SharePoint Online content effective permissions DO NOT match check permissions
I have a document list in the main site. The contents are sensitive so inheritance has been broken.
Access to the list is via two AD groups: ADGroupEdit and ADGroupRead
The list contains several documents. I have selected a document and gone to the advanced view of permissions
This correctly shows the permissions:
ADGroupRead Domain Group Read
ADGroupEdit Domain Group Edit
UserA is a member of ADGroupRead and UserB is a member of ADGroupEdit. UserA and UserB are members of only one AD group.
From the same view, I can click 'check permissions'. Both UserA and UserB show the correct permissions via the correct group.
However, when UserA attempts to access the content via OneNote (either the App or Online) they only see some of the files, and the level of access varies between Read and Edit. I have checked the individual file permissions which are set to inherit and display
the correct permissions.
The problem appears to be that permissions are not been interpreted correctly when listing files.
Does anyone have any ideas why this is happening?
Hi signalwarrant,
Whether you are using Claims authentication.
The claims based token is refreshed every 10 hours and hence if you make any changes to Active directory group memberships it won't reflect immediately in the token. you need to run the following powershell command to adjust the token life time to a smaller
value.
$sts = Get-SPSecurityTokenServiceConfig
$sts.WindowsTokenLifetime = (New-TimeSpan –minutes 60)
$sts.FormsTokenLifetime = (New-TimeSpan -minutes 60)
$sts.Update()
IISRESET
More information, please refer to the link:
http://www.shillier.com/archive/2010/10/25/authorization-failures-with-claims-based-authentication-in-sharepoint-2010.aspx
Best Regards,
Wendy
Wendy Li
TechNet Community Support
Similar Messages
-
POST to SharePoint Online REST API - 405 Method Not Allowed
Good afternoon,
I am writing C# with the intention of uploading a file to a document library using the REST API.
The code must run on an on-premise machine and the target SharePoint site is in SharePoint Online (Office 365 E-plan). It has to handle large files, so CSOM is not an option.
I have successfully tested a few different "get" messages, so I believe the authentication part is working. However, so far I have no such luck with POST.
In fiddler, my most recent attempt looks like this (I redacted the parts in <> because I'm not sure if they are sensitive somehow):
POST http://org.sharepoint.com/sites/site/_api/web/GetFolderByServerRelativeUrl('Documents')/Files/add(url='test2.txt',overwrite=true) HTTP/1.1
Accept: application/json;odata=verbose
X-RequestDigest: <digest value>,15 Jan 2014 17:48:49 -0000
BinaryStringRequestBody: true
Host: org.sharepoint.com
Content-Length: 6
Expect: 100-continue
stuff!
Seems like it should work, but the result is "301 Moved Permanently." This request is immediately followed by this one:
GET https://org.sharepoint.com/sites/site/_api/web/GetFolderByServerRelativeUrl('Documents')/Files/add(url='test2.txt',overwrite=true) HTTP/1.1
Accept: application/json;odata=verbose
X-RequestDigest: <formdigest>,15 Jan 2014 18:01:51 -0000
BinaryStringRequestBody: true
Host: org.sharepoint.com
Cookie: FedAuth=<cookiestuff>; rtFA=<cookiestuff>
Response:
HTTP/1.1 405 Method Not Allowed
Cache-Control: private, max-age=0
Transfer-Encoding: chunked
Content-Type: application/json;odata=verbose;charset=utf-8
Expires: Tue, 31 Dec 2013 18:01:52 GMT
Last-Modified: Wed, 15 Jan 2014 18:01:52 GMT
Server: Microsoft-IIS/7.5
X-SharePointHealthScore: 0
X-SP-SERVERSTATE: ReadOnly=0
SPClientServiceRequestDuration: 25
X-AspNet-Version: 4.0.30319
SPRequestGuid: dd936a9c-f4fc-a05d-27e1-2c948f0eb575
request-id: dd936a9c-f4fc-a05d-27e1-2c948f0eb575
X-FRAME-OPTIONS: SAMEORIGIN
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 16.0.0.2308
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Date: Wed, 15 Jan 2014 18:01:51 GMT
128
{"error":{"code":"-1, Microsoft.SharePoint.Client.ClientServiceException","message":{"lang":"en-US","value":"The HTTP method 'GET' cannot be used to access the resource 'Add'. The operation type of the resource is specified as 'Default'. Please use correct HTTP method to invoke the resource."}}}
0
So it looks to me as if my request is being redirected to the same address but with a "GET" method rather than "POST," resulting in the 405 Method Not Allowed error because "add" needs POST.
