sharepoinTony

@info – The practical side of SharePoint

Posts Tagged ‘SharePoint 2007’

Odd Profile Import from AD

Posted by sharepoinTony on September 23, 2010

I am running a clean install of MOSS 2007 SP2 on Windows Server 2008 R2, all patches/updates etc. have been applied (this was not an upgraded SP2003 server).

I have the following User Filter in place for the import from our Active Directory:

(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(!company=*)))

This should be filtering such that I import only people with the account type of User, which are not disabled, and do not have a blank value listed in Company.

What I get: SOME disabled accounts are imported into the User Profiles and appear in the User Information list, while others are not.

This is happening AFTER 3 or more Full Imports have run since the time the user accounts were disabled in AD.  All of the accounts are ‘disabled’ the same way in AD, right-click and choose disable. Looknig at the menu via right-click on the account displays “enable” and looking at the properties shows that the accounts are disabled.

After searching and trying various things I did find one very interesting thing.  When the import is run using the domain administrator account rather than my SharePoint service account (which has read access to the AD) then all of the disabled accounts filter properly.  When I switch back and do a full import, then the rogue disabled accounts return to Active.  It is always the same accounts that do not filter and the same disabled accounts that do filter regardless of the user who runs the import.

There must be some kind of permission thing going on here, and I am still testing but this seems like an odd behavior that may have as its source Active Directory.  Updates to follow, if I ever find the final answer.

Advertisements

Posted in Administration, SharePoint 2007, User Profiles | Tagged: , | Leave a Comment »

Restricting Site Templates

Posted by sharepoinTony on September 3, 2010

I had a group come to me recently that wanted to set up a subsite to their site and allow a group of users create sites under that subsite.  Standard issue for SharePoint.  In this case they wanted those sites to all start out the same.  They had specific things such as two document libraries and a few other specific lists as the default when those sites get created.   Also standard issue for SharePoint…by simply creating a site template the users to select they would get what they wanted.

This request didn’t specifically ask for the restriction of site templates, however since we have had numerous other similar requests we now have a lot of site templates available.  So…

To make everyone’s life a little easier I decided to restrict the subsites so the users could only use the template created for them.  The group manager was very happy-this made it very simple for them to find and thus the creation of their sites was a snap.

The trick to it all is getting to the Page Layout and Site Template Settings page.  This isn’t available to you at the Site level, it is only on the Site Settings menu at the Site Collection level (top-level site).  That doesn’t mean you can’t use it to accomplish this task.

After creating the desired site template, go to the site above (parent to) the site where you want the users restricted to specific templates.  Replace the aspx page portion of the url with

_layouts/areatemplatesettings.aspx

Make your adjustments to the site templates available to subsites in the Page Layout and Site Template Settings screen, then click OK.

Posted in Administration, SharePoint 2007, Tips and Tricks | Tagged: , , | Leave a Comment »

Fab 40 Help Desk Template screen shots

Posted by sharepoinTony on November 11, 2009

Here are a few quick screen shots to see how the Help Desk template looks without modification.  This site has our custom theme applied and some “demo” content added, otherwise it is OOTB (Out Of The Box).

Help Desk main page:

Test Help Desk

Fab 40 Help Desk Template

Service Rep Home:

Svc Rep Home helpdesk

Help Desk Service Rep Home page

Service Rep Manager Home:

SRMgrHome_helpdesk

Help Desk Service Rep Manager Home page

Support FAQ’s:

supportFAQ_helpdesk

Help Desk Support FAQ page

 

Posted in SharePoint 2007 | Tagged: , , | 3 Comments »

Authentication reference

Posted by sharepoinTony on September 6, 2009

Authentication

This post is reference material on a topic that can cause confusion and not everyone that should read this has read it.  I can’t word it better than has already been done so I am simply posting it with my formatting and emphasis added.  I hope SharePoint Magazine doesn’t mind.

In order for people to use a MOSS web application, the web application must validate the person’s identity. This process is known as authentication.  MOSS is not a directory service and the actual authentication process is handled by IIS, not MOSS.  However, MOSS is responsible for authorization to MOSS sites and content after a user successfully authenticates.  Authentication happens like this: A user points their browser at a MOSS site and IIS performs the user validation using the authentication method that is configured for the environment. If the user authentication is successful, then MOSS renders the web pages based on the access level of the user. If authentication fails, the user is denied access to the MOSS site.

Authentication methods determine which type of identity directory can be used and how users are authenticated by IIS. MOSS supports three methods of authentication: Windows, ASP.NET Forms, and Web Single Sign-On.

