Missing LDAP Attributes When Adding a New Property to the User Profile Service in SharePoint 2010

Today I ran into an interesting one.  As part of an update to one of our custom SharePoint apps, I needed to configure the User Profile Service to import a couple of custom attributes from AD.  The first property I added was for the Employee ID Number, and I was able to easily find the employeeID attribute and get the property setup successfully.  The next one I needed to add was Department Number, but unfortunately the departmentNumber attribute was nowhere to be found in the list of available options.

clip_image001

After confirming with our AD Administrator that departmentNumber was indeed the right name, I then began to do some research and came across this excellent article which contains a Powershell script to map the missing attributes.

The first thing you’ll want to do is go ahead and create your new property within the User Profile Service, and just choose any of the available attributes.  In my example here we’ll be modifying a new property I created named DepartmentID.

Next, create a new file on your server named mapattributes.ps1, and paste the following into it.  Update $url, $spsProperty, $fimProperty, and $connectionName to match your environment.  Note that for $spsProperty you need to include the actual name of the property;not the display name.

$url = http://webserver:0924 #URL of your Central Admin site.
$spsProperty = “DepartmentID” #Internal name of the SharePoint user profile property
$fimProperty = “departmentNumber” #Name of the attribute in FIM/LDAP source
$connectionName = “sun” #Name of the SharePoint synchronization connection

$site = Get-SPSite $url

if ($site)
{Write-Host “Successfully obtained site reference!”}
else
{Write-Host “Failed to obtain site reference”}

$serviceContext = Get-SPServiceContext($site)

if ($serviceContext)
{Write-Host “Successfully obtained service context!”}
else
{Write-Host “Failed to obtain service context”}
$upManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileConfigManager($serviceContext)

if ($upManager)
{Write-Host “Successfully obtained user profile manager!”}
else
{Write-Host “Failed to obtain user profile manager”}
$synchConnection = $upManager.ConnectionManager[$connectionName]

if ($synchConnection)
{Write-Host “Successfully obtained synchronization connection!”}
else
{Write-Host “Failed to obtain user synchronization connection!”}

Write-Host “Adding the attribute mapping…”
$synchConnection.PropertyMapping.AddNewMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User, $spsProperty, $fimProperty)
Write-Host “Done!”

Open a SharePoint 2010 Management Shell, and navigate to the mapAttributes script that you just saved.  To run the file, type .\mapAttributes.ps1 and hit enter.  After a few minutes the script should complete:

image

Now go back into your User Property mappings, and you’ll see that it is now mapped to the correct attribute.

image

Finally, run a full user profile import and your property should now be correctly synchronized.

1 Comment

Filed under SharePoint, SharePoint 2010

SP1 for SharePoint 2010 is Now Available

Just in time for the summer, Service Pack 1 for SharePoint 2010 is now available.

SP1 for SharePoint Foundation 2010

SP1 for SharePoint Server 2010

SP1 for Project Server 2010

Note that on 2010 now the updates are all-inclusive, so you only need to install the update for your particular product line.  The guidance from the SharePoint product team has changed recently, and they now recommend that you install BOTH the SharePoint Foundation Updates and the SharePoint Server updates.  This is the same process that was previously followed on MOSS 2007.

 

Remember to always test updates in a staging environment first before even thinking of applying them to production.

Leave a comment

Filed under SharePoint, SharePoint 2010

Images Missing From SharePoint 2010 Blog Entries Posted by Email

After figuring out that incoming email needs to be set back up again on libraries/lists after upgrading, I figured I was done messing with this feature on 2010.  Unfortunately that wasn’t the case.  We have a few teams that like to post their blog entries via email rather than using a client such as Windows Live Writer or Word.  What I found is that since moving to 2010, blog entries posted by email are no longer displaying the included images.

I spent about an hour troubleshooting this and eventually came across a couple of posts on the SharePoint MSDN forums where people had encountered the same problem:

Emailing posts with images to SharePoint 2010 blog doesn’t work

Emailing posts with images into a SharePoint Blog

This has been confirmed as a bug but unfortunately still hasn’t been addressed even though it was first reported over a year ago.  The easy work around for this is to use Live Writer or Word, both of which I’ve confirmed will post the blog images just fine on SharePoint 2010.

