Day 4: Scripts - A useful script to create site collections (Part II).

Last entry we talk about a script to create site collections, but it has one problem: the script can´t create one site collection at root level... This happends because the part of the code that creates the site collection is static: the URL to create the site allways includes "/sites/" sufix. So, if we try to create one site collection at root level, Sharepoint tries to create the URL: "http://webapplication/sites/" and crash...

Then we must provide a mechanism to differentiate the creation under "sites" level and the creation at root level.

In order to do this, first we must talk about conditional in powershell. The reference to this aspect will be short beacuse the target of this blog is Sharepoint. It´s enough to know the following structures:

BASIC CONDITIONAL: 

 if (<CONDITION>) {<ACTION>}
else {<ALTERNATIVE ACTION>}

CONDITION: The situation to evaluate.
ACTION: The task to do if the condition is true.
ALTERNATE ACTION: The task to do if the condition is false.

LOGICAL OPERATORS: 

-eq     Equal to
-lt     Less than
-gt     Greater than
-ge     Greater than or Eqaul to
-le     Less than or equal to
-ne     Not equal to 

 So  the final code of the script is:

Write-Host "This script creates one site collection after you provide the information needed for it." -ForegroundColor Blue

#This part presents the templates and languages for Site Collections

Write-Host "Codes for templates and languages available"

Get-SPWebTemplate 

#This part recollects the information for Site Collection creation 

$WebApp = read-host "Please, introduce the Web Application URL: "
$ContentDatabase = read-host "Please, introduce the Content Database name: "
 

#The variable $Sufix is the part of URL after "/sites/

#Example http://webapplication/sites/sufix

$Sufix = read-host "Please, introduce the site collection sufix: "
$Template= read-host "Please, introduce the Template ID:"
$LocaleID = read-host "Por favor, introduce the Locale ID:"
$Title = read-host "Por favor, introduce the Title:"
$OwnerAlias=read-host "Por favor, introduce the primary administrator(DOMAIN\user):"
$SecondaryOwnerAlias=read-host "Por favor, introduce the secondary administrator(DOMAIN\USER):"

#This part has two steps. 

#First Content Database creation 

try
{
Write-Host "Trying to create Content Database... please wait..."

New-SPContentDatabase -Name $ContentDatabase -WebApplication $WebApp -MaxSiteCount 1 -WarningSiteCount 0

#Second Site Collection creation 

Write-Host "Trying to create the Site Collection... please wait..."




#If the variable $sufix is empty create at root level
If ($sufix -eq "") {New-SPSite $webApp -OwnerAlias $OwnerAlias –Language $LocaleID -Template $Template -Name "$Title" -SecondaryOwnerAlias
$SecondaryOwnerAlias -ContentDatabase $ContentDatabase}

#If the variable $sufix has a character string create under /sites/

else {New-SPSite $webApp/sites/$Sufix -OwnerAlias $OwnerAlias –Language $LocaleID -Template $Template -Name "$Title" -SecondaryOwnerAlias
$SecondaryOwnerAlias -ContentDatabase $ContentDatabase}

}

catch
{

Write-Host "There was a problem:" $_ -ForegroundColor Red

}

Day 3: Scripts - A useful script to create site collections (Part I).

One of administrator task is create site collections in response to a user request. If we have a big infrastructure this job can be very tedious because the standard way to create the site collection is by Central Administration Tool... For one creation can be good... For many it´s one nightmare...

 Create Site Collections in Central Admin Tool

The tool for this purpose is quite simple and it isn´t thought for daily creation massively.

For this purpose, we propose one script... This script only requires one existing Web Application and some information...

Write-Host "This script creates one site collection after you provide the information needed for it." -ForegroundColor Blue

#This part presents the templates and languages for Site Collections

Write-Host "Codes for templates and languages available"

Get-SPWebTemplate 

#This part recollects the information for Site Collection creation 

$WebApp = read-host "Please, introduce the Web Application URL: "
$ContentDatabase = read-host "Please, introduce the Content Database name: "
 

#The variable $Sufix is the part of URL after "/sites/

#Example http://webapplication/sites/sufix

$Sufix = read-host "Please, introduce the site collection sufix: "
$Template= read-host "Please, introduce the Template ID:"
$LocaleID = read-host "Por favor, introduce the Locale ID:"
$Title = read-host "Por favor, introduce the Title:"
$OwnerAlias=read-host "Por favor, introduce the primary administrator(DOMAIN\user):"
$SecondaryOwnerAlias=read-host "Por favor, introduce the secondary administrator(DOMAIN\USER):"

#This part has two steps. 

#First Content Database creation 

try
{
Write-Host "Trying to create Content Database... please wait..."

New-SPContentDatabase -Name $ContentDatabase -WebApplication $WebApp -MaxSiteCount 1 -WarningSiteCount 0

#Second Site Collection creation 

Write-Host "Trying to create the Site Collection... please wait..."

