Friday, 2 December 2016

SharePoint 2010 - Automate Site & Group Creation with Nintex Workflow 2010

What
Nintex Workflow has an action to create a site automatically in SharePoint, but it's functionality is quite limited.  You can't create groups and you can't add staff to those groups.  This tutorial shows you how to create a Nintex workflow to automate the whole process using SharePoint Web Services.

Why
As most SharePoint administrators are aware, it's ALWAYS a bad idea to give staff the ability to create SharePoint sites.  They will end up creating them for the wrong purposes, will not maintain them, no retention policies will get assigned to them, etc.

However, you don't want to restrict your users creative freedom.  You want to govern it in a manageable way.

In order to keep track of all your SharePoint sites, we need to ensure that when we allow staff to create sites/content, it is being properly tagged with the right information.  As long as you are logging & tagging sites with extra data, you can easily govern and manage those sites far into the future.

This tutorial isn't simply how to automate a process that SharePoint already does.  It's automating that process while enforcing that users tag their sites with data that help you manage SharePoint easier.

We are going to use the example of Project Sites.  Project sites have a known lifespan, usually between 1 month & 2 years depending on size.  We want to capture that information so the sites don't hang around for too long.

How
There are 6 steps in my workflow, they are:
  • 1. Set Variables
  • 2. Create Site
  • 3. Create Group
  • 4. Add Group to Site
  • 5. Add Members to Group
  • 6. Send Emails

First:  Create a custom list with the following columns (depending on your needs):

  • Project Name
  • Project Description
  • Department
  • Project Sponsor
  • Project Manager
  • Project #
  • Estimated Completion Date

1. Set Variables
I also created Workflow Variables for my Group Names that had the following naming conventions: {Project Name} - [AccessType]

2. Create Site
Use the following Nintex Action to create a site and add all the data you will collect from your list: Insert Action > Provisioning > Create Site


3. Create Group
Use the following Nintex Action to query a Web Service:  Insert Actoin > Integration > Call Web Service

The image below describes what you need to input into each field to successfully run the AddGroup Web Method within the UserGroup.asmx Web Service.

This will create a group on your Site Collection without access to anything.

4. Add Group to Site
the hard part...

Now we need to give the group access to your newly created site.  Create another Call Web Service Action.

The picture will explain most things, however, to get the PermissionMask value (a value assigned to a permission level like Contribute,Read Only, etc), you need to run the following Powershell script on your server: Retrieve the Permission Mask Values for a Site using Powershell

Once you have that, insert the following information to add the group to your newly created site:
Running the AddPermissions Web Method through the Permissions.asmx web service

5. Add Members to Group
You don't need to do this, but if you're feeling keen you can also run a web service to add a user to the newly created group like this:
running the AddUserToGroup Web Method through the UserGroup.asmx Web Service

6. Send Emails
Of course now you want to send a nice customised email to your user with all the information they need!


Thoughts?
This saves our team so much time, while allowing us to govern site creation and ensure that all sites have metadata tagged against them !

Have you got any cool tricks to help automate governance that you'd like to share?

If you liked this post:




Credit where it's due

SharePoint 2010 - Retrieve the Permission Mask Values for a Site using Powershell

What
Use Powershell to retrieve detailed data about the permission levels on a particular site

Why
I was looking for a way to automate Site & Group creation using nintex workflows.  In order to create groups, you need to call a SharePoint Web Service.  That Web Service requires an input value called 'permissionMask (int)'.

This powershell script will allow you to find the correct permission Mask related to your particular environment & permission levels.

