I’m in the process of migrating my customer from SharePoint 2010 to SharePoint 2013. In their SharePoint 2010 environment, they were still using classic-mode authentication, but are switching to claims-based authentication in SharePoint 2013.
The recommended path to upgrade from 2010 to 2013 is a content and service-application database migration. This works great for us since we have to do this piecemeal. However, many of the general approaches for converting to claims-based authentication is to do so at the web-application level, rather than the content-database level (source: TechNet).
In SharePoint 2013, there’s actually an
SPWebApplication method dubbed
MigrateUsersToClaims that takes 3 arguments:
There was no guidance on the NTAccount, other than the user “performing” the operation. I opted to use the farm account to ensure it had the appropriate level of permissions. The true power of the content database migration comes in with the third parameter. We can add individual content databases to migrate with this parameter rather than worrying about the entire web application.
Props go to Steve Peschka who originally pointed this out. However, in his post, the PowerShell to do this upgrade was the following:
For me, that throws the error
Exception calling "MigrateUsersToClaims" with "3" argument(s): "Operation is not valid due to the current state of the object." This was strange, and I couldn’t figure it out. So, I cracked open the
Microsoft.SharePoint.Administration dll and took a look at the
1 2 3 4 5 6 7 8
That second one was the one that I questioned. I know the conditions matched for the first two checks. The question was how my parameters looked. Sure enough:
1 2 3 4 5
With that, if I changed the middle parameter from
$false, the migration finally ran (and completed) succesfully.
Why did this happen? This was because my
$acc user is my farm account. I’m also running my PowerShell session as my farm account. This is to ensure that I have full, unfettered access to the SharePoint Object Model and the Content Database. The middle parameter states (from MSDN):
The **account** will be given the correct permissions to perform the operation. Should this permission be removed when the operation is complete.
We definitely don’t want this for the farm account. So, my updated code, for reference:
1 2 3 4 5 6 7
Cheers. Once again, thanks go to Steve Peschka for figuring this out.
I have just completed building my first SharePoint 2013 application. I came across the error message
Sorry, only tenant administrators can add or give access to this app. when trying to deploy the application to my site. This happened regardless if I was deploying using a SharePoint development site or after installing the solution in the app catalog.
Now, the concept of a “Tenant” makes sense for Office 365 or SharePoint Online. As a hosting provider, there are multiple tenants you want to support in a single environment. However, for an on-premise deployment, this error message didn’t make much sense. I started poking around and came across spinning up a tenant administration site, being able to set multiple app tenants through the App Management Service cmdlets, but none of those really seemed like the right solution for my on-premise deployment. I found an MDSN Forum Question which seemed closer to the solution. That post recommends splitting the service accounts used to host the App Management and Site Settings services from the farm account. This was critical as the Farm Account is not allowed to add apps under its identity whatsoever. You will get an error message when trying to provision, and the ULS logs will indicate that an assertion failed checking that the current account was not the system account.
What did it turn out to be? I just needed to make sure my user account was directly added as a member of the Farm Administrators group. We have traditionally deployed farm administrators via an Active Directory and local (Administrators) group. However, it appears that the App Management service dislikes this approach and wants users explicitly permissioned to the Farm Administrators group. Additionally, after granting your user direct permissions, you need to issue an
iisreset so those changes take effect. Then, you can provision your app successfully.
I’ve recently switched from using Subversion directly to using git svn to allow me to use a git workflow, but interact with a subversion repository. It works great, except when I needed to interactive rebase…
The last two weeks have been interesting. I’ve been trying to deploy an app part built as part of a SharePoint 2013 app I developed recently. The app part re-creates the “Suggestions” functionality that you see when visiting the “Followed Sites” and “Followed People” pages in your My Site. Those web parts were not easily reused in other parts of My Sites. The purpose of creating this app part was to be able to add suggestions directly to the Newsfeed page to make it a more useful information radiator. Unfortunately, editing the Newsfeed page (or any page) in the “My Site Host” was not nearly as intuitive as I had hoped.
