Granting permissions to manage my sites site collections and user profiles

Similar Messages

• Best Practice for Host Named Site Collections and Web Apps

  Looking for advice on setting up the host named site collections.  If I am reading many of the technet articles and blogs correctly I should 1) have only 1 top level web app for host named site collections and 2) not have a host header for that web
  app.  If that's correct I am looking for advice.  We have 7 separate domains that we support in our farm.  Currently each of those domains is divided into web applications based on the domain,  *.contoso, *.trains.com, *.bakers.com, etc.
    Is the concept now that all of the host named site collections fall under that one web app?  How do we deal with the SSL for each of those separate domains which all have their own certificates? 
  Thanks in advance for your comments. 
  NLewis

  Yes, for creating host named site collections, first you create a host header less web app and then create host named site collections under that web app. However this is only for the cases where all the host named site collections ends in one domain. So
  you can create host named site collections as intranet.contoso.com, my.contoso.com, portal.contoso.com etc as they are all ending in *.contoso.com.
  As per your environment, if you have web apps which caters to different domains like *.contoso.com, *.trains.com, *.bakers.com, you need to create separate web apps as they are all ending in different domains. Then you can have a separate wildcard SSL certificate
  for each of those web apps.
  Hope this helps.
  Thanks
  Mohit

• Search does not crawl new site collection and documents

  We have the following situation. We have two locations with different farms sharing the same databases (using AlwaysOn for the content databases). Everything works fine, the second site is also read-only while having the primary farm online. For existing
  databases the search crawler on the second site is able to crawl existing site collections.
  For new site collections created on the first farm the crawler on the first farm indexes the content proberly. The second farm though is not knowledgable of the content unless you force him to reiterate the content database. After this procedure the sites
  are available on the second site as well (showing them in the web browser), but the search farm still is not able to see the new site collection and data created within.
  Is there any additional iteration we have to go through making the crawler aware of the new structure / content ?
  Thanks in advance, Jens

  Nope.
  Change log wipes are real, that's how incremental crawls work in SharePoint.
  Site A is created and modified. Changes are mirrored to the second AG, content is added, logged in the changes log and then removed as the crawler on the primary farm indexes it.
  This continues until you make farm 2 aware of the changes. At that point farm 2 will look for any changes to the content in the change logs on the newly added sites. Which will be empty, or at least not contain any changes since the primary farm's last crawl.
  That explains why you don't get sites indexed properly when they are added but would explain why some content is indexed afterwards which i believe is the case?
  The second issue you'll find is that the crawls won't synchronise. Assuming continuous crawls kicking off at the same time you'll end up in a race between the two. If the primary farm is quicker then the second farm will continuously fall behind then catch
  up and go ahead of the primary indexing process, but if the secondary farm is faster then it'll race off into the distance and then any changes that occur between the secondary farm indexing a site and the primary indexing the site will be lost on the secondary
  farm.
  You'll have to run full crawls. Unless MS have done a lot of work on the supporting infrastructure incremental or continuous crawls of AOAGs won't work well.

• How to display all site collections to users for site access

  Currently when our users clients/internal log in, they are directed to a site directory.  The site directory only displays sites that the users have access too.  Which is great because I don't want our clients to see our entire client list.  
  Currently we have one site collection with 700+ sites.  
  We are changing the architecture of our SharePoint environment to create a new site collection for each client.  So, we may have 700+ site collections in one web application.  
  My question is, how can I display all site collections to our user for access, similar to a site directory?  
  Any help would be greatly appreciated.  
  Thanks,

  This is not possible OOTB. your requirement is get the list of all site collections on root site then security trim( which means user can see only the sites where they have permission.)
  I think this required alot of effort(developing a solutions and checking the permission on all sites). Issue is you have more than 700 sites collections and tons of user for each site collections and also 700+ clients.
  May be think about creating a list and fill that with all site collections(using script). then trim configure the item level permission( but lot of work).
  if you have user profile services then may be check about the memberships feature. 
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• SharePoint 2013 SIP Address has no value in site collection for users

  I have SharePoint 2013 site collection and I gave access to particular user design access. When I check the user information i do not have any value of that users SIP field. In that domain I am having exchange mail server and LYNC 2010 server. Please help
  me on this issue.

