PowerShell Next Steps

Well, since we know all about PowerShell now, we’ll need to prove it by writing some scripts. To do that, we’ll need to understand about the PowerShell’s logical operators and we have some help for that from our new best friends, Guy and Neolisk.

Guy tells us all about the $_ operator here. We’ll use this with pipes in a line like this:

Get-Something | Write-Host $_.SomePropertyOfSomething

Then, Neolisk helps us here. He tells us about the $_. and alot of other special commands. My favorite is ‘n which will send a newline character to my output.

hth

-robot

Some Notes Re: SharePoint 2010 User Profile Synch Service

So there’s a lot been said about the User Profile Synchronization Server in SharePoint 2010.

Let’s take a minute to point out a couple of interesting points.

First, returning as our new best friend in Harbar his Rational Guide to the UPSS. So we’re not going to try to improve upon or replace any of that except as follows.

Once we’ve deployed our two server farm in a friendly domain, we’re going to run the Configuration Wizard in Central Admin. Now that will do a lot of things but it won’t get the UPSS running.

So we visit Services on Server and we’ll see:

Fig. 1: Services on Server

So, we click Start and it changes to  Starting for a minute but then you refresh and it’s gone back to Stopped.

Also, we go to the Manage Service Applications, which is different from Service on Server, by selecting Application Management | Manage Service Applications and clicking on the User Profile Service link:

Fig. 2: User Profile Service Management Link

… where we find the <hidden> Manage Profile Service: User Profile Service page:

Fig. 3: Manage Profile Service

Here, we try to Configure Synchronization Connection and Create New Connection and SharePoint barfs saying it can’t load the page because the profile service is running or not running or something.

So here’s what’s happened. When we ran CA’s configuration wizard, it tried but failed to initiate the UPSS and left it hung and it hung for a couple of reasons and left some splat files in various places that we have to fix.

First, we have to stop the service that’s trying it’s best to run. This is a SharePoint Management Shell (i.e. PowerShell) task.

We run Get-SPService and see that the service is, in fact, online:

Fig. 4: Get-SPServiceInstance

We get the GUID and run Stop-SPService Instance <GUID>

Fig. 5: Stop-SPServiceInstance

… and it takes a moment to “Unprovision” itself.

Then, it’s Disabled.

Fig. 6: UPSS Disabled

Now we can do a couple of things.

First, we can go delete the certificates it created with that bad GUID by running MMC and loading the Certificates Snap-in. Now, we’ll have to do this for the local computer and for the logged-in user, but we drill down to all the certificate stores and everywhere we find a ForeFront certificate, we’ll delete it.

Then we’ll go into Active Directory and right-click on our domain and select Delegate Control. Here we run through the wizard, select our service account and then select the Create a Custom Task option:

Fig. 7: Create a Custom Task

… Then, on the Permissions page, I check the Replicate Directory Changes permission:

Fig. 8: Replicating Directory Changes

Then finish the wizard.

Lastly we run ADSIEdit.msc on the domain controller. Here, we’ll connect the root to a Well Know Naming Context called Configuration. Then, we’ll right-click on the configuration and select Properties.

On the Security tab, we’ll add our service account and give it the Replicating Directory Changes permission:

Fig. 10: Replicating Directory Changes Permission

Then we’re done with that, we can start our UPSS and create our connection.

hth

-robot

More Help with InfoPath 2010

First, we’ll get some help here with turning on the services so the services are all working:

sensoft2000-sharepoint.blogspot.com: Error: The form cannot be rendered…

And, this, from MSDN, shows us how to embed code in forms that can run in a server’s local sandbox: InfoPath 2010 and Visual Studio

But what we really need is to figure out how to get our form projects created in Visual Studio.

So, if we’re starting from scratch, this gem from MSDN is a prerequisite:

Building SharePoint Applications with InfoPath 2010 (Part 1 of 2)

Here we learn a thing or two. First we’re not going to get very far telling our customers to figure it out themselves using Word or Access; InfoPath is the only solution that support moderate complexity and custom, C# code.

