Skip Ribbon Commands
Skip to main content
SharePoint

Kevin Hughes

May 01
Managing Large Lists in SharePoint 2013

Many of my clients have come to me with the same complaint, "I've only got 100,000 items in this list. Why is it so slow?"

When a list or library has a large number of items the performance of the list/library and possibly the container site will diminish. The default List View Threshold is 5000 items returned in a view. This Resource Throttling is to reduce the number of full table or full database locks in a content database. When item view quantity exceeds 5000 rows returned SQL will escalate a lock from row locks to table locks. This can vary according to the overall performance of the database at the time of the query and may be escalated to a full database lock if performance is low. This increases query time which increases page load time. The List View Threshold means that users will not be able to see any items beyond that threshold when they navigate to a view of the list/library.

While this List View Threshold can be increased so that users can see more items in a list, it is not recommended.

Consider creating indexed columns for the large lists. In general, an index on a column enables you to quickly find the rows you want based on the values in that column, even when working with millions of items.

Each additional column index will consume additional resources in the database and adds some overhead to every operation to maintain the index. Therefore, add indexes only to columns that will be used actively for filtering in views on the list or library.

Consider creating filtered views based on column indexes. For a view to quickly filter through a large number of items, the first column that you specify in the filter must be indexed. Other columns you specify in the view filter may or may not be indexed, but the view does not use those indexes. You also need to make sure that the first column of the filter does not return more items than the List View Threshold.

Consider management of the Recycle Bin. Items here are not actually deleted from the database and so are still considered part of the list index.

Consider using Search as an alternative to views. Because Search has its own indexing mechanisms, it is not subject to the List View Threshold or other related limits.

March 04
Typical Intranet Requirements

Many of my SharePoint clients use SharePoint as their primary Intranet. Often they also use it as an Extranet and sometimes for Internet public sites. I will describe their typical requirements, needs and desires for the Intranet functionality.

   

My typical client is organized along a fairly standard organizational hierarchy which separates corporate functions into geographic locations, divisions, departments, and teams of various sorts. They are often most comfortable with their Intranet architecture and taxonomy mirroring this organizational structure as closely as possible. Many deviate from this initial architecture to varying degrees over time, but most are very comfortable with it throughout the life of their Intranet.

   

There are a number of features and functions that are commonly requested among my SharePoint clients. Many of these are able to be implemented with Out of the Box (OOB) capabilities within SharePoint. Most of these common needs are fulfilled through configurations at the Web Application, Site Collection and Site scopes, however, quite a few are only available via global configurations at the SharePoint Farm scope.

   

Here is a list the most commonly requested features and functions.

 