  SIP value exist in AD.
  i check user profile service and edit for user, in that SIP value is exists.
  But when i go to Site Action - > site setting -> People and group
  then i am not able to find SIP value for the users.
  when i delete user from the site users and re-add user then SIP value is coming. but that's nit feasible because i have around 150 sites.
  Please give me solution or should i make the tool which will update user SIP value for all the sites?
  Coz of SIP value when i add site users web part then status is not showing for the user in the web parts.

• 2013 SP Site Collection and Farm Admin permissions and cannot access site

  I am Farm Admin and Site Collection admin on my 2013 SP server and CAN access Central Admin, but CANNOT open the site without being promted for user name and password.  When I enter the user name and password they are not accepted. 
  This is on my production server.  I have NO PROBLEMs with the staging server.  The 2 are set up exactly the same.
  Any suggestions? 

  Discussion
  Farm Administrators are not automatically able to access site collections.  They can however add themselves to the site collection administrators group.  Additional detail:
  Permissions for site collection administrators - scroll down to the
  SharePoint farm administrators section (midway down) and look for the
  Note.
  Resolution
  Add your farm administrators account to the site collection administrators group. You can do this two ways:
  Go: Central administration > Application Management > Site Collections > Change site collection administrators
  Go: [your site collection] > Site Settings > Users and Permissions > Site collection administrators.

• Granting users Site admin to All site collections and/or Adding an o365 group by email to site admin group on all Site collections

  We will have 1000s of site collections.
  Why doesn't SharePoint Online 2013 offer a way to grant a user or a group Site admin rights to all site collections?
  And.. if we must add the user to every single site, can this be done by an o365 or ADFS group using it's email?
  We'd like to run this script to add a group to site collection admin on all sites, but Groups can't be referenced by an email?
  Get-SPOSite|foreach{Set-SPOUser -Site $_.Url -LoginName [email protected] -IsSiteCollectionAdmin $True}
  produces an error.  And if we try to add the group by email manually through the UI it can't find it either.   We've tried this with o365 groups and  ADFS groups.
  Any way to reference these groups from PowerShell?
  Is this limitation there for a reason? 

  bump.. anybody?

• Splitting Site Collection and Changing the Managed Paths

  Hi there,
  I was hoping for some advice.  We are planning the upgrade our SP 2010 to SP 2013.  We have one Site Collection whose DB is nearing 180GB and growing so we are going to "split" it up into four.
  So, the logical thing would be to export sites/subsites and import them into their own site collection.  What I have found though is that when doing this, the workflow history is not kept - we need the workflow history so this is not an option.
  My other thought was to restore the DB, move the contents to a new Content DB, delete out of there what I don't want and do that four times.  That could work but then I get the problem of the URL.  I'm assuming by restoring this same DB four times
  it will be using the same URL?
  So, if anybody knows of a tool out there that can do an export/import that will keep the workflow history that would be perfect (it would have to be free...) - or, how can I restore the DB's to new URL/Managed Paths?  Or maybe you have a better
  solution?  Any help would be appreciated.

  Rebecca, thanks for the suggestion - I just think that could get a bit messy for my users.
  Alex, the Workflow Cleanup job is disabled as we need to keep a record of who approved the task items.  I cannot lose the history.
  What I have done, and have only just started testing, was to backup and restore in Powershell the "Root site" and delete the three subsites.  Then, do the same again but this time, restore to a new URL 
  http://blogs.msdn.com/b/erica/archive/2013/11/26/customer-question-renaming-site-collections-in-sharepoint-2013.aspx 
  So, I've the done the following:-
  Backup-SPSite http://domain/sites/HR –Path E:\Backup\HRBackup.bak -UseSqlSnapshot
  Restore-SPSite http://sp.contoso.net/sites/HR/Subsite1 –Path E:\Backup\HRBackup.bak -ContentDatabase SPS_HRSite1
  Restore-SPSite http://sp.contoso.net/sites/HR/Subsite2 –Path E:\Backup\HRBackup.bak -ContentDatabase SPS_HRSite2
  Restore-SPSite http://sp.contoso.net/sites/HR/Subsite3 –Path E:\Backup\HRBackup.bak -ContentDatabase SPS_HRSite3
  Obviously space could be an issue.  Not a perfect solution but workflow history is kept and I've been able to split my Site Collection. My next challenge is moving the subsite into the root of that new site collection.  I added a comment here if
  anybody has any answers -
  https://social.technet.microsoft.com/forums/sharepoint/en-US/1dbd3d7c-ccd3-42e2-ba48-ad5731f38a58/change-subsite-to-toplevel-site-without-changing-the-link?prof=required

