Retrieving Credentials from the SharePoint’s Secure Store Server

Hey everyone,

This is more of a reminder post for myself. But my team was having troubles remembering the credentials we set up in one of our Secure Store Application entries. Unfortunately there is no way to retrieve it from Central Admin, so I assumed there had to be some PowerShell or C# way of retrieving it.

While googling around I came across this great console application by Mike Hacker that solved our problem completely:
http://blog.mikehacker.net/index.php/2010/01/20/sharepoint-2010-retrieving-credentials-from-secure-store-service/

Thought I would post a link to it in case any one else had a similar issue and so I don’t have to google around again ūüôā

My thanks to Mike.

Cannot publish InfoPath forms or cutomized list forms in SharePoint lists (2010)

Christmas Holidays are over, and what could be more fun than coming back from holidays to error messages through SharePoint.

It seemed when a user tried to edit an infopath form of their site collection they were unable to republish the form getting the following error message:

Error Message

“The publish operation could not be completed. It cannot be determined if the form template was successfully published. Try publishing the form template again, or change the list settings to use the default SharePoint form”

It didn’t matter how little was changed in the form¬†or whether it was a form libray or trying to customize the form of a regular SharePoint List:

Customize Form

viewing the details of the error message:

“InfoPath cannot connect to the server. The server may be offline, your computer might not be connected to the network, or InfoPath Forms Services 2010 might not be enabled on the server. To fix this problem, start by checking your network connection, and then trying again.”

From this we can narrow down the issue to be with InfoPath Forms Services since we are able to connect to the Site collection fine.

Since this was not an issue with other site collections we can narrow it down further that it is only with the InfoPath Site Features (IPFSSiteFeatures). This is a hidden feature in all site collections and can only be viewed through PowerShell. I found by simply disabling an re-enabling this feature fixed the problem.

PS C:\> Disable-SPFeature "IPFSSiteFeatures" -url "http://Server/Sites/SiteCollection"
PS C:\> Enable-SPFeature "IPFSSiteFeatures" -url "http://Server/Sites/SiteCollection"

Hope this helps

“Manage files which have no checked in version” list larger than list view threshold

Hey guys,

We ran into an interesting problem the other day after our company acquired another company. Basically the business wanted to consolidate a large amount of the acquired company’s documents into a SharePoint Library with similar documents. This part is fine and can easily be done using explorer view of the library and dragging and dropping the necessary folder structures.

The problem was that the library in question had the setting “Require Check Out” set to yes. This means that all the files that were dropped into the library using explorer view would need to be checked in as there would be no current version.

To make matters worse, the user who dumped all the files left the company, hence there is no checked in version and all the files remain invisible to everyone in the site.

Generally for a scenario like this you could use the option¬†“Manage files which have no checked in version” from the¬†library settings under Permissions and Management

Then from there you could take ownership of all the files, and check them in yourself.

But for our scenario the number of files dropped exceeded our list view threshold by a lot and we couldn’t even open the view “Manage files which have no checked in version“.¬†However even if we could view all the files i.e. extending the threshold temporarily, ¬†it would have been a real pain taking ownership of them all and checking them all in.

PowerShell Solution.

I developed a short little set of PowerShell Functions that can take ownership of the files, then recursively check in all files that are being checked out by the system account.

#Add SharePoint Snapin if not using SharePoint's PowerShell Console
if ((Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null )
{
Add-PsSnapin Microsoft.SharePoint.PowerShell
}
#First function takes ownerhip of all unmanaged files with no version
function Take-Ownership{
param(
$spSite,
$spList
)
$site = Get-SPWeb -Identity $spSite
$list = $site.Lists[$spList]

$list.CheckedOutFiles | ForEach-Object{
$_.LeafName+ " had it's ownership taken from: "+$_.CheckedOutBy.DisplayName+"`n"
$_.TakeOverCheckOut()
}
}
#This Function takes a folder object and recursively checks in
#all files which are checked out by the System Account
function checkin-AllFiles{
param(
[Parameter(Mandatory=$true, ValueFromPipeline=$true)]
[Microsoft.SharePoint.SPFolder]
$currFolder
)

$currFolder.Files | ForEach-Object {
if ($_.CheckedOutByUser.UserLogin -eq "SHAREPOINT\system"){
$_.CheckIn("File checked in by administrator")
$_.Name+" has been checked in`n"
}
}
$currFolder.SubFolders| ForEach-Object{
checkin-AllFiles -currFolder $_
}
}
#This function basically combines the previous 2 for primary use
function Checkin-AllUnmanagedFiles{
param(
$site,
$library
)
$spSite = Get-SPWeb -identity $site
$spFolder = $spSite.Folders[$library]

Get-Date
"Taking ownership of the following Files`n"
Take-Ownership -spSite $site -spList $library
"-----------------------------------------------------------------------------`n"

    Get-Date
"Checking in the following files`n"
checkin-AllFiles -currFolder $spFolder
Get-Date
}

We can then run the script and use the Checkin-AllUnmanagedFiles function.

