which country user step here?

Tag Cloud

MOSS (47) SharePoint 2007 (36) MOSS admin (16) admin (16) developer (15) WSS (14) List (13) MOSS SP2 (13) SharePoint 2010 (13) end user (11) wss V3 (11) sql query (9) Moss issue (8) search (8) permission (7) scripting (7) Service Pack (6) SharePoint 2013 (6) database (6) reportadmin (6) client object model (5) sql (5) workflow (5) CU (4) Client Code (4) Command (4) Cumulative Updates (4) Excel (4) SharePoint designer (4) stsadm (4) ASP.NET (3) Groove (3) Patch (3) PowerShell (3) Tutorial (3) alert (3) batch file (3) codeplex (3) error (3) Index (2) Internet (2) News (2) People Picker (2) Share Document (2) View (2) Web Development with ASP.NET (2) authentication (2) coding (2) column (2) domain (2) download (2) enumsites (2) june CU (2) network (2) orphan site (2) performance (2) profile (2) project server (2) query (2) restore (2) theme (2) timer job (2) training (2) upload (2) user porfile (2) web master (2) web.config (2) 70-630 (1) Approval (1) Caching (1) Cerificate (1) Consultants (1) Content Deployment (1) Content Type (1) DOS (1) Excel Services (1) Folder (1) HTML calculated column (1) ISA2006 (1) IT Knowledge (1) ITIL (1) Install (1) Link (1) MCTS (1) Macro (1) Migration (1) My Site Cleanup Job (1) My Sites (1) NLBS (1) Nintex (1) Office (1) Reporting Services (1) SPDisposeCheck.exe (1) SSRS (1) Shared Services Administration (1) Site template (1) Steelhead (1) VLOOKUP (1) WSS SP2 (1) XCOPY (1) add user (1) admi (1) app (1) aspx (1) availabilty (1) branding sharepoint (1) calendar (1) counter (1) crawl (1) custom list (1) event (1) exam (1) facebook (1) filter (1) fun (1) group (1) iis log (1) import list (1) improment (1) incomming email (1) interview (1) keberos (1) load balance (1) metada (1) migrate (1) mossrap (1) office 365 (1) resource (1) server admin (1) size (1) sps2003 (1) sub sites (1) system (1) table (1) task list (1) vbs (1) web part (1) widget (1) windows 2008 (1) windows Azura (1) windows account (1) windows2012 (1) wsp (1)

Tuesday, April 15, 2014

Authentication in SharePoint 2013

copy from http://go.microsoft.com/fwlink/p/?LinkId=313915

Three types of authentication: User, App, Server-to-Server

User Authentication:

  • Windows claims-based authentication ( NTLM, KerberosAD , basic)
  • Forms-based authentication
  • SAML token-based authentication



The key elements of SAML token-based authentication are the following:

  • Configure the IP-STS with the set of authentication providers (such as AD DS, databases, and others) corresponding to organization and partner accounts.
  • Configure the IP-STS with the set of relying parties corresponding to the web applications that use SAML token-based authentication and claims mappings. 
  • Configure the SharePoint 2013 farm with the token signing certificate of the IP-STS, the corresponding claims mappings as done on the IP-STS, and the name of the IP-STS as a trusted security token issuer.
  • Configure the web application with the name of the IP-STS as a SAML identity provider.
  • *Identity Provider STS (IP-STS) sts=security token service

App Authentication:

  • Low-trust Apps ( trust low-trust apps, you must have an Office 365 subscription > relies on the Windows Azure Access Control Service (ACS)
  • High-trust Apps( for Internet hosts )

Server-to-Server Authentication

Server-to-server authentication enables a new set of functionality and scenarios that utilize cross-server resource sharing and access, including the following:

  • eDiscovery Discover and place holds on content in the SharePoint farm, in Exchange Server 2013, on file shares, and in other SharePoint farms.
  • Exchange task synchronization Allows users to synchronize SharePoint Server 2013 and Project Server tasks with Exchange Server 2013 and have them appear in Outlook 2013.
  • Site mailboxes Provides SharePoint Server 2013 users with team email, hosted by Exchange Server 2013, on a SharePoint site.
  • SharePoint 2013 Hybrid Federated search, Business Connectivity Services, and Duet Online between an on-premises SharePoint 2013 farm and SharePoint Online.