Leave a comment

Filed under SharePoint, SharePoint 2010

Incoming E-Mail Stops Working After Database Attach Upgrade to SharePoint 2010

I recently completed an upgrade of our intranet farm to SharePoint 2010 and everything went smoothly except for a lingering issue with incoming e-mail. Basically, it stops working.  Through troubleshooting I found that new incoming e-mail connections that I setup would work just fine, but the old ones wouldn’t.  This told me that there was nothing wrong with my SMTP or Exchange Connectors settings.  Through trial and error I figured out that in order to fix the issue I simply had to go to the libraries and disable/enable incoming e-mail.

To do that, go to your Doc Library and select Settings—>Document Library Settings.

image

From there, opening up the Incoming e-mail settings, and flip the setting for “Allow this document library to receive e-mail” to No.  Copy the e-mail address that in the box below that to your clipboard so that you can re-configure it.  Click OK to save the changes.

image

Now go back into your incoming e-mail settings.  You can probably figure out what we’re going to do next.  Set the option back to Yes, and paste your e-mail address back in.  Click OK again to save the changes.

image

Your incoming e-mail should now be working and once again be delivered to your library.  Any undelivered messages to this library that were previously stuck in the /Drop box on your web servers should also be delivered.

Update 6/30/2011:

Something that I’m sure will be helpful for anyone else encountering this issue is determining which lists are email enabled (and broken).  To find that, simply open up SQL Managment Studio, select your content database, and run the following query:

SELECT Webs.FullUrl, AllLists.tp_Title, AllLists.tp_EmailAlias
FROM AllLists
Inner join webs on AllLists.tp_WebID = Webs.Id
where AllLists.tp_EmailAlias is not null

This will give you an output that contains the site, library/list name, and the email alias for each object you have configured for incoming email.  You will need to run this query on each of your content databases.

1 Comment

Filed under SharePoint, SharePoint 2010

How To Export/Import a Website in IIS 7.x

IIS 6 had a great feature called ‘Save Configuration to a File’ which would allow you to easily export a website’s configuration, to be later used to import either on the same server or another box.  This came in handy anytime you wanted to duplicate a site in order to do some testing without impacting the existing application.  So naturally, Microsoft decided to do away with this feature in IIS 7.

The process to export/import a site is still fairly simple, though not as obvious as it was in previous versions.  Here are the steps:

1. Open a command prompt and navigate to C:\Windows\System32\inetsrv and run the following command:

appcmd list site /name:<sitename> /config /xml > C:\output.xml

So if you were wanting to export a website named EAC, you would run the following:

image

If you’ll be setting up another copy of the site on the same server, you’ll now need to edit the output.xml file before importing it.  This is necessary in order to avoid conflicts such as bindings, Site ID, etc.  To do this, edit the XML and change the values.  Go ahead and make a copy of the home directory, and rename it to whatever folder name you specified in the output – /EAC2 in this example.  If you decide to change the app pool, make sure you go ahead and create the new app pool as well.

image

Once these edits have been made, we are now ready to import the site.  To do that run:

appcmd add sites /in < c:\output.xml

So for our example it would look like this:

image

That’s it.  You should now see your site listed when opening up Inet Manager.  If for some reason the site fails to start, that’s probably because you forgot to create the new app pool or there is a problem with one of the other parameters you changed.  Look at the System log to identify any issues like this.

4 Comments

Filed under IIS

Installing and Configuring NLB on Windows Server 2008

Preparing the Environment For NLB

  • Request 2 NIC’s per server in your cluster.  Configure each NIC with static IP’s, but leave the default gateway blank for the NIC running NLB.  Rename this adapter to NLB. 
  • Within the TCP/IP Properties of the NLB NIC, clear the checkbox to Register this connection in DNS

image

  • Open a command prompt with administrative privileges and run the command netsh interface ipv4 set interface “NLB” forwarding=enabled.  This step is required on 2008 server due to IP forwarding now being disabled by default.  You can read more about this issue on the Microsoft Networking Team Blog.

image

  • Edit the hosts file on each server that will be in your cluster.  Put an entry in the hosts file for the other server, and point it to the IP of the Non-NLB Network Adapter
  • Log into each of the cluster nodes and run the command Servermanagercmd –install nlb

image 

 

Creating the Cluster and adding the 1st Node

  • Open NLB Manager from Start—>All Programs—>Admin Tools.  Under the Cluster Menu option select New

alt

  • Type in the name of the first server in your cluster and click Connect.  Select the NIC named NLB and click Next

image

  • Leave the defaults on the Host Parameters screen and click Next

image

  • Click Add and configure the Cluster IP Address.  You can also add any websites IP’s in this area.  Click Next when done.

