SaaS Sharepoint, ADFS claims and internal AD-CA: How to disable CRL check in Sharepoint?

Similar Messages

• Does Anyone Knows How To Disable The "Check For Updates" Option in Adobe Edge Code and Reflow?

  Does Anyone Knows How To Disable The "Check For Updates" Option in Adobe Edge Code and Reflow?
  Thanks in Advance

  I don't think there is a way for Edge Code. I'm not sure about Reflow.
  Why don't you just upgrade? That will stop the notifications.
  Randy

• How to disable Shredded Storage in SharePoint 2013?

  Hi,
  My understanding is that SharePoint provide  "FileOperationSettings" property to disable Shredded Storage but this property is not working in SharePoint 2013 RTM release.
  Only the way they provide is modify the FileWriteChunkSize property and set the chunk size is 2 GB  for bypassing the shredded storage.
  Is there any another way to disable the Shredded Storage in SharePoint 2013 and store the document in database same as SharePoint 2010 does?

  Hi Nitin, 
  To override the FileChunkSize is the best way to disable shredded storage. The following powershell is one of the cleanest way to do it. Shredded storage causes some undesirable effects sometimes and disabling it in this way works pretty nicely. You can
  set the chunk size to 1 GB itself ( 2 GB is not reqd).
  $wa = Get-SPWebApplication http://webappurl
  $wa.WebService.FileWriteChunkSize = 1073741824
  $wa.webservice.update()
  Narahari
  ******If a post answers/helps your question, please click
  "Mark As Answer" on that post and/or "Vote as Helpful*******

• Intermittent beeping sound from my PC internal speaker. How to disable it?

  I have a HP Pavilion 1070d PC.  I get an intermittent beeping sound from my PC internal speaker.  It seems to engage when the hard drive starts working when it's been down for a while.  How do I disable the beeping sound?

  Domgoh, welcome to the forum.
  Normally, the beeps that come from a computer are BIOS beep codes.  They are warnings that something is wrong with the computer.  At the bottom of the page in the link that I provided are codes for different motherboards.  Review them to see if this is what you are receiving.
  Please click "Accept as Solution" if your problem is solved.
  Signature:
  HP TouchPad - 1.2 GHz; 1 GB memory; 32 GB storage; WebOS/CyanogenMod 11(Kit Kat)
  HP 10 Plus; Android-Kit Kat; 1.0 GHz Allwinner A31 ARM Cortex A7 Quad Core Processor ; 2GB RAM Memory Long: 2 GB DDR3L SDRAM (1600MHz); 16GB disable eMMC 16GB v4.51
  HP Omen; i7-4710QH; 8 GB memory; 256 GB San Disk SSD; Win 8.1
  HP Photosmart 7520 AIO
  ++++++++++++++++++
  **Click the Thumbs Up+ to say 'Thanks' and the 'Accept as Solution' if I have solved your problem.**
  Intelligence is God given; Wisdom is the sum of our mistakes!
  I am not an HP employee.

• JDev/ADF Faces 11gR2.3: UI Shell, how to disable scrollbars from logo

  I have set a header logo by using the UI Shell template property "logoImagePath" attribute. Upon running the page, I notice that if I resize the browser window width to a smaller value then the image width, horizontal and vertical scroll bars appear. This is not desirable and I'm looking for a way to disable the scrollbars. Any suggestions on how to solve this issue?
  thanks,
  Wes

  I guess for this you have to alter the template. I don't have the ui shell template at hand but my guess it that the image is child of a panelgroupLayout of type scroll. When the browser window is resized below the width or height of the panel group you get scroll bars. To change this you have to remove the panelGroupLayout and just use a group.
  Timo

• Caps, Scroll and Num Lock Notification - How to disable

  Hi,
  When i hit either my caps, scroll or num lock on my keyboard have this small notification popup and have problem disabling the function.
  How will i go about to disable this?

  C:\Program Files (x86)\Hewlett-Packard\Shared
  Find hpCaslNotification.exe and rename it.
  Then open task manager and kill this process.
  You have to rename the file, simplly killing won't work because hphotkeymonitor service runs it every time you press caps lock, scroll lock or num lock.

