File Modified date misalignment in SharePoint, Explorer View and file shares/drives

Most of you have been using for ages now the Explorer View of a Document Library. It’s indeed one of the most controversial features SharePoint (sometimes painful for IT Pros) offered since early days but is arguably one of those feature that seduced the “normal” and non-IT users thanks to the easiness of move/copy drag and drop.

During a recent scenario we discovered a misalignment between a file’s “Modified” SharePoint metadata field and the actual “Date Modified” of the file as displayed in the Explorer View (if one uses the Explorer View of a Document Library or if the Document Library is mapped as a network drive on the users computer – very common scenario for users) or if one checks the date of the file properties in Office applications (e,g Word, Excel, etc)

The complete scenario is as follows: the “Modified” column in SharePoint has been basically overwritten during a copy/move operation performed using the Document Library Explorer View and now reflects the “Modified” date in which the moving operation was done instead of the last modification date of the file itself.

Below the picture displays the Modified date as it appears in SharePoint (2/08/2012) which is indeed the date where the file was moved from the source to this Document Library:

Below the picture displays the Modified date as it appears if we use the Explorer View on the same Document Library (with the original date when the file was truly modified (27/7/2012):

When you upload a document to a document library SharePoint will use the last modified date as the date which the upload was done while the Explorer view (Windows) will display the modified date stored as property of the file itself!

This behavior can also be explained from another angle: “Modified” date in SharePoint is actually the Content Type modification date while “Modified” date in Windows (classical file shares or drives) is the date of the file itself.

Well, in our case this behavior creates big problems given the fact that many users continue to use the Explorer View in order to access and find their work files in their department or team site (most of them simply remember that the file they look for it was modified at a certain date in time so they will look for that file rather sorting on the modified date than on performing a search).

We looked than for a way of mapping these inner file properties reported above, carrying the last modification date of the file, onto a site column to be shown in a Document Library View. We know that this approach is very useful for search purposes: in Shared Services Administration -> Search Administration -> Metadata Property Mapping we can map the properties Basic:14(Date and Time), Basic:16(Date and Time), ows_Modified(Date and Time) onto a new property labelled, for instance, LastModifiedTime (see pic below).

Nevertheless, this mapping seems to be useful for search purposes only and unfortunately Microsoft confirmed that there is no out-of-the-box configuration for our purpose.

It seems that the only out-of-the-box solution would be to use Backup and Restore which will then preserve the original last modified dates…or custom development of course (event handlers, etc)

Architecting and Managing Virtual- ized SharePoint 2010 Farms (MIT09) – my notes

SharePoint Connections 2010, Den Haag, 29 September 2010

Session: Architecting and Managing Virtual- ized SharePoint 2010 Farms (MIT09)

Speaker: MICHAEL NOEL (http://www.cco.com )

• Dynamically expandable disks a penalize performance so for PROD try to define a disk size
• Recommendations for Database Roles
  • If possible try not to virtualize the database servers
  • Mirroring and clustering are now supported in virtualization (KB 956893)
  • Use best practices for tempDB (put it on fast disk, resize it – there is a guidance on how to configure tempDB for SharePoint)
• Sample specifications presented for various farm types (check slides)
  • Cost effective Farm would be 1 Host with 2 quad core supporting:
    • 1 vm (10Gb, 4 proc) for SQL
    • 1 vm (10GB, 4 proc) for web applications
  • High available Farm with only two servers hosts
  • Best Practice Virtual/Physical with High availability
    • High transaction servers are physical (DB). Multiple farm support with DBs for all farms on the SQL cluster
    • 2 server hosts quad core supporting each
      • 4 vm: 2 vm for web applications for PROD environment, 1 vm for web applications for TEST environment & 1 vm for web applications for DEV environment
      • VMs are load balanced for PROD, TEST and DEV environments
  • Large virtual Farms:
    • 3 server hosts quad core supporting each:
      • 1 vm for DB
      • 1 vm for web applications
      • 1 vm for search server
      • 1 vm for central admin
      • 1 vm for service applications
  • NUMA (non uniform memory access) memory Limitations and Guidelines
    • It exists at the hardware level
    • You can end up with swaps if you allocate more memory to sessions than the NUMA boundary -> instead of increasing performances you end up with decreasing performance
    • Don’t get cheap on memory if you bought a server with many CPU’s
  • Monitoring:
    • Configure Counters and Thresholds on Hosts & on Guests Very interesting slide (check photo)
      • Monitoring processor on guests is useless…you have to measure this on the host
      • Memory…over 50% free is good
  • Support from Microsoft is conditioned by:
    • The hardware used for virtualization (Intel VT or AMD-v)
    • Hardware-enforced Data Execution Prevention (DEP) is available and enabled
    • Deployed on Microsoft Hyper-V (RTM or R2) or on a validated third party hypervisor (SVVP program –> ok for VMware ESX/ESXi)
  • Tooling: System Center Virtual Machine Manager (VMM 2008 R2)
    •  SCOM 2007 is aware of SharePoint features
    • Quick provisioning: Allows creation of SharePoint template servers which can be quickly provisioned on TEST or DEV environments
  • Licensing:
    • Very important to know that licensing rules related to virtual guest licensing are applicable to all SVVP program vendors: e.g. you can run VMWare ESX/ESXi on a 1 processor host and have only one windows datacenter license for all guests (Windows Datacenter license is per host processor: 4 processors on the hosts = 4 Windows datacenter licenses; it might nevertheless be more interesting to use the Windows Enterprise virtual licensing facilities)

