Quick Starting Demos and Windows PowerShell

Preparing virtual machines for demonstrations can be a tedious process, compounding this is when virtual machines need to be started or shut down in a specific order.  For example, starting database servers prior to starting web servers, or starting the preferred active node before the passive node.  Starting those machines; however, is only a portion of the process, in most cases you will want them to be “available” before starting a subsequent machine.  For example, having an iSCSI Target available before the consuming iSCSI initiators are available.  Windows PowerShell, is perfect to support this scenario – it’s something I use almost everyday and have shared an example (below) of how you can accomplish all of these tasks…

So what does it do?

Provides parameters to Start/Shut Down one or more virtual machines.

Checks for process elevation, escapes if the script is not run elevated.

Starts the Hyper-V Virtual Machine Management Service if not running.

Iterates through an array of virtual machines stored in a .txt file.

Starts each virtual machine in the .txt file and waits for the heartbeat status to report ‘OK’ before starting the next virtual machine in the list.  Virtual machines are started in the order they appear in the source file, waiting ensures a clean start up – particularly where a defined start order with dependencies exists.

Shuts down virtual machines in the reverse order they were started by reading the source file bottom to top.  Waits for the virtual machine heartbeat status to report ‘’ before processing the next virtual machine.

Displays a progress bar to report on the status of the operation.

Script

[CmdletBinding(ConfirmImpact="Low")]

Param(
     [Parameter(Mandatory=$True,Position=0,ValueFromPipeline=$False,HelpMessage="Operation to perform on one or more virtual machines.")][ValidateSet("Start","Stop")]
     [String]$operation,
     [Parameter(Mandatory=$True,Position=1,ValueFromPipeline=$False,HelpMessage="Collection of virtual machines on which operation is to be performed.")][ValidateNotNullorEmpty()]
     [String]$source
)

$ErrorActionPreference = "Stop"

Process
{
     $identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
     $principal = New-Object System.Security.Principal.WindowsPrincipal($identity)
     $role = [System.Security.Principal.WindowsBuiltInRole]::Administrator
     $elevated = $principal.IsInRole($role)

     If ($operation -eq "Start")
     {
         $service = Get-Service -Name vmms

         If ($service.Status -ne "Running")
         {
             Try
             {
                 If ($elevated)
                 {
                     Start-Service $service

                     Write-Host "Starting the Hyper-V Virtual Machine Management Service."

                     Start-Sleep -s 10

                     Clear-Host
                 }
                 Else
                 {
                     Write-Host "Requires elevation."
                     break
                 }
             }
             Catch
             {
                 [System.Exception]
                 Write-Host "Could not start Virtual Machine Management Service."
                 break
             }
         }

         $exists = Test-Path "$(Get-Location)$source.txt" 

         If ($exists -eq $True)
         {
             Try
             {
                 $list = Get-Content "$(Get-Location)$source.txt"
             }
             Catch
             {
                 [System.Exception]
                 break
             }
         }
         Else
         {
             Write-Host "The file could not be found: $source.  The document name or path is not valid."
             break
         }

         For ( $count = 0; $count -lt $list.Count; $count++
         { 
             $guest = $list[$count]

             $progress = 100 / $list.Count * ($count + 1)

             Write-Progress -Activity "Starting virtual machine…" -CurrentOperation "Starting…" -Status $guest -PercentComplete $progress

             Try
             {
                 If ($elevated)
                 {
                     Start-VM -Name $guest
                 }
                 Else
                 {
                     Write-Host "Requires elevation."
                     break
                 }
             }
             Catch
             {
                 Write-Host "Could not start virtual machine(s)."
                 break
             }

             Write-Progress -Activity "Starting virtual machine…" -CurrentOperation "Waiting…" -Status $guest -PercentComplete $progress

             do {Start-Sleep -milliseconds 100
             until ((Get-VMIntegrationService $guest | ?{$_.name -eq "Heartbeat"}).PrimaryStatusDescription -eq "OK")
         }
     }

     ElseIf ($operation -eq "Stop")
     {
         $exists = Test-Path "$(Get-Location)$source.txt" 

         If ($exists -eq $True)
         {
             Try
             {
                 $list = Get-Content "$(Get-Location)$source.txt"
             }
             Catch
             {
                 [System.Exception]
                 break
             }
         }
         Else
         {
             Write-Host "The file could not be found: $source.  The document name or path is not valid."
             break
         }

         For ($count = $list.Length1; $count -ge 0 ; $count)
         { 
             $guest = $list[$count]

             $progress = 100 / $list.Count * ($count + 1)

             Write-Progress -Activity "Stopping virtual machine…" -CurrentOperation "Stopping…" -Status $guest -PercentComplete $progress
    