• SharePoint 2010 Search Error: "Internal server error exception"

  Hi,
  We have a SharePoint 2010 Farm with 5 servers:
  1 SQL Server Cluster
  2 WFE
  1 Index Server
  1 Search Server
  Please see bellow a more detailed specification.Our DNS is using a Load Balancer
  It turns out that when it uses one WFE (SERVWFE05) it throws this error:
  SharePoint 2010 Search Error: "Internal server error exception"
  when it uses the other one (SERVWFE06) it works.
  What can be wrong?
  SERVERS IN FARM
  Server
  SharePoint Products Installed
  Services Running
  Status
  SERVAPI07
  Language Pack for SharePoint Foundation 2010 - Portuguese/Português 
   Central Administration 
   Upgrade Available  Remove Server  
  Language Pack for SharePoint Foundation 2010 - Russian/русский 
  Claims to Windows Token Service 
  Language Pack for SharePoint Foundation 2010 - Spanish/Español 
  Microsoft SharePoint Foundation Incoming E-Mail 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Portuguese/Português
  Microsoft SharePoint Foundation Web Application 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Russian/русский 
  Microsoft SharePoint Foundation Workflow Timer Service 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Spanish/Español 
  Secure Store Service 
  Microsoft SharePoint Server 2010 
  SharePoint Server Search 
  Web Analytics Data Processing Service 
  Web Analytics Web Service 
  SERVAPI08
  Language Pack for SharePoint Foundation 2010 - Portuguese/Português
   Central Administration 
   Upgrade Available
  Language Pack for SharePoint Foundation 2010 - Russian/русский 
  Claims to Windows Token Service 
  Language Pack for SharePoint Foundation 2010 - Spanish/Español 
  Microsoft SharePoint Foundation Incoming E-Mail 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Portuguese/Português
  Microsoft SharePoint Foundation Web Application 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Russian/русский 
  Microsoft SharePoint Foundation Workflow Timer Service 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Spanish/Español 
  Search Query and Site Settings Service 
  Microsoft SharePoint Server 2010 
  SharePoint Server Search 
  SERVSQL13
  Microsoft SharePoint Foundation Database 
   No Action Required 
  SERVWFE05
  Language Pack for SharePoint Foundation 2010 - Portuguese/Português 
   Microsoft SharePoint Foundation Incoming E-Mail 
  Language Pack for SharePoint Foundation 2010 - Russian/русский 
  Microsoft SharePoint Foundation Web Application 
  Language Pack for SharePoint Foundation 2010 - Spanish/Español 
  Microsoft SharePoint Foundation Workflow Timer Service 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Portuguese/Português
   Upgrade Available  Remove Server  
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Russian/русский 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Spanish/Español 
  Microsoft SharePoint Server 2010 
  SERVWFE06
  EMBWFEPRD06  Language Pack for SharePoint Foundation 2010 - Portuguese/Português
   Microsoft SharePoint Foundation Incoming E-Mail 
   Upgrade Available
  Language Pack for SharePoint Foundation 2010 - Russian/русский 
  Microsoft SharePoint Foundation Web Application 
  Language Pack for SharePoint Foundation 2010 - Spanish/Español 
  Microsoft SharePoint Foundation Workflow Timer Service 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Portuguese/Português
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Russian/русский 
  Language Pack for SharePoint, Project Server and Office Web Apps 2010 - Spanish/Español 
  Microsoft SharePoint Server 2010 
  MODIFY TOPOLOGY
  Server Name
   Category 
  SERVAPI07   
  Admin 
   Administration Component
  SERVAPI07   
  Crawl
   Crawl Component 1
  SERVSQL13   
  Databases 
   Administration Database : Search_Service_Application_DB1
  SERVSQL13   
   Crawl Database : Search_Service_Application_CrawlStore_DB2
  SERVSQL13   
   Property Database : Search_Service_Application_PropertyStore_DB3
  SERVAPI08   
  Index Partition - 0
   Query Component 1
  Many thanks
  J.CLUA