Windows PowerShell Crash Course for SharePoint Administrators (MIT07) – my notes

SharePoint Connections 2010, Den Haag, 28 September 2010

Session: Windows PowerShell Crash Course for SharePoint Administrators  (MIT07)

Speaker: DON JONES (http://concentratedtech.com/)

• Most of DOS and UNIX well known commands work in Powershell  (PS) (including the good old functionality of using TAB to complete partially typed commands)
• Powershell drives – adapts all forms of storage into a powershell drive get –psdrive
• Extending the commands available in Powershell by default (400 commands by default out of the box): PSSnapin (Old way) vs. Modules (new Way
• IMPORTANT: there is only one Powershell environment. The modules or the snapins are not different environments of Powershell but just predefined command set extensions.
• Almost every Microsoft product will come with it’s own Powershell predefined Module (or Snapin) (e.g. event Active Directory has it’s own PS module)
• PSSnapin to add snap-ins in PS and use various commands of a particular environment (e.g. a powershell snapin for SQL server will let you type SQL commands in powershell)
• PS is build around the idea of piping = like DIR | more
• Each time a command is run, there is an invisible table, which is generated into memory. Using an XML configuration file, PS knows how to choose what to show on the screen (obviously not all the information would fit on the screen and a choice has to be made)
• ALL PS commands start with a verb: get, set, new, move, remove (-service, -process, -comand, etc)
• For SharePoint, PS commands start with ‘sp’.  For SQL, PS commands start with ‘sql’; Exception is Exchange as it was the first product out on PS…well done Exchange guys 🙂
• HELP on Powershell
  • ‘-full’ provides full help including usage examples for all commands.
  • “help * event *” will list all powershell commands or help files containing events
  • If there is a space in one parameter value you can use either ‘ or “ to include the value. Both work.
  • “what if” parameter simulates the command and displays you the result without actually doing it
  • “-confirm” parameter ask you for a confirmation for each action needed for the command to complete
  • Unlike in UNIX, Powershell user does not have to process the output text of the command. Instead the user can ‘tell’ powershell how and what you want to look like (e.g. sorting a column..you only have to know the name of the column and PS will display for you the results sorted on that column)
  • Pipeline input parameters (fastest way to make things happen): get –service –name bits | stop-service  (this will return the service which will be fed as parameter for stop –service command)
    • Another example: import-csv  ./users.csv |new –user (given the csv has the column names maching the command parameters names)
• Remote Control
  • Requires PSH v2
  • ‘enter –pssession – computer server-r2’ will get us on the remote server-r2 (given we have access); “exit-pssession” to get out of it
  • You can import a remote set of commands not available on the local session (what happens is not a real import of commands but rather like a shortcut to the commands – if used such an ‘imported’ column it actually runs on the remote computer
  • 1:1 or 1:N remoting:
    • Enter-PSSession –computername X
    • Exit-PSSession
    • Invoke Comand – scriptblock {commands}
    • For SharePoint make sure you have granted shell administrator rights!
• Tooling & resources:
  • http://www.shellhub.com
  • slides and transcript of this session http://www.concentratedtech.com

