Friday, 6 October 2017

Deleting an Office 365 Group Deletes your Yammer Group

Even if the Yammer Group was created first... So yeah, don't delete O365 Groups unless you want everything gone.

If you need to recover:

##Do this off Network with regular powershell opened as Administrator

Import-Module AzureADPreview

Connect-AzureAD

Get-AzureADMSDeletedGroup | Out-GridView

Restore-AzureADMSDeletedDirectoryObject –Id xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Get-AzureADGroup –ObjectId xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx




Friday, 1 September 2017

SharePoint Online - Share or Copy Link Button Defaulting to 'GuestAccess' Link

What
Ever tried to copy or share a link in SharePoint Online and it defaults to providing you with a Guest Link that is 'accessible to anyone in the organization'?

It's a really good option for staff that want to quickly share a document without having to understand SharePoint Permissions.

Unfortunately, the Guest Access Link forces the user to open up the document In-Browser using Office Online.  I personally can't abide this until the functionality between Online & Client are 1-to-1.



How to Fix
SharePoint Online defaults the Sharing settings for copying & sharing links to "Internal - People in the Organization Only' , which basically means 'Guest Link that opens in browser'.

To change this you just need to go to:

  • SharePoint Administration Center
  • Sharing Tab
  • Change the 'Default Link Type' setting from 'Internal' to 'Direct - Only people who have permission'
  • Done!  No more links with 'guestaccess.aspx' in them.

Thursday, 27 July 2017

SharePoint Online - Hide External Users from Global Search Results

Had a problem where external users (people outside our organisation who had been provided with an anonymous link to OneDrive/SharePoint Documents) were showing up in SharePoint's People Search Results.

This article explains how to fix: https://englando.wordpress.com/2015/07/24/hiding-users-from-office-365-sharepoint-global-search-results/

Basically you need to add a Query Rule to SharePoint's 'Local People Results' Search Query to block out results that contain the external users.

I personally filtered out all results where a persons Username contained '#EXT#', which is what gets appended in Office 365 whenever an external user is given access to a document.


Friday, 9 June 2017

SharePoint Online - Automate Site & Group Creation with Nintex Workflow O365

What
Nintex Workflow for O365 has an action to create a site automatically in SharePoint, but it's functionality is quite limited.  You can't create groups and you can't add staff to those groups.  This tutorial shows you how to create a Nintex workflow to automate the whole process using SharePoint Web Services.

Even better, we are going to create the ability to automate Site Creation across multiple Site Collections.

If you're looking for a tutorial on how to do this in Nintex Workflow 2010/2013, I've written an article here: SharePoint 2010 - Automate Site & Group Creation with Nintex Workflow 2010

Why
As most SharePoint administrators are aware, it's ALWAYS a bad idea to give staff the ability to create SharePoint sites.  They will end up creating them for the wrong purposes, will not maintain them, no retention policies will get assigned to them, etc.

However, you don't want to restrict your users creative freedom.  You want to govern it in a manageable way.

In order to keep track of all your SharePoint sites, we need to ensure that when we allow staff to create sites/content, it is being properly tagged with the right information.  As long as you are logging & tagging sites with extra data, you can easily govern and manage those sites far into the future.

This tutorial isn't simply how to automate a process that SharePoint already does.  It's automating that process while enforcing that users to tag their sites with data that will help you manage SharePoint easier.

We are going to use the example of Project Sites.  Project sites have a known lifespan, usually between 1 month & 2 years depending on size.  We want to capture that information so the sites don't hang around for too long.

How
There are 6 steps in my workflow, they are:
  • 1. Set Variables
  • 2. Create Site
  • 3. Create Group
  • 4. Add Group to Site
  • 5. Add Members to Group
  • 6. Send Emails

First:  Create a custom list with the following columns (depending on your needs):
  • Project Name
  • Site Description
  • Site URL
  • Site Owner
  • Site Type:  Project / Team
  • Department
  • Project Sponsor
  • Project Manager
  • Project #
  • Estimated Completion Date

1. Set Variables
I created & set the following variables so that the Web Services would run with the correct information:
Site Collection URL - used if you are planning to allow this workflow to create sites on multiple site collections
Site Template - If you want different site templates to be used on different types of sites
setting variables based on 'Site Type' (using Switch Action and Set Variable Actions)