  HI,
  1.  
  Ensure that the IIS Admin service is running
  2.  
  Ensure that the ApppPool related to the service is running
  3.  
  Ensure that the DB server that application is located is running and have enough space.
  4.  
  Ensure that the Apppool is set with the correct credentials and password.
  Do you see any correllation ID while search or any error.If its a correlation ID,please check the below site to get the exact error from where its generating.
  http://expertsharepoint.blogspot.de/2014/07/how-to-find-correlation-id-error.html
  - See more at: http://expertsharepoint.blogspot.de/search?q=internal#sthash.rS79y0Nd.dpuf
  Anil Avula[Partner,MCP,MCSE,MCSA,MCTS,MCITP,MCSM] See Me At: http://expertsharepoint.blogspot.de/

• Adf bc and toplink

  Dear sirs.:
  My company will cange from forms to Jdev (adf), my question is:
  using only adf bc with jboss (for example) , can i do balancing to another jboss machine of some (heavy) objects, without using toplink ?
  I'm affraid off developing a 2 tier aplication with adf bc, and it becames heavy, how can i do balancing with no code changing, using only others aplication servers on the network?

  Can you tell us more about your expected client technology? Web application with JSF or desktop-fidelity client using ADF Swing?
  Can you clarify what you mean by "heavy objects" ?
  Are you asking whether applications built using ADFBC work well in an application cluster or server farm of multiple servers?
  Thanks for helping clear up these questions I have.

• Exposing Stateless bean as ADF library and Webservice

  Hi  All,
  I Created a session bean and created data control(remote and local both)and deployed as ADF library. It works fine. Then with the same session bean (right click selected create web service ) exposed as web services. The web service is also working fine. Now i created the ADF Library again(after web service annotation is added) and tried to use it in application. This time it throws exception.
  My requirement is i want to expose the ejb as adf lib and web service. How to achieve this?please help
  Thanks,
  Jai

  Hi  All,
  I Created a session bean and created data control(remote and local both)and deployed as ADF library. It works fine. Then with the same session bean (right click selected create web service ) exposed as web services. The web service is also working fine. Now i created the ADF Library again(after web service annotation is added) and tried to use it in application. This time it throws exception.
  My requirement is i want to expose the ejb as adf lib and web service. How to achieve this?please help
  Thanks,
  Jai

• ADFS Claims Authentication, Configuring UPA and People Picker

  Hi,
  I am just trying to get my head around setting up ADFS to authenticate users along with allowing UPA (My Sites) and People Picker to work.
  So, my environment is a WFE and an SQL Server offsite and my AD and ADFS 2.0 server onsite.  We have configured SharePoint as below and applied the Claims Provider to my Intranet web app and My Sites web app and I can login in with my
  account as [email protected] (UPN)
  $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("E:\ADFS_SelfSigned.cer")
  New-SPTrustedRootAuthority -Name "ADFS Self Signed” -Certificate $cert
  $map1 = New-SPClaimTypeMapping "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "Account ID" –SameAsIncoming
  $map2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" –SameAsIncoming
  $map3 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" –SameAsIncoming
  $realm = “https://intranet.domain.com.au/_trust/”
  $signinurl = “https://adfs01.domain.com.au/adfs/ls/”
  $ap = New-SPTrustedIdentityTokenIssuer –Name "SAML Provider" -Description "My Custom Identity Provider" –Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1,$map2,$map3 –SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType
  $uri = new-object System.Uri("https://adfs01.domain.com.au/adfs/ls/")
  $ap.ProviderRealms.Add($uri, " https://mysites.domain.com.au/_trust/")
  $ap.Update()
  iisreset
  When trying to configure a new synchronisation connection> Activery Directory Import under the User Profile Service Application, I get an error saying it can't connect to the Domain Controller which would make sense as they are not on the
  same domain.
  I believe that MS have a sync utility that works with Office365/MS Cloud - is there a similar solution available for my configuration? 