I appreciate any insight you can offer.Mkay, perhaps I should rephrase:
I want to synchronize a SharePoint Online library with a local file share. There are a large quantity of files, and many of them are large (actually it's all too large to fit in one SharePoint Online site collection due to the 100gb limit, but I'll
deal with that separately).
The approach I was working on here was to create a C# method basically like this: UploadFile(File, Destination, username, password). I would use this method in the script component of an SSIS package which would run on a server and push the files
up to SPO, but right now I'm just testing it as a console application.
I got the CSOM methods working, but obviously that won't work because the files are too large. Above is what's happening with the REST version.
Can anyone see what's wrong with my REST calls - why is it being redirected as a GET request? Is this even possible? -
Scrip to update Sharepoint Online content type
I have a content type "TestContentType" with three columns:
Document Type
Category
Sub-category
This content type is used on 18 document libraries, in 3 site collections.
The Category column needs to have a "description" added which currently has no description. Is there a way to achieve this via a script so I don't have to make change manually via the UI.
So far I have come up with the following script, but this so far only lists all list and document libraries. What I actually need is to be able to get the content type in this case "TestContentType" and then update the "Category" column
to include a description:
$loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
$webUrl = Read-Host -Prompt "HTTPS URL for the SP Online 2013 site"
$username = Read-Host -Prompt "Email address login"
$password = Read-Host -Prompt "Password for $username" -AsSecureString
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
$web = $ctx.Web
$lists = $web.Lists
$ctx.Load($lists)
$ctx.ExecuteQuery()
$lists| select -Property Title
Any suggestions would be appreciated.This isn't the best way to do it, which would be manipulating SharePoint through the CSOM, however you can automate IE so that it runs through a series of actions.
The nice way would be to use something like the client-side code here:
https://sharepointpowershell.codeplex.com/
I don't have the time to dig into it at the moment but i'd try to merge that CSOM approach with something like this script:
http://get-spscripts.com/2010/11/add-and-remove-site-content-types-from.html which uses the on-prem version. -
Sharepoint Online Bug: Document Set does not synchronize empty fields
If in the properties of document set the general field is empty, it will not be synchronized with internal files that has this general field. Ie, all files can have own values for the general field. If the value in document set (in properties) is not empty,
the synchronization works fine. This issue was tested in different sites from different account in Office365.
How to reproduce the problem:
1. In Document Set (DocSet1) I have general field (Field1).
2. When I create DocSet1 item in the list, Field1 is empty.
3. In DocSet1 I create file Doc1, also with Field1.
4. Field1 in Doc1 and DocSet1 has to be synchronized (because it's general).
5. When I change Doc1 file, put some text (Text1) for Field1,
the value remains as
Text1, but in that time Field1 in DocSet1 is empty.
6. Field1 wasn't synchronized, it has different values in DocSet1 properties and in internal file Doc1.
7. I go to DocSet1 and change Field1 to Text2, now the field is synchronized
8. Field1 in DocSet1 and Doc1 is Text2.
Why does it happen?Hi ,
According to your description, my understanding is that the updated Shared Column of document item cannot synchronize with the Shared Column of the Document Set which is empty value.
For reproduce your issue, I added two Shared Columns “Description” and “E-Mail” into my Document Set Content Type and added it to a document library . Then I created a new Document Set and left
its two Shared Columns “Description” and “E-Mail” empty. When I created a document item in the new document set and set values to the two Share Columns, the Description column was still empty but the “E-Mail” column was updated with
new value.
By default, if the Shared Column of your Document Set is empty, the Shared Column of the items in the document set should be empty and cannot be updated.