Note also, that our options are to develop bullet-proof “administratively deployed forms in SharePoint’s InfoPath form server. This, of course requires access to Central Admin. And if your customer is a SharePoint consumer, that may involve interaction with an IT department that’s less accommodating that one might expect. Alas, InfoPath will allow us to install local forms with custom code. This video, from MSDN, explains that these local form solutions will  run in a server’s local sandbox: InfoPath 2010 and Visual Studio. We can also see that the sandbox draws the line at access to the client files and settings. So really, these “local-custom” form will probably suffice in many situations without having to poke the IT hornets’ nest.

So here’s a great “Hello World” starter from MSDN: Using the InfoPath 2010 Object Model and Visual Studio Tools for Applications

Here, we learn, if you want to embed your code in your form and install it into a site library, you’ll have to use MS Visual Studio Tools for Applications. This is an Office Setup operation. You’ll have to have your Office install bit and may need your product key. Include the .Net Programmability option and it takes the rest of the day!

When you run the install, you’ll get to a point where you get to select the components you need to install. The InfoPath component will have an expansion “+” icon and you can blow it up until you get to where you can select to have MS VS for Applications “Run from my computer.”

Also, be sure your target SharePoint site is in a site collection where the SharePoint Server Enterprise Site Collection features” have been activated. This is different from the top level site collection’s site features and you can find it at: /_layouts/ManageFeatures.aspx?Scope=Site

And here’s a great detailed listing for control that will and won’t work in browser forms: InfoPath 2010 features unavailable in Web browser forms

So we can get to VST for Application on the second part of MSDN’s Building SharePoint Applications with InfoPath 2010 (Part 2 of 2) which seems to be very well written and provides a great glimpse at the need for the SharePoint Sandboxed Solutions Service.

 

 

 

InfoPath Forms Deployment in SharePoint 2010

So let see what trouble we can get into with InfoPath.

First, one thing you always need is how to create a meaningful file name. So we get our new best friend, SYM, at BizSupportOnline.net, to help us here. I wonder if SYM knows PSY? If so I bet he’s got the same game.

So that let’s us name our files with something intelligent instead of Form1.xsn. 

Then he goes on to eliminate the peculiar error when the first form is submitted here.

 Then we have these:

AKGGroup.com: InfoPath: Restrict visibility to users in a SharePoint Group.

BizSupportOnline.Net: Auto-numbering InfoPath forms when they are submitted to a SharePoint form library.

BizSupportOnline.Net: InfoPath Q&A: How do I avoid getting NaN when using the max() function?

IanChivers.com: Packaging InfoPath Forms into Site Features.

SharePoint911.com: InfoPath – Query Specific SharePoint List .

StuartRoberts.Net: Programatically register InfoPath form for Web Browsing in SharePoint.

StuartRoberts.Net: Deploying InfoPath Form to SharePoint 2010 Site.

TechNet: Manage administrator-approved form templates (SharePoint Server 2010).

YBBest SharePoint Pie: Deploy InfoPath Form as SharePoint Feature in SharePoint 2010.

 hth

-robot

Building VMs in System Center 2012 – Virtual Machine Manger

So, with VMM installed, we have to do something with it, I guess. In this case, we’ve got a set of seven Cisco B200 blade servers, each with 16 Gb RAM and then we have a NetApp storage device with 24Tb.

We decided to break the servers into two groups. The first four, lets call this “Group A” will be proivisioned with 80Gb hard drive space from the SAN and will be presented to VMM as “Bare-Metal” servers. VMM will then support the OS and Hyper-V on each and then we’ll grab hard drive space as needed for VMs.

The last three, we’ll call “Group B” will have Windows Server installed inside the Cisco UCS Manager. Each will be provisioned with an 80Gb C:\ drive and a 300 Gb D:\ drive.

First, we’re going to try to follow along with TechNet here and create host groups. We’re working in VMM which really look alot like any other

Blogs.TechNet.com – SCVMM 2012 – Bare-metal deployment (checklist) http://blogs.technet.com/b/cloudytom/archive/2012/01/02/scvmm-2012-bare-metal-deployment-checklist.aspx

BrianDesmond.com – How to Sysprep in Windows Server 2008 R2 and Windows 7 http://briandesmond.com/blog/how-to-sysprep-in-windows-server-2008-r2-and-windows-7/

ms4u.info – Bare Metal Deployment using VMM 2012 on Cisco UCS Server http://www.ms4u.info/2012/01/bare-metal-deployment-using-vmm-2012-on.html