             Try
             {
                 Stop-VM -Name $guest
             }
             Catch
             {
                 Write-Host "Could not stop virtual machine."
                 break
             }

             Write-Progress -Activity "Stopping virtual machine…" -CurrentOperation "Waiting…" -Status $guest -PercentComplete $progress

             do {Start-Sleep -milliseconds 100
             until ((Get-VMIntegrationService $guest | ?{$_.name -eq "Heartbeat"}).PrimaryStatusDescription -ne "OK")
         }

         Start-Sleep -s 10

         If ($elevated)
         {
             Try
             {
                 Stop-Service vmms
                 Write-Host "Stopping the Hyper-V Virtual Machine Management Service…"
             }
             Catch
             {
                 [System.Exception]
                 Write-Host "Could not stop the Hyper-V Virtual Machine Management Service."
                 break
             }
         }
         Else
         {
             Write-Host "Requires elevation."
             break
         }

         Clear-Host
     }
}

Usage

Using the scripts requires 1) saving the attached script as <name>.ps1 2) creating source .txt file with virtual machines listed in the preferred start up order.  For example,

Machine1

Machine2

Machine3

3) Saving the script and source .txt file in the same location.

4) Running the script as <name>.ps1 –Operation Start –Source <name>

File and Folder Considerations with OneDrive for Business [UPDATED 12/10/2014]

Updated 8/12/2014 – Removed & as an illegal character.  & character is now supported with OneDrive for Business sync client and Web UX.

Updated 8/22/2014 – Updated to include prohibited types per http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/types-of-files-that-cannot-be-added-to-a-list-or-library-HA101907868.aspx.

Updated 8/23/2014 – Updated to include optional UI-based scanning (FileCheckerUI.exe).

Updated 8/31/2014 – Updated FileChecker.exe (integrated desktop and command line application).

Updated 12/10/2014  Updated to remove prohibited characters {, }, [, ], ~, and ..  Updated FileChecker.exe

When considering a migration to OneDrive for Business you should be aware of the specific File and Folder considerations and restrictions.  While some considerations exist that are explicit to OneDrive for Business and SharePoint; others are derivatives of the underlying client and/or server file system.  For example, on Microsoft Windows the following characters cannot be used in paths or files:

Files

<
>
|
♠♫
§
:
*
?
/

Paths

<
>
|
♠♫
§
:
*
?
/

NOTE

The above represents an array returned by the Path.GetInvalidFileNameChars and Path.GetInvalidPathChars methods respectively.  These methods; however, do not return a complete set of characters invalid in file and path names as they can differ depending on the underlying file system.  On Windows-based desktop platforms, invalid path characters might include ASCII/Unicode characters 1 through 31, as well as quote (“), less than (<), greater than (>), pipe (|), backspace (b), null () and tab (t) in addition to those in the example above.

File and Folders preceded with (_).

Files and Folders whose name is preceded with the (_) are considered ‘hidden’.  This limitation is derived from the Win32FileAttributes in the WebDAV protocol.  In scenarios where a File and/or Folder are preceded with (_), such as _Documents or _document.docx, in both cases the File and/or Folder will be visible in the OneDrive for Business Sync Client as well as the Web UI; however, when using Explorer View in the Web UI, Files and Folders preceded with (_) will not be visible.  Explorer View in OneDrive for Business uses the WebDAV protocol.  WebDAV refers to Web Distributed Authoring and Versioning, an extension of the HTTP protocol that is used to enable management of documents stored on WWW servers.  The scenario herein is based on limitations implied in FrontPage 2000 (see also http://support.microsoft.com/kb/219193).

In OneDrive for Business Explorer View can be instantiated by selected the Open with Explorer option in the Ribbon.

Picture1

When you use Open with Explorer, it opens Windows Explorer on your computer, but it displays the folder structure on the server computer that underlies the site.  You can manipulate the files in the folder, such as copying, renaming, deleting, etc.

Customers who have deployed OneDrive for Business on-premises can nullify the Win32FileAttributes using Windows PowerShell or C# as illustrated in the samples below:

Windows PowerShell

For IT Professionals you can use Windows PowerShell to remove the vti_winfileattribs folder metadata as shown in the example below.

$Folder = (Get-SPWeb http://contoso.sharepoint.com).Folders[“<DocLib_Name>”].SubFolders[“<_Folder_Name>”]

$Folder.Properties[“vti_winfileattribs”]=””

C#

Developers can use the SPFolder.Properties property to enumerate the hash table that contains the metadata for folders and implement the DeleteProperty method to deletes the element with the vti_winfileattribs key from the metadata for the folder.  See also http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.spfolder.deleteproperty(v=office.15).aspx for an explanation and examples of using the SPFolder.DeleteProperty method.