For a good practice, I recommend that you can set the value of Shared Columns in your document set once your document set is created . For a workaround, you can hide Shared Column in the Edit
Form. Here is the code you can refer to:
<script type="text/javascript">
$(document).ready(function(){
HideFieldByInternalName("Coach");
HideFieldByInternalName("Duration");
HideFieldByInternalName("Locations");
function HideFieldByInternalName(internalName) {
$(".ms-formbody").contents().filter(function() {
var regExp = new RegExp(internalName, "i");
// match comment node containing internal field name
return ((this.nodeType == 8) && (this.data.match(regExp)));
}).parent().closest("tr").hide();
</script>
Reference:
http://en.share-gate.com/blog/document-sets-making-your-metadata-shine
Best Regards,
Eric
Eric Tao
TechNet Community Support -
Disk Utility does not repair Permissions (shows repaired but just come back up again). See problems:
Verify permissions for “Macintosh HD”
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/dt.jar", should be lrwxr-xr-x , they are lrw-r--r-- .
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jce.jar", should be lrwxr-xr-x , they are lrw-r--r-- .
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.ja r", should be lrwxr-xr-x , they are lrw-r--r-- .
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/management- agent.jar", should be lrwxr-xr-x , they are lrw-r--r-- .
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib", should be 0, user is 95.
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/dt.jar", should be -rw-r--r-- , they are -rwxr-xr-x .
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/jce.jar", should be -rw-r--r-- , they are -rwxr-xr-x .
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/management -agent.jar", should be -rw-r--r-- , they are -rwxr-xr-x .
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/b lacklist", should be lrwxr-xr-x , they are lrw-r--r-- .
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Libraries", should be 0, user is 95.
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts", should be lrwxr-xr-x , they are lrw-r--r-- .
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Resources/Java/deploy.jar", should be lrwxr-xr-x , they are lrw-r--r-- .
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPluginCocoa.b undle/Contents/Resources/Java/deploy.jar", should be lrwxr-xr-x , they are lrw-r--r-- .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/zh_TW.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/zh_TW.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/zh_CN.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/zh_CN.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/ko.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/ko.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Dutch.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Dutch.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Italian.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Spanish.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Spanish.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/French.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/French.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/German.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/German.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Japanese.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Japanese.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/dt.jar", should be -rw-r--r-- , they are lrw-r--r-- .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jce.jar", should be -rw-r--r-- , they are lrw-r--r-- .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jconsole.jar ", should be -rw-r--r-- , they are lrw-r--r-- .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/management-a gent.jar", should be -rw-r--r-- , they are lrw-r--r-- .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/dt.jar", should be lrwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/jce.jar", should be lrwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/management- agent.jar", should be lrwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/bl acklist", should be -rw-r--r-- , they are lrw-r--r-- .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPlugin Cocoa.bundle", should be drwxr-xr-x , they are lrwxr-xr-x .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPlugin Cocoa.bundle/Contents/Resources/Java/deploy.jar", should be -rw-r--r-- , they are lrw-r--r-- .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPlugin Cocoa.bundle/Contents/Resources/Java/libdeploy.jnilib", should be -rwxr-xr-x , they are lrwxr-xr-x .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/ Contents/Home/lib/security/cacerts", should be -rw-r--r-- , they are lrw-r--r-- .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/ Contents/Resources/Java/deploy.jar", should be -rw-r--r-- , they are lrw-r--r-- .
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/ Contents/Resources/Java/libdeploy.jnilib", should be -rwxr-xr-x , they are lrwxr-xr-x .
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired.
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/English.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .Ignore all these.
http://support.apple.com/kb/TS1448?viewlocale=en_US -
Sharepoint Online - Content Search, some Display Templates missing.
I'm experimenting Content Search web parts in a number of Site Collections, but appear to be getting different Display Templates available.
Can anyone explain what controls the availability of the templates please...
Our Default root site collection.
http://company.sharepoint.com
Has Web part controls of
List & Slideshow
And Item Templates of
Large Picture, Picture on left 3 lines, Recommended Items & Video
All other site collections http://company.sharepoint.com/sites/Dept1
Has Web part controls of List
& Slideshow
PLUS List with Paging
And Item Templates of
Large Picture, Picture on left 3 lines, Recommended Items & Video
PLUS Diagnostic, Picture on Top 3 Lines bottom, & Two Lines
I've compared site and collection features and cannot see any features that would appear to control this...
Any ideas.... Please!
Cheers
RussI just had the same issue, I think it was something with broken upgrade code from 2013.