TechNet.Micrsoft.com – Adding Physical Computers as Hyper-V Hosts Overview http://technet.microsoft.com/en-US/library/gg610634.aspx

TechNet.Microsoft.com – Creating a Hyper-V Host Cluster Prerequisites http://technet.microsoft.com/en-US/library/gg610630.aspx

 

Technet.Micrsoft.com – How to Add a PXE Server to VMM http://technet.microsoft.com/en-us/library/gg610651.aspx

Technet.Micrsoft.com – How to Create a Run As Account in VMM http://technet.microsoft.com/library/gg675082.aspx

Technet.Micrsoft.com – Preparing the Fabric Scenario Overview http://technet.microsoft.com/en-us/library/gg610662.aspx

Installing System Center 2012 – Virtual Machine Manager (VMM)

Okay, Maybe We Have to Do This All By Ourselves 🙁

Because Nobody will admit to know what MS System Center 2012 – Virtual Machine Manager is.

Except this robot.

It all started with this prefectly harmless TechNet page: How to Install a VMM Management Server.

Simple enough, just follow the steps.

First of all, the install package is separate from the SC 2012 install. I got mine from MSDN and it was called:

mu_system_center_2012_virtual_machine_manager_x64_dvd_822393.iso

So I stated it and it started to run for a second and complained that I needed the Win7 Automated Installation Kit. So I got that here.

It’s a whopping 1.6Gb so that took a little while to download.

When I went to install it, it said it needed the Win7 install bits so I downloaded them from MSDN and went on with the install. It went pretty quickly.

Then, I resumed the VMM Server install and it said I needed .NET 3.5 and I could download it and install it. So I did. Well, on Server 2008, .NET 3.5 is part of the Application Server role so the installation barfed and called me a dummy.

I added the App Server role to my VMM Server host and resumed the VMM install.

Well. then, the install said I need the SQL Server 2008 Command Line Utilities on board. So I tried to install it but that install barfed insisting that I needed the SQL Server Native Client first. So I install that. Then I was able to compete the CLU install.

So I returned to the VMM install and got to step 9 of the aforementioned TechNet piece and got this:

Error at Step 9 of TechNet Article

So first thing I thought was try an ODBC connection from VMM Server to database server. #FAIL.

And so I’m thinking Windows Firewall. I go into my database server and look at the firewall and create a new rule that opens port 1433 from any computer. I try the ODBC connection and #Success. As a point of information here, I actually created three rules, one for port 1433 for TCP and another for port 1433 for UDP and a third for port 455 for TCP. The UDP port is bacause I think SQLServer works faster with UPD and the 455 port is used by SQL Server Browser service to polulate client side dialog boxes with server and DB names.

Still step 9 barfs.

Then, digging around a little, I found this indicating that earlier versions of the product wanted the MSSQLSvc serivce to run using the local system account and if you wanted to use a domain service account, you’d have to create an SPN for it.

So, then, I found these instructions on setting an SPN for the MSSQLSvc service.

I did notice that the SPN instruction wanted me to set an SPN for a service names MSSQLSvc. However, when I look at my SQL Services, the service name is MSSQLServer. And then, one of the pages says use both the NETBIOS name and the FQDN for the DB host.

So my SetSPN commands are:

setspn -a MSSQLServer/MyDBServer:1433 MyDomain\MyDBServiceAccount
setspn -a MSSQLServer/MyDBServer.MyDomain.Local:1433 MyDomain\MyDBServiceAccount

and I verify the results with

setspn -l MyDomain\MyDBServiceAccount

which returns:

Registerd ServicePrincipalName for CN=MyDBServiceAccount,CN=Managerd 
Service Accounts,DC=MyDomain,DC=Local:
     MSSQLServer/MyDBServer:1433
     MSSQLServer/MyDBServer.MyDomain.Local:1433

I stop and start the MSSQLServer service and move on where we enter our VMM service account and the storage location for our encryption key. It has to be stored in Active Directory of the ability to decrypt will depend on the VMM host, which, once it’s gone, means all your VM passwords are gone.

TechNet explains that here that we have to use ADSIEdit to create a new container in AD and our install account must have full control over the  container as well as all its contents. So we know how to do that, don’t we?

errr…

I love searching for TechNet articles on Google because it’s like stiking my thumb in both of their eyes at once. So I google Add Container to AD using ADSIEdit.