How
Jump onto your WFE, open up SharePoint Powershell as admin and paste in the following code (with the site you wish to retrieve data for:

## Get site permissions using SharePoint 2010 web service in powershell
$uri="http://rootsite/subsite/_vti_bin/Permissions.asmx?wsdl" 
## $siteName is a string which contains the site name for which you need to get the permissions
[String]$siteName="site name"
## $type is a string which contains the object type - List
[String]$type="Web"

## Web Service Reference - http://rootsite/subsite/_vti_bin/Permissions.asmx
$permissionWebServiceReference = New-WebServiceProxy -Uri $uri -UseDefaultCredential 
[System.Xml.XmlNode]$xmlNode=$permissionWebServiceReference.GetPermissionCollection($siteName,$type)

## Creates an GetSitePermissions.xml file in the D:\ which contains the permissions for the site
$output = New-Object -TypeName System.IO.StreamWriter -ArgumentList "C:\temp\GetSitePermissions.xml", $false
$output.WriteLine("<?xml version=""1.0"" encoding=""utf-8"" ?>")
$output.WriteLine($xmlNode.OuterXml)
$output.WriteLine() 
$output.Dispose()

Once the script has run, navigate to C:\Temp and grab the Mask value against the group that has the permissions you want to mimic.


Credit where it's due
Vijai for providing the code: http://www.c-sharpcorner.com/blogs/get-site-permissions-using-sharepoint-2010-web-service-in-powershell

Wednesday, 30 November 2016

Office 365 - SharePoint Online: Run a Report to List Your SharePoint Service Administrators

What
I've begun setting up the governance model for SharePoint Online and was working out the best way to ensure when I give someone SharePoint Administration Access that they automatically have full access to administer every Site Collection.

My decided method is to use the 'SharePoint Service Administrator' Group.  This is the group that you are added to when your O365 User Account is assigned the 'SharePoint Administrator' Role.


Why
My reasoning is that way when a staff member joins the team you only need to get them added to one spot and they are good to get on with the work.

Problem
Occasionally you will want to check that the right staff have access.  How do you report on who is a member of that group!?  I searched high and low to no avail.  When that fails, there's only one choice...  Powershell.

Here's the script you need to run in order to bring back a list of every user that has been given SharePoint Adminstrator Access:

#Connection to Office 365
$msolcred = get-credential
connect-msolservice -credential $msolcred

#Bring back a list of all users that are a member of the SharePoint Service Administrator Role
Get-MsolRoleMember -RoleObjectId (Get-MsolRole -RoleName “SharePoint Service Administrator”).ObjectId | ft –AutoSize

That's it!

Do you happen to know of a better way?  Let me know.


Credit where it's due
Brian Laws for providing the Powershell Script: http://summit7systems.com/delegate-sharepoint-online-administration-without-tenant-admin/ 

Monday, 28 November 2016

SharePoint Online - Switching Between Classic & New Experience

Did you click the 'return to classic SharePoint' button in SharePoint Online and are unsure how to get the New Experience back?

You need to clear all cookies from your browser and load up the site again.

There doesn't seem to be any button in the GUI that allows you to switch the new experience back on for your specific profile.

Sunday, 2 October 2016

Migrate SharePoint to Office 365 - Planning & Steps

WORK-IN-PROGRESS

A repository of resources containing what you need to consider before you migrate your On-Premises SharePoint environment to Office 365 (SharePoint Online).  

This area contains in-depth detail around the planning stage for your SharePoint Migration and how to gather the data you need to be properly prepared come migration day (in no particular order):

[[Measuring On-Premises SharePoint Bandwidth]]
[[Gathering Storage Requirements for SharePoint Online]]
[[Backup & Recovery Options]]
--[[3rd Party Tools]]
--[[Preservation Hold]]
----[[Calculating Storage Requirements for Preservation Hold]]
[[Migrating Content]]
[[Branding]]
--[[Employee Experience]]
[[Information Architecture]]
--[[Data Retention & Versioning Policies]]
--[[Archiving Data]]

Monday, 6 June 2016

Export Group Membership From Active Directory Using Power Query

If you need to export a list of staff from an Active Directory Group, follow these steps.  Allows you to gather all the names & usernames of staff in a particular group and save the information into Excel.