  • Top-Level Portal Site - This is a site that acts as the client "Home Page" for their Web Browser client applications. Its primary function is information dissemination.
    • Initial Site Creation -
      • The Portal site is normally created as the top-level site in a site collection using a "Publishing" site template, usually "Enterprise Wiki".
    • Security -
      • Security is configured all company users to have READ permissions to this site and most all pages, lists and libraries. It will also extend to any elements in the Portal site collection which are intended for corporate-wide consumption.
      • A small team will have CONTRIBUTE permissions which may be limited to specific elements of responsibility.
      • An even smaller team or an individual is designated as site administrator and will have FULL CONTROL permissions. This level may, or may not, be inherited to sub-sites. It may include Site Collection Administrator permissions.
      • A "Farm Administrator" account (usually an account controlled by the IT department) is usually included in the Site Collection Administrator group to allow troubleshooting.
    • Content Approval -
      • Content on this site must be approved prior to being publically accessible. This usually involves not only requiring approval on the individual objects and pages, but also an automated approval workflow process and perhaps scheduled publishing of the content.
    • Navigation hub -
      • The Portal site contains Global navigational elements as well as contextual elements. The Global elements contain links to search, divisional/departmental sites, reporting, and other Business Intelligence locations.
      • There is also contextual navigation to link to sites, pages, and etc. that relate to the Portal and also those areas and items that are of cross-departmental or company-wide interest.
      • The Global navigational elements are usually required to be duplicated on all divisional/departmental site collections.
      • Specific Navigational Elements -
        • Top Nav Bar - Portal Home, Divisions/Departments, Search Center
          • Divisions/Departments will be a drop-down menu displaying the individual Divisions/Departments and may include Flyout menus to sub-elements.
        • Quick Launch Menu -
          • Employee List
          • Newsletter
          • Benefits
          • President/CEO/BOD/Executive Blog
          • Corporate Vision
          • Privacy Statement
          • Corporate Branding Guide
          • Job Postings
          • Employee Classifieds
          • Feedback
          • Glossary (corporate terminology and acronyms)
          • Help Desk ticket submission
          • Emergency Information
          • Conference Rooms
          • Corporate Performance and Projections
        • Quick Links Menu (Links List)
          • Internet Site
          • Extranet Site (if applicable)
          • Line of Business Systems links
          • Web Mail
          • Specific Intranet sites/pages of corporate-wide interest
          • Industry-specific external sites
    • Content -
      • The most common elements requested for content on a Portal site Welcome/Home page are:
        • Announcements
        • Corporate Calendar - which may sometimes aggregate calendars from the Division/Department Portals
        • Stock Ticker
        • Weather
        • Industry-specific news feed
        • New Employees
        • Employee Birthdays
        • Employee Anniversaries
        • Company Newsletter Articles
        • Personalized Links List
        • Message from President/CEO/BOD
        • Quick Links Menu
      • Other content in the Portal site collection
        • Announcements List
        • Corporate Calendar List
        • Employee Contact List
        • Company Officers/BOD focus page
        • Emergency Information Page
        • Enterprise Search Center
        • Newsletter archive Site or Document Library
        • Employee Classified advertisements List
        • Contact Us/ Feedback form
        • Pages/documents for corporate messages
        • President/CEO/BOD/Executive blog
        • Geographic Locations list/mapping (if applicable)
        • Building Maps
        • Conference Rooms Details list/page
        • Quick Links List
        • Glossary
        • Corporate Performance/Trending BI/Reporting Dashboard and supporting charts and Excel objects and pages
        • Library for Reports
        • Library for Excel spreadsheets
        • Library for Excel Data Connection objects
    • Customizations
      • The most often requested customizations relate to Branding. These include company logos, approved colors and fonts.
      • Often the navigational elements are required to use "Flyout" functionality either due to a desire to categorize like locations, to expose sub-elements, to reign-in extensively long amounts of navigational items at a particular level, or to satisfy "look and feel" requirements.
      • Many elements will require custom list views, Data View Web Parts, SP Workflows or third-party web parts to support required functionality.
      • Some functionality and customizations will require Custom Master Pages and Custom Style Sheets.

         

  • Divisional/Departmental Portals - these are most often created as site collections due to requirements for separate security models, delegated administration, and company cultural factors.
    • These portals are normally created as top-level sites in their own site collections. Most often the departmental portals will be created using a "Team Site" site template, but may be created with a "Publishing" site template if functionality from the "SharePoint Server Publishing Infrastructure" feature is required. When not using a Publishing site template, a standard custom site template may be created with common departmental features and installed at the Farm Scope to allow quick site collection deployment.
    • The departments most often with this particular need are Human Resources, Finance/Accounting, Information Technology and Executives/BOD.
    • Other divisions/departments are created in this same architecture/taxonomy for purposes of standardization.
    • Names for the Site Collections for use in the URL are usually commonly used company acronyms, while the site titles may or may not be full department names.
    • Security -
      • Security is configured all company users to have READ permissions to the departmental portal site and most all pages, lists and libraries. It will also extend to any elements in the departmental portal site collection which are intended for corporate-wide consumption.
      • Most, if not all, of the Departmental employees will have CONTRIBUTE permissions but may be limited to specific elements of responsibility.
      • An individual and a backup are normally designated as site administrators and will have FULL CONTROL permissions. This may also be inherited throughout the entire site collection (as per site collection administrator permissions).
      • Department Managers/Directors normally are NOT granted full control permissions, but are granted full READ access to all Departmental content.
      • A "Farm Administrator" account (usually an account controlled by the IT department) is usually included in the Site Collection Administrator group to allow troubleshooting.
    • Content Approval -
      • These sites do not normally require content approval. However, this may be required for individual elements that will be "published" for public consumption once approved.
    • Navigation -
      • Top Nav Bar - Departmental Sites will normally duplicate the Global Navigational elements from the Corporate Portal site. But, the items there may be supplemented by Department-global elements and locations.
      • Quick Launch Menu - These elements are very department-specific, so will include examples with the example departments below.
    • Content -
      • Will address examples of department-specific content in the department examples below.
      • The most common elements requested for content on a department portal site Welcome/Home page are:
        • Department Announcements
        • Department Calendar - which may sometimes aggregate calendars from team or