WebDAV Resources

WebDAV API Functions [http://msdn.microsoft.com/en-us/library/windows/desktop/dd408161(v=vs.85).aspx]

[MS-WDV]: Web Distributed Authoring and Versioning (WebDAV) Protocol: Client Extensions [http://msdn.microsoft.com/en-us/library/cc250046.aspx]

[MS-WDVSE]: Web Distributed Authoring and Versioning (WebDAV) Protocol: Server Extensions [http://msdn.microsoft.com/en-us/library/cc250200.aspx]

Files and Folders preceded or followed with (.).

A number of restrictions with File and Folder naming convention are derivative of the the File System, developers who use the Windows APIs for file and device I/O in many cases, understand the various rules, conventions, and limitations of names for files and directories.

Files and Folders whose name is preceded or followed with the (.) character cannot be stored or synchronized with the OneDrive for Business.  All file systems follow the same general naming conventions for an individual file: a base file name and an optional extension, separated by a period.   The assumption in this case is (.) separates the base file name from the extension in the name of a directory or file.

Restricted Characters in File and Folder Names

Beyond those limitations documented above, users can create Files and Folders using any character including Unicode characters and characters in the extended character set (128–255), except for the following reserved characters:

  • < (less than)
  • > (greater than)
  • : (colon)
  • ” (double quote)
  • / (forward slash)
  • (backslash)
  • | (vertical bar or pipe)
  • ? (question mark)
  • * (asterisk)

These limitations are applicable to Microsoft Windows.

In addition you cannot use the:

  • ~ (Tilde)
  • # (Number Sign)
  • % (Percent)
  • [ ] (Braces)
  • { } (Angle Brackets)
  • ? (Question Mark)
  • You cannot use the period character consecutively in the middle of a folder name.  In the Windows File System, two consecutive periods (..) are used as a directory component in a path to represent the parent of the current directory, for example “..temp.txt”.

These limitations are applicable to OneDrive for Business and SharePoint 2013.  For additional information see also http://support.microsoft.com/kb/905231.

Other Considerations

SharePoint 2013 and OneDrive for Business do not provide support for POSIX semantics, that is a Folder “Foo” and “foo” are considered the same, as opposed to differing paths.

Validating File and Folder Names

Developers can validate File and Folder names using a number of methods.  The sample code at http://tinyurl.com/opcjfor uses Regular Expressions to deterministically identify illegal characters in a File name.

Syntax

FileChecker.exe -d C:Temp

Screenshots

Source Directory

image

Filechecker.exe

image

Output

image

Service Pack for SharePoint Server 2013 1 Recalled [Updated]

Service Pack 1 update is now available.  Refer to the information below to acquire the updated Service Pack for your product:

NOTE For a list of previously published KB’s refer to the recall information in the original post below.

Product

KB

SharePoint Foundation

http://support.microsoft.com/kb/2880551

SharePoint Server

http://support.microsoft.com/kb/2880552

Project Server

http://support.microsoft.com/kb/2880553

SharePoint Server Language Pack

http://support.microsoft.com/kb/2880554

SharePoint Foundation Language Pack

http://support.microsoft.com/kb/2880555

Office Web Apps Server

http://support.microsoft.com/kb/2880558

Customers with Service Pack 1 Deployed

For customers who have previously deployed Service Pack 1, download the updated Service Pack 1 and install over the existing Service Pack 1 running PSConfig or PSConfigUI immediately following.

Customers without Service Pack 1

For customers without Service Pack 1 deployed, download the updated Service Pack 1 package and deploy as per the KB documentation.

MSDN ISO

There is no update to the integrated ISO on MSDN as it was not affected by the issue.

A potential issue with the following Service Pack 1 packages may prevent customers with Service Pack 1 from deploying future Public and/or Cumulative Updates.  As a precautionary measure we have deactivated the download page until a new package is published.

Product

KB

SharePoint Foundation

http://support.microsoft.com/kb/2817439

SharePoint Server

http://support.microsoft.com/kb/2817429

Project Server

http://support.microsoft.com/kb/2817434

SharePoint Server Language Pack

http://support.microsoft.com/kb/2817438

SharePoint Foundation Language Pack

http://support.microsoft.com/kb/2817442

Office Web Apps Server

http://support.microsoft.com/kb/2817431

Customers with Service Pack 1 Deployed

For customers who have deployed Service Pack 1 there is no action; however, an update will be released to resolve a potential issue when deploying subsequent Public and Cumulative updates.

Customers with Service Pack 1 Downloaded

For customers who have downloaded Service Pack 1, but have not deployed Service Pack 1, we recommend you postpone deployment until an updated package is delivered (date is TBD).

MSDN ISO

The integrated ISO with SP1 on MSDN is not affected by this issue.  Service Pack 1 on MSDN is a full build release.

