Set PeoplePicker via PowerShell, multiple domains.

PowerShell is much, much easier than the old stsadm.

To see the present settings:

$wa = Get-SPWebApplication -Identity https://your.website.something
$wa.PeoplePickerSettings.SearchActiveDirectoryDomains

—–
$wa = Get-SPWebApplication -Identity https://your.website.something
$ad = New-Object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
$ad.DomainName = “domainA.com”
$ad.IsForest = $true
$wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($ad)

$a1 = New-Object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
$a1.DomainName = “domainB.com”
$a1.IsForest = $true
$wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($a1)

$wa.Update()

Search Host Controller hung on “starting” in SharePoint 2013

Search Host Controller stuck in state “starting” – SharePoint 2013

After installing SharePoint 2013, if the Search Host Controller is stuck in state “starting”, try the following powershell:

$SS = Get-SPServiceInstance Where {$_.Status -like “Provisioning”}

$SS.Unprovision()

 

$SS.Provision()

 

SharePoint 2013 – Databases running in compatibility range

I ran across this a while ago, after having updated a customer’s SP 2013 to March 2012 PU.

The affected db was the BusinesDataCatalogDB which didn’t get the update even after running:

“PSConfig.exe -cmd upgrade -inplace b2b -force (-cmd applicationcontent -install -cmd installfeatures)”

According to the link you get in CA, the solution is to upgrade the SQL server to SQL 2008 R2 – well, guess what MS and your amazing built-in so-called Help”: It’s a SQL 2012! So what to do?

The solution is:

(Get-SPDatabase | ?{$_.type -eq “Microsoft.SharePoint.BusinessData.SharedService.BdcServiceDatabase”}).Provision()

User Profile Sync across a One-Way Trust – This one in English

User to run profile sync from trusted/remote domain: add to local admin group.
AD Users & Computers: find computerobject – allow to authenticate above user.

Config People Picker across one-way trust for CA, so you can add it as Farm Administrator:
stsadm -o setapppassword -password WHATEVER
stsadm -o setproperty -url http://URL for CA -pn peoplepicker-searchadforests -pv “forest:BLA.DK.LOCAL; forest:REMOTE.FOREST.DK,domain\username,password
Add remote profile user to Farm Admins group
Run SharePoint Powershell Add-SpShellAdmin <above user>

Log in locally to server as remote profile user
Run SharePoint Powershell $credentials = Get-Credential – Fill in the login box
New-SPManagedAccount –Credential $credentials

Provision User Profile Sync According to Spence Harbars brilliant guide – Set up Service App to run using the remote profile user managed account you just created.

Start FIM SSM (C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe)
Go to Management Agents screen, right click [SYNCHRONIZATION CONNECTION NAME] and select Properties
Go to Configure Directory Partitions and uncheck the directory partition beginning with CN= – NOTE ITS POSITION ON THE LIST, I.E is it first, second etc – YOU NEED THIS LATER!
Click OK to close Properties window
Again, right click on [SYNCHRONIZATION CONNECTION NAME] and select Configure Run Properties…
On DS_FULLSYNC, DS_DELTASYNC, DS_FULLIMPORT, DS_DELTAIMPORT, delete step for the directory partition you unchecked. NOTE! You must only remove the step for the directory partition you removed earlier on bullet 3. I.e., if the removed directory partition was 3rd on the list, you should delete 3rd Step.
Click OK
Re-run profile synchronization from Central Admin

Find ApplicationPool bruger OG password – DERFOR skal man benytte Least Privilege modellen!

Det er i den grad ikke tilrådeligt at benytte en administratorkonto til at køre sine application pools. Hvis man er så snedig kan alle der kan finde ud af at starte en elevated command prompt, finde username og password:

C:\Windows\System32\inetsrv\appcmd.exe list apppool -config

Jeps! Det står i Clear Text.

Så lad dette være en advarsel til alle de wanna-be hosting folk derude.

Opsætning af User Profile Sync i SharePoint 2010.

Du har fået din SharePoint 2010 farm op og køre, og nu vil du gerne sætte brugerprofilsynkronisering op eller som det hedder på SharePoint’sk: User Profile Sync.

Det absolut første du skal sørge for er, at du er logget ind som Farm Accounten, altså den der i SharePoint hedder System Account (også kaldet SP_FARM hvis man læser TechNet artikler). Det er underordnet hvor mange rettigheder din sædvanlige administratorkonto har: du SKAL benytte Farm Admin kontoen, ellers vil det aldrig komme til at fungere rigtigt. Dette har kostet mig størstedelen af en (meget lang) dags arbejde at indse, så nu er du advaret.  Selv om det er imod alle anbefalinger og Very Bad Practice, så husk at melde Farm Admin kontoen ind i lokaladmin gruppen på serveren inden du fortsætter. Du kan altid melde kontoen ud af gruppen igen når du er færdig – og jeg vil på det kraftigste anbefale at du gør det. Jeg vil ikke komme ind på hvorfor det er Very Bad Practice – det er der skrevet utallige artikler om i forvejen.

Når du så har logget ind på serveren som System Accountvil jeg klart anbefale at tage et grundigt kig på Spence Harbars blogindlæg, “Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization” http://www.harbar.net/articles/sp2010ups.aspx – hvis du følger den, kan du have din User Profile Sync i luften på et par timer. Bevares, det er en lang guide, men tag den tid det tager at køre den igennem og du vil komme ud på den anden side, uden væsentlige ar på sjælen.

Inden du går i gang vil jeg anbefale at du har noget godt læsestof med i tasken (eller på din ebogslæser, tablet osv.) – du kommer til at sidde og vente et godt stykke tid undervejs. Det forklarer Spence også i guiden. Så hvad venter du på? Snup en bog, hop over til Spence’s blog og så er det bare igang.