• Host Header Site Collection and Web App Setup - Thoughts

  I am trying to understand relation between AAM and web app extension .Please share your expert opinion. I have not seen any TechNet article talking about it clearly.
  Here it goes: in 2010 it was recommended Not to use AAM with IIS bindings without extending the web application. This was mentioned in several TechNet articles also its  a known “Mistake #4” on TechNet articles.
  So question is, is that still the same case in 2013?
  Most of the times it is recommended to remove web app host header from IIS if you are using this web app for HHSC, otherwise sites will not be accessible. I have find no issues by leaving web app host header and adding more bindings for host header site
  collections any thoughts on this ?
  Thanks. 

  Hi,
  I found some articles for helping understand Extend web application and
  Alternate access mappings.
  “If you want to expose the same content in a Web application to different types of users by using additional URLs or authentication methods, you can extend an existing Web application into a new zone. When you extend the Web application into a new zone,
  you create a separate Internet Information Services (IIS) Web site to serve the same content, but with a unique URL and authentication type. An extended Web application can use up to five network zones (Default, Intranet, Internet, Custom, and Extranet). For
  example, if you want to extend a Web application so that customers can access content from the Internet, you select the Internet zone and choose to allow anonymous access and grant anonymous users read-only permissions. Customers can then access the same Web
  application as internal users, but through different URLs and authentication settings..”
  After you extend web application, there is a new site created in IIS but the content are the same. We extend it to a new zone for different authentication methods, so that we could support different security between Internet site, Intranet site and Extranet
  site.
  “Alternate access mappings direct users to the correct URLs during their interaction with SharePoint 2013. Alternate access mappings enable SharePoint 2013 to map web requests to the correct web applications and sites, and they enable SharePoint 2013 to
  serve the correct content back to the user.”
  AAM is to offer different urls to users to access one site. Sometimes the url of a site is not easy to remember , we could use AAM to create simple url.
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• Creation of dynamic site collection and sub-sites

  We are having an enterprise system where organization wide operations are maintained. Recently we decided to provide collaboration features for each operation maintained in the system using SharePoint 2013, since that enterprise system did not provide
  any social/collaboration features.
  Assumptions/constraints -
  1. Every year 2500 operations are created
  2. Each operation can have documents and other content scaling upto 5 GB.
  3. Only SharePoint provider hosted apps are allowed to build the solution
  For seamless integration, we are creating an automation component which will a SharePoint provision site automatically when an Operation is created in the enterprise system (we will get the trigger through web services)
  Proposed solution - 
  After going through
  Software boundaries and limits for SharePoint 2013, I'm thinking of proposing this architecture -
   1. A windows service will be created which will accept the trigger to create a site and take care of provisioning the entire site 
   2. A maximum of 700 sites will be created per site collection (based on the size calculations and keeping some buffer)
   3. Once a site collection hits 700 sub-sites, a new site collection is automatically created for provisioning the new sites
   4. Provision the apps and add them to site pages using powershell/CSOM
  Kindly let me know if this approach is effective or any major road-blocks we need to take care of in this.
  NLV - MCTS - Blog -
  Twitter - In

  Hi Margriet,
  We are looking at the SharePoint 2013 limitations and trying to devise the best possible solution. We are open to create multiple content databases for multiple site collections or with single contentdatabase having multiple site collections (which doesn't
  look like feasible). So it is a matter of deciding which will best suit this scenario.
  NLV - MCTS - Blog -
  Twitter - In

• How to publish an Admin-Approved InfoPath template to 2 different site collections, and retain same internal column names

  Hi,
  I am wondering how best to publish an InfoPath form as an Admin-Approved template, to both Site Collection 1 (SC1) and Site Collection 2 (SC2). Some fields are promoted to SharePoint columns.
  I have already published my form to SC1, by choosing Publish to SharePoint Server > chose SC1 > Admin-approved > chose to publish to columns I had created manually on SC1 (these columns had relatively user-friendly internal names such
  as 'Form_x0020_Status' etc, which I reference in xsl + code). I then uploaded the template in Central Admin as Admin-Approved, and activated the feature on SC1. This all worked fine.
  However, if I then go to activate the feature on SC2, it creates columns with different internal names (GUIDs), which means my xsl + code won't work. If I try creating columns manually on SC2 before publishing, it still creates new GUID columns.
  This of course must be because on feature activation on SC2, it cannot find the exact columns specified in the template (which was published to SC1), so it creates new ones.
  In that case, what is the best way to publish an Admin-Approved template to 2 different site collections? One option is to create the columns using code, and deploy them to both sites as a feature, ensuring all IDs are the same. But should this be necessary, is
  there any option available using only InfoPath and SharePoint?
  Thanks for reading.

