Unable to pick AD Attributes from SharePoint for new users

AD attributes not in sync with some of the subsites:

Created a new user profile attribute but these attributes are not available when adding a new column using "person or group" column type... what could be wrong??

Follow the steps to achieve the expected sync on all sites:
Stsadm -o sync -listolddatabases 0
Stsadm -o sync -deleteolddatabases 0 (deletes from cache old databases)
Stsadm -o sync -IgnoreIsActive 1
Stsadm -o sync -synctiming M:1
check profile sync (CA» Operations» Global Configuration» Timer Job Status» scroll down to Profile Synchronization and check for any errors)
check quick profile sync (CA» Operations» Global Configuration» Timer Job Status» scroll down to Quick Profile Synchronization and check for status to track down success/ aborted errors)

run again Stsadm -o sync -listolddatabases 0


if all the content databases are not listed as a result of the above command, try removing content database and attach again.. if you are on production environment, plan and schedule after office hours.. recommended to do db remove/ attach on pre-production first.

how to do this?
Go to Central Administration > Application Management > Content Databases
select each content database, copy exactly the same name of content DB (ex: WSS_Content_HR). Remove content database. Now Add content database. specify exactly the same database name (ex: WSS_Content_HR). Click ok.

Stsadm -o sync -listolddatabases 0

hover mouse over the content database and see the database ID if its in sync with the results you just retrieved after running the command stsadm -o sync -listolddatabases 0

------------------------------------------------------------------------------------------------------

ID: b4fc6c18-a622-498d-8f33-426225dfb22d  Synchronized: 6/27/2011 4:31:03 PM
ID: 943f1a54-245c-4b66-8127-90e7e71066de  Synchronized: 6/27/2011 4:31:03 PM
ID: 4be6b4ee-bb5d-4374-8eb0-a755f0b3350a  Synchronized: 6/27/2011 4:31:02 PM

------------------------------------------------------------------------------------------------------

change back the sync timing to 1 hour to avoid any conflicts.

Stsadm -o sync -synctiming H:1

Also try to Clear the SharePoint Configuration Cache.. refer here . Any issues share here your comments. Please note that you need to stop the windows sharepoint services timer job from services before clearing sharepoint config cache.

Vanishing Trick Revealed

Your credulity is blackmagic witche's and magician's powerful weapon. Magicians Trick revealed.. interested to watch?

David Copperfield - Flying Revealed
vanishing train trick revealed
statue of liberty trick revealed

Craig Dietz: Man with no arms and no legs still swims with confidence

click here to
see Craig on youtube

Craig Dietz is preparing to swim four miles in an open water race despite being born without arms or legsThe Pennsylvania man and motivational speaker says that competing in the race is not about winning but showing people that he can do the same things as everyone else. other reference

Merlin Award for Muthukad

Muthukad, who ventured into the world of magic at the age of 10 now receives International Merlin Award, or the magicians' Oscar for the year 2011 from Tony Hassini, President of the US based International Magicians Society. Gopinath Muthukad is the second Indian to be chosen to receive the Merlin Award after PC Sorkar Jr.

Muthukad's motto is "Magic with a mission" and want to use magic as a tool for social upliftment. He also added the he conducts shows to promote national integration and fight against social evils like alcoholism, tobacco and terrorism.

Muthukad's sustained and rigorous practice takes him in par with David Copperfield. All of the top magicians use sophisticated gadgetry and expensive equipments to mesmerize audiences.

visit Muthukad's magic on youtube: Magician on youtube

also see  David Copperfield's especially when he flies:
David Copperfield - Flying (Levitation),
vanishing Statue of Liberty,
vanishing the Orient Express

vanishing trick revealed...!

Windows Flip 3-D

Switch between open items in windows 7

Alt-Tab as you are aware of is the feature for all previous OS inclusive of Vista OS

but now Windows 7 onwards this has a 3D Flip effect which cycles thru open programs..
Windows logo key +TAB

yes start using this feature.
you can freeze the flip 3D by cycling the tabs CTRL+Windows logo key  +TAB

and to release it press Alt+TAB.. there you go back to work..