Anyways, I solved it:
Go to Master Page Gallery --> Display Templates --> Content Web Parts
Delete all JavaScript Files in there except the Group_Content.js (!!!), they seem to have messed up metadata (Content Type Reference and Template Level)
Open up PowerShell and issue this command:
Get-SPFeature SearchTemplatesandResources | Enable-SPFeature -Url [URLtoBrokenSite] -Force
This will re-upload the JavaScript files and all controls and templates finally are there again, hopefully ;)
// Tried and true method for weather forecasting - random numbers. String weather = (new Random()).Next(2)==0?"rainy":"sunny"; -
Components of BI Contents LIS Datasources are not matching
Hi All,
We have two R/3 Systems with the config's and SP's as
Version - 4.7 SP 27 ---> fields not found
Version - 4.7 SP 28 -
> fields found
When we go into LBWE of first one, i have only 22 fields but whn i go to second system data fields are 66.
Datasource name - 2LIS_17_I0NOTIF.
Please advice,
Regards,
Karthiki have found out the answer as some issues in Views that have added, usage of maintenance pool fields
-
Permissions Repair Not Repairing the Permissions that it Claims
I have a server that went down, and I successfully archived everything [necessary] on the System partition using "sudo cp -R". I copied this over to a different HDD, and used the migration assistant to restore data during installation. This effectively copied everything that I needed to recover from this server.
Understandibly, I had lots of permissions errors, and attempted to repair them using Disk Utility while booted in the OS. This fixed most permission errors, but when I verified again, it pulled up more errors. Repaired permissions again, and again but Disk Utility still claimed that the same files needed to be repaired. I booted to my install drive and tried repairing permissions through Disk Utility multiple times, but it still pulls up the same errors.
Most of these errors are that the 'd' flag is missing at the beginning of the file mode for files matching: /System/RemoteManagement/AppleVNCServer.bundle/Contents/LockScreen.app/Contents /Resources/*.lproj/MainMenu.nib
Other errors are .nib files in the ARDAgent.app, but there are fewer numbers of these.
I assume it's pretty bad if a file is supposed to be a directory but isn't, so what can I do about this? We use Remote Desktop quite a bit, so any deviation in the way it works can be pretty prohibitive.
Thanks in advanceThe structure of some packages changed in an update. Unless you have an actual problem running Apple Remote Desktop, ignore those messages.
Running the repair permissions function repeatedly won't change or fix anything.
(94433) -
SharePoint Online reusable deployable content solution
Good Morning,
I am still relative new to SharePoint development and I am looking for a push in the right direction. I had a user request the following...
- Create a SharePoint site with minimal branding, just a logo that is changeable. The user is comfortable with SharePoint designer to do this. Is there an easier way for the user?
- Convert some existing word documents into web pages that is deployable to different environments for reuse. Templates more or less.
- Using SharePoint Online
What kind of solution is recommended? Additional read materials that you would suggest? Thank you! I just need a push in the right direction.SharePoint branding has been massively overhauled and now caters for those that don't have a very strong background. To cater for the minimal branding, you can use the Design Manager, which lets you set images, set colours and move onto more advanced
stuff, if so needed.
For the Word Conversion, you can use Word Automation Services, which is also included within SharePoint Online.
Some basic reading on both can be started here: -
http://technet.microsoft.com/en-us/library/sharepoint-online-content-service-description.aspx
Hope that helps
Steven Andrews
SharePoint Business Analyst: LiveNation Entertainment
Blog: baron72.wordpress.com
Twitter: Follow @backpackerd00d
My Wiki Articles:
CodePlex Corner Series
Please remember to mark your question as "answered" if this solves (or helps) your problem. -
Hi,
I want to setup an outpund hybrid search for SharePoint 2013 on-premise to SharePoint Online.
But I'm not shure if this works with ADFS SSO.
Has somebody experience with this setup?
Here's my guide which I'm going to use for this installation:
Introduction
In this post I'll show you how to get search results from your SharePoint Online in your SharePoint 2013 on-premise search center.
Requirements
User synchronisation ActiveDirectory to Office 365 with DirSync
DirSync password sync or ADFS SSO
SharePoint Online
SharePoint 2013 on-premise
Enterprise Search service
SharePoint Online Management Shell
Instructions
All configuration will be done either in the Search Administration of the Central Administration or in the PowerShell console of your on-premise SharePoint 2013 server.