I’m used to having the ribbon to edit pages in SharePoint, regardless if they are standard publishing pages or web part pages. However, in the “My Site Host”, there is no ribbon for the standard pages, even when you are a farm administrator. I jumped to the conclusion that I could add the App Part via SharePoint Designer. Sadly, this wasn’t the case. SharePoint Designer does not list any app parts.
I tried to go through the rigarmarole of adding the app to a separate site through the web editor, then copying the code from within SharePoint Designer and pasting it into the Newsfeed page, only for that to fail. The identifiers for the apps are completely different.
This is when I stepped back and though that the solution should be simpler than this. It turns out, it was. Click the gear icon (settings menu) in the upper-right corner of SharePoint and you’ll find the Edit Page link. I felt liberated and frustrated at myself for not checking there earlier. From there, you have complete control to edit the Newsfeed web part page (or any page in the “My Site Host”).
Quicktate is a service for which I’ve been consulting for since 2009. We have recently released a new RESTful API to help make integrating with the service a breeze. That said, while our new RESTful API documentation uses Swagger to generate our service documentation, many of the common RESTful semantics we rely on are completely missing from that documentation. Until we figure out an easier way to convey that information via Swagger, here’s some basic information on how to get around the API.
I started playing around with SQL filestreams yesterday. We have a need to store large binary objects both quickly and efficiently from SharePoint in our SQL database for regulatory purposes. I found a great article on Code Project on how to actually store binary data in a filestream column. However, as I ran the code, I encountered a
Win32Exception with the message “Access is denied.”.
I double (and triple) checked that the permissions for the account executing the code were correct. Since we’re using SharePoint, we are using only Windows authentication. Furthermore, I made sure that our connection string was using Integrated Security:
Ultimately, it came down to the fact that the SQL Server was not setup to allow remote server connections to filestream. I managed to fix this by following the Enable and Configure FILESTREAM article on MSDN. The Allow remote clients to have streaming access to FILESTREAM data. box was not checked, thus causing my problems.
Last weekend and this weekend I spent a good deal of time trying to track down a PHP error I was having in my customer’s production environment. This wasn’t an exception being thrown by PHP, but rather, I couldn’t readily identify if it was a PHP error or not, because different parts of our infrastructure were throwing different errors during the request.
2012 was a stressful, but rewarding year. Those who know me know I love to speak at conferences and user groups. Just how much do I love to speak? Check out my SpeakerRate profile. Last year I had 20 talks logged at SpeakerRate, 28 talks in total. Most of those talks were local user groups and local techfests, but I finally managed to hit the national spotlight with one talk at Agile 2012. I know this pales in comparison to some technical speakers, but it’s not about the quantity - it’s about the quality. I put a lot of time preparing my presentations, as I want my audience to not just be encouraged, but to be motivated to take what they’ve learned in my sessions and implement them tomorrow.
The last quarter I eased back on my speaking engagements, largely because I needed to spend more time with my family and because conferences are fairly light in the third quarter. Nevertheless, I woke up on January 1, 2013 to a rather pleasant e-mail - I had been awarded a Microsoft MVP in ASP.Net/IIS. To say this came as a surprise would be a lie, but I had been skeptical if I was going to get the award, given how competitive the awards are. There tens of thousands of professionals all over the world vying for one of these awards, and in some categories (C# and SharePoint, in particular), you have to go through multiple vetting cycles before you end up receiving the award.
For those unfamiliar, an MVP Award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others.. No doubt, that’s how I see myself (though a little more modest). I realize that there are some people who only care to get awards such as these as yet another way to pad the resume. Those individuals most definitely do what they do for the wrong reasons.
I do what I do for a number of reasons. First, I love to hear myself talk. Just kidding. Those who know me know I can be (somewhat) shy in the company of others, and never as boisterous as some of those in a clique (I’m looking at you Devlin and Bud :-P). That said, I do love meeting new people. I’ve forged some really great relationships with people in the community that I would love to work with (and some of them now do!). Even if I never have that opportunity, being able to meet for beers after work with these people is a whole lot of fun.