Modified AD attributes not in sync with SharePoint portal

Changes made in the User attributes of Active Directory are not reflected in SharePoint portal (MOSS2007)

Queries:

i) created a new User Property attribute and mapped it to the MiddleName. now can’t see it in the list when defining the column type as ‘Person or Group’.

ii) unable to pull the AD attributes and fields on intranet site

 

I have made a connection to our Active Directory and the Synchronization of profiles is working like a charm
Solution is:
Access the SharePoint CA (central admin) using the Farm Admin account,  under Shared Services Administration » select the SharedServices » click user profiles and properties »
click custom source »

and then EDIT the existing connection

just maintain the same fields except for the authentication information where you have to reapply the credentials preferably with domain power user rights.

and then click ok. After which you have to start the crawling services so that the AD fields are fetched immediately.. if on production environment please note to avoid such crawling (full or incremental) after business hours as this will utilise higher resource bandwidth.

the above screen-shots were the recommended solutions from microsoft recently on our portal which I have snipped from our prodcution servers to share with the SharePoint professionals.

leave your comments if interesting or need further descriptive solution.

-Rinith

VBScript to get Hostname and Whoami

you may wonder what're whoami, systeminfo, and other simple dos commands, the o/p for which you have to at least click 5-10 clicks using web interface.. unix, dos and shell savvies would love such commands including me which is what being fetched by the web apps codes to populate currently logged-in user, machine name, current logged in email account, so on and so forth.

'---- your code starts here ... KTR
Dim objNet
On Error Resume Next
'In case we fail to create object then display our custom error
Set objNet = CreateObject("WScript.NetWork")
If  Err.Number <> 0 Then                'If error occured then display notice
 MsgBox "Don't be Shy." & vbCRLF &_
               "Do not press ""No"" If your browser warns you."
 Document.Location = "UserInfo.html"  
                                        'Place the Name of the document.
                                 'It will display again
End if

Dim strInfo
strInfo = "User Name is     " & objNet.UserName & vbCRLF & _
          "Computer Name is " & objNet.ComputerName & vbCRLF & _
          "Domain Name is   " & objNet.UserDomain
MsgBox strInfo

Set objNet = Nothing                    'Destroy the Object to free the Memory
'---- your code ends here --- copy and paste with .vbs extenstion if needs testing

VB Script to send email

VBscript to send email without SMTP service running on your local machine:
dont burn up your mind to know how..
just copy and paste the below vbscript in a notepad and save with the name say send.vbs
you can also copy the below code to embed within your custom developed programs (.net/ aspx/..)
I have tested this in the access, .aspx for sharepoint, and customised applications. You wont believe  this can be also embedded within Excel if you are interested in getting an email every time an excel file is updated by someone in your organisation.. what you are waiting for just adapt and transform the below code :)
'------------------------------------ vbscript begins here
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = "User account unlocked"
objMessage.From = "itsupport@yourdomain.com"
objMessage.To = "abc@yourdomain.com"
objMessage.TextBody = "This is some sample message text."
'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "your smtp server address, can also specify IP address"
'Server port (typically 25 or check with your exchange admin)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.Fields.Update
'==End remote SMTP server configuration section==
objMessage.Send



'-------------------------------------------------------- vbscript ends here



you can either execute the above script manually, or create a scheduler task to execute the above .vbs so that it can be used as an automated process.



To know more about Ports and how to independently search for it from your machines without an domain admins assistance.. will be posting the infos soon under IT» Scripts and Tips Unleashed .
please comment if you have better suggestion so that I can review, test and share the info.

Single signon issues with Sharepoint (MOSS2007)

for some reason if your sharepoint server or any other application server is creating an authentication issue (especially with credentials pop-up) please consider reading the below article which is already puplished at the microsoft site. re-registering will do no harm with the FQDN. I have highlighted the commands which you need to look at. let me know in case of any doubts which I would be happy to explain.

Kerberos Authentication and Delegation.. one of the areas which needs to be looked at

The Kerberos authentication protocol is a technology for single sign-on to network resources. This enables web parts to access remote resources i.e. it makes it possible for web part to access cube information from Analysis Services running on another machine then your SharePoint machine with logged on/page user identity.

All information in this document is based on following articles How to configure a Windows SharePoint Services virtual server to use Kerberos authentication and Configure Kerberos Authentication for Analysis Services.

