Tuesday, December 16, 2014

Migrate SharePoint Users from One Domain To Another

Requirement:
During a acquisition, Our company decided to merge with an acquired company's AD by re-creating their user Ids in our AD. Also, the acquired company had a bunch SharePoint sites and we wanted to migrate them to our SharePoint environment.

That brought an another challenge of re-mapping user Ids with permission between domains. How do we migrate SharePoint users from one domain to another domain?

Solution: 
Well, In SharePoint 2007 days, I used STSADM to migrate users between domains:
Stsadm -o migrateuser -oldlogin domain\OldUserID -newlogin domain\NewUserID -ignoresidhistory 

Now with SharePoint 2013, Its replaced with the PowerShell cmdlet: Move-SPUser. So, rather moving users one by one, we prepared a CSV file, mapping users from one domain to new domain and used PowerShell script to migrate users in bulk.

Here is my CSV file structure:
sharepoint migrate users between domains

The csv file just maps old SAMAccountName with the new one.

PowerShell script to Migrate Users from one domain to another:
Add-PSSnapin Microsoft.SharePoint.PowerShell

#Import data from CSV file
$UserData = Import-CSV -path "C:\Accounts.csv"

#Iterate through each Row in the CSV
foreach ($Row in $UserData)
 {
    write-host "Processing user:" $row.Email

    #Site collection URL
    $siteURL ="https://intranet.crescent.com"
    $site = Get-SPSite $siteURL

    foreach($web in $site.AllWebs)
     {
        #Get All Users
        $UserColl = Get-SPUser -web $web.Url

        foreach ($User in $UserColl)
        {
            #Get values from CSV File
            $OldUserID= $Row.OldUserID.Trim()
            $NewUserID =$Row.NewUserID.Trim()
            $Email = $Row.Email.Trim()

            #Search for Old User Accounts
            if($User.UserLogin.Contains($OldUserID))
             {
                #Update the User E-mail
                Set-SPUser -Identity $User.UserLogin -Email $Email -Web $web.URL

                $NewUser = $User.UserLogin.replace($OldUserID, $NewUserID)

                #Migrate user from Old account to new account - migrate users to new domain
                Move-SPUser -Identity $User -NewAlias $NewUser -IgnoreSID -confirm:$false
                write-host "User Migrated: $($User.userlogin) at site $($web.Url)"
             }        
        
        } 
    }
}
This PowerShell script migrates users to new domain programmatically. You have to use the same method when users leaves the company and rejoin - if their AD accounts are deleted and re-created.

You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Five Challenges in SharePoint Security
...And How to Solve Them. Free White Paper
*Sponsored


Thursday, December 11, 2014

Get All Users of SharePoint Farm-Web Application-Site Collection-Site using PowerShell

Requirement: Get all users of SharePoint environment.

PowerShell script to get all SharePoint users at Farm-Web Application-Site Collection-Web levels:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Output Report File
$currentLocation = (Get-Location).Path
$outputReport = $currentLocation + "\" + "SharePointUsers.csv" 
#Write CSV File Header

#Array to hold user data
$UserDataCollection = @() 

#Get All Web Applications and iterate through
$WebAppsColl = Get-SPWebApplication 
#To Get all Users from specific web application, Use: $WeAppsColl = Get-SPWebApplication "web-app-url"
#and remove line #12
 
foreach($WebApp in $WebAppsColl)
{
    Write-host "Scanning Web Application:"$WebApp.Name
    #Get All site collections and iterate through
    $SitesColl = $WebApp.Sites
    #To Get all Users from site collection, Use: $SitesColl = Get-SPSite "site-collection-url"
    #and remove lines between #11 to #20 and Line #55 "}"
    #get all users from site collection PowerShell
    foreach ($Site in $SitesColl) 
    {
        Write-host "Scanning Site Collection:"$Site.URL
        #Get All Webs and iterate through
        $WebsColl = $Site.AllWebs
        #To Get all Users from aq site, Use: $WebsColl = Get-SPWeb "web-url"
         #and remove lines between #11 to #28 and Lines #53, #54, #55 "}"

            foreach ($web in $WebsColl) 
            {
                Write-host "Scanning Web:"$Web.URL
                #Get All Users of the Web
                $UsersColl = $web.AllUsers  #get all users programmatically 
                    #list all users 
                    foreach ($user in $UsersColl) 
                    {
                           if($User.IsDomainGroup -eq $false) 
                            {
                                $UserData = New-Object PSObject
              
                                $UserData | Add-Member -type NoteProperty -name "UserLogin" -value $user.UserLogin.ToString()
                                $UserData | Add-Member -type NoteProperty -name "DisplayName" -value $user.displayName.ToString()
                                $UserData | Add-Member -type NoteProperty -name "E-mailID" -value $user.Email.ToString()

                                $UserDataCollection += $UserData
                            }
                    }
            $Web.dispose()
            }
         $site.dispose()
        }
    }    
    #Remove duplicates
    $UserDataCollection = $UserDataCollection | sort-object -Property  {$_.UserLogin } -Unique 

    #Remove duplicates and export all users to excel
    $UserDataCollection | Export-Csv -LiteralPath $OutputReport -NoTypeInformation
         
    Write-host "Total Number of Unique Users found:"$UserDataCollection.Length

This script can be used to get all users in site collection and export all users to excel.

