pweb.AllUsers[$personalSiteGlobalAdmin];
               $padm.IsSiteAdmin = $true;
               $padm.Update();
               $pweb.Dispose();
               write-host "Personal Site Admin has assigned"
          }
          else
          {
               write-host $AccountName ," has already personel site"
          }
   }
}
$mysite.Dispose();

Filed under Sharepoint 2010 Tagged with Create, mysite, Personal, PowerShell, Profiles, Site, user

← Older posts

Bugra Postaci's Blog

Getting Last Accessed user for a SharePoint Site

Failed to create the Pages library – SharePoint 2010

Sharepoint 2010 How to give “Replicate Directory Changes” permission to User Profile Sync Account

Could we create a second User Profile Service Application ?

Create all users’ personal site via Powershell script – Sharepoint 2010

About Me

RSS Register

Search

Inside my brain

Categories

Top Posts

My Recents

Archives

Follow “Bugra Postaci's Blog”