Then, I think, let’s try MMC.EXE. So, back on my domain controller, I run MMC.EXE and go to File | Add Snap-In and, sure enough, there’s an ADSI Edit snap in. I load it and it tells me to connect. On the Connection Settings dialog, it already knows my path to my domain controller and I take the default values and click trough. I say I want a new container and it barfs saying I don’t have permission.

So I go back to my desktop, right click on my command prompt and select Run as Administrator. I get the UAC shadow dialog and click Yes. I run MMC, roll through the MMC calesthenics and click on ADSIEdit. I select Action | Connect To. Then I double click on my Default Naming Context  and I get my DC=MyDomain… folder. I right click on it and and selct New. I accept the defaults   get to where I can right click on on the CN=Schema.. folder and select New | Object. I select a Container and name it VMMDKS and click Finish.

Then I can see my new container in AD. I use that container on the wizard in its exploded format.

I accept the default ports, and VMM Library location, don’t even look at the Installation Summary and then, it runs and runs and BOOM. There it you guys!

VMM Install Wizard Completes.

 

So now, we know, no humans and one robot have this down. Let me know when the count changes. 

-robot

 

You Don’t Have to Do It All By Yourself!

… and the number one reason why SharePoint is fun is:<DING>

The SharePoint Community!!!

And what you find when you pull your little flower off the wall is that if you reach out, you’ll find someone that’s getting rich giving you what you need for FREE!!!

I don’t know how that works but I like FREE.

For example, like Herman Cain said here (at 3:42), Errybuddy Need Toucan Stubbs, everybody that calls themselves a SharePoint Anything knows the number one problem with SharePoint in Production is: <DING>

Unchecked Site Sprawl.

Yes, sites reproduce themselves like rabbits in March and, before you know it, you’ve got more rabbit stuff in more places than anyone can manage. The growth is EXPONENTIAL. If you need a quick lesson in exponential growth, check out this explanation from our favorite mathematician, Vi Hart.

Is that the best description of SharePoint site sprawl ever?

Now, like a robot, I prevent this with one mindless assertion:

Nobody gets permissions to edit permissions but me.

Then, like a robot, I take care of  all permissions.

Of course, no human is capable of that kind of effort. In the human world, what you need is a governance plan and that is where our new best friend, Kate, at InfoTech really steps up. She’ll GIVE us a SharePoint governance plan FOR FREE right here.

They even let you take their logo off it and put your own on it. Boom, just like that, you’re in the SharePoint Governance Business.

Then, they’ll entice you with other free stuff.

Like this vendor selection support,  this cool vendor comparison tool, and these SharePoint DEV\OPS Management resources.

So, since this robot has already covered the install, now, here you have all you need to select, assess, manage, customize and govern your SharePoint empire.

Clearly, the only reason SharePoint talent in such demand is that SharePoint skills are scarce. And the number one reason that SharePoinit skills are scarce is <DING>

People can’t read!

Lucky for me, the same does not apply to robots.

So, learn to read, put on your metal Skullcrusher (2:20) and get in the game. This robot is tired of having to deal with pushy recruiters.

hth!

-robot

ps. Special thanks to Kate at InfoTech. Keep all that great stuff coming!

 

PowerShell Re-Introduction Part Five: PowerShell Rookie Review

Part One: More PowerShell: A Re-Introduction If You’re Starting from Scratch
Part Two: PowerShell Re-Introduction: Part Two
Part Three: PowerShell Re-Introduction Part Three: Script Prerequisites
Part Four: PowerShell Re-Introduction Part Four: Our First Script

So we’ve got cmdlets and script basics nailed down. We still have to look at a couple of things to shake off the “rookie” label.

For example, we might think we need a cheat sheet like this. And, of course, PowerShell.Com is the Bomb. They got this wicked cool example of adding a clock to your PowerShell console here.

So while we need to review all the details we’ve covered, let’s take a minute to look at what our friends have done that might help us extend our knowledge into more valuable spaces.

First, here’s a great video looking at PowerShell Maturity from Idera.Com and Tobias Weltner:

http://www.idera.com/Events/RegisterWC.aspx?DoThis=TY&EventID=289

And here’s some more help with filters and pipes:

http://www.computerperformance.co.uk/powershell/powershell_wmi_filter.htm

For example try this one:

Help Get-EventLog

What we see here is that we can go to a remote computer and get the system log and check the errors.