Windows Authentication is the most common authentication type used in MOSS intranet deployments because it uses Active Directory to validate users.  When Windows Authentication is configured, IIS uses the Windows authentication protocol that is configured in IIS.  NTLM, Kerberos, certificates, basic, and digest protocols are supported.  When Windows authentication is configured, the security policies which are applied to the user accounts are configured within Active Directory.  For example, account expiration policies, password complexity policies, and password history policies are all defined in Active Directory and not in MOSS.

When a user attempts to authenticate to a MOSS web application using Windows authentication, IIS validates the user against NTFS and Active Directory, and once the validation occurs the user is authenticated and the access levels of that user are then applied by MOSS.

REFERENCE (taken from): http://sharepointmagazine.net/technical/administration/microsoft-office-sharepoint-server-2007-security-model

Posted in SharePoint 2007 | Tagged: , , | 1 Comment »

Woo Hoo “Expert” Review

Posted by sharepoinTony on August 14, 2009

My review of ACAR’s Room Manager was accepted and published on SharePoint Reviews.  Read it here: SharePoint Reviews Room Manager for SharePoint by ACAR

Thanks to SharePoint Reviews for providing this service to the SharePoint public.  I find the reviews helpful, that is why I submitted my review as a way to “give back”.

Posted in Commentary, SharePoint 2007 | Tagged: , , | Comments Off on Woo Hoo “Expert” Review

“Conference” Room Manager for SharePoint

Posted by sharepoinTony on June 26, 2009

Review and Implementation Notes on ACAR Room Manager for SharePoint

We had a need for a SharePoint calendar that would allow us to manage some conference rooms.  After searching around, and evaluating some other options, I decided to do a deeper evaluation of ACAR’s Room Manager for SharePoint.   This is my summary of findings and notes on the specific ways we wanted to implement this tool.

Review Notes

ACAR describes the product this way:

“Room Manager Suite for SharePoint is an easy to use room scheduling software solution for SharePoint. It is simple and powerful. Consists of a set of web parts which makes room reservation simple for end users.” (ACAR Room Manager)

It is a Room Scheduling Software for Office SharePoint Server 2007 and Windows SharePoint Services 3.0 which provides a nice interface that allows the user to see both a calendar and thumbnail photos of the rooms.  The rooms are color-coded so it is easier to identify what meeting is in which room, this is a nice feature and can be controlled within the “Room Details” screen.

Room Manager default page

Room Manager default page

The installation is simple and automatically creates a sub-site for you within SharePoint for the Room Manager.  Basic setup steps include uploading your photos of your conference rooms and entering the basic information about them.  ACAR provides a list with setup and administration guidance as well as FAQ and Information  lists.

Room Details screen

Room Details screen

Adding the Capacity and Description to your rooms helps users choose the right room for them.  If you add keywords and have Search enabled your users can find specific rooms quickly by searching.

The Sort Order is used to control the display of the rooms on the home page, next to the calendar.

The “Title” fields seem a little  irrelevant to me, they only control the label/link that is displayed next to the thumbnail.  I felt that anyone implementing this would want those to be consistent; and although you may want to modify them for your implementation they should be managed in a more central location.  (Side note: while testing this product, I had one person changing those and it really confused other users when they saw one room with varying text in the display.  Some thought there were problems with the product.)

The Picture Size field also seems unnecessary, and we would replace that colum in the display with  “Room Dimensions” to provide more useful information to the users of this tool.  That column would have to be added to the Room picture library.

This raises a good point, one of the great features of this product is the flexibility that they allow.  They hide a few lists, but otherwise if you are relatively careful you can modify the lists and libraries to fit your needs.  More on how we did some of this later.

ACAR Quick Launch - default for Room Manager home page

ACAR Quick Launch - default for Room Manager home page

The Quick Launch has been modified by ACAR for the Room Manager sub-site.  As you can see it provides for ease of navigation and a custom feel for your users.  Your users only see what they need to effectively schedule a room or manage the Room Manager.  Breadcrumbs are provided for access back to the host site in the normal SharePoint fashion.

You may want to “hide” the links to the settings or Information lists because of the information they contain.  This can be accomplished by setting permissions on those lists or by adding audiences to the Navigation item on the site.