  AD import still uses LDAP/ADSI... ADFS cannot be used DIRECTLY as a sync source, since it is NOT a QUERYABLE technology. It is an AUTHENTICATION technology. UPS syncs to a QUERYABLE data source like LDAP/ADSI, and maps one of the properties to the ADFS login
  (most people choose email or UPN, though I tend to recommend SID for various reasons).
  Also, since people picker displays a SEARCH window, and since ADFS is not a QUERYABLE technology, the people picker (by default) ASSUMES that whatever you type in will be VALID. You can SEARCH the UPS, but if you type an email address or something of that
  nature, it is NOT going to SEARCH your directory! To address this, you need to install a custom Identity Provider... one is available on CodePlex, which performs an LDAP search against the domain controller... if that's not an option, you need a custom coded
  solution.
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• NTLM and ADFS claim treated as different user

  Dear All:
  Currently our SharePoint is using mix authentication mode (claim mode with two authentcation providers)：
  Windows-NTLM & ADFS2.0
  The ADFS'a identity store is same as SharePoint's domain, it means we have only a single AD, NTLM authentication provider is used for users who are in office, ADFS authentication provider is used when they are at home. (The same credential)
  When users opens SharePoint, it prompts a page to let user to select which authentication provider they want to use (NTLM or ADFS).
  The question is when the same user login by using NTLM or ADFS, the user will be treated as a different user
  For example:
  UserA login by using NTLM, his identity claim looks like: Domain\UserA
  UserA login by using ADFS, his identity claim looks like:  i:05.t|saml provider|[email protected]
  The profile and permissions of this user will be different
  Is there a way to treat the user as the same user no matter login by ADFS or NTLM ?
  I know if we remove the NTLM authentication provider, only use ADFS can solve this problem, but the client don't want to do this, because：
   The SharePoint is upgraded from 2007 (Classic mode) and it has a huge number of existing users, resources, permissions.
  After upgraded to the claim mode, SharePoint automatically used the NTLM authentication provider.
  If we removed the NTLM authentication provider, the client has to reset all permissions in SharePoint again, for example:
  A ListItem's Permission:
  1. In SharePoint 2007 Classic Mode:
  Domain\UserA -- Full Control
  2. After upgraded to SharePoint 2010 and upgraded to Claim Mode, the client didn't need to reset the permission：
  Domain\UserA -- Full Control
  3. If we remove the NTLM authentication provider, the client have to reset the permission：
  i:05.t|saml provider|[email protected] -- Full Control
  Any ideas would help,
  Thanks a lot!

  SharePoint sees the Windows and Claims identities as different, even though they are the are the same user in the same directory store.
  I'm troubled by the SAML token though, if it was a claims windows token (i:0.w) I would say you could use Move-SPUser to consolidate them. I've done this
  before when during configuration of a farm a user can appear with duplicate entries in the site, one for windows auth (DOMAIN\user) and one for claims (i:0.w#domain\user).
  Move-SPUser can merge the SPUser objects together (this was one of the purposes of it's predecesor, the migrateuser stsadm operation). If it was a windows token it works, but because of the ADFS provider it could be strange.
  Here's how I would test it out:
  Create a new test user (no sense in messing up a real user)
  Log test user in to the site with NTLM
  Log out test user
  Log test user in to the site with ADFS
  Log out test user
  With an admin account, verify using the method you previously used to determine duplicates that there are indeed two users for this test account (one windows, one SAML). 
  Move-SPUser (details below)
  Verify there is now one user for the test user
  Log test user on to the site with NTLM
  Log out test user
  Log test user on to the site with SAML
  Log out
  With an admin account, verify again to make sure there is still only one account
  For Move-SPUser and windows claims I would usually recommend merging the windows account into the claims. Without knowing what will happen I'd say let's try the same here (merge the windows account into the SAML claim):
  $testUser = Get-SPUser -Web "http://sitecollection/or/site" -Identity "DOMAIN\testuser"
  Move-SPUser -Identity $testUser -NewAlias "i:05.t|saml provider|[email protected]" -IgnoreSID
  Jason Warren
  Infrastructure Architect
  Habanero Consulting Group
  habaneroconsulting.com/blog

• ADFS SSO and SharePoint 2013 on-premise Hybrid outbound search results from SharePoint Online - does it work?