Finally, in a domain it’s less complicated because console and remote computer can share user credentials, but for non-domain computers or computers in different domains, we need to learn how to log in remotely. To help with that, we have this from TechNet:

http://technet.microsoft.com/en-us/magazine/ff700227.aspx

What we see here is that running PowerShell commands that target remote computers requires two things:

  1. The remote target must be running the WinRM service.
  2. You have to run PowerShell as an administrator.

Most of this is taken care of using Enable-PSRemoting on the target. Of course, you get a lot smarter if you run:

Help Enable-PSRemoting

 Then, we get the money pitch from the Scripting Guy: Here‘s the fastball that explains how to log into a remote machine using a specific user ID and password.

-robot

PowerShell Re-Introduction Part Four: Our First Script

Part One: More PowerShell: A Re-Introduction If You’re Starting from Scratch
Part Two: PowerShell Re-Introduction: Part Two
Part Three: PowerShell Re-Introduction Part Three: Script Prerequisites

 Okay, let’s say we want a script that will open our Hosts file so we can edit it. Easy, you say. Well maybe.

The first challenge here is that in order to edit and save your Hosts file, you have to run Notepad as an administrator. So if we simply open PowerShell and run Notepad.exe, we’ll can edit the file but we can’t save it; we’ll get an access denied error.

The second challenge is that we have to set the execution policy simply to run a script and we have to run PowerShell as an administrator to even do that.

To demonstrate, right click on PowerShell and select Run As Administrator.

Run Notepad.exe. This will open Notepad.

In Notepad, enter notepad.exe c:\windows\system32\drivers\etc\hosts. CTRL-S to save. Save as Hosts.PS1 it into your PSTest folder you created last time or somewhere else that’s convenient. Note, here, that .PS1 is the recognized extension for PowerShell script files and they are that easy to build, in Notepad or other test editor much like DOS batch files.

Now, in PowerShell, navigate to your PSTest folder where the script live and enter DIR. You’ll get a directory listing of your folder. Why, Well, like we learned last time, if you run Get-Command DIR, you’ll see that it’s the same as Get-ChildItem.

In our directory listing, you’ll see your .PS1 file. We can run this from here:

Script Execution Error

Script Execution Error

 Okay, maybe not so much.

First, it’s telling us our command is not recognized, check spelling and path. That’s not our problem.

Then it tells us our file exists but was not found. If we want PowerShell to find it, we have to build some some context into our command using .\<Command> format made famous by our Linux friends. Let’s try it.

Execution Policy Error
Execution Policy Error

Different Error. This is our Execution Policy stopping us.

So, lets run Set-ExecutionPolicy Unrestricted. This requires us to confirm by entering Y.

Now, when we run .\Hosts.PS1, our hosts file opens and we can edit it, save it and close it.

Now, this is good but not great. What we’d like is a file we can click on in Windows Explorer, set the execution policy and open the file. When you right click on the .PS1 file, you don’t get a Run As Administrator option.

Well, one way to do this is to create a shortcut to PowerShell.exe and pass it your script file as a test string like this:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe “C:\PSTest\Hosts.PS1”

 Then you can right-click on the shortcut and run it as an administrator.

There’s your first script. We’ll look at different persmission options. more sophisticated scripts, and the ISE next time.

http://www.powershellpro.com/powershell-tutorial-introduction/

-robot 

PowerShell Re-Introduction Part Three: Spript Prerequisites

Part One: More PowerShell: A Re-Introduction If You’re Starting from Scratch
Part Two: PowerShell Re-Introduction: Part Two

So in our last two efforts, we tried to cover the PowerShell Command Line Interface (CLI) and the way it runs programs and cmdlets. Remember, we covered the way to get help regarding a cmdlet and the way to list all the available cmdlets.

This time, let’s explore that a little more and then see if we can begin to chain cmdlets together to form PowerShell scripts and manage those scripts in PowerShell’s native Integrated Script Editor (ISE.)

First, let’s look at what we already know and what the robot inside PowerShell might be trying to tell us.