Requirements

• All accounts (including machine accounts) must belong to the same Windows 2000/2003/2008 based Active Directory domain (or to trusted domains in the same forest).
• User account (s) must allow delegation (default). The user account (s) you want to be delegated must have the Account Is Sensitive And Cannot Be Delegated option cleared (i.e. not checked). You'll find this property in Active Directory Users, under the Account property tab.
• If running Analysis Services 2000 you must have SP3 or higher. SP3 or higher version of PTS needs to be installed both on the server and on the client. In this case the client is the SharePoint Server.
• SPN (Service Principal Names) configuration utility. To configure SPN's you need the tool setspn.exe that can be downloaded from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-o.asp.
• For more in detail requirements please read following articles:

- Enabling Kerberos Authentication for Analysis Services 2000 or Analysis Services 2005

- How to configure a Windows SharePoint Services virtual server to use Kerberos authentication

Configuration

1.            Enable Kerberos in the IIS Metabase on your SharePoint machine

To configure a virtual server that is extended with Windows SharePoint Services to use Kerberos authentication, you must first enable Kerberos in IIS. To enable Kerberos on the virtual server, first you need to shutdown IIS (iisreset /stop in the command window) and then follow these steps:

a.     On your SharePoint server, start Notepad, and then open the \system32\inetsrv\Metabase.xml file located on the hard disk.

b.     In the <IIsWebServer> section, locate the following line:

NTAuthenticationProviders="NTLM"

Modify the line so that it reads exactly as follows:

NTAuthenticationProviders="Negotiate,NTLM"

c.     Save changes and then quit Notepad.

d.     Start IIS (Run iisreset /start in the command window).

2.            Configure SharePoint machine to be Trusted for Delegation

To configure your SharePoint server to be trusted for delegation, follow these steps:

a.     On the domain controller, start Active Directory Users and Computers.

b.     In the left pane, click Computers.

c.     In the right pane, right-click the name of your SharePoint server, and then click Properties.

d.     Click the Delegation tab (or General for WinSrv2000), click to select the Trust computer for delegation check box.

e.     Quit Active Directory Users and Computers.

3.            Configure the domain account to be trusted for delegation

This is only necessary if the application pool for your SharePoint service is running under a domain account. To configure the domain account to be trusted for delegation, follow these steps:

                  a.     On the domain controller, start Active Directory Users and Computers.

b.     In the left pane, click Users.

c.     In the right pane, right-click the name of the account that runs the SharePoint application pool, and then click Properties.

d.     Click the Delegation tab (or for WinSrv2000 Account tab) click to select the Account is trusted for delegation check box, and then click OK.

e.     Quit Active Directory Users and Computers.

4.            Configure Service Principal Names

You only have to configure SPN's if SharePoint Service and/or Analysis Services is running under a domain account (I.e. you do not have to perform this step if your services is running under a built-in security principal such as NT Authority\Network.

a.     Perform this step if SharePoint Services runs in a application pool under a domain account. Type the following line at the command prompt on your SharePoint machine, and then press Enter, where ServerName is the NETBIOS or DNS name of your SharePoint server machine, Domain is the name of your domain, and UserName is the name of the domain user account running your SharePoint Services application pool:

setspn -A HTTP/ServerName Domain\UserName

b.     Perform this step if Analysis Services runs under a domain account. Type the following line at the command prompt on your Analysis Services machine and then press Enter, where ServerName is the NETBIOS or DNS name of your Analysis Server machine, Domain is the name of your domain, and UserName is the name of the domain user account running your MSSQLServerOLAPService:

Analysis Services 2000: setspn -A MSOLAPSvc/ServerName Domain\UserName

Analysis Services 2000: setspn -A MSOLAPSvc.3/ServerName Domain\UserName

5.    Configure connection string for the data sources

Each data source definition must have the SSPI property set to Kerberos to enable Kerberos Authentication. Add ;SSPI=Kerberos; to the connection string on all defined data sources. See how to configure a data source. Note: To verify that Kerberos Authentication works for your OLAP server you can run the MDX sample application locally on the OLAP server. In the Connect dialog add the string ;SSPI=Kerberos after the server name and try to connect.