2. Create Site
Use the following Nintex Action to create a site and add all the data you will collect from your list: Office 365 Create Site
Create Site Settings


3. Create Group
Use the following Action to query a Web Service:  Web Request

If you're wondering how I figured out what to input, this guide explains how to get SOAP Web Service Information perfectly: https://community.nintex.com/community/tech-blog/blog/2015/01/22/web-request-action-for-o365

Insert these values to create an 'Owners' Group on your Site Collection without access to anything:
  • URL: ‍{Variable:Site Collection URL}‍_vti_bin/UserGroup.asmx
  • Method: SOAP 1.1
  • Soap Action: http://schemas.microsoft.com/sharepoint/soap/directory/AddGroup
  • Body: Content
Body:

<?xml version="1.0" encoding="utf-8"?> 
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">   
<soap:Body>     
<AddGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">       <groupName>‍{Current Item:Site Name}‍ Owners</groupName>       
<ownerIdentifier>‍{Current Item:Site Owner}‍</ownerIdentifier>    
<ownerType>user</ownerType>       
<defaultUserLoginName>‍{Current Item:Site Owner}‍</defaultUserLoginName>       
<description>Used to manage permissions on this site: ‍{Variable:Site Collection URL}‍‍{Current Item:Site URL}‍</description>     
</AddGroup>  
</soap:Body> 
</soap:Envelope>


4. Add Group to Site
the hard part...

Now we need to give the group access to your newly created site.  Create another Web Request Action.

The picture will explain most things, however, to get the PermissionMask value (a value assigned to a permission level like Contribute,Read Only, etc), you need to run the following Powershell script on your server: SharePoint Online - Retrieve the Permission Mask Values for a Site using Powershell

FYI: For Owner access with Full Control, the permissionMask is always -1.

Once you have that, Insert these values
  • URL: ‍‍{Variable:Site Collection URL}‍‍{Current Item:Site URL}‍/_vti_bin/permissions.asmx
  • Method: SOAP 1.1
  • Soap Action: http://schemas.microsoft.com/sharepoint/soap/directory/AddPermission
  • Body: Content
Body: <?xml version="1.0" encoding="utf-8"?> 
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">   
<soap:Body>     
<AddPermission xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">       
<objectName>‍{Current Item:Site Name}‍</objectName>       
<objectType>web</objectType>       
<permissionIdentifier>‍{Current Item:Site Name}‍ Owners</permissionIdentifier>       
<permissionType>group</permissionType>       
<permissionMask>-1</permissionMask>     
</AddPermission>   
</soap:Body> 
</soap:Envelope>

Running the AddPermission Web Method through the Permissions.asmx web service

5. Add Members to Group
You don't need to do this, but if you're feeling keen you can also run a web service to add a user to the newly created group.  Same setup as Step 4, just use the following settings:
  • URL: ‍‍{Variable:Site Collection URL}‍‍{Current Item:Site URL}‍/_vti_bin/UserGroup.asmx
  • Method: SOAP 1.1
  • Soap Action: http://schemas.microsoft.com/sharepoint/soap/directory/AddUserToGroup
  • Body: Content
Body:
<?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">   
<soap:Body>     
<AddUserToGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">       
<groupName>‍{Current Item:Site Name}‍ Owners</groupName>       
<userName></userName>       
<userLoginName>‍{Current Item:Project Manager}‍</userLoginName>       
<userEmail></userEmail>       
<userNotes></userNotes>     
</AddUserToGroup></soap:Body></soap:Envelope>

6. Send Emails
Of course now you want to send a nice customised email to your user with all the information they need!

Thoughts?
This saves our team so much time, while allowing us to govern site creation and ensure that all sites have metadata tagged against them !

Have you got any cool tricks to help automate governance that you'd like to share?

