Saturday, May 14, 2016

Active Directory Group Polices for SharePoint farm and SharePoint Installation.

As SharePoint consultant, we rarely check with AD GPO that is essential for services that SharePoint service to function. In my earlier blog post, I had described that how you can clear the SharePoint cache for timer service or search service or for fixing the SharePoint designer.

Problem:

We are implementing new SharePoint farm and following a typical SharePoint farm setup. We noticed that timer service is keep on stopping every day. The SharePoint logs and event viewer showed error but not much information. Our frustration peaked as we checked everything that is related to SharePoint farm. We found that there was no problem with SharePoint set up.

Solution and Fix:

STEP1:
--------------------------------------------------------------------------------------------------
A small primer about Active Directory Group Policy.

Group Policy:  It’s basically a Widows feature (2008, 2008R2, 2012, 2012R2 etc.) and an Active Directory. It allows us to centrally manage all the configuration for users and computers. It is a setting to define configuration centrally to the farm. You can define multiple group policy settings as per requirement in Group policy object.

Group Policy Object (GPO): You can apply GPO to specific scope to servers such as SharePoint servers.

Note:

a) It has be noted that you made to any settings, it will cascade down to all the servers as defined in your group policy.
b) GPO is pushed out on regular basis (for e.g. every 1 hour), and therefore it may overwrite any settings changes. It was exactly happening to us. The SharePoint timer service was keep on stopping every day primarily due to GPO.
c) It is not well documented in SharePoint literature and please refer to this for more information.
-------------------------------------------------------------------------------------------------
For troubleshooting failure for more than four weeks, we checked with our AD team. A SP_Group exists in Active Directory during the investigation.
1.      All SharePoint service services accounts (sp_farm, sp_admin, sp_userprofile, sp_crawl, sp_sql) have be added to this AD SP_Group group.

2.      When you add all service accounts for the SP_Group. then AD GPO settings are applied automatically.

3.      Verify if SP_Group on Windows Servers (for SharePoint) security settings applied on Local Polices / User Rights Assignment
a.      Log on as a batch job  
b.      Login on a service
c.      Replace a process level token
STEP2:

1. Next step is to apply GPUPDATE to all the SharePoint servers including SQL Server (just to be safe).  GPUpdate basically refreshes local and Active Directory-based group policy settings.

2.  Restart the SharePoint timer services for all SharePoint servers.

3. You can also get all the Group Policy information as a report. Execute following command prompt as Run As admin and SP_FARM account:

C:/Temp/sp_farm> gpresult /h C:\\temp\ADReport.html

I hope this blog post is useful for you.

Please comment if this blog post is helpful.

--aaroh :) 


References:
1.      Social MSDN Wiki
Use Group Policy to Control SharePoint Installations

Sunday, May 8, 2016

Update correct User Profile Information in SharePoint 2010


Background: 

While working on a SharePoint 2010 User Profile issue, the User Profile Synchronization service was stopped a year ago and new employees are shown as contoso\<AD ID User> and not full name such as Aroh Shukla. However, the user profile in SharePoint 2010 is still shows full user name,

Approach and FIX:

Fix requires two steps.

STEP 1:


In my previous blog post, we first need to check the user profile list which is a hidden list.

User Information List: 

Each site collection as has a hidden list called as user information list. This list is stored in a table in the content database and exists in each site collection. A user is added to the list when he accesses the site for the first time.

 It’s a hidden list and can be accessed only for administrators (Farm Account) via this URL:
http://sp2013/sites/_catalogs/users/simple.aspx or
http://sp2013/sites/_catalogs/users/detail.aspx


SharePoint stores this user information at two places:
a) User Profile Store and
b) Site collection 

and SharePoint uses this information in sync using two timer jobs:

A) User Profile to SharePoint Full Synchronization
B ) 
User Profile to SharePoint Quick Synchronization
 
SharePoint internally manages User Profile store and Site collection. At times, they are out of sync and following STSADM commands has been executed. 


NOTE: YOU MUST log in as FARM ADMIN for these below STSADM commands.  

Stsadm.exe –o sync –listolddatabases 0 
and you can see all the databases and when they have been synced. 
----------------------------------------------------------------------------------------------------------------------
PS C:\contoso\sp_farm> stsadm -o sync -listolddatabases 0

User Profile Application 'User Profile Service Application' - Partition '3c45678
x-56d0-418e-99c6-2ac25af4be5b'
ID: 3344551b-6178-44ed-b92e-08a4edd723db  Synchronized: 11/12/2011 12:00:22 PM
ID: 3r44551b-6178-44ed-b92e-08a444d723db  Synchronized: 12/12/2011 12:00:22 PM
ID: 4r44551b-f58d-4b93-8c92-1ac29856d56c  Synchronized: 13/12/2011 12:00:22 PM
ID: 6r44551b-8e23-45dc-90f9-883ebea33cfa  Synchronized: 14/12/2011 12:00:22 PM
ID: 7r44551b-f8fd-40ba-afa8-a4df0386bdd9  Synchronized: 15/12/2011 12:00:22 PM
ID: br44551b-e78e-489b-b336-d7bb24af2cdc  Synchronized: 16/12/2011 12:00:22 PM

-------------------------------------------------------------------------------------------------

The next command also allow you to clear the tables: 

Stsadm.exe –o sync –deleteolddatabases 0. 
------------------------------------

PS C:\contoso\sp_farm> stsadm -o sync -deleteolddatabases 0

Deleted sync information for DB 3344551b-6178-44ed-b92e-08a4edd723db
Deleted sync information for DB 3r44551b-6178-44ed-b92e-08a444d723db 
Deleted sync information for DB 4r44551b-f58d-4b93-8c92-1ac29856d56c 
Deleted sync information for DB 6r44551b-8e23-45dc-90f9-883ebea33cfa  
Deleted sync information for DB 7r44551b-f8fd-40ba-afa8-a4df0386bdd9 
Deleted sync information for DB br44551b-e78e-489b-b336-d7bb24af2cdc 


------------------------------------

You can run this command to sync: 

stsadm –o sync

Please refer to TechNet article for these STSADM commands for more info.

STEP 2: 

Now, we have synced user information list in above commands, we need to update the user information list as steps below:

a) Grab the Get-SPUSer
b) Pass the Site URL
c) Update the DisplayName property 
d) Update the SPUser object: 

$MyUser = Get-SPUser "contoso\aroh" -web "http://contoso.com"
$MyUser.DisplayName = "Aroh Shukla"
$MyUser.Update()

Check the user name and it will reflect full name. 

Hope it helps. 


Please comment if this blog post is helpful.

--aaroh :) 

References:


  1. http://i1.blogs.msdn.com/b/rcormier/archive/2012/09/08/how-to-update-inactive-user-profile-information-in-sharepoint.aspx
  2. https://blogs.technet.microsoft.com/paulpaa/2009/10/01/user-profile-information-not-updated-on-site-collections-people-and-group/   

Low Code Reimagined with AI + Copilot Pitch Deck - Copy Copilot day (Virtual) - 2023

 Hi All,  I presneded a session at Pune UG on Low Code Reimagined with AI + Copilot Pitch Deck.  Video is at this address  https://www.youtu...