Step By Step How To:
  • Open up Excel > Power Query Tab
  • Click From Other Sources > From Active Directory:

  • A popup will ask you to enter your domain name.  It should already be populated with the correct information but if not, input your companies domain name & Click OK:

  • In the Navigator that opens up, expand your domain tree and double click group:


  • You should now see a list of all groups in Active Directory in the Power Query Editor:

  • In order to find & filter for a specific Group, Click the Down-Arrow for the 'distinguishedName' column > Text Filters > Contains...

  • Type the name of your Group & hit OK (Text box is case sensitive!):
Here I am looking for users of the group 'Enable_EB_Screensaver'.

  • Now we want to list all of the staff that are members of the group.  To do this, Expand the group column and unselect everything except the 'member' column:

  • Now expand the group.member column:

You should now have a row for every member inside the group:

Right-Click the group.member column and select 'Unpivot Columns'

  • You should now see a 'Value' column at the end of your spreadsheet.  Click the expand button and select the following columns: displayName, sAMAccountName
  • Now you should have a nice list of all staff that are members of your Active Directory Group!  Click 'Close & Load' to load the data into Excel!


Quick Method How To:

If you're already a bit of a wiz with Power Query, simply copy this code into the Advanced Editor and replace anything highlighted in RED with your own organisational information.

let
    Source = ActiveDirectory.Domains("[DomainName]"),
    [DomainName] = Source{[Domain="[DomainName]"]}[#"Object Categories"],
    group1 = [DomainName]{[Category="group"]}[Objects],
    #"Filtered Rows" = Table.SelectRows(group1, each Text.Contains([distinguishedName], "[ActiveDirectoryGroupName]")),
    #"Expanded group" = Table.ExpandRecordColumn(#"Filtered Rows", "group", {"member"}, {"group.member"}),
    #"Expanded group.member" = Table.ExpandListColumn(#"Expanded group", "group.member"),
    #"Unpivoted Columns" = Table.UnpivotOtherColumns(#"Expanded group.member", {"displayName", "top", "posixGroup", "msExchIMRecipient", "msExchBaseClass", "msExchCustomAttributes", "mailRecipient", "securityPrincipal", "distinguishedName"}, "Attribute", "Value"),
    #"Expanded Value" = Table.ExpandRecordColumn(#"Unpivoted Columns", "Value", {"displayName", "sAMAccountName"}, {"Value.displayName", "Value.sAMAccountName"}),
    #"Removed Columns" = Table.RemoveColumns(#"Expanded Value",{"displayName", "top", "posixGroup", "msExchIMRecipient", "msExchBaseClass", "msExchCustomAttributes", "mailRecipient", "securityPrincipal", "distinguishedName", "Attribute"})
in
    #"Removed Columns"


Notes

Feedback
How did you go?  Loving it?  If so, check out my other posts on Power Query:

Monday, 9 May 2016

Simple Answers - Question #1: What is Office 365 (O365)?

There is a lot of hype about businesses moving to Office 365, but what exactly is it and why is it so popular?  There are a waft of people (even in IT!) that have never heard of Office 365.  Over the next few months I will help demystify Office 365 & all the things great products that come with it.

Question #1: What is Office 365 (O365)?

O365 is a suite of products provided by Microsoft that can be purchased for a monthly or yearly fee. There are two basic types of subscriptions, Personal or Business.

As part of a personal subscription , you are provided with the latest version of Microsoft Office (2016) which can be installed on any device. This includes Word, Excel, PowerPoint, OneNote, Publisher, Outlook, etc.

As part of a business subscription, in addition to a copy of Microsoft Office 2016 for all staff, you also get the option of using any of the list of products below which I will go into more detail on later:

  • Yammer
  • Skype for Business
  • Exchange Online (email)
  • SharePoint Online
  • OneDrive
  • Power BI
  • Delve
  • Sway
  • PowerApps
  • Flow