  Hi, 
  I want to setup an outpund hybrid search for SharePoint 2013 on-premise to SharePoint Online.
  But I'm not shure if this works with ADFS SSO.
  Has somebody experience with this setup?
  Here's my guide which I'm going to use for this installation:
  Introduction
  In this post I'll show you how to get search results from your SharePoint Online in your SharePoint 2013 on-premise search center.
  Requirements
  User synchronisation ActiveDirectory to Office 365 with DirSync
  DirSync password sync or ADFS SSO
  SharePoint Online
  SharePoint 2013 on-premise
  Enterprise Search service
  SharePoint Online Management Shell
  Instructions
  All configuration will be done either in the Search Administration of the Central Administration or in the PowerShell console of your on-premise SharePoint 2013 server.
  Set up Sever to Server Trust
  Export certificates
  To create a server to server trust we need two certificates.
  [certificate name].pfx: In order to replace the STS certificate, the certificate is needed in Personal Information Exchange (PFX) format including the private key.
  [certificate name].cer: In order to set up a trust with Office 365 and Windows Azure ACS, the certificate is needed in CER Base64 format.
  First launch the Internet Information Services (IIS) Manager
  Select your SharePoint web server and double-click Server Certificates
  In the Actions pane, click Create Self-Signed Certificate
  Enter a name for the certificate and save it with OK
  To export the new certificate in the Pfx format select it and click Export in the Actions pane
  Fill the fields and click OK Export to: C:\[certificate
  name].pfx Password: [password]
  Also we need to export the certificate in the CER Base64 format. For that purpose make a right-click on the certificate select it and click on View...
  Click the Details tab and then click Copy to File
  On the Welcome to the Certificate Export Wizard page, click Next
  On the Export Private Key page, click Next
  On the Export File Format page, click Base-64 encoded X.509 (.CER), and then click Next.
  As file name enter C:\[certificate
  name].cer and then click Next
  Finish the export
  Import the new STS (SharePoint Token Service) certificate
  Let's update the certificate on the STS. Configure and run the PowerShell script below on your SharePoint server.
  if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
  # set the cerficates paths and password
  $PfxCertPath = "c:\[certificate name].pfx"
  $PfxCertPassword = "[password]"
  $X64CertPath = "c:\[certificate name].cer"
  # get the encrypted pfx certificate object
  $PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
  # import it
  Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $PfxCert
  Type Yes when prompted with the following message.
  You are about to change the signing certificate for the Security Token Service. Changing the certificate to an invalid, inaccessible or non-existent certificate will cause your SharePoint installation to stop functioning. Refer
  to the following article for instructions on how to change this certificate: http://go.microsoft.com/fwlink/?LinkID=178475. Are you
  sure, you want to continue?
  Restart IIS so STS picks up the new certificate.
  & iisreset
  & net stop SPTimerV4
  & net start SPTimerV4
  Now validate the certificate replacement by running several PowerShell commands and compare their outputs.
  # set the cerficates paths and password
  $PfxCertPath = "c:\[certificate name].pfx"
  $PfxCertPassword = "[password]"
  # get the encrypted pfx certificate object
  New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
  # compare the output above with this output
  (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
  [/code]
  ## Establish the server to server trust
  [code lang="ps"]
  if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
  Import-Module MSOnline
  Import-Module MSOnlineExtended
  # set the cerficates paths and password
  $PfxCertPath = "c:\[certificate name].pfx"
  $PfxCertPassword = "[password]"
  $X64CertPath = "c:\[certificate name].cer"
  # set the onpremise domain that you added to Office 365
  $SPCN = "sharepoint.domain.com"
  # your onpremise SharePoint site url
  $SPSite="http://sharepoint"