If you liked this post:
Credit where it's due
  • https://community.nintex.com/community/tech-blog/blog/2015/01/22/web-request-action-for-o365

Thursday, 8 June 2017

SharePoint Online - Retrieve the Permission Mask Values for a Site using Powershell

This article stems from another article explaining how to [[Automate Site & Group Creation with Nintex Workflow O365]] - Coming Soon

What
Use Powershell to retrieve detailed data about the permission levels on a particular site

Why
I had previously created a Nintex Workflow to Automate Site & Group creation using nintex workflow on SharePoint 2010.  I needed to recreate the same workflow in SharePoint Online / Nintex Workflow O365, however the SharePoint 2010 script for retrieving Permission Mask values did not work.

How
Using Powershell 3.0 or later, and SharePoint Online Powershell Module.  Open up the SharePoint Online Powershell Module and paste the following code (after updating the variables at the top for your site and admin details):

# SharePoint Online - Retrieve the Permission Mask Values for a Site using Powershell

# Specifies variable
$AdminURI = "https://company-admin.sharepoint.com"
$RootSiteCollection="https://company.sharepoint.com/"
$TargetSiteCollection="https://company.sharepoint.com/subsite"
$LogFile = "C:\Temp\GetSitePermissions.xml"

# Specifies the User account for an Office 365 global admin in your organization
$AdminAccount = "the.baretta@company.com.au"
$AdminPass = ""

# Begin the process
$loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
$loadInfo3 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.UserProfiles")

# Convert the Password to a secure string, then zero out the cleartext version ;)
$sstr = ConvertTo-SecureString -string $AdminPass -AsPlainText -Force
$AdminPass = ""

# Take the AdminAccount and the AdminAccount password, and create a credential
$creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($AdminAccount, $sstr)

# Add the path of the User Profile Service to the SPO admin URL, then create a new webservice proxy to access it====================================================
$proxyaddr = $TargetSiteCollection+ "/_vti_bin/Permissions.asmx?wsdl"
#====================================================
$UserProfileService= New-WebServiceProxy -Uri $proxyaddr -UseDefaultCredential False
$UserProfileService.Credentials = $creds

# Set variables for authentication cookies
$strAuthCookie = $creds.GetAuthenticationCookie($RootSiteCollection)
$uri = New-Object System.Uri($RootSiteCollection)
$container = New-Object System.Net.CookieContainer
$container.SetCookies($uri, $strAuthCookie)
$UserProfileService.CookieContainer = $container

[System.Xml.XmlNode]$xmlNode=$UserProfileService.GetPermissionCollection("yxd","Web")

Write-Host "Starting- This could take a while."
$output = New-Object -TypeName System.IO.StreamWriter -ArgumentList $LogFile, $false
$output.WriteLine("<?xml version=""1.0"" encoding=""utf-8"" ?>")
$output.WriteLine($xmlNode.OuterXml)
$output.WriteLine() 
$output.Dispose()
Write-Host "Done!"


Thanks
Thank you to the Microsoft Support team that assisted in the process of building this script!

Thursday, 15 December 2016

SharePoint Online - Branding with CSS

-----------------------------------------------------------------------------------------
This post is related to a larger group of posts called Migrate SharePoint to Office 365 - Planning & Steps
-----------------------------------------------------------------------------------------

I've gone with a Publishing Site Collection so that I can use the 'Alternate CSS URL' in Site Settings > Master Page.

First off, thanks to the following websites which helped get me started:
Here's what the end result will look like (if you have the same fonts):


Now for the CSS...

/* Design By : Brett Randall */
/*     Design Colours: Greens/Greys/Blues */
/*     Last Modified : 28/02/2017 */
/*     Description: CSS to rebrand SharePoint Online Publishing Site Collection that is using seattle.master */

/* TABLE OF CONTENTS
-- -- -- -- -- -- -- -- -- -- -- -- -- -- --
/* WEB FONTS & STYLES
/* LAYOUT & OVERALL PAGE
/* RIBBON & SUITE BAR
/* HEADER
/* NAVIGATION (TOP NAV BAR)
/* SEARCH
/* NAVIGATION (SIDE NAV/QUICK LAUNCH)
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- */

/* WEB FONTS & STYLES
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- */
@font-face {
  font-family: 'MuseoSans100Regular';
  src: url('../Fonts/museosans_100-webfont.eot'); /* IE9 Compat Modes */
  src: url('../Fonts/museosans_100-webfont.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('../Fonts/museosans_100-webfont.woff') format('woff'), /* Pretty Modern Browsers */
       url('../Fonts/museosans_100-webfont.ttf')  format('truetype'), /* Safari, Android, iOS */
}