We can run Get-Help. Part of what we get back is the Get-Help cmdlet’s syntax, including some examples:

Gety-Help Syntax

Get-Help Syntax

So as we see, we can run Get-Help for any of our cmdlets. But we can also just run plain old Help.

We can also just drop a -? after a cmdlet and get it’s help file. Let’s try the first example:

 Get-Help Get-Process and Get-Process -? return the same page:

Get-Process -?

Get-Process -?

If you read the synopsis, you get an idea of where we’re headed; with get-process, you can actually get a running process in Windows and make it do stuff, even from a remote computer.

But first things first. Let’s look at one we already know, get-command and see what we get with Get-Help Get-Command -full and look at the syntax and description:

Syntax and Desription for Get-Command

Syntax and Desription for Get-Command

 First, the syntax tells us we can select a single command, like get-process:

Get-Command Get-Process

Get-Command Get-Process

 But we can also filter for cmdlets or functions, etc. Try these:

  • Get-Command -CommantType cmdlet
  • Get-Command -CommantType Function
  • Get-Command -CommantType Alias

 The first just lists all our cmdlets.

The second lists all our functions. If you look at these:

Get-Command -CommandType Function

Get-Command -CommandType Function

You’ll see some functions that are intended to make PowerShell act like DOS. For example, you can log on to your D drive simply by typing D: and you can create a new directory using the mkdir function. But look at the far right column, Definition. Here we see some of how PowerShell works. Those functions are just a cmdlet with some added text. For example, D: is defined as Set-Location D: and mkdir is defined as … 

Okay, we get it. We’re not really sure what means but we understand that we can run functions that act like cmdlets.

But we can run a Help mkdir and we see we get the help for New-Item and mkdir is just a method of invoking New-Item to create a new folder. So let’s navigate down our root folder on C: using CDs.. and then create a PSTest folder using this New-Item cmdlet.

New-Item

Here, we’ve lapsed into some kind of immeidate response mode and PowerShell is asking us for an item type. If we type Foo here, we’re going to get an error that says only “Directory” or “File” are acceptable values. So you can try that or just enter Directory.

And success; we can see and then log into our new folder:

Creating and Logging into a New Folder

Creating and Logging into a New Folder

Okay, you say, enough with this trivial mechanics, let’s build something.

Sure, when but the something we’re going to build is a script or function (we’ll start with a script) and in order to do that, you have to work your away around a PowerShell’s built in security called its ExecutionPolicy. Its Execution Policy is PowerShell’s way of determining if it can trust a script. Remember that, in PowerShell, you can do anything a user can do at the Windows GUI so running a script is like letting someone else sit down at your desktop, even if that someone is a monkey, or worse, a sick, evil mastermind monkey like GoGo JoJo from the PowerPuff Girls.

So let’s do this. Let’s run Get-ExecutionPolicy:

Get-ExecutionPolicy

Get-ExecutionPolicy

Ah, so, we’re Restricted, whatever that means. Well, to figure this our, let do this: Remember when we ran Get-Command?

One of the syntax options was -Noun. This means that we can get all our commands the involve our ExecutionPolicy with a Get-Command -Noun ExecutionPolicy:

Get-Command -Noun ExecutionPolicy

Get-Command -Noun ExecutionPolicy

So we see we can Get or Set our ExecutionPolicy. Well, yes, we run Get-Help Set-ExecutionPolicy -full.

Now there’s lots of gems here and some are more valuable than others:

  • We see that to set the exection policy, we actually have to start PowerShell by right clicking and selecting Run As Adminstrator.
  • We see that the execution policy can be assigned to the user, the machine or a process; the default is LocalMachine.
  • We see it protects configuration files including your PowerShell profile. We’ll need to know more about this, huh?
  • Our default policy is Restricted which means we can’t run scripts or configuration files.
  • We can require scripts to be “Signed” but that sounds like a technical challenge.
  • There’s stuff about Common Parameters we’ll have to cover.
  • There’s group policy restrictions that are override an ExecutionPolicy set in PowerShell.

That’s a lot of stuff. Let’s just restart PowerShell as an administrator and set our execution policy to Unrestricted and see what we can do realizing full well that if GoGo JoJo barges in, we are so screwed.

Let’s review:

  • Get-Help.
  • Get-Command with filters.
  • Native Functions.
  • Mimicing DOS commands.
  • Run As Administrator.
  • Execution Policy.

-robot