Set up Sever to Server Trust
Export certificates
To create a server to server trust we need two certificates.
[certificate name].pfx: In order to replace the STS certificate, the certificate is needed in Personal Information Exchange (PFX) format including the private key.
[certificate name].cer: In order to set up a trust with Office 365 and Windows Azure ACS, the certificate is needed in CER Base64 format.
First launch the Internet Information Services (IIS) Manager
Select your SharePoint web server and double-click Server Certificates
In the Actions pane, click Create Self-Signed Certificate
Enter a name for the certificate and save it with OK
To export the new certificate in the Pfx format select it and click Export in the Actions pane
Fill the fields and click OK Export to: C:\[certificate
name].pfx Password: [password]
Also we need to export the certificate in the CER Base64 format. For that purpose make a right-click on the certificate select it and click on View...
Click the Details tab and then click Copy to File
On the Welcome to the Certificate Export Wizard page, click Next
On the Export Private Key page, click Next
On the Export File Format page, click Base-64 encoded X.509 (.CER), and then click Next.
As file name enter C:\[certificate
name].cer and then click Next
Finish the export
Import the new STS (SharePoint Token Service) certificate
Let's update the certificate on the STS. Configure and run the PowerShell script below on your SharePoint server.
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# import it
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $PfxCert
Type Yes when prompted with the following message.
You are about to change the signing certificate for the Security Token Service. Changing the certificate to an invalid, inaccessible or non-existent certificate will cause your SharePoint installation to stop functioning. Refer
to the following article for instructions on how to change this certificate: http://go.microsoft.com/fwlink/?LinkID=178475. Are you
sure, you want to continue?
Restart IIS so STS picks up the new certificate.
& iisreset
& net stop SPTimerV4
& net start SPTimerV4
Now validate the certificate replacement by running several PowerShell commands and compare their outputs.
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
# get the encrypted pfx certificate object
New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# compare the output above with this output
(Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
[/code]
## Establish the server to server trust
[code lang="ps"]
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
Import-Module MSOnline
Import-Module MSOnlineExtended
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# set the onpremise domain that you added to Office 365
$SPCN = "sharepoint.domain.com"
# your onpremise SharePoint site url
$SPSite="http://sharepoint"
# don't change this value
$SPOAppID="00000003-0000-0ff1-ce00-000000000000"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# get the raw data
$PfxCertBin = $PfxCert.GetRawCertData()
# create a new certificate object
$X64Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
# import the base 64 encoded certificate
$X64Cert.Import($X64CertPath)
# get the raw data
$X64CertBin = $X64Cert.GetRawCertData()
# save base 64 string in variable
$CredValue = [System.Convert]::ToBase64String($X64CertBin)
# connect to office 3656
Connect-MsolService
# register the on-premise STS as service principal in Office 365
# add a new service principal
New-MsolServicePrincipalCredential -AppPrincipalId $SPOAppID -Type asymmetric -Usage Verify -Value $CredValue
$MsolServicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $SPOAppID
$SPServicePrincipalNames = $MsolServicePrincipal.ServicePrincipalNames
$SPServicePrincipalNames.Add("$SPOAppID/$SPCN")
Set-MsolServicePrincipal -AppPrincipalId $SPOAppID -ServicePrincipalNames $SPServicePrincipalNames
# get the online name identifier
$MsolCompanyInformationID = (Get-MsolCompanyInformation).ObjectID
$MsolServicePrincipalID = (Get-MsolServicePrincipal -ServicePrincipalName $SPOAppID).ObjectID
$MsolNameIdentifier = "$MsolServicePrincipalID@$MsolCompanyInformationID"
# establish the trust from on-premise with ACS (Azure Control Service)
# add a new authenticatio realm
$SPSite = Get-SPSite $SPSite
$SPAppPrincipal = Register-SPAppPrincipal -site $SPSite.rootweb -nameIdentifier $MsolNameIdentifier -displayName "SharePoint Online"
Set-SPAuthenticationRealm -realm $MsolServicePrincipalID
# register the ACS application proxy and token issuer
New-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/metadata/json/1/" -DefaultProxyGroup
New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/metadata/json/1/" -IsTrustBroker -Name "ACS"
Add a new result source
To get search results from SharePoint Online we have to add a new result source. Run the following script in a PowerShell ISE session on your SharePoint 2013 on-premise server. Don't forget to update the settings region
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# region settings
$RemoteSharePointUrl = "http://[example].sharepoint.com"
$ResultSourceName = "SharePoint Online"
$QueryTransform = "{searchTerms}"
$Provier = "SharePoint-Remoteanbieter"
# region settings end
$SPEnterpriseSearchServiceApplication = Get-SPEnterpriseSearchServiceApplication
$FederationManager = New-Object Microsoft.Office.Server.Search.Administration.Query.FederationManager($SPEnterpriseSearchServiceApplication)
$SPEnterpriseSearchOwner = Get-SPEnterpriseSearchOwner -Level Ssa
$ResultSource = $FederationManager.GetSourceByName($ResultSourceName, $SPEnterpriseSearchOwner)
if(!$ResultSource){
Write-Host "Result source does not exist. Creating..."