@font-face {
  font-family: 'MuseoSans300Regular';
  src: url('../Fonts/museosans_300-webfont.eot'); /* IE9 Compat Modes */
  src: url('../Fonts/museosans_300-webfont.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('../Fonts/museosans_300-webfont.woff') format('woff'), /* Pretty Modern Browsers */
       url('../Fonts/museosans_300-webfont.ttf')  format('truetype'), /* Safari, Android, iOS */
}

@font-face {
  font-family: 'MuseoSans500Regular';
  src: url('../Fonts/museosans_500-webfont.eot'); /* IE9 Compat Modes */
  src: url('../Fonts/museosans_500-webfont.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('../Fonts/museosans_500-webfont.woff') format('woff'), /* Pretty Modern Browsers */
       url('../Fonts/museosans_500-webfont.ttf')  format('truetype'), /* Safari, Android, iOS */
}

.ms-rtestate-field h1 {
    font-size: 39px;
    font-weight:300;
    font-family: MuseoSans300Regular, Arial, "Helvetica Neue", Helvetica, sans-serif;
    line-height: 60px;
    color: #666;
}

.ms-rtestate-field h2 {
    font-size: 24px;
    line-height: 30px;
    font-weight: normal;
    font-family: MuseoSans300Regular, Arial, "Helvetica Neue", Helvetica, sans-serif;
    color: #666;
}

.ms-rtestate-field h3 {
    font-family: MuseoSans300Regular, Arial, "Helvetica Neue", Helvetica, sans-serif;
    font-size: 18px;
    line-height: 30px;
    color: #666;
}

.ms-rtestate-field h4 {
    line-height: 20px;
    font-family: MuseoSans500Regular, Arial, "Helvetica Neue", Helvetica, sans-serif;
    font-size: 14px;
    font-weight: normal;
    font-style: italic;
    color: #666;
}

h1.ms-rteElement-H1B{
  color:#84BD00;
  font-size: 39px;
  font-weight: normal;
  font-family: MuseoSans300Regular, Arial, "Helvetica Neue", Helvetica, sans-serif;
  line-height: 60px;
}

h2.ms-rteElement-H2B {
  color:#FF8F1C;
  font-size: 24px;
  line-height: 30px;
  font-weight: normal;
  font-family: MuseoSans300Regular, Arial, "Helvetica Neue", Helvetica, sans-serif;
}

h3.ms-rteElement-H3B{
  color:#84BD00;
  font-family: MuseoSans300Regular, Arial, "Helvetica Neue", Helvetica, sans-serif;
  font-size: 18px;
  line-height: 30px;
}

h4.ms-rteElement-H4B{
  color:#84BD00;
  line-height: 20px;
  font-family: MuseoSans500Regular, Arial, "Helvetica Neue", Helvetica, sans-serif;
  font-size: 14px;
  font-weight:normal;
  font-style:italic;
}

.ms-rteElement-P{
   color:#666;
}

/* LAYOUT  & OVERALL PAGE
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- */

/* Hide unnecessary page elements */
.ms-siteicon-img,  /* Image set as SharePoint site logo in Settings */
.ms-core-listMenu-horizontalBox .ms-listMenu-editLink,  /* Global navigation "Edit Links" when managed navigation is in use */
.ms-core-listMenu-verticalBox .ms-listMenu-editLink,  /* Current navigation "Edit Links" when managed navigation is in use */
#fullscreenmodebox  /* Focus on Content icon */
{
display: none;
}

/* Alter Suite Bar color */
#suiteBarTop > div,
#suiteBarTop #O365_TopMenu {
  background: #333;
}

/* Ensuring a gap between side nav & page content */
#contentBox{
    padding-left:12px;
}

/* RIBBON & SUITE BAR
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- */

/* Hide unnecessary page elements */
.o365cs-nav-header16 .o365cs-nav-o365Branding{ display:none !important; } /* O365 Suite Bar - Remove "Office 365" & "SharePoint Text & links */
.o365cs-nav-centerAlign::after{content:"Put Company Slogan Here"; font-size:20px; color:white;line-height: 48px; font-style: italic;} /* O365 Suite Bar - Add Mission Statement */