Example to register a Server Principal Name

Say your MSOLAPServices runs on a machine called IM-PROD and you've decided to run the service under a domain account named F.Lastname. In this case, you add a SPN (Service Principal Name) on your IM-PROD machine for MSOLAPSvc with F.Lastname as the service account:

setspn -A MSOLAPSvc/IM_PROD.Mydomain.com MyDomain\F.Lastname

setspn -A MSOLAPSvc/IM_PROD MyDomain\F.Lastname

this way you register with the AD

Register NETBIOS or/and DNS name

It can be convenient to use both NETBIOS and DNS name because it allows the client to specify either name, but bear in mind that NETBIOS names might not be unique across the directory and, if a duplicate SPN is found in the directory, authentication will fail. If you're worried about this, use only DNS names when registering SPNs, and make sure your clients always use the fully qualified DNS name when making authenticated connections to a server using Kerberos.

AD permission to unlock user account

How To Delegate the Unlock Account Right to a group or user:

1. Create the group or user account that you want to have the right to unlock user accounts in Active Directory Users and Computers (for example, Help Desk Admins).
2. Right-click the domain (yourdomain.com) in Active Directory Users and Computers, and then click Delegate Control from the menu that is displayed.
3. The Delegation of Control Wizard should be displayed. On the Welcome dialog box, click Next.
4. On the Users and Groups dialog box, click Add. Select the group in the list that you want to give the right to unlock accounts, and then click OK. On the Users and Groups dialog box, click Next.
5. On the Tasks to Delegate dialog box, click Create a custom task to delegate, and then click Next.
6. On the Active Directory Object Type dialog box, click Only the following objects in the folder:. In the list, click User objects (the last entry in the list), and then click Next.
7. On the Permissions dialog box, click to clear the General check box, and then click to select the Property-specific check box. In the Permissions list, click to select the Read lockoutTime check box, click to select the Write lockoutTime check box, and then click Next. (you can also select other relevant permissions like for ex "read accountexpires" which may help the help desk officer to inform the locked out user about the account expiry time and advise them to action it asap)
8. On the Completing the Delegation of Control Wizard dialog box, click Finish.

Check out Hindi/ Malayalam Online FM

Check out Malayalam/ Hindi Online FM access from your iPhone/ Blackberry.. cool stuff.

Script Backup

Backup folders/ files to network share using simple DOS command.

(save money by purchasing softwares which can do the below process)

so here we go:

simple xcopy command needs to be created on a bat file so that the .bat can be automated by windows scheduler.

for eg:

xcopy "D:\GP Backup\SQL Svr Bkp\09" \\qdc-gp\Backup /E /R /Y /D /Q

the above command says to copy everything (files and folders) under 09 directory to a network path under folder Backup. make sure you follow the syntax and the path should be specified within "" so that any spaces in between will be taken care of. 

/E stands for .. Copies directories and subdirectories, including empty ones

/R stands for .. Overwrites read-only files

/Y stands for .. Suppresses prompting to confirm you want to overwrite an existing destination file.

/D stands for .. If no date is given, copies only those files whose source time is newer than the destination time. if you want a specify date, provide in /D:m-d-y format.

/Q stands for .. Does not display file names while copying.

Make sure that the destination share folder has write permission to the account with which the batch file will be executed.

you may apply the above command which are legitimate form your perspective.

xcopy /? will give you the syntax and the relavent usage of switches

Interesting part is scheduling the batch file and alerting the concerned staff with an automated email after the backup completes.

Microsoft Dynamics Great Plains 2010

Dynamics GP Resourceswe recently upgraded our GP9 infrastructure to GP2010 and found hard time to remember user roles and permissions . if you need complete security permission setup and reference for GP2010 then dont miss this site.
always advised to follow the naming convention for role id and task id. this way you can easily manage the user roles.
shortly i will be posting the upgrade process for GP9 infrastructure from OS 32bit to 64bit and BE SQL 2005 x86 to SQL 2008 R2 64bit.. coming soon...

home made flavors

Recipe, Art & Craft, Gardening tips presented by my sister, Aprana Ranish. you will enjoy reading.

Diseases and Conditions: Interactive Site on Medical Information

Interactive Health Tutorials

This is one of the best mails I have received with regards to health tips which I thought of sharing with the readers. Contents of this site is worth reading as it covers number of physical ailments affecting us or which you might have already come across. These tutorials may require a Flash plug-in, version 6 or above... If you do not have this in your PC, you will be prompted to obtain a free download of the software before you start the tutorial.