alt

  • Type in a name to identify the cluster.  This is for reference only.  Click Next.

image

  • Click Finish to accept the default Port Rules

image

 

  • After a few minutes, the first cluster node should show a status of Converged

image

 

Adding Node 2 to the Cluster

  • It is now time to add the 2nd host to the cluster.  Within NLB Manager, right click on the cluster name and select Add Host to Cluster

alt

  • Type in the server name for the 2nd node, click connect and select the network adapter named NLB.  Click Next.

image

  • Leave the defaults at the Host Parameters screen and click Next.

image

  • Again, accept the default Port Rules and click Next.

image

  • After a few minutes, the 2nd node will be added and both nodes should show a status of Converged within NLB Manager

image

Leave a comment

Filed under NLB

How to Synchronize a Website Between Two IIS 6 Servers Using MSDeploy

Ever since the days of Windows 2000’s debut, one of the more popular ways of synchronizing content and IIS configurations between servers was to use Microsoft Application Center.  Though that tool still works on 2003 Server (mostly), I’ve been trying to phase it out of our environment since it is an end of life product that is no longer supported by Microsoft.  I went looking for a quick and cheap (free) way to replace this functionality, and was happy to find out that MSDeploy can fill this void.  I’ve documented in previous posts the process of using MSDeploy to synchronize between IIS 7 servers, and luckily the process isn’t much different when you need to do it on IIS 6 boxes.

Here’s what you’ll need to do in order to synchronize both content and configuration for a particular website between IIS 6 servers:

  • Create your website on the source server.
  • Download the latest version of the Web Deployment tool from http://www.iis.net/extensions/WebDeploymentTool .  Make sure you get the correct version for your environment – x86/x64
  • Run the install on each server that you want to synchronize, choosing Complete to install all components .
  • Create a folder on your source server to store the deployment scripts in.  I use E:\WebsiteSyncJobs
  • Create a folder within there for each website that you want to synchronize.
  • Open notepad and create a batch file using the info below as a template.

      @ Echo Off
      ECHO Starting Deployment on %DATE% at %TIME% >>msdeploySync.log
      ECHO Starting Deployment on %DATE% at %TIME%
      sc \\DESTINATION_SERVER_NAME start msdepsvc >>msdeploysync.log
      “C:\Program Files\IIS\Microsoft Web Deploy\msdeploy.exe” -verb:sync -source:metaKey=lm/w3svc/1 -dest:metaKey=lm/w3svc/1,computername=DESTINATION_SERVER_NAME -enablelink:AppPoolExtension >>msdeploysync.log
      sc \\DESTINATION_SERVER_NAME stop msdepsvc >>msdeploySync.log
      ECHO Deployment Complete on %DATE% at %TIME% >>msdeploysync.log
      ECHO Deployment Complete on %DATE% at %TIME%
      ECHO ——————— >>msdeploysync.log

      pause

  • Edit the values to match your website and server names.  Replace DESTINATION_SERVER_NAME with the name of your destination server.  You’ll also need to modify the metakey value to match the website that you’re trying to move.  The default website will always be #1, but subsequent websites will be assigned a random number.  You can find the metakey identifier for your website by opening Inet Manager on your source server and clicking on the Websites Folder.

image

  • Save the file with a name that will make it easy to identify.  For example, test.website.com_to_Server2.bat
  • Run the batch file.  Once it is done, open up the msdeploySync.log file and check for any errors.

If everything is good and there were no issues then the site should now show up on the destination server.  You should run the sync script anytime you make content or configuration changes to the website on the source server, that way everything will always match up.  You could also easily schedule the synchronizations using Task Scheduler.

Leave a comment

Filed under IIS

FIX: Security Groups and Distribution Lists are Missing Users from Child Domains Within SharePoint

We recently heard from members of our intranet team that they wanted to start using the content targeting features within SharePoint.  Basically this allows you to target specific content to users based on various criteria.  So you could target a tab on the home page of your corporate intranet with HR related news that would only be viewable by users that are members of the HR Team’s DL or Security Group.  Content Targeting can be done using SharePoint groups, Global Audiences, Distribution Lists, and AD Security Groups.  This is a really cool feature within SharePoint – when it works.