$ResultSource = $FederationManager.CreateSource($SPEnterpriseSearchOwner)
$ResultSource.Name = $ResultSourceName
$ResultSource.ProviderId = $FederationManager.ListProviders()[$Provier].Id
$ResultSource.ConnectionUrlTemplate = $RemoteSharePointUrl
$ResultSource.CreateQueryTransform($QueryTransform)
$ResultSource.Commit()
Add a new query rule
In the Search Administration click on Query Rules
Select Local SharePoint as Result Source
Click New Query Rule
Enter a Rule name f.g. Search results from SharePoint Online
Expand the Context section
Under Query is performed on these sources click on Add Source
Select your SharePoint Online result source
In the Query Conditions section click on Remove Condition
In the Actions section click on Add Result Block
As title enter Results for "{subjectTerms}" from SharePoint Online
In the Search this Source dropdown select your SharePoint Online result source
Select 3 in the Items dropdown
Expand the Settings section and select "More" link goes to the following URL
In the box below enter this Url https://[example].sharepoint.com/search/pages/results.aspx?k={subjectTerms}
Select This block is always shown above core results and click the OK button
Save the new query ruleHi Janik,
According to your description, my understanding is that you want to display hybrid search results in SharePoint Server 2013.
For achieving your demand, please have a look at the article:
http://technet.microsoft.com/en-us/library/dn197173(v=office.15).aspx
If you are using single sign-on (SSO) authentication, it is important to test hybrid Search functionality by using federated user accounts. Native Office 365 user accounts and Active Directory Domain Services
(AD DS) accounts that are not federated are not recognized by both directory services. Therefore, they cannot authenticate using SSO, and cannot be granted permissions to resources in both deployments. For more information, see Accounts
needed for hybrid configuration and testing.
Best Regards,
Eric
Eric Tao
TechNet Community Support -
Details:
Non-techie needs to archive SharePoint site and apps content into one convenient file.
1. Currently SharePoint calenders, contacts and tasks synced to Outlook and exported to an Outlook .pst;
2. Document libraries to a folder in file system;
3. SharePoint Online 2013 microfeed cannot sync at all (correct me if I'm wrong).
4. Pages also not really exportable.
Migration between O365 plans and tenants I can use .wsp but still limited to 50MB export and needs site collection settings access.
Ideally able to access these content offline (no security implications here).
Anyone know of a simple way?Hi Tian-An,
SharePoint contents (e.g. document files, list items, pages) are stored in SQL database, it may if you want to use the contents without SharePoint environment, I think you can click "Open with Exporer" from library ribbon and then copy them to
the file system(e.g. a network dirve fileshare), note that the library columns value would be unable to be copied/exported; for the list items you can click "Export to Excel" button form list ribbon to export list itmes to
excel file, or as you have done with connecting to Outlook.
And we have a dedicated Office365 SharePoint online forum, I would recommand you post there for getting a better assistance redarding this SharePoint online contents exporting.
https://community.office365.com/en-us/f/154.aspx
Thanks,
Daniel Yang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Daniel Yang
TechNet Community Support -
Export sharepoint online list in powershell
Hi,
is there any commandlet to export content of sharepoint list to csv? I need some script witch does it automaticaly. Is it possible?