New-SPSite $webApp/sites/$Sufix -OwnerAlias $OwnerAlias –Language $LocaleID -Template $Template -Name "$Title" -SecondaryOwnerAlias
$SecondaryOwnerAlias -ContentDatabase $ContentDatabase


}

catch
{

Write-Host "There was a problem:" $_ -ForegroundColor Red

}

  

This script don´t create Site Collection at root level (http://webapplication/) but can be tuned for detects it but I don´t want make the article more complicated... I will write about it in next entry...

Day 2: Excessive memory use of w3wp.exe process

One of the most common issue in Sharepoint is the excessive use of memory of Application Pools... Day by day the w3wp.exe process grows until eats the whole amount of memory of the server. It´s very important detect this situation and prevent it...

As you can see in the image below the w3wp.exe processes are IIS Worker Processes...

 

The problem is administrators can´t do any of this actions from Task Manager:

1. We can´t identify App Pool that corresponds with the IIS Worker Process.
2. We can´t limit the memory use.

To solve the first problem, we identify the IIS Worker Process with the command %systemroot%\system32\inetsrv\appcmd list wp.In Internet Information Services 6 the command is C:\Windows\System32\iisapp.vbs.

Other way to find the IIS Worker Process is open IIS Management Console. Select the hostname in the left panel and select Worker Processes in the righ panel under IIS Section.

You will find the information at one look.

 

Once we know the Application Pool name we must go to Application Pools Section and select Advanced Settings with right click.

The last setting is Virtual Memory Limit (KB) This is the max amount of memory allocated by Application Pool. When this value is exceeded the Application Pool is recycled.

The final task is recycle the App Pool for apply the changes.

By this way you can limit the amount of memory for a good performance server.

Day 1: People-Picker: Behaviour and configuration across several domains.

Sometimes, People-Picker is a part very ignored when administrator is designing and developing the Sharepoint infrastructure... In fact, when Servers are in one domain and users in other this is a crucial task... Wrong setup would be a headache if domains don´t have bidirectional trusted relationship... But we must go step by step...

First thing: ¿What is People-Picker? People-Picker is the module of Sharepoint that allows administrators find and pick up domain users in order to give them several access rights to Sharepoint Site Collections...

In the this image you can see People-Picker...

Let´s take a look to default behaviour of People-Picker... How it works?

1. Admin site or other user with appropiate rights makes one query to People-Picker web control.
2. The web front server makes a DNS query to locate one Domain Controller that have Global Catalog Service.
3.  Once the DC is targeted, the server tries to connect it.. First connection is anonymous and returns extra information about conected DC.
4.  If AD requires autentification, Sharepoint uses IIS Application Pool Security Context of Web Front server that hosts the Web Application.
5.  The Web Front server sends one LDAP Global Catalog request to AD asking for matching results in the subtree for users/objects. The search criterion is the following:

• Users objects in 'name', 'displayName', 'cn', 'sn', 'SamAccountName', 'mail', ‘SMTP’ or 'proxyAddresses' attributes.
•  Group objects in 'name', 'displayName', 'cn', or 'SamAccountName' attibutes.

Once the process is finish People-Picker returns the results....

Let's start the adventure!!! Or how to setup the People-Picker...

When you have Sharepoint in different domain from the domain where you have the users we can find two scenarios:

1. Bidirectional trusted relationship between domains: User of domain A can be authenticated in domain B and viceversa. In this case, we don´t need to do anything...
2. Unidirectional trusted relationship between domains. One specified user of domain A is allowed to be authenticated in domain B but it is not valid backward case... So we must create one search user in every other domains. 

When the user has been created we must follow the following steps:

It´s very important to keep in mind there isn´t any powershell cmdlet to do this task... So we have to take a look to old stsadm.exe.

STEP 1: Run this command line in EVERY FRONT WEB SERVER:

STSADM.exe -o setapppassword -password <PASSWORD>

The search user and password for each domain is stored and encrypted in every front web server. All servers must have the same password established with this command. This task is at farm level.

STEP 2: Run the following commands ONLY IN ONE SERVER and they are at Web Application level:

STSADM.exe -o getproperty -url http://webapplication -pn peoplepicker-searchadforests

With this command, we collect all users established in People-Picker before... It´s very important that we must have all users and passwords because with the following command we are going to REPLACE all values. This means the following commands must include all values established before.

With this command we set to null the property. It´s not necessary but Microsoft recommends it:

stsadm.exe -o setproperty -url http://webapplication -pn peoplepicker-searchadforests -pv ""

Finally, the last command... It will configure the People-Picker correctly:

stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv forest:FOREST1,FOREST1\forest1user,UserPassword1;forest:FOREST2,FOREST2\forest2user,UserPassword2; forest:FOREST3,FOREST3\forest3user,UserPassword3 -url http://webapplication

NOTE: Every credential will be with the format DOMAIN/FOREST, USER, PASSWORD. Every set of values must be separated with the ";" character.

With this last command we finished the job. All that remains it´s test the sites of Web Application.

I hope you enjoy it!!!!

Day 0: Starting Project...

New Life... New Projects... It´s my actual point of view... 48 days to year 2014 and new purposes has been raised in my life... First: I have planned create one daily project to share the great passion in my professional life: Sharepoint and all its enviroment... So, I will try to publish almost daily one little article about Sharepoint Administration. I hope you enjoy it...