World Map summary: Population, Economy, Network

 

click here to know more about history, population, gdp, and more.. concerning all countries listed on the globe

a good informative site all what you have to do is to go with selective clicks and there your are...

Antivirus free Downloads

AVG (free for personal use)
Avira (free for personal use)
its very important to decide to go with a legal download, otherwise you will end up a hacker sitting virtually on your machine and sending trojans even if you were protected with antivirus. So remember which i have been always informing to my dear and nears, download only from a valid site. for ex. avg antivirus from avg website ONLY. If you download the same from say download.com or any other third party website means that there is high risk that a hidden embedded code on that download leaks your confidential infos to the external world which can later screw-up your asset.

Logmein

Remote access: 

click here

you can control your corporate or personal network from your finger tips.
It's amazing feature has impressed me.

now using logmein account with my Smasung Galaxy Note iPhone I can remotely connect my corporate network any time on the move. 

wah re wah

• how to make mutton biriyani this video shows how to cook the basmati biriyani rice.. very simple and important to avoid over cooking. watch out

Network Load Balancing

I have tested NLB on SharePoint Farms which works great and with unnoticeable downtime  

Remote-access VPN

Remote Access:
citrix: for corporate office, citrix xenapps publishing is one of the best.. i have implemented this in a 3T architecture. for corporate all what you need is 4 servers and an access gateway appliance of which 2 can be VMs, 2 for load balancing (presentation server), 1 for web interface, and another for access gateway authentication. refer citrix site

logmein.com provides free plug-ins for personal remote desktop usage. im using this for last 4 years.. hassle free with win7..
When my Dad in India has a laptop issue, I normally support using this VPN connection from abroad. pls give a try. all you have to do is register and download the logMein free version plug-in.. its self explanatory. refer 

AntiVirus & AntiSpam

this is like the fuel in your vehicle without which the engine would not start. by this time you might have noticed that without a proper and valid anti-virus and anti-spyware on your computer,  you will end up frantically wasting time and running after a support to vaccine the infected systems.
I have been using almost all top the line antivirus & antispywares both personal and corporate wide, few of them are Symantec, McAfee, TrendMicro, AVG (free for personal use), Avira (free for personal use), Sophos,.., of which I recommend McAfee for corporate use.
ePO Management is pretty simple and straight forward. rogue detection, policy assignment, patchs & dats deployment to multiple systems, querrying and management reports are all hassle free.
make sure whatsoever anti-virus you use are up-to-date on atleast a weekly basis. the related agents or plug-ins will ensure auto vaccine and protection to your workstation.

Students benefited from Akshayapatra!!

What Akshaya Patra does in BENGALURU (Bangalore)

 

The kitchen from the outside

A three-storey building (in Bangalore, India) which uses Gravity Flow Mechanism developed in-house by our team. Each kitchen has the capacity to cook between 50,000 to 100,000 mid-day meals per day. Costing approximately 9 crores to set up, they are built with funds from public donations.

The kitchen from the inside, consisting of rice cauldrons each of which cooks up to 110kg of rice in 20 minutes. Sambar cauldrons cook up to 1200 litres of sambar in two hours.

It is washed thoroughly on the 2nd floor

Washed rice is sent down the chute to the 1st floor

Rice pours down into steam heated cauldrons for cooking. The entire cooking process takes place on the 1st floor

Super heated steam is used to cook food instead of flame.

When cooking is finished, it is loaded into trolleys

Cooked rice is sent down the chute to the ground floor

It flows down the pipe into containers

Piping hot rice on its way to being loaded into food vans. Around 6000 kilosof rice are cooked daily in each kitchen.

Food materials in Kitchen

Stock in the kitchen

Washed dal and vegetables flows down the chute into sambar cauldron on the 1st floor

Vegetables and dal ready to be cooked

Sambar being cooked on the first floor

Cooked sambar is packed and sent to the food vans to be loaded

Chapati dough is mixed

Heavy rollers flatten the dough into thin sheets

Dough is cut into the classic round shape

making chapatti

collecting all the chapattis

Transporting akshayapatra food through bus

Happy Kids

Students benefited from Akshayapatra!!