/* HEADER
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- */

/* Add padding to the header area */
#s4-titlerow {
  padding: 10px;
}

/* Site logo wrapper */
#siteIcon {
    margin-right: 0px;
    margin-top: 10px;
}

/* Add new logo image */
.ms-siteicon-a {
    background: #fff url('../Images/siteIcon.png') no-repeat right;  /* Logo image */
    width: 210px; /* Width of logo image */
    max-width: 210px; /* Duplicate the width value */
    height: 52px; /* Height of logo image */
    max-height: 52px; /* Duplicate the height value */
}

/* Wrapper around site logo wrapper */
#titleAreaBox {
    margin: 0;  /* Remove OOTB margin */
}

/* Page title text */
#pageTitle {
    margin-top: 10px;
    margin-left: 12px;
    font-family: MuseoSans300Regular, Arial, "Helvetica Neue", Helvetica, sans-serif;
    font-size: 39px;
    color: #84BD00;
    font-weight: normal;  
}

/* NAVIGATION (TOP NAV BAR)
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- */

/* Placement & Formatting */
.ms-breadcrumb-top > .ms-core-navigation {
    background: #FFF;
    display: block;
    height: 41px;
    width: 100%;
    text-align: left;
}

.ms-core-listMenu-horizontalBox {
    margin-left: 10px;
}

/* Item text formatting */
.ms-core-listMenu-horizontalBox li.static > .ms-core-listMenu-item {
    background-color: rgb(132, 189, 0);
    height: 16px;
    color: #FFF;
    font-family: MuseoSans300Regular, Arial, Helvetica, freesans, sans-serif;
    font-size: 13px;
    font-weight: normal;
    margin-right: 0;
padding: 10px 10px;
    border: 0px;
    border-right: #FFF 3px solid;
}

/* Hover */
.ms-core-listMenu-horizontalBox li.static > .ms-core-listMenu-item:hover {
    background-color: #999;
    color: #fff;
}
/* Hide the down arrow for drop down nav */
.ms-core-listMenu-horizontalBox .dynamic-children.additional-background{padding-right:0px; background-image: none;}

/* 2nd Level Nav modifications */
ul.dynamic{
    background-color: #666;
    color: #fff;  
    margin-left:3px;
    margin-top:2px;
    padding: 4px 0px;
    border: 0px;
    border-radius: 4px;
    min-width:213px; /* ensures div is as wide as the a{} nav tiles */
}

/* 2nd Level a{} tiles */
ul.dynamic > li.dynamic a{
    background-color: rgb(132, 189, 0);
    width: 190px;
    padding:10px;
    padding-left: 13px;
    color:#fff;
}

ul.dynamic > li.dynamic a:hover{
    color:#fff;
    background-color: #999;
}

/* SEARCH
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- */

/* Width of entire Search Box */
.ms-mpSearchBox{
    width: 259px;
    background: rgb(233, 234, 232);
    border-radius:4px;
}

/* Modify default formatting for input */
.ms-srch-sb input {
    width: 187px;
    font-size: 14px;
    color: #000;
}

.ms-srch-sb, .ms-srch-sb:hover{
    padding-top: 5px;
    padding-bottom: 5px;
    background: #fff;
    border: 0px;
    border-radius:4px;
}

#searchInputBox{
    float:left;
    margin: 10px;
}

/* NAVIGATION (SIDE NAV/QUICK LAUNCH)
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- */

/* Add colour to Quick Launch (side nav bar) */
#sideNavBox{
    background-color: #F4F4F4;
}

.ms-core-listMenu-verticalBox {
    background-color: #F4F4F4;
}

/* Folders/Headings */
.ms-core-listMenu-verticalBox > .ms-core-listMenu-root > li > .ms-navedit-linkNode{
    background: linear-gradient(-90deg, #D7F1F7, #84BD00 );
    filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#84BD00, endColorstr=#D7F1F7, GradientType=1); /* Gradient workaround for IE9+ */
    font-size:14px;
    padding-left: 10px;
    padding-top: 7px;
    padding-bottom: 7px;
    color: #000;
    font-family: MuseoSans300Regular, Arial, Helvetica, freesans, sans-serif;
    font-weight: normal;
    border-bottom: 1px #F4F4F4 solid;
}