  # don't change this value
  $SPOAppID="00000003-0000-0ff1-ce00-000000000000"
  # get the encrypted pfx certificate object
  $PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
  # get the raw data
  $PfxCertBin = $PfxCert.GetRawCertData()
  # create a new certificate object
  $X64Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
  # import the base 64 encoded certificate
  $X64Cert.Import($X64CertPath)
  # get the raw data
  $X64CertBin = $X64Cert.GetRawCertData()
  # save base 64 string in variable
  $CredValue = [System.Convert]::ToBase64String($X64CertBin)
  # connect to office 3656
  Connect-MsolService
  # register the on-premise STS as service principal in Office 365
  # add a new service principal
  New-MsolServicePrincipalCredential -AppPrincipalId $SPOAppID -Type asymmetric -Usage Verify -Value $CredValue
  $MsolServicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $SPOAppID
  $SPServicePrincipalNames = $MsolServicePrincipal.ServicePrincipalNames
  $SPServicePrincipalNames.Add("$SPOAppID/$SPCN")
  Set-MsolServicePrincipal -AppPrincipalId $SPOAppID -ServicePrincipalNames $SPServicePrincipalNames
  # get the online name identifier
  $MsolCompanyInformationID = (Get-MsolCompanyInformation).ObjectID
  $MsolServicePrincipalID = (Get-MsolServicePrincipal -ServicePrincipalName $SPOAppID).ObjectID
  $MsolNameIdentifier = "$MsolServicePrincipalID@$MsolCompanyInformationID"
  # establish the trust from on-premise with ACS (Azure Control Service)
  # add a new authenticatio realm
  $SPSite = Get-SPSite $SPSite
  $SPAppPrincipal = Register-SPAppPrincipal -site $SPSite.rootweb -nameIdentifier $MsolNameIdentifier -displayName "SharePoint Online"
  Set-SPAuthenticationRealm -realm $MsolServicePrincipalID
  # register the ACS application proxy and token issuer
  New-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/metadata/json/1/" -DefaultProxyGroup
  New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/metadata/json/1/" -IsTrustBroker -Name "ACS"
  Add a new result source
  To get search results from SharePoint Online we have to add a new result source. Run the following script in a PowerShell ISE session on your SharePoint 2013 on-premise server. Don't forget to update the settings region
  if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
  # region settings
  $RemoteSharePointUrl = "http://[example].sharepoint.com"
  $ResultSourceName = "SharePoint Online"
  $QueryTransform = "{searchTerms}"
  $Provier = "SharePoint-Remoteanbieter"
  # region settings end
  $SPEnterpriseSearchServiceApplication = Get-SPEnterpriseSearchServiceApplication
  $FederationManager = New-Object Microsoft.Office.Server.Search.Administration.Query.FederationManager($SPEnterpriseSearchServiceApplication)
  $SPEnterpriseSearchOwner = Get-SPEnterpriseSearchOwner -Level Ssa
  $ResultSource = $FederationManager.GetSourceByName($ResultSourceName, $SPEnterpriseSearchOwner)
  if(!$ResultSource){
  Write-Host "Result source does not exist. Creating..."
  $ResultSource = $FederationManager.CreateSource($SPEnterpriseSearchOwner)
  $ResultSource.Name = $ResultSourceName
  $ResultSource.ProviderId = $FederationManager.ListProviders()[$Provier].Id
  $ResultSource.ConnectionUrlTemplate = $RemoteSharePointUrl
  $ResultSource.CreateQueryTransform($QueryTransform)
  $ResultSource.Commit()
  Add a new query rule
  In the Search Administration click on Query Rules
  Select Local SharePoint as Result Source
  Click New Query Rule
  Enter a Rule name f.g. Search results from SharePoint Online
  Expand the Context section
  Under Query is performed on these sources click on Add Source
  Select your SharePoint Online result source
  In the Query Conditions section click on Remove Condition
  In the Actions section click on Add Result Block
  As title enter Results for "{subjectTerms}" from SharePoint Online
  In the Search this Source dropdown select your SharePoint Online result source
  Select 3 in the Items dropdown
  Expand the Settings section and select "More" link goes to the following URL
  In the box below enter this Url https://[example].sharepoint.com/search/pages/results.aspx?k={subjectTerms}
  Select This block is always shown above core results and click the OK button
  Save the new query rule