SharePoint Server 2013 Trial Image in Windows Azure China Platform Gallery

The SharePoint Server 2013 Trial image is now available in the Windows Azure China Platform Gallery.  The image is based on the current Windows Server 2012 Datacenter release and includes a complete installation of SharePoint Server 2013 Enterprise Trial patched with the March Public Update.

NOTE

Additional configuration is required to use the SharePoint Server 2013 Trial image include 1) a database server running SQL Server 2008 R2 or SQL Server 2012 2) a server running AD DS.

The current SharePoint Server 2013 Trial image will expire on September 22, 2014 unless activated using the appropriate product key.  See also http://technet.microsoft.com/en-us/library/cc263204(v=office.14).aspx.

Resources

SharePoint Deployment on Windows Azure Virtual Machines
http://www.microsoft.com/en-us/download/details.aspx?id=34598

SharePoint 2013 on Windows Azure Infrastructure
http://msdn.microsoft.com/en-us/library/windowsazure/dn275958.aspx

Installing SharePoint 2013 on Windows Azure Infrastructure Services
http://msdn.microsoft.com/en-us/library/windowsazure/dn275959.aspx

Automate Windows Azure SharePoint Deployments
https://github.com/WindowsAzure/azure-sdk-tools-samples/wiki/Automated-Deployment-of-SharePoint-2013-with-Windows-Azure-PowerShell

SharePoint and Windows Azure Development Kit
http://www.microsoft.com/en-us/download/details.aspx?id=24398

One-Way Outbound Hybrid Search Step-by-Step and OneDrive for Business

Recently we introduced a number of new coexistence scenarios in Service Pack 1 including redirection of OneDrive for Business and Yammer.  Redirection of OneDrive for Business enables IT to provision cloud storage for users OneDrive for Business document libraries; however, in a hybrid scenario the content in that storage should be discoverable both on-premises and online.  The most common configuration to support OneDrive for Business redirection is an outbound search topology where users can return results from both on-premises and online within the on-premises search portal.

NOTE Office 365 returns only local results.

The steps below assume a hybrid identity infrastructure is configured for the target environment.  The hybrid identity infrastructure can be:

  1. Cloud Identity – suitable for small organizations with up to 50 users, no affinity to on-premises Active Directory identity.
  2. DirSync – suitable for larger organizations, provides a consistent authentication experience when combined with Password Sync.
  3. AD FS / SSO – suitable for larger organizations planning to deploy complex hybrid workloads to include BCS, bidirectional search, etc.

See also Configure identity management for a hybrid topology in SharePoint Server 2013 [http://technet.microsoft.com/en-us/library/dn197169(v=office.15).aspx

Install Prerequisites

On one or more Web servers install the following prerequisite software:

  1. Microsoft Online Services Sign-In Assistant for IT Professionals RTW (msoidcli_64bit.msi)
  2. Windows Azure Active Directory Module for Windows PowerShell (64-bit version)
  3. SharePoint Online Management Shell (sharepointonlinemanagementshell_64bit.msi)

Configure Server-To-Server Authentication Between SharePoint Server 2013 and Office 365

Server-To-Server authentication in hybrid environments between SharePoint Server 2013 and Office 365 creates a trust relationship between SharePoint Server 2013 and a SharePoint Online Tenant.  In this scenario Windows Azure Active Directory provides the trusted signing service.

Certificate Management

The Security Token Service (STS) is the service component that builds, signs, and issues security tokens according to the WS-Trust and WS-Federation protocols. Replacing the STS certificate in SharePoint Server 2013 is necessary to establish trust between the Security Token Service of SharePoint Server 2013 and the SharePoint Online Tenant.  Replacing the STS certificate enables the STS Service and Windows Azure Active Directory to sign security tokens for authenticated users.

NOTE The steps below should be used in pilot/development/lab environments.  A certificate provided by a known CA should be used in production environments.

Create a Self-Signed Certificate

Open Internet Information Services (IIS Manager) on Web server:

  1. Click Start > Administrative Tools > Internet Information Services (IIS Manager)
  2. Click the server name in the Connections pane.
  3. Double-click Server Certificates in the Details pane.
  4. Click Create Self-Signed Certificates in the Actions pane.
  5. On the Create Self-Signed Certificate Dialog provide a name for the certificate under Specify a friendly name for the certificate: (I.e. STS) and click OK to create the certificate.

image

Export a PFX Certificate

A Personal Information Exchange certificate that is issued by a signing authority and verifies the authenticity and security of the hosted service (can be a self-signed certificate for testing purposes). The format of this certificate uses a .pfx extension.