Sunday, April 6, 2014

SP24 - The Free 24-hour SharePoint ​Conference


​SP24 is a SharePoint Conference with a difference and if you are interested in SharePoint you are going love it, and here's why :

  1. It's entirely on-line - so you won't need to leave the office or home!  
  2. Free for all attendees.
  3. Takes place on 16th April 10pm GMT.  
  4. Over 5000 attendees have already signed up.
  5. Lasts for 24 hours.  
  6. World famous ​speakers from all over the world. 
  7. Keynote from Bill Baer (Senior Product Manager, Microsoft). 
  8. Comprises of 2 tracks, (business and technical).  
  9. 106 sessions + on-demand sessions.

There will be 48 FREE hour long online sessions for 24 hours and the keynote speech is by Bill Baer, who is the Microsoft Senior Product Manager for SharePoint. I will find out where the industry is heading, the direction of SharePoint and associated products, the best practices and news about upcoming integration across technologies for no cost whatsoever. I will learn about the comprehensive scope of features, functionalities and solutions that SharePoint can offer, and I will bring this information back.


There are over 100 speakers and over 5000 (and rising) delegates, Microsoft engineers, Microsoft Certified Masters and MVPs will be speaking and viewing the sessions from around the world. On top of having exclusive access to the experts, I will have the opportunity to chat online with speakers and other conference attendees, and get our questions answered while learning how SharePoint can provide solutions for us.


I am already signed up to attend SP24 and I strongly suggest you book your place early by visiting : https://www.sp24conf.com


The Keynote starts on 16th April 2014 10pm GMT and will last for 24 hours.

The new start for me at Sharepoint2013 ~ Windows 2012

Without the proper training class need start to explore in Sharepoint2013 , so need to start to learn how to use windows 2012.

ha ha , the first step I learn is how to find the Start button :

Open the Start screen

The Start screen is the home of Windows apps. To open the Start screen, use one of these methods:

  • Press the Windows logo key. In a virtual machine, you can press Ctrl+Esc.
  • Hover the mouse cursor in the upper right corner of the screen, and then click Start.
  • On the desktop, hover the mouse cursor in the lower left corner of the screen, and click when the thumbnail of the Start screen appears.

Yeah!! finally I found my lovely Start button … >_< . still have long journey to go self learning step by step, hope manage to attend the windows2012 and sharepoint2013 admin class soon. 


To browse to the SharePoint Central Administration website in Windows Server 2012

  1. On the Start screen, click SharePoint 2013 Central Administration.

    If SharePoint 2013 Central Administration is not on the Start screen, complete the following steps:

    1. Right-click Computer.

    2. Click All apps.

    3. Click SharePoint 2013 Central Administration.

  finally I see the lovely SharePoint 2013 Central Administration . (of course you can just open ie and type the address.)


Wednesday, March 12, 2014

How it works: MOSS 2007 automatic user profile removal

this article is copy from http://blogs.msdn.com/b/gyorgyh/archive/2009/11/13/how-it-works-moss-2007-automatic-user-profile-removal.aspx

I would like to copy over here as reference and keep for my self Smile 

this is a really help full article for us to understand on how the process Sharepoint2007 remove the profile.


In MOSS 2007 the inactive user profiles are deleted by a timer job called “My Site Cleanup Job”.

my site cleanup job screenshot

This new job was the product group’s answer for customer feedback about the problems with SPS 2003 user profile removal to make it more robust.

The job runs once every hour which confused many people who thought that 3 full imports will delete users in MOSS 2007 as it was in SPS 2003. It is not the case anymore. You can do as many full imports as you like, if you disable this job, no user will be removed from the inactive user list. Since it runs hourly and full import can be long, 3 runs can take about 1 hour and it seems the full import did the trick, but in fact it did not.

To understand how this new feature works let’s start from the basics.

During the user import process (crawl) if MOSS cannot find a user in AD/LDAP directory it marks the user deleted in the SSP user profile store without removing it.

user deleted during import screenshot

You can check these users in the SSP administration site under user profiles and properties on the View user profiles page selecting the “Profiles Missing From Import” view. You can delete the profiles here manually.

missing profiles view in sssp admin site

This list is the input for the “My Site Cleanup Job”.

Let’s dive into the details.