Designing Governance: How Information Management and Security Must Drive Your Design (MIT02) – my notes

SharePoint Connections 2010, Den Haag, 28 September 2010

Session: Designing Governance: How Information Management and Security Must Drive Your Design (MIT02)

Speaker: DAN HOLME

• Always keep in mind the scope and the goal: what you try to achieve with the solution
• Understand the business
• Understand SharePoint and especially its limitations
• Identify Information Management (IM) requirements:
  • Ownership of information
  • How long the content is online and who consumes it?
  • What kind of content do you have
• Identify SharePoint management controls and scopes
  • Requirements on authentication imply a certain choice of the Web APP.
  • Authentication providers: In SharePoint 2007 if you have two authentication providers you had to extend the web app and thou have two links for access to the same web app (disadvantage is that users could not send links between them as they were not similar) – in SharePoint 2010 you can have two authentication providers for the same web app
  • Only one-way to manage ownership and quotas: site collection. Site collections is thou directly linked to the ownership of information (who needs to have full access to content)
  • Storage, quotas, locks influence also the site collection planning (on or more content databases in regard of backup and restore time and efficiency)
  • Navigation and content types are also influencing the topology at the site collection level
  • Users are also ‘scoped’ at the Site Collection level: you might have to plan it at this level if you need to give access to users who do not have to see each other: a possible solution: create a site collection for each client?
• Align controls and scopes with requirement
  • Recommendation: have a web app for the Intranet, another one for collaboration where people can be empowered to have self-site provisioning (http://intranet vs http://team ) and another one or more for clients (http://clients )
  • Content Promotion
    • Is extremely important: e.g. take the content from the collaboration site and publish it to the intranet once it’s finished.
    • Consider document life-time and expiration policies in order not to find yourself with another garbage place like on the old file shares;
    • Consider also exposing content from one site to another site especially using RSS or third party tools for roll-ups or content query web parts (Avepoint has a tool to share a file share as it was a document library)
  • Farm level scope:
    • GEO performance: Farm geographical location is important – it should be as close as possible to the users – performance for collaboration might be an issue
    • Isolation – dedication for a specific service might be interesting (Application services specific servers)
  • Consider Premium farms(s) for custom applications vs out of the box SharePoint farms for standard features use. Standard Farms will be a lot easier to upgrade and maintain = mitigate risks & costs
• Overlay information architecture and administration
  • Lay Navigation (usage of top link bars and custom link lists are security trimmed), content roll/up & search on top of a manageable structure end not vice-versa!
  • Use administration tools (third parties)
• SharePoint 2010 has now built in Resource Throttling (max 5000 items returned in a list for example) and it is scoped at the web application level
• What users can or can not modify in their sites using SharePoint Designer it is scoped at the web app level
• Use Powershell to create a site collection and specify a specific database (which is not possible through the UI) – for SharePoint 2007 there is a similar stsadm command.
• TIP: in SharePoint 2010 there is a Content Organizer (allows pulling documents from a drop-off library and dispatching elsewhere) and it can be activated as a site feature.

Nettoyage MySite SharePoint – Utilisateurs supprimés ou désactivés dans l’Active Directory

Récemment mes managers ont reçu des notifications concernant le MySite des personnes qui ont quité l’organisation. Les notifications sont standard et inchangeables:

Subject: The My Site of NOM Prénom is scheduled for deletion

The My Site of NOM Présnom is scheduled for deletion. As their manager you are now the temporary owner of their site. This temporary ownership gives you access to the site to copy any business-related information you might need. To access the site use this URL: http://portalMySiteURL/personal/<username>

Explication: lorsqu’un user est deleted ou disabled de l’active directory, SharePoint envoyera automatiquement à son manager (à condition qu’il en a un dans l’AD et heureusement nous avons prévu cette configuration au début). Celui-ci a la possibilité de récupérer le contenu qu’il souhaite et éventuellement deleter le site. (le manager devient automatiquement site collection secondary owner). Ce mécanisme permets donc que les infos stockées sur MySite ne soit pas perdues lorsqu’un user part de notre organisation.