You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Five Challenges in SharePoint Security
...And How to Solve Them. Free White Paper
*Sponsored


Monday, December 8, 2014

The installation of this package failed - Error in SharePoint 2013 Hotfix Installation

During a planned quarterly maintenance window, wanted to patch SharePoint 2013 servers with available hot fixes and cumulative updates (CU). As the first step, From Microsoft site http://technet.microsoft.com/library/dn789211%28v=office.14%29, requested hot fixes, Received an E-mail with hot fix links, downloaded those hot fixes and extracted to individual folders as in the below screen.
sharepoint cu the installation of this package failed

When trying to patch SharePoint 2013 servers with those hot fixes, installation failed suddenly with an error "The installation of this package failed".
sharepoint 2013 cu the installation of this package failed
Troubleshooting: 
Navigated to "%Tmp%" location and tried catching the root cause of the failure from the log file generated "opatchinstall.txt". Found these lines while scanning through the log file: "Getting the data from file <path location> UBERSRV_2.cab"
the installation of this package failed sharepoint foundation 2013
So, the catch here is, Hot fix installer is looking for "ubersrv_2.cab" file which we extracted into a different folder, and fails since it couldn't locate that file on the same folder it exists.

Solution:
Solution is simple! Just place all three extracted files together in the same folder and re-run the hot fix installation. It went through well after moving cab files in to the same folder where the hot fix installer ubersrv.exe was placed.
sharepoint 2013 service pack the installation of this package failed



You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Five Challenges in SharePoint Security
...And How to Solve Them. Free White Paper
*Sponsored


Sunday, December 7, 2014

Disable UAC in Windows Server 2012 - SharePoint Best Practice

In SharePoint 2013 farms on Windows Server 2012, its annoying that we've to choose "Run as Administrator" every time when opening Central Administration, Command Prompt, SharePoint Management Shell, Windows PowerShell,etc. and failing so would introduce some weird issues such as: buttons and links missing in SharePoint Central Admin ribbon, Getting Access denied for Farm administrators, etc.
PowerShell too! When launching SharePoint Management shell, it scolds with "The local farm is not accessible. Cmdlets with featuredependencyId are not registered." On running any SharePoint cmdlets, "Cannot access the local farm. Verify that the local farm is properly configured, currently available, and that you have the appropriate permissions to access the database before trying again."
Although I'm a Domain Administrator and Local Server administrator, I've to pick "Run as Administrator" to get rid of these issues. I hate to do Right Click and choose "Run as Administrator" every time on these programs. So, Lets disable UAC in Windows Server 2012 in two steps. Here is how:
  • Go to Server Manager >> Choose "System Configuration" from Tools menu. (Shortcut: MSCONFIG)
  • Under Tools tab, Select "Change UAC Settings" and click on "Launch" button

  • Drag the slider down to "Never Notify" and click "OK".

But wait! We are not yet done. Make this registry change!
Unlike Windows Server 2008 R2, Sliding down UAC button to "Never notify" will NOT disable UAC in Windows Server 2012. You got to do one more fix in windows registry:
  • Open Windows Registry Editor (shortcut: regedit)
  • Navigate to the following registry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
  • In the Right Pane, locate the "EnableLUA" DWORD value. Double click and set its Value "0" (zero)
  • Exit Registry Editor and then restart your Server.
You can achieve the registry fix with PowerShell. Just run these commands in Windows PowerShell.
Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Value "0"
Shutdown -r -t 0 
This script disables UAC and restarts your Server automatically!

You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Five Challenges in SharePoint Security
...And How to Solve Them. Free White Paper
*Sponsored


Monday, November 17, 2014

Manage Access Request Settings in SharePoint 2013

Access request feature allows users to request access to sites and content. Access requests feature is improved in SharePoint 2013. Now, Administrators can keep a track of access requests.

Enable access request SharePoint 2013
Site owners can enable access requests in SharePoint. To configure access request settings in SharePoint 2013, navigate to: Go to
  • Settings >> Site Settings
  • Click the "Site permissions" link under "Users and permissions" section
  • Now, from the ribbon, Click on “Access Request Settings” button. You'll be prompted with the access request Settings popup window.
sharepoint 2013 allow access request
  • Click on "Allow access request" option to enable access request and enter the E-mail address of the user who will receive access requests from that site.
sharepoint 2013 access request email address
This allows access request in SharePoint 2013. You can change access request email or you may want to turn off access request at later point of time by visiting the same link. 

Manage access request SharePoint 2013:
Here is how the process works:
When users who doesn't has access to this site will get "Let us know why you need access to this site" page where they can enter their request and submit.
Once request sent, site collection administrators can approve reject this request by opening “Access requests and invitations” link in site settings page.

This page lists down all SharePoint 2013 access requests and invitations.
 
To approve or decline any requests, Just open the access request item, set the permissions for the user, and click on "Approve" or "Decline" button.


Once its approved/rejects, that entry removed from access request queue and moved to access request history.  SharePoint keeps track of the access requests and replies as a conversation under access request history.
sharepoint 2013 approve access request
Enable access request in SharePoint 2013 using PowerShell:
To allow access request in SharePoint 2013, on entire site collection, here is the PowerShell script.
Add-PSSnapin Microsoft.SharePoint.Powershell

#Set the site URL variable accordingly!
$SiteURL = "https://intranet.crescent.com"

$site = Get-SPSite $SiteURL

    ForEach ($web in $site.AllWebs | where { $_.Permissions.Inherited -eq $false})
          {
                #sharepoint 2013 access request settings powershell
                $web.RequestAccessEmail="Support@Crescent.com"
                write-host Updated Access request settings for $web.Title, at: $web.URL 
         }
This script can be slightly changed and used for setting access request configuration for all sites in the entire web application.

Related Posts:


You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Five Challenges in SharePoint Security
...And How to Solve Them. Free White Paper
*Sponsored


You might also like:

Related Posts Plugin for WordPress, Blogger...