Open Internet Information Services (IIS Manager) on a Web server:

  1. Click Start > Administrative Tools > Internet Information Services (IIS Manager)
  2. Click the server name in the Connections pane.
  3. Double-click Server Certificates in the Details pane.
  4. Right-click the Self-Signed Certificate created in the previous step and select Export from the list of available options.

Export a CER Certificate

In Internet Information Services (IIS Manager) select the Self-Signed Certificate created in the previous steps.

  1. Click Start > Administrative Tools > Internet Information Services (IIS Manager)
  2. Click the server name in the Connections pane.
  3. Double-click Server Certificates in the Details pane.
  4. Right-click the Self-Signed Certificate created in the previous step and select View from the list of available options.
  5. Click Copy to File on the Details tab and then click Next.
  6. On the Export Private Key page, click Next.
  7. For Export File Format page, choose Base-64 encoded X.509 (.CER). Click Next.
  8. For Export Certificate type a path and file name for the .cer file. Click Next.
  9. Click Finish, and then click OK twice.

Server-To-Server Authentication

Server-to-server authentication allows for servers that are capable of server-to-server authentication to access and request resources from one another on behalf of users. Servers that are capable of server-to-server authentication run SharePoint 2013, Exchange Server 2013, Lync Server 2013, Azure Workflow Service, or other software that supports the Microsoft server-to-server protocol.

Configure Server-To-Server Authentication

Configuring server-to-server is necessary to service incoming requests from another SharePoint 2013 server farm or service where the primary SharePoint 2013 server farm trusts the send farm.  The following steps use the New-SPTrustedSecurityTokenIssuer CmdLet to configure the trust relationship by providing the JSON metadata endpoint of the sending farm.

Populate Common Variables

Open the SharePoint 2013 Management Shell:

NOTE The remaining steps in this article will be executed within this SharePoint 2013 Management Shell dialog.

  1. Click Start > SharePoint 2013 Management Shell and at the PS prompt enter:

$PFXCertificate = “<Drive:Path>”

$CERCertificate = “<Drive:Path>”

$PFXCertificatePassword = “<password>”

$RootDomain = *<Root FQDN>.com (I.e. *.corp.contoso.com)

NOTE In this example the domain FQDN is wbaer.com.co (see below).

image

$RootSite = Get-SPSite <Top-Level Site Collection> (I.e. http://sharepoint.corp.contoso.com)

$Site = Get-SPSite $RootSite

$SPOAppId = "00000003-0000-0ff1-ce00-000000000000"

$SPOContextId = (Get-MsolCompanyInformation).ObjectID

Update Security Token Service Certificate

Updating the Security Token Service Certificate requires initializing a new instance of the X509Certificate2 class using a certificate file name and a password used to access the certificate in addition to the X.509 format version of the certificate prior to importing the signing certificate.

In the SharePoint 2013 Management Shell at the C> prompt enter:

$STSCertificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PFXCertificate, $PFXCertificatePassword, 20

Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $STSCertificate

NOTE Enter [Y]es when prompted to replace the certificate.

In order to properly update the STS with the new certificate in the command prompt enter:

IISRESET and allow the service to restart

NET STOP SPTimerV4 and allow the Timer Service to stop

NET START SPTimerV4 and allow the Timer Service to start

Convert Certificates to Base64

$STSCertificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $PFXCertificate, $PFXCertificatePassword

$PFXCertificateBin = $STSCertificate.GetRawCertData()

$Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2

$Certificate.Import($CERCertificate)

$CERCertificateBin = $cerCertificate.GetRawCertData()

$CredentialValue = [System.Convert]::ToBase64String($CERCertificateBin)

Connect to Office 365

Enable-PSRemoting

Enter [A] Yes to All when prompted.

New-PSSession

$Credentials = Get-Credential

Connect-MsolService -Credential $Credentials

Import MS Online Modules

Import-Module MSOnline -force
Import-Module MSOnlineExtended -force

Register the SharePoint 2013 STS as the Office 365 Service Principal

New-MsolServicePrincipalCredential -AppPrincipalId $SPOAppId -Type asymmetric -Usage Verify -Value $CredentialValue

$SharePoint = Get-MsolServicePrincipal -AppPrincipalId $SPOAppId

$ServicePrincipalName = $SharePoint.ServicePrincipalNames

$ServicePrincipalName.Add("$SPOAppId/$RootDomain")

Set-MsolServicePrincipal -AppPrincipalId $SPOAppId -ServicePrincipalNames $ServicePrincipalName

$SPOContextId = (Get-MsolCompanyInformation).ObjectID

$SPOAppPrincipalId = (Get-MsolServicePrincipal -ServicePrincipalName $SPOAppId).ObjectID

$SPONameIdentifier = $APOAppPrincipalId@$SPOContextId

Establish SharePoint 2013 Trust with ACS

Windows Azure Active Directory Access Control is a cloud-based service that provides an easy way of authenticating and authorizing users to gain access to your web applications and services while allowing the features of authentication and authorization to be factored out of your code.