  Hi  Janik,
  According to your description, my understanding is that you want to display hybrid search results in SharePoint Server 2013.
  For achieving your demand, please have a look at the article:
  http://technet.microsoft.com/en-us/library/dn197173(v=office.15).aspx
  If you are using single sign-on (SSO) authentication, it is important to test hybrid Search functionality by using federated user accounts. Native Office 365 user accounts and Active Directory Domain Services
  (AD DS) accounts that are not federated are not recognized by both directory services. Therefore, they cannot authenticate using SSO, and cannot be granted permissions to resources in both deployments. For more information, see Accounts
  needed for hybrid configuration and testing.
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• SSRS with SharePoint 2013 Integrated and Claims

  I have been reading a number of sources for SQL Server 2012 SSRS and I can't quite seem to get a straight answer about this.  Does SSRS support SAML Token Claims? or does it still require the C2T conversion (which effectively requires a windows account
  to work)?  The reason we ask is that they have other uses for SharePoint and would prefer to not go too far outside the box with the identity provider, but still do not want to stand up an externally facing AD.

  Hi Kpvuppala,
  From the Reporting Services Clients do not support LiveID or SAML Claims Authentication section of the
  Claims Authentication and Reporting Services document, we can see that:
  The Reporting Services client applications: Report Builder, the Report Designer in Business Intelligence Development Studio, and Management Studio do not support connecting and authenticating with LiveID or SAML Claims based SharePoint Web applications.
  The clients can work with other forms of Claims Authentication because they use the Reporting Services authentication endpoint. The endpoint allows the clients to communicate to SharePoint through the same components used by ASP.NET forms authentication. SAML
  Claims and LiveID authentication work differently and are not supported by the Reporting Services clients.
  There is no official document on this topic for SSRS 2012 and SharePoint 2013. Although it is for SSRS 2008 R2 and SharePoint 2010 products, I think it applies to SSRS 2012 and SharePoint 2013 as well. The SAML Claims authentication may not use Reporting
  Services authentication endpoint still.  
  Regards,
  Mike Yin
  If you have any feedback on our support, please click
  here
  Mike Yin
  TechNet Community Support

• Moving/Linking Claims Windows Auth user to an ADFS Claims

  Hi guys, 
  Here is my situation:
  Initial deployment: SharePoint 2010 with Windows Authentication - Users login using AD
  We successfully migrated the web application to use "Claims"
  We then integrated the web application with ADFS 2.0 - Using the same AD users
  Everything seems good and working fine. 
  The question I have is related to content already created in SharePoint. Is it possible to map the new ADFS account usernames to the existing windows authentication claims usernames?
  This is important for users, because we would like the "My" views of lists and libraries to work. SharePoint at the moment thinks that the logged in users (using ADFS) is different than the user who created/modified the documents. (Although it
  is the same AD account)

  Hi Inderjeet
  Thanks for your reply. The article did help in moving users (Move-SPUser) from AD to ADFS (Which I noticed in the securities in groups), however, the issue I'm looking for is still standing where the items that were created by the user using "Windows
  Auth Claim" were not moved/updated to the "ADFS Claim" user, which in fact they map to the same AD user.
  Is there away to transfer/update the created by and modified by attributes of users from Windows Claims to ADFS Claims user?
  UPDATE: The above statement is not correct. Move-SPUser actually updates the created by and modified by attributes to. 

• SharePoint 2010 - Claims Based Authentication - Access Denied for AD Group members

  We're in the process of migrating our SharePoint 2003 system to 2010 and have used Metavis to migrate the data. We had to do the data migration in a lab environment and then move/attach the content database to our production server. The database attached successfully
  and I, as a site collection administrator, can see all sites and the data therein. We are using claims-based auth with ADFS 2.0 as the provider.
  My users, however, get access denied trying to go anywhere on the site. I have added the Active Directory groups to the appropriate SharePoint groups and have confirmed the groups are appearing with the c:0-.t|adfs|group_name syntax. If I add them as individual
  users (i:05.t|adfs|[email protected]) they can authenticate fine, but not by AD group membership.
  I enabled ADFS tracing and I see that the claim being provided includes the SIDs for all the groups the user belongs to. Using ULS Viewer I can see that SharePoint sees the correct number of claims (it doesn't show what those claims are, just the number) but
  it doesn't seem to be connecting the SIDs passed to the group name used in the permissions list. I have also updated the portalsuperreader and portalsuperuser accounts after the database was moved, just in case there was something weird there.
  The ADFS and SharePoint servers are all in the same AD domain, so they should be able to resolve SIDs ok. I suspect the issue is somehow related to the migration of the content database from a separate
  environment (different domain), but I can't figure out for the life of me how to get the group authentication to work.
  Thoughts?

  Brilliant idea. Unfortunately that didn't work - I can get to the new site as the site collection owner, but members of groups to which I assigned permissions still get Access Denied. :-(