  Check these similar threads
  Republish
  existing InfoPath Form to a different SharePoint Site
  How
  to Programmatically Publish an InfoPath 2010 Template (.xsn) to Multiple SharePoint Sites
  Hope it will help
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

• In some site collections old user accounts are not replacing after stsadm migrateuser

  Hi,
     When running stsadm migrate user that actually not replacing the old account for some users in the site collection. Any idea please?

  I got the reason, I needed to run the migrate user command in concerned farm. As that was the consuming farm so I was under impression that I needed to run the command in the publishing farm only. But that is not the case.

• Site collections and quicklaunch

  I'm new to Sharepoint and have a basic design question. On the homepage quick launch I would like a link to each department. If I create each dept as a site I can simply inherit the parent quick launch, great. But it has been recommended that I create each
  dept as a site collection instead to allow flexibility and growth. Problem is that there is no integration with the parent quicklaunch- it's just independent. Any suggestions on design?
  -John

  Hi John,
  Yes its good to have site collection at each department level with separate content database, but the moment you have this structure it will be difficult for you to navigate across site collections. The  alternate approach to have the please navigation
  across site collection is to create Site Map xml and use site map provider. For more details on how to implement this please go though below links
  http://www.ericjochens.com/2013/04/consistent-top-navigation-menu-across.html
  http://www.fusecollaboration.com/Blog/archive/2012/03/14/sharepoint-cross-site-collection-common-top-navigation.aspx
  http://blah.winsmarts.com/2008-1-implementing_consistent_navigation_across_site_collections.aspx
  Raghavendra Shanbhag | Blog: www.SharePointColumn.com
  Please click "Propose As Answer " if a post solves your problem or "Vote As Helpful" if a post has been useful to you.
  Disclaimer: This posting is provided "AS IS" with no warranties.

• Is it possible to restrict access to individual SharePoint Online sites (or site collections) to users only connecting when on the corporate network?

  Hi,
  We have an Office 365 environment which is linked to our on premise ADFS environment. We have started to make some deployments of sites to our SharePoint Online environment. For the majority of sites this is great and the ability to access the sites
  from anywhere is a real bonus. However, there are some sites and data that I would be much more comfortable in migrating to SharePoint Online if there were a way to make them only accessible via users/computers connected to the corporate network. 
  I have seen articles in how you can configure ADFS to allow all connections to the Office 365 tenant only from the network or not but what I am after is something which can be configured on a site by site basis (i.e. not the whole Office 365 environment
  or SharePoint Online environment) to only allow access when connecting from the corporate network.
  Any advice/help would be much appreciated?
  Many thanks
  Paul

  Hi,
  This is the forum to discuss questions and feedback for Microsoft Office, the issue is more related to SharePoint online, I recommend you post your question to the Microsoft Office 365 Community Sites and document sharing Forum
  http://community.office365.com/en-us/f/154.aspx
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Thanks
  George Zhao
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click "[email protected]"

• Host Named Site Collections and www

  I currently have a hostnamed webapp that uses Windows Auth(Claims) in the default zone and it is extended for anonymous
  access(Internet Zone)
  I have siteinternal.com and www.sitexternal.com
  The users also want to use siteexternal.com without the www.
  There is no way to add the site again to the Internet Zone.
  Adding it to another zone results in it using windows auth and prompts, as per the default zone.
  Is there a way to handle this? is the www handled as a different site in SP eyes?
  themush

  This adds a AAM to the HNSC teams.contoso.com of teamsites.contoso.com.
  So if you have siteexternal.com and want to add www.siteexternal.com, run:
  Set-SPSiteUrl (Get-SPSite ‘http://siteexternal.com') –Url ‘http://www.siteexternal.com' –Zone Internet
  Make sure DNS is properly configured with the "www" A record in the siteexternal.com zone.
  Trevor Seward, MCC
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.