In a hybrid topology rather than implement an authentication system with user accounts specific to the application, ACS orchestrates the authentication and authorization of users.

$AppPrincipal = Register-SPAppPrincipal -site $Site.rootweb -nameIdentifier $SPONameIdentifier -displayName "SharePoint Online"

Set-SPAuthenticationRealm -realm $SPOContextId

New-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/metadata/json/1/&quot; -DefaultProxyGroup

New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/metadata/json/1/&quot; -IsTrustBroker -Name "ACS"

Confirm Trust Relationship Configuration

Open SharePoint 2013 Central Administration to confirm Trust is configured:

  1. Click Start > SharePoint 2013 Central Administration and select Security.
  2. Select Manage trust from the list of available options and confirm two (2) ACS_<GUID> entries exist.

image

    Configure Query Results and Rules

    In order to surface content stored in SharePoint Online / OneDrive for Business a new Results Source and Query Rule are required on the SharePoint Server 2013 on-premises environment.  Optionally, where only OneDrive for Business is cloud-enabled, a new search vertical may be sufficient; however, in the event additional workloads to include general collaboration will be considered for the cloud, a base Results Source / Query Rule should be configured to aggregate results across all site collections (including OneDrive for Business) where a OneDrive for Business Result Type can be further configured for refinement.

    Create Results Source

    Result sources in SharePoint limit searches to certain content or to a subset of search results. SharePoint Server 2013 provides 16 pre-defined result sources. The pre-configured default result source is Local SharePoint Results.  In these steps a new Results Source will be created for Remote SharePoint in order to discover content stored in SharePoint Online / OneDrive for Business.

    Open SharePoint 2013 Central Administration:

    1. Click Start > SharePoint 2013 Central Administration and select Application Management.
    2. Select Manage service applications from the list of available options.
    3. Select the Search Service Application from the list of available Service Applications.
    4. Select Result Sources under Queries and Results and then click New Result Source on the Manage Result Sources page.
    5. On the Add Results Source page provide a name for the Result Source in the Name field (I.e. SharePoint Online).
    6. Select Remote SharePoint under Protocol.
    7. Provide the Url of the root Site Collection in SharePoint Online under Remote Service Url (I.e. http://contoso.sharepoint.com)
    8. Select SharePoint Search Results under Type.
    9. Under Query Transformation select or modify the existing method (the default is {searchTerms}.
    10. Select Default Authentication under Credentials Section.
    11. Click OK to save the Results Source created above.

    image

      Create Query Rule

      Query Rules in SharePoint help searches respond to the intent of users through conditions and correlated actions.  For example, when a query meets the conditions in a query rule, the search system performs the actions specified in the rule to improve the relevance of the search results.

      1. On the Search Administration page select Query Rules under Queries and Results.
      2. On the Manage Query Rules page select the Results Source created in the previous steps.
      3. Click New Query Rule and provide a Rule Name (I.e SharePoint Online Results).
      4. Expand the Context section:
        1. Select All sources under Query is performed on these sources.
        2. Select All categories under Query is performed from these categories.
        3. Select All user segments under Query is performed by these user segments.
      5. On the Query Conditions section click Remote Condition  to allow the query to fire for any query text.
      6. On the Actions section click Add Result Block.
        1. Select the Results Source (SharePoint Online) under Search this Source.
      7. Click Save to save the Query Rule.

      NOTE This query rule will apply to all sites. To make one for just a specific site, use the query rules page in its Site Settings

      Validate Results Source (Central Administration)

      1. To validate the new Results Source in Search Administration select Result Sources under Queries and Results.
      2. Select the Result Source created in the previous steps and click Test Source.
      3. In the Test Result Source Dialog verify the Test details: results reports Succeeded.

      Validate Results Source (Search Center)

      1. Open the Search Center used by the Search Service Application and query a term used across SharePoint Server 2013 and SharePoint Online.
        1. Validate the results are retrieved from local results set.
      2. Under Results found in <local> select Everything.
        1. Validate the upper Results Block contains results from SharePoint Online and the lower Results Block, local results.

      image

      Conclusion

      Combining an outbound hybrid search topology with OneDrive for Business redirection in Service Pack 1 provides on-premises users of SharePoint Server 2013 visibility to content stored in OneDrive for Business libraries in Office 365 improving discovery and manageability of cloud content.

      Implementing DirSync with Password Sync reduces overall complexity and provides an integrated authentication experience to support rapid provisioning of cloud storage.