Thanks for help
JDHi Tian-An,
SharePoint contents (e.g. document files, list items, pages) are stored in SQL database, it may if you want to use the contents without SharePoint environment, I think you can click "Open with Exporer" from library ribbon and then copy them to
the file system(e.g. a network dirve fileshare), note that the library columns value would be unable to be copied/exported; for the list items you can click "Export to Excel" button form list ribbon to export list itmes to
excel file, or as you have done with connecting to Outlook.
And we have a dedicated Office365 SharePoint online forum, I would recommand you post there for getting a better assistance redarding this SharePoint online contents exporting.
https://community.office365.com/en-us/f/154.aspx
Thanks,
Daniel Yang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Daniel Yang
TechNet Community Support -
SharePoint Online custom alert emails
How can I change the alert email that SharePoint online (part of Office 365) send out. I've seen alot of reference to AlertTemplate.xml but that is if you have SP installed on a local server.
I would like to add the check in comments to the alert email.Hi Scott,
The Alerttemplates.xml file is located at: Local_Drive\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\XML directory on On-Premise SharePoint local server, so we can customize the alert template file on local server with server
administration permission per this
article.
But in Office365 SharePoint Online, if you wan to customize the alert template you need to customize the Alerttemplates.xml under 14 folder on Online server, but it is not permitted, check this article
you also have seen.
You can also post this question related SharePoint Online in dedicated Office365 SharePoint Online forum, you can get a better assistance there,
http://community.office365.com/en-us/forums/151/categories.aspx
Thanks
Daniel Yang
TechNet Community Support -
Access SharePoint Online Data through code/powershell
Hi All,<o:p></o:p>
I need to access SharePoint Online site to upload documents from local machine to the doc libraries on the site.. (100s of docs)
I am trying to see if I can use PowerShell script for this.. However, I see that SharePoint Online Management Shell cmdlets are not robust enough to do such operations.. Is there a way I can use CSOM / .net console app / any other way.. I am drawing
blank here.. L<o:p></o:p>
Any help is much appreciated.<o:p></o:p>
CharanYou can start from here
http://blogs.technet.com/b/fromthefield/archive/2014/02/19/office365-script-to-upload-files-to-a-document-library-using-csom.aspx
Regards Chen V [MCTS SharePoint 2010] -
Creating High trust provider hosted app in SharePoint online
Hi,
I need to create high trust provider hosted app for SharePoint Online. provider hosted would be not going to host in Azure but it will be some where else.
some kindly provide step by step that how to create High trust app for SharePoint online but not for SharePoint 2013.
Kapscheck this link
http://msdn.microsoft.com/en-us/library/office/fp179901(v=office.15).aspx#Intro
A high-trust app for SharePoint is is primarily intended for use in an on-premises environment. The high-trust
app cannot be installed to Microsoft SharePoint Online, and the remote components are typically installed on premises, too, within the corporate firewall. Thus, the instances of the app for SharePoint are specific to each individual company.
Kind Regards, John Naguib Technical Consultant/Architect MCITP, MCPD, MCTS, MCT, TOGAF 9 Foundation
Maybe you are looking for
-
i'm always creating original documents (for example invoices that can be edited) in microsoft word 2008 for mac version 12.3.3 (120411) - then save them as a PDF file i'm using version 9.5.1 to my desktop - problem is somewhere in the conversion proc
-
Hi, i am trying to get custom icon for specific nodes of a tree. In my customTreeCellrenderer that extends the default predecessor, i have this function. The problem is that, the icons are not set to the node i want but the node after that node. Anyo
-
Please help !... So desperate !
Greetings ! I just created a web site for a client and it looks perfect on both IE7 and FireFox. We just find out that the horizontal Spry navigation is a complete mess on IE6. (See the screenshots below.) So i created a small demo page to illustrate
-
I've placed my Five Finger Death Punch album on my iPod, but the songs are out of order. Song 4 and 9 are showing as 1 and 2 on the iPod, while on my iTunes it's all correct.
-
Oracle Hyperion Essbase Learning Material
Hi, I want to refresh my knowledge on Essbase and planning. I have essbase dbag, Hyperion Implementation guide by sarma. If anyone can suggest a link for material that would be great. Thanks in advance. -Hussain