One additional thing to watch out for is the selection of colors in the Room Details.  On our system, some of the colors selected did not display correctly when selected for a room.  As an example, I selected “Bright Green” from the ACAR provided list for one room.  After saving and going back to the Room Manager home page, I see that the room color displayed is a purple.  That rooms events are now the same color as another room with the selection “Violet”.  I had to go through and test everyone of the 27 pre-defined colors and try each one to determine what would work on our system.

Colors I found that displayed oddly:

Light Yellow (displays white, which is used for “waiting list”)
Bright Green (displays purple)
Violet (displays purple same as bright green)
Acqua (displays bright blue same as Turquoise)
Dark Teal (displays purple same as violet)

Colors that worked fine but caused the Events in the Calendar to be difficult to read:

Blue
Dark Red
Indigo
Dark Blue
Dark Green

That left us with 17 colors to use for our rooms.  We could actually also use Violet as long as we didn’t use the conflicting colors, and it was our choice not to use the darker colors.

When contacted, ACAR support was surprised by this but agreed with my assessment to simply remove some of the options from the drop-down list.  If you need that many rooms you may want to consider either multiple implementations of this tool or plan to resolve this issue.  Also please note that this is only what happened on ONE test server implementation, results may vary. Also, the difficulty reading events when using the darker colors could potentially be mitigated through the use of CSS to alter the text color of the events for those specific rooms using those colors.

Overall, I really like this product. It allows you to quickly and easily implement a solution for room management while making use of mostly Out Of the Box SharePoint features.  Room management can be delegated down to appropriate levels and the Administrator shouldn’t have any major tasks after the initial setup.  We ran this test over several weeks, and never ran into anything beyond what was mentioned earlier.  It is very intuitive and simple to use.

ACAR offers a Standard Edition and an Enterprise Edition with single server licenses and discounted licenses for additional servers.  The difference between the Standard and Enterprise Editions is unlimited locations and rooms with Enterprise.  Enterprise also appears to allow for Invoicing or chargebacks of rooms, but this seems to be something you implement using InfoPath not something built-in.  We had no need for that so we did not look into that concept.

Implementation Notes

One of the “customizations” that I tested had to do with a specific need we had for this tool.  Several of the conference rooms are “owned” by a specific department, who has priority over all others when scheduling their specific rooms for meetings.  They had a person who approved all scheduled meetings in their rooms and wanted to keep that “chain of command” in place.  So, for our testing I wanted to intercept the auto-generated email notifying the user the room was scheduled and tell them it was pending approval.  Then I have to send a message to the appropriate approver so they can check conflicts, etc. and approve or reject the requested scheduling.

I was able to add columns to the Events list, turn off auto-emails, modify selections in the provided “choice” columns, and create a workflow in SharePoint Designer to accomplish this conference room scheduling process.  This also displays the flexibility with this product over some that really lock you out of “their application”.

Details on this customization may be in a follow-up article, if any interest is expressed…or I have time and less pressing topics to cover. 😉

Posted in Calendar, Commentary, SharePoint 2007 | Tagged: , , | 12 Comments »

MOSS 2007 size limits – and List Item Attachments

Posted by sharepoinTony on June 9, 2009

Basic stuff first (all of this can be found elsewhere, I just wanted it to be more handy).

  • Site Collections in a Web Application = 50,000
  • Sites in a Site Collection = 250,000
  • Sub-sites nested under a Site = 2,000
  • Lists on a Site = 2,000
  • Items in a List = 10,000,000
  • Documents in a Library = 2,000,000
  • Documents in a Folder = 2,000
  • Maximum document file size 2GB
  • Documents in an Index = 50,000,000
  • Search Scopes = 1,000
  • User Profiles = 5,000,000
  • Template size = 10,000,000 (default)

List Attachments over 50MB need more than an increase in Maximum Upload Size…

  1. Connect to Central Administration
  2. Navigate to Application Management, Web Application General Settings
  3. Select your web application
  4. Set the Maximum Upload Size value to the value you desire (we wanted 500)  MB and hit OK
  5. Open the web.config
  6. Replace <httpRuntime maxRequestLength=”51200″ />  with <httpRuntime maxRequestLength=”512000″ />

Something in IIS blocks List Attachments that are over 50mb, so unless you do the above steps they fail with “An unknown error occurred” message.

Templates

Saving site or list templates, especially With Content, have a 10 MB limit by default.  To change this you have to use the STSADM utility:

stsadm -o setproperty -propertyname max-template-document-size -propertyvalue 50000000

This sets the limit up to 50 MB, you can set it to the value you need.

Posted in Lists, SharePoint 2007 | Tagged: , , | 4 Comments »