Soon after implementing this feature we began to receive reports that some users were unable to see the targeted content, while others were able to see it just fine.  After verifying that the users having problems were in fact members of the groups being used, it was time to take a deeper dive and figure out what was going on.  I ran some tests with one specific DL that contained a total of 120 users according to Active Directory, but when looking at this DL within the SharePoint people picker it showed that there were only 10 users.    I then went into Central Admin and created an Audience based on members of this DL, so that way I could see exactly which users were being populated, and which were missing.  What I eventually realized was that user accounts that were located in the primary domain (which the SharePoint servers were also in) were showing up in the DL and were able to view the targeted content with no problem.  It was the other 110 users that are located in child domains within our AD forest that were not showing up in the list.  Since I had configured the profile import connections to import the ‘Entire Forest’, I found this really odd.  To add to the confusion, I was able to search and find users from these other domains within SharePoint and assign permissions to them just fine – They just weren’t being populated into the groups, DL’s, etc.

After finding a few more people with this same problem online but no resolution, I eventually opened a call with Microsoft.  It took some time, but I’m happy to say that today we have finally come up with a resolution.  To fix the issue, you simply need to configure your import connections to point to Domain Controllers that are acting as Global Catalog servers, rather than just going with the default of ‘Auto-Discover.’  If you don’t administer AD, you’ll need to get the names of the global catalog servers from one of the guys that does.  Once you have that info, simply log into your SSP website—> User profiles and properties—> View import connections.  Then click on ‘Specify a domain controller’ and choose a known GC server from the dropdown list.

image

After configuring this for all of my import connections, I then re-compiled the audience that I had been testing with and it is now showing all 120 users.  I also verified that this fixed the population issue for both security groups and distribution lists.  I have encouraged Microsoft to document and post this fix publically, since I know that many others have wasted countless hours on this same issue and eventually given up.  Luckily once you have the fix it’s quite simple to implement.

Leave a comment

Filed under SharePoint

How To Determine Which Application Pool W3WP.EXE Belongs To on an IIS 7 Web Server

 

This is a follow up to my earlier post that details how to track down which applications pools your w3wp.exe processes belong to on IIS 6 servers.  The command is new on Windows 2008 Server, so that calls for a new blog post.

So imagine you log into your web server, pull up task manager and you see multiple processes running named w3wp.exe.  You know this is a web server so you guess these processes may have something to do with the websites on the server, but you don’t have any idea which sites they belong to.  Being able to identify them is especially important if you are troubleshooting an issue and one of these guys is taking up all of your resources.

First you’ll need to open task manager and make sure the PID column is showing.  That way you can match up the processes with their application pools.  To do this go View—>Select Columns and check the box for PID. 

image

Here is where things get different on 2008 server.  Open a command prompt and navigate to C:\Windows\System32\Inetsrv.  From there, run the command appcmd list wp.  You’ll get an output of all running worker processes along with the names of the application pools that they are running in.

image

If you’re trying to track down an issue, match the PID from the output of this command up to what you see in task manager.  From there you’ll be on your way to getting things resolved.

2 Comments

Filed under IIS

How To Determine Which Application Pool W3WP.EXE Belongs To on an IIS 6 Web Server

 

Today I was troubleshooting an issue in which one of our production SharePoint web applications wouldn’t load and displayed a very un-helpful “Unexpected Error” when you hit the site from a browser.  I logged into the server, pulled up task manager, and could instantly see that something wasn’t right.

The CPU usage was holding steady in the 90 – 100% range, and nearly all of it was being chewed up by a single worker process (w3wp.exe).  Unfortunately task manager isn’t smart enough to tell you which website that worker process belongs to, so you have to do a little further investigation before you can begin to troubleshoot.  There are a couple of ways to do this, but I’ll outline what I feel is by far the easiest.

The first thing you’ll need to do is make sure that Task Manager is showing you the PID (process identifier) for everything running.  If it’s not, then all you need to do is go to View—>Select Columns and put a check mark in the PID box.  So for example’s sake, lets imagine that the w3wp.exe running under the PID 12012 is consuming all of your server’s CPU.  Thankfully this isn’t the case currently on my server.

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now that we know what the offending process is, we need to figure out which application pool it belongs to.  To do this, open a command prompt and navigate to c:windowssystem32.  From there you can run the command IISAPP.VBS.  For example:

Command Prompt

 

 

 

 

 

 

As you can see from this point it’s very straightforward to match up the the offending process with the correct application pool.  You can then try recycling the application pool or if necessary taking further steps debug your application.

 

Leave a comment

Filed under IIS