      Resources

      Hybrid for SharePoint Server 2013 [http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx]

      Display hybrid search results in SharePoint Server 2013 [http://technet.microsoft.com/en-us/library/dn197173(v=office.15).aspx]

      OneDrive for Business Redirection to Office 365 Overview

      At the 2014 SharePoint Conference we announced the new OneDrive for Business SKU in addition to changes in Service Pack 1 functionality that enable IT administrators to selectively redirect their users to OneDrive for Business in Office 365 from SharePoint Server 2013.

      Planning

      The initial prerequisite steps to implementing OneDrive for Business redirection to Office 365 in Service Pack 1 is choosing the most effective identity management/federation options to suit your business needs.  At minimum cloud identity is required to enable redirection to OneDrive for Business in Office 365 or otherwise organizations seeking a more integrated, seamless experience should consider Directory Synchronization with Password Synchronization or ADFS / SSO for integrated authentication and authorization experiences.

      Identity Management

      A properly planned identity management solution is the basis for any hybrid topology and the key to the user experience.

      Cloud Identity

      Cloud identities provide the most rapid solution to provisioning users in Office 365 and is based on a separate discrete set of credentials established in Windows Azure Active Directory; however, no correlation exists between the cloud identity and the organizations’ identity primary identity provider (I.e. AD DS).
      Cloud identity provides a rapid, easy to configure scenario for smaller organizations as businesses can quickly establish, manage, and authenticate users with no change to their existing identity management systems or practices.  In a cloud identity scenario, users are discretely managed through a Web portal and Windows Azure Active Directory in the Microsoft cloud.

      Advantages

      • Requires no additional hardware or change to existing identity management infrastructure
      • Simple management and control of user identity – suitable for organizations with 0-50 users

      Disadvantages

      • Identity and authentication are management completely in the cloud without affinity to an on-premises AD store
      • Discrete credentials across SharePoint 2013 and Office 365
      • Disconnected user experiences
      • Cannot be combined / used with hybrid SharePoint 2013 / Office 365 hybrid topologies

      Directory Synchronization with Password Sync

      Directory Synchronization enables an organization with an established on-premises Active Directory environment to leverage their existing on-premises and user and group accounts in Office 365 reducing overall operational costs providing easier user access to cloud services such as OneDrive for Business.  Directory Synchronization continously synchronizes on-premises user and group accounts with Windows Azure Active Directory.  Combining Directory Synchronization with Password Sync synchronizes user passwords in addition to user and group accounts to Windows Azure Active Directory allowing users to log into cloud services using the same credentials they use to log into their corporate network.

      Advantages

      • Requires no additional hardware or change to existing identity management infrastructure
      • Eliminates the need to manually manage user and group accounts in Windows Azure Active Directory
      • Enables a integrated user authentication experience across on-premises and cloud services

      Disadvantages

      • Somewhat disconnected user experience (users are required to log into cloud services)
      • If a user is in the scope of the password sync feature, the cloud account password is set to "Never Expire". This means that it is possible for a user's password to expire in the on-premises environment, but they can continue to log into cloud services using this expired password.
      • Users are authenticated against cloud services as opposed to on-premises Active Directory

      Resources

      Directory Synchronization Roadmap [http://technet.microsoft.com/en-us/library/hh967642.aspx]
      Directory Sync with Password Sync Scenario [http://technet.microsoft.com/en-us/library/dn441214.aspx]
      Identity and Authentication in Cloud (Poster) [http://www.microsoft.com/en-us/download/details.aspx?id=38193]

      Active Directory Federation Services and Single Sign-On

      Active Directory Federation Services (AD FS) makes it possible for local and federated users to use claims-based single sign-on (SSO) to Web sites and services including cloud services such as Office 365. Organizations can use AD FS to enable your organization to collaborate securely across Active Directory domains with other external organizations by using identity federation reducing the need for duplicate accounts, management of multiple logons, and other credential management issues that can occur when establishing cross-organizational trusts.

      Advantages

      • Complete SSO experience with minimal to no credential prompts
      • Improved security over Directory Synchronizations (users are authenticated against on-premises Active Directory)
      • Required for complex hybrid scenarios

      Disadvantages

      • Additional infrastructure required (FS)
      • Added operational complexity

      Resources

      Office 365 Single Sign-On with AD FS 2.0 Whitepaper [http://www.microsoft.com/en-us/download/details.aspx?id=28971]

      Redirection

      OneDrive for Business

      OneDrive for Business redirection in Service Pack 1 allows IT administrators to selectively determine which users should be redirected to Office 365 for OneDrive for Business through Audiences.