But, while meeting new people is fun, I consider speaking as a selfless act. I don’t speak for myself - I speak for you, the community. If nobody wanted to hear what I had to say, then my conference rooms would be empty and I’d likely stay behind my computer or doing other things to help out. However, the fact that I’ve concentrated on putting together such high-quality, passionate talks on a variety of different technical and professional areas has proven to be useful to many people in my audience. What matters most is having an impact on at least one person’s perception of a topic, whether that’s opening their eyes to a new technology, providing a different perspective on how to write software, or simply inspiring them to try again at something they previously failed at - that’s what I really love.
Some people see the award as an affirmation that they are the most elite, technically proficient individiuals in the world. I won’t lie - that’s how I’ve always percieved Microsoft MVPs. Some of them are stellar individuals who really are at the top of their game. However, to assume that I’ve reached the pinnacle of my technical abilities is far from the truth. I thought I was a hot shot coming into Improving Enterprises; working with such a talented, professional, and wonderful group of technologists and mentors has really helped me remain consistently modest about my technical abilities.
In our field, there are experts, people who cannot achieve a level higher than they are already at. However, those individuals are experts on such a niche topic, that field itself is already evolved to its maximum potential, allowing for experts to finally attain their place. However, I see myself as extremely proficient in a lot of the areas I work - SharePoint, PHP, ASP.Net, and systems administration, in particular. That said, because each of those areas are so broad and have so many different uses, it’s impossible for me to become an “expert” in these fields. It’s hard for anyone to become an expert in these fields. If you come across anyone who claims to be an expert, I guarantee you’ll find gaps in their knowledge somewhere. That’s how I view experts - people who know everything there is to know.
With that said, I am humbled to know that Microsoft does see me as not only a skilled technologist, but that my contributions to the community are useful. That’s ultimately how I view this MVP Award - it’s affirmation that I should continue to do what I’m doing. It’s Microsoft willing to expend resources and provide me with information that will continue to help me educate my audience.
I don’t (and won’t) hold my MVP award above anyone else - that’s just not the type of person I am. Instead, I proudly wear this badge of honor as a beacon for others to reach out to ask questions. I’m always interested in helping people out - that’s why I work for Improving Enterprises. Their motto directly aligns with my goals - Improving - It’s what we do.
I would not be receiving this award if it weren’t for the help of Improving Enterprises. The company actively encourages community participation, and goes above and beyond to help each other out with mentoring, guidance, and access to some of the best people in our area. There are two people from Improving who have been great motivators and put their necks on the line to vouch for me - Devlin Liles and Tim Rayburn. You guys rock and I love working with you both! Allen Hurst, my mentor for the last two and a half years, has truly been an inspiration, and has become one of my best friends. Without him, I likely wouldn’t have been such an avid speaker. Zain Naboulsi and Chris Koenig, both from Microsoft, were also a great help towards getting me vetted through the MVP process and deserve major kudos.
Of course, I would not be nearly as successful at the things I do without my family. I thank my father, David Weldon, for showing me the way early in being a speaker. For as long as I can remember, my father not only attended medical conferences, but was frequently a speaker at them, and often times went out of his way to make sure that I could attend to watch him speak. While I rarely ever understood the material, his charisma and style of presenting have rubbed off - in a very positive way. Thank you, dad.
Finally, to my wife, Melissa, and son, Tristan, you both deserve the sun and the moon. You both motivate me to continually be a better person, encourage me when I am under stress, and are understanding when I am not around. I am often times not around or am too busy to spend the quality time you two deserve, and for that I’m sorry. I shout from my proverbial mountain top how much I love you both, and how much you both mean to me, and thank you both so incredibly much for being such a wonderful and patient family.
I’ve spent yesterday evening and today really sinking my teeth into the internals of SharePoint 2013’s social features, trying to identify how items are cataloged and surfaced. This led to some very interesting revelations as to where I can find information relating to each of SharePoint’s moving parts. As I continued to dig, I managed to identify a significant problem with surfacing hashtags, aka #tags, in community sites. This post serves as a place for hopefully the search engines to surface this problem for other users, and I will catalog my findings and hopefully eventual resolution with Microsoft.