.ms-core-listMenu-item:visited{
    color: #000;
}

.ms-core-listMenu-heading{
    font-weight:bold;
}

li > a.ms-core-listMenu-item.ms-core-listMenu-selected:hover, li > a.ms-core-listMenu-item:hover, .ms-core-listMenu-heading:hover{
    background-color:#999;
    color:#fff;
}

.ms-core-listMenu-verticalBox li.static > ul.static > li.static > .ms-core-listMenu-item{
    padding-top:7px;
    padding-bottom:7px;
    padding-left:20px;
}

li > a.ms-core-listMenu-item.ms-core-listMenu-selected{
    background-color: #84BD00;
    color: #000;
}

.ms-core-listMenu-item, .ms-core-listMenu-item:link{
    color:#000;
}

Friday, 2 December 2016

SharePoint 2010 - Automate Site & Group Creation with Nintex Workflow 2010

What
Nintex Workflow has an action to create a site automatically in SharePoint, but it's functionality is quite limited.  You can't create groups and you can't add staff to those groups.  This tutorial shows you how to create a Nintex workflow to automate the whole process using SharePoint Web Services.

Why
As most SharePoint administrators are aware, it's ALWAYS a bad idea to give staff the ability to create SharePoint sites.  They will end up creating them for the wrong purposes, will not maintain them, no retention policies will get assigned to them, etc.

However, you don't want to restrict your users creative freedom.  You want to govern it in a manageable way.

In order to keep track of all your SharePoint sites, we need to ensure that when we allow staff to create sites/content, it is being properly tagged with the right information.  As long as you are logging & tagging sites with extra data, you can easily govern and manage those sites far into the future.

This tutorial isn't simply how to automate a process that SharePoint already does.  It's automating that process while enforcing that users tag their sites with data that help you manage SharePoint easier.

We are going to use the example of Project Sites.  Project sites have a known lifespan, usually between 1 month & 2 years depending on size.  We want to capture that information so the sites don't hang around for too long.

How
There are 6 steps in my workflow, they are:
  • 1. Set Variables
  • 2. Create Site
  • 3. Create Group
  • 4. Add Group to Site
  • 5. Add Members to Group
  • 6. Send Emails

First:  Create a custom list with the following columns (depending on your needs):

  • Project Name
  • Project Description
  • Department
  • Project Sponsor
  • Project Manager
  • Project #
  • Estimated Completion Date

1. Set Variables
I also created Workflow Variables for my Group Names that had the following naming conventions: {Project Name} - [AccessType]

2. Create Site
Use the following Nintex Action to create a site and add all the data you will collect from your list: Insert Action > Provisioning > Create Site


3. Create Group
Use the following Nintex Action to query a Web Service:  Insert Actoin > Integration > Call Web Service

The image below describes what you need to input into each field to successfully run the AddGroup Web Method within the UserGroup.asmx Web Service.

This will create a group on your Site Collection without access to anything.

4. Add Group to Site
the hard part...

Now we need to give the group access to your newly created site.  Create another Call Web Service Action.

The picture will explain most things, however, to get the PermissionMask value (a value assigned to a permission level like Contribute,Read Only, etc), you need to run the following Powershell script on your server: Retrieve the Permission Mask Values for a Site using Powershell

Once you have that, insert the following information to add the group to your newly created site:
Running the AddPermissions Web Method through the Permissions.asmx web service

5. Add Members to Group
You don't need to do this, but if you're feeling keen you can also run a web service to add a user to the newly created group like this:
running the AddUserToGroup Web Method through the UserGroup.asmx Web Service

6. Send Emails
Of course now you want to send a nice customised email to your user with all the information they need!


Thoughts?
This saves our team so much time, while allowing us to govern site creation and ensure that all sites have metadata tagged against them !

Have you got any cool tricks to help automate governance that you'd like to share?

If you liked this post:

Credit where it's due