      Audiences are part of a User Profile service application that enables organizations to target content to users based on their job or task. Audiences can be defined by one or a combination of the following items:

      • Membership in a distribution list

      • Membership in a Windows security group

      • Location in organizational reporting structure

      • By public properties in user profiles

      For example, an organization may elect to redirect a subset of their users by creating a Security Group (OneDrive Cloud Users) that establishes the basis for an Audience in the User Profile Service Application.

      Sites Page

      In addition to redirection of OneDrive for Business, IT administrators can additionally configure redirection of users Sites page to Office 365.  When redirection of the Sites page is configured users who are redirected to Office 365 will see followed sites and recommendations based on their Office 365 profile – these users will not see sites and recommendations based on on-premises SharePoint Server 2013.

      Resources

      Plan for OneDrive for Business in SharePoint Server 2013 [http://technet.microsoft.com/en-us/library/dn232145(v=office.15).aspx]
      Redirect users to Office 365 with OneDrive for Business [http://technet.microsoft.com/en-us/library/dn627524(v=office.15).aspx]
      How to redirect users to Office 365 with OneDrive for Business [http://technet.microsoft.com/en-us/library/dn627525(v=office.15).aspx]
      Redirect users to Office 365 with OneDrive for Business: Scenario Overview [http://technet.microsoft.com/en-us/library/dn627523(v=office.15).aspx]
      Overview of OneDrive for Business in SharePoint Server 2013 [http://technet.microsoft.com/en-us/library/dn167720(v=office.15).aspx]

      Discovery

      In addition to configuring user redirection, IT administrators should also consider the implications of content discovery across SharePoint Server 2013 on-premises and Office 365.

      A SharePoint 2013 / Office 365 hybrid topology supports one of three possible hybrid search topologies 1) one-way inbound, 2) one-way outbound, and 3) two-way.  Each search topology requires careful consideration and planning and they provide unique user experiences that should be evaluated against user needs and use case scenarios.

      Outbound Topology

      A one-way outbound hybrid authentication topology enables hybrid service integration in a single direction. In a one-way outbound hybrid topology SharePoint Server 2013 on-premises consumes content and resources from Office 365. For example, search can be configured to allow federated users to see both local and remote search results in a SharePoint Server 2013 search portal.  An outbound search topology is implemented where SharePoint Online results should appear in a separate result block in SharePoint Server 2013 on-premises.  Outbound topologies are the most effective for use with OneDrive for Business redirection as they require minimal configuration and infrastructure requirements.

      Resources

      Plan a one-way outbound hybrid topology [http://technet.microsoft.com/en-us/library/dn607307(v=office.15).aspx]

      Inbound Topology

      A one-way inbound hybrid authentication topology enables hybrid service integration in a single direction. In a one-way inbound hybrid topology Office 365 consumes content and resources from SharePoint Server 2013 on-premises. For example, search can be configured to allow federated users to see both local and remote search results in an Office 365 search portal.  An inbound search topology is implemented where SharePoint Server 2013 on-premises results should appear in a separate result block in SharePoint Online.  Inbound topologies, unlike outbound topologies, require additional infrastructure (reverse proxy device) and are least commonly implemented when redirecting OneDrive for Business to Office 365 as both local and remote results are available only in SharePoint Online.

      Resources

      Plan a one-way inbound hybrid topology [http://technet.microsoft.com/en-us/library/dn607316(v=office.15).aspx]

      Bidirectional Topology

      A two-way topology enables bidirectional hybrid service integration between SharePoint Server 2013 on-premises and Office 365. For example, search can be configured to allow federated users to see both local and remote search results in either SharePoint Server 2013 on-premises or SharePoint Online search portals.  Bidirectional topologies, like inbound topologies, require additional infrastructure (reverse proxy device) in addition to VPN and/or DirectAccess to support display of results across SharePoint Server 2013 on-premises and SharePoint Online.

      Resources

      Plan a two-way hybrid topology [http://technet.microsoft.com/en-us/library/dn607317(v=office.15).aspx]

      Demo

      This demo illustrates the configuration of OneDrive for Business redirection in SharePoint Server 2013 Service Pack 1 in environment configured with Directory Synchronization with Password Sync.

      [View:~/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-48-65/1738.OneDrive-For-Business-Redirection-in-Service-Pack-1.mp4:0:0]

      SQL Server 2014 and SharePoint Server 2013

      3/21/2014 is the first full day of Spring, and the first full day of SQL Server 2014 RTM.  Undoubtedly the question will be asked when will SharePoint Server 2013 support SQL Server 2014.  While it remains early, SharePoint Server 2013 will support SQL Server 2014 with the April Cumulative Update.

      Resources

      SQL Server 2014 Home [http://www.microsoft.com/en-us/server-cloud/products/sql-server/]

      What's new in SQL Server 2014 [http://msdn.microsoft.com/en-us/library/bb500435(v=sql.120).aspx]