The job in fact does two things every hour:

  1. Updates all personal sites and sets the mysite host's portal url as portal url on all mysites. This way if you defined your company intranet as portalurl on the host, users’s mysites will have a top breadcrumb pointing to the company intranet.
  2. Processes pending user profile deletes using the “profiles missing from import” list

The following steps happen during user profile removal:

  1. Using the account name of the to be deleted user the job fetches the user profile

Checks if the user is active using all defined import connections defined in this SSP

  1. LDAP connection is created to search for the user
    1. using it’s Username (just the user without the domain\) for Active directory connections. The filter is samaccountname=user and the filter which was defined in the connection.
    2. using the user portion of the AccountName , for eg user is used for an AccountName of “membershipprovider:user”. The filter is uid=user and the filter which was defined in the connection.
  2. After MOSS 2007 Sp2 if the user’s domain cannot be contacted the user is assumed inactive and user profile is removed.
    1. UPDATE: In 2009 December MOSS Cumulative update there is a change in behavior in the previous step. Now it is possible to control how aggressive this job will be on user profile removal with the stsadm -o sync command. From 2009 December CU by default if the domain controller cannot be contacted, the user is not considered missing. It is only considered missing if the domain controller can be contacted and the DC says that the user does not exist. To turn back the SP2 behavior of aggressive delete in case DC cannot be contacted, you must run stsadm -o sync -AggressiveMySiteCleanup 1 . Thanks for my colleague Jose Vigenor to draw my attention to this recent change.
  3. If all connections return zero results then the user is assumed inactive and the profile is removed.
  4. Just before the actual profile delete happens, the profile delete event handler is called. The event handler can cancel the deletion if it returns false in its PreProfileDeleted method implementation.
    1. The out-of-the-box event handler takes the manager of the to-be-deleted user and sets that user (if found) as the owner of the user’s my site.
    2. The manager gets an email with a subject of “The My Site of username is scheduled for deletion” and the url of the mysite.
    3. The event handler returns true for all users, there is no filtering.
  5. If the user is found in any of the import connections its deleted status is removed and the user is set active in the SSP.

To troubleshoot this feature you need to increase the trace level of “User Profiles” ULS category in central administration / operations / diagnostic logging.

Alternatively you can use stsadm to set it:

stsadm -o setlogginglevel -category "User Profiles" -tracelevel Verbose

Then verify all lines with “MySiteCleanup:” to follow what the job is doing.

I have to mention a special case of problem which is difficult to figure out. When an admin defines an import connection which uses a custom account, MOSS stores this setting in two locations. When you save the setting, a crawl rule is created for the Profile import project in the registry – since the user profile import is in fact a crawl, this is somehow expected. Furthermore the regularly called Synchronize method stores/updates this account information in the configuration database as well which is used by the “My Site Cleanup Job”. Sometimes these accounts gets out of sync and the “My Site Cleanup Job” tries to validate a user with invalid connection credentials. In this case usually the user profiles are not deleted automatically. To solve the problem, first of all resolve any exceptions which happen during the Synchronize method which is synchronizing the search settings on all SharePoint machines. Once the errors are gone, you need to delete the recreate the user profile import connections to ensure that the credentials are ready to be created again in the configuration database.

Known issue as of 5/31/2011:

If there are two import connections to two different forests and the same username is used in both, deleting the user from the second forest will be picked up by the profile import correctly but the my site cleanup timerjob will issue an AD query against the first forest as samaccountname=user without the domain part and will find this user active and will restore the marked user from second forest  as active while it does not exists in that AD anymore.


Automatic profile removal only works for MOSS imported profiles which can be marked as deleted during an import. If you manually add any profiles, those will never will be automatically deleted. Same applies if you add profiles using Object Model. You need to delete these users manually or with Object Model.

UPDATE: I received a lot of questions around actual my site deletion. I would like to emphasize that the  “My Site Cleanup Job” - although its name might suggest it - does not delete actual my sites. It only removes the user profile from the SSP profile store and changes the my site owner to the user’s manager if there is one. The my site site collection will not get deleted by this job. In order to get to a my site which belongs to a deleted user, you have to type the actual my site url directly, since the user profile has been deleted, you cannot get there using person.aspx?accountname=domain\user – it will display user not found as expected. You have to know the direct url or check the my site naming convention on the SSP admin page and figure out the url yourself.

There is an independent feature for automatic site deletion which can be enabled for a web application which is not discussed in this post. It is called “SIte Use Confirmation and Deletion” and can be found under Application management in Central administration. That feature will apply to any site collection in the web application which is idle, not necessarily to my sites which belong to a removed user profile.