PS> Checkin-AllUnmanagedFiles -site "http://yoursite/" -library "Library Name"

For example I have a “Shared Documents” library which requires files be checked out for editing. I then dropped a few files into it’s explorer view

We can now see that these files show up in the library but are all checked out to myself hence no other user can see the file as there is no previous version yet.

Now if we run my script from the command shell:
(Note: I saved my script in a ps1 file called CheckinFiles.PS1)

PS> . .\CheckinFiles.PS1
PS> Checkin-AllUnmanagedFiles -site "http://torapd149:3434/subsite/" -library "Shared Documents" > .\checkin.txt

We can see all the files have now been checked in and modified by the System Account. Also I sent the output to a logfile called checkin.txt which tells which files were taking ownership of and which files were checked in.

Hopefully you will find this as useful as I have.
Cheers

Error when trying to access SharePoint Managed Accounts “Object reference not set to an instance of an object”

When trying to access the Managed Accounts section in Cental Admin you may recieve the following vague error message:
Error
Object reference not set to an instance of an object

After doing some digging I found that you can get this error message when one of your Managed Accounts is not in sync with Active Directory, as in the passwords no longer match and most likely the account is locked. You’ll need to work with your access control team in order to get the password reset of the necessary account and have the account unlocked, however you still won’t be able to view the Managed Accounts screen.

In order to get back to the Managed accounts screen you’ll need to disable the automatic password change of the problem account. If you’re not sure what the problem account is then its best to check with each one.

First find out which accounts are set to automatic password change by running the following PowerShell command:

PS C:\> Get-SPManagedAccount | Select-Object UserName, AutomaticChange
Username                                             AutomaticChange
--------                                             ---------------
domain\svc_account                                             False
domain\svc_search                                               True

Next you will need change the Automatic Change status of the problem account(s) by running the following PowerShell command.

PS C:\> $account = Get-SPManagedAccount -identity domain\svc_search
PS C:\> $account.AutomaticChange = $False
PS C:\> $account.Update()
PS C:\> Get-SPManagedAccount | Select-Object UserName, AutomaticChange
Username                                             AutomaticChange
--------                                             ---------------
domain\svc_account                                             False
domain\svc_search                                              False

Once you’ve done this you should be good to go access the Managed Accounts from Central Admin, and re-configure to your needs.

Cheers

PowerShell to check which SharePoint sites have a specific Feature enabled

Hey Guys,

The other day our Records Management team was adamant in determining who in the company is utilizing SharePoint’s Records Management feature.

With over 350 site collections it would be a real pain to go to each site and check if its enabled. Luckily PowerShell offers a nice easy way of checking this. Here is a really simple PowerShell function that checks which sites accross a specified web application has a specific feature enabled.

#add sharepoint cmdlets
if ((Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null )
{
Add-PsSnapin Microsoft.SharePoint.PowerShell
}
function Feature-Exists
{
param
(
[string]$webApp,
[string]$featureName
)
Get-SPSite -WebApplication $webApp | Select-Object Url, @{
    Label="Exists"; Expression=
{
$Exists="false"
Get-SPFeature -Site $_.Url | ForEach-Object{
if($_.displayName -eq $featureName){
$Exists="True"
}
}
$Exists
}
}
}

We can run the function to just get a quick listing or pipe it out to a csv file by doing:

Feature-Exists -webApp "http://site" -featureName "InPlaceRecords" | Export-Csv -NoTypeInformation -Path "D:\report.csv" 

The catch is you do need to know the exact display name of the feature before using the function. The best way of doing this is to¬†use the command Get-SPFeature -site “http://yourSite” and find the display name of the feature in question. You could also modify the function to use the feature’s GUID instead.

PowerShell to list size of content databases in SharePoint Web Application

Hey Guys,

Here’s another quick little PowerShell command for listing all content DBs and their respective sizes. It is quite handy for doing some auditing and determining if you are performing best practices.

PS C:\> $DBs = Get-SPContentDatabase -WebApplication "http://WebAppUrl" 
PS C:\> $DBs | Format-Table Name, @{Label="Size"; Expression={$_.DiskSizeRequired / 1073741824}}
Name                                                                    Size
----                                                                    ----
ContentDB1                                                     183.9931640625
ContentDB2                                                           58.03125

Cheers

PowerShell to determine SharePoint User Permissions

I came across a great post by Aptillon for using PowerShell to determine who has access to what at a SiteCollection: http://blog.falchionconsulting.com/index.php/2010/04/discovering-who-has-access-to-sharepoint-2010-securable-objects/

The custom function (Get-SPUserEffectivePermissions) was great for determining access people have on sites that do not inherit permissions from the parent site.

It could even generate a report across the farm for all items:

PS C:\>$user = "domain\username"
PS C:\>Get-SPSite -Limit All | Get-SPWeb | %{$_.Lists | %{$_.Items | Get-SPUserEffectivePermissions $user}} | Export-Csv -NoTypeInformation -Path C:\report.csv

Check it out as it was a very helpful tool.