 Le problème:

Si l’user est effacé dans l’AD, le home page de son MySite  devient en fait inaccessible. Le site par contre continue lui d’exister. (Le homepage qui devient inaccessible parce que sur cette page il y a des métadatas du profil user, profil qui n’existe plus en SharePoint si le crawl des user profiles a tourné suite à la deletion de l’utilisateur dans l’AD.) Donc le manager en cliquant sur le lien dans l’email de notification recevra une erreur du type: “User not found”. Pour accèder aux listes du MySite et aux éventuels sous-sites il faut connaître et taper l’url précis (view all site content): .http://portalMySiteURL/personal/<username>/_layouts/viewlsts.aspx Cela nécessite donc une connaissance très spécifique qui ne concerne pas les managers et en plus de ça le site ne sera toujours pas effacé que par une éventuelle opération manuelle de la part du manager ou bien dépt. Infra

 Possibles solutions dans la vie réelle d’une organisation:

Alternative 1: Cocher l’option Confirmation and Automatic deletion settings pour la Web Apps MySite dans le Central Admin. Activer cette option a le grand désavantage que tous les utilisateurs vont recevoir immédiatement un message pour confirmer qu’ils utilisent leur site!!. Ensuite lors de la deletion d’un user dans l’AD, comme l’user n’existe plus, il ne peut pas recevoir d’email donc le systeme va deleter automatiquement son MySite mais alors toutes les données (éventuellement importantes) seront supprimées et son manager informé trop tard.

 Alternative 2 (que je suggère mais à voir si ok pour le département Infra): Au lieu de deleter l’utilisateur, faire seulement un disable dans l’AD pendant X jour. Suite à cette opération, le manager va recevoir l’email automatique, il pourra accèder au site en tant que secondary site owner et il pourra décider ensuite quoi faire avec. X jours après, delete user dans l’AD et delete MySite en même temps.  

Alternative 3: ne rien changer par rapport à maintenant, mais fixer X fois par an un check de coté du département Infra pour le cleanUp des MySites ou bien faire un script automatique à tourner tous les X jours.

Ces deux articles décrivent parfaitement tous les scénarios possibles:

http://philwicklund.com/whitepapers/Documents/My%20Site%20Concerning%20Scenarios%20Study%20and%20Strategy.pdf

http://blogs.technet.com/b/seanearp/archive/2009/03/04/sharepoint-profile-cleanup.aspx

How to display list data as XML directly in browser

Here is a very interesting and simple way of displaying List Data as XML in one click:

http://vspug.com/dwise/2008/01/10/accessing-sharepoint-list-data-as-xml/

Different options are presented by David Wise:

• simply display the elements of a list
• use an existing view of a given list show particular fields
• filter data

That’s a practical way as well for showing the xml list definition and field names.

Using STSADM to give Sharepoint Groupes or Active Directory Users/Groupes permissions to a Sharepoint Site [MOSS]

Recently I had to modify a series of sub-sites (all of them under one site). These sites are provisioned automatically using a specific webpart on the top site. These sites are used by everyone in the company and permissions are very important. The main issue was that permissions on each sub-site needed to be updated in order to give read access to a new Sharepoint Group which did not existed previously.

The stsadm operation I used was ‘userrole’. The syntax of the userrole operation is as follows:
stsadm –o userrole –url <full url> –userlogin <domain\user or SharePoint group> –role <role, such as Contribute or “Full Control”>

Details of the command on TechNet: http://technet.microsoft.com/en-us/library/cc262083(office.12).aspx

Well..I built my own command in notepad: stsadm –o userrole –url “http://myportal/myfathersite/mysubsiteXXX” –userlogin “My Group Public” –role “Contribute”  and then copy paste to the command line in the 12 hive.  I kept receiving each time: “Command line error” message thrown by stsadm!!

The solution is actually to write the command line your own without doing paste. The reason is the possible wrong encoding of the pasted text.

Delegating Powershell access to Sharepoint 2010 might be an architecture question

I read today the article of Dan Holme on delegating powershell access (click here for the article) and shared somehow his dissapointment. Briefly, in order to be delegated this role, the user must be a Site Collection Administrator (not just a site owner, member or visitor!) and have a db_owner role for the Content SQL database for that site collection. (SharePoint_Shell_Access role is nested into the db_owner role on the SQL side).

Definitely this is quite a very important barrier for rights delegation in Sharepoint and especially Powershell. Imagine that site owners/members could have used Powershell to script and automate some of their recurent tasks (site or content privisioning/update). But in this tiny detail, I see the importance of a good and comprehensive analysis of user needs at the very begining of a SharePoint implementation project.  Product owners or Sharepoint architects might consider this in their planned architecture.

So be aware: If you already know or at least you anticipate that you might be called by your users to delegate them this role or to let them automate some recurrent tasks on the future Sharepoint 2010 farm, THINK now of building site collections instead of a tree of sites in the same site collection.

As it was said during a session on architecture at the Sharepoint Conference last year, site collections remain in SharePoint 2010 an important boundary and this not only because of the size of the content database and backup considerations. Now we have this access delegation which is extremely important in a corporate environment.

Configuring crawl on a SBS 2008 – Default Content Access error

I installed Microsoft Office Sharepoint 2007 (MOSS) on a Small Business Server 2008. I configured the SSP and the search but the crawling did not start. Each time I started a Full Crawl, it ended up with the following error in the crawl log:

Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has “Full Read” permissions on the SharePoint Web Application being crawled. (The item was deleted because it was either not found or the crawler was denied access to it.)

At the same time the problem was that I could not browse to my Sharepoint Portal from within the IE of my server but I could do it without any problems from any other computer or from the Internet. This behaviour started immediately after modifying the default Alternate Address Mapping for my default web application: instead of the name of the server (e.g. http://companyweb) I had put the internet address (e.g. http://www.mycompany.com). (as a detail, I had also mapped my internet address to 127.0.0.1 in the local hosts file)

After some research I found that this error comes when you use the fully qualified domain name (FQDN) or a custom host header to browse a local Web site that is hosted on a computer. It seems that this security protection is in place since IIS 5.1. So if I can not browse on the server to my own portal, neither the search service can do it (running as the same admin user)

Cause and resolution are fully described here: http://support.microsoft.com/kb/896861

Method 1: Disable the loopback check

Follow these steps:

1.	Click Start, click Run, type regedit, and then click OK.
2.	In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3.	Right-click Lsa, point to New, and then click DWORD Value.
4.	Type DisableLoopbackCheck, and then press ENTER.
5.	Right-click DisableLoopbackCheck, and then click Modify.
6.	In the Value data box, type 1, and then click OK.
7.	Quit Registry Editor, and then restart your computer.

This worked fined for me but be aware that the Microsoft article proposes an alternative solution: Method 2: Specify host names

Solutions are there but nevertheless, I can not stop myself of saying that these solutions make Sharepoint server just a bit less secure, at least in he eyes of an security audit trail.

This blog post definitely help me in finding the right solution : http://svengillis.blogspot.com/2008/10/access-denied-when-crawling-moss.html

MOSS 2007 Configuring Incoming Email for Sharepoint on SBS 2008 (Small Business Server)

By default  this feature is not enabled in SBS 2008, as Exchange and WSSv3 are installed on the same box. It can nevertheless be enabled by configuring an email domain to be used by the SharePoint site and a foreign connector on Exchange to take care of the mail routing (using Foreign Connector Cmdlets) to a drop folder (used by the SharePoint Site).

Configuring Incoming emails for Sharepoint on SBS 2008: http://www.mindwatering.com/supportref.nsf/c59b2b31baccdc2185256d4300106099/6cfe97df8868dc888525759e00217aa5!OpenDocument

About Exchange Foreign Connectors: http://technet.microsoft.com/en-us/library/aa996779%28EXCHG.80%29.aspx

About Foreign Connector Cmdlets: http://technet.microsoft.com/en-us/library/bb124003%28EXCHG.80%29.aspx

Below I found some related posts:

Here is an interesting post with complete instructions step by step from start to finish to configure an external device to use Exchange on an SBS in order to send emails to Sharepoint libraries: :

http://blog.mpecsinc.ca/2009/09/sbs-2008-mfpcopier-to-scan-to-e-mail.html

Configuring Incoming emails for Sharepoint on SBS 2003:

http://davidschrag.com/schlog/167/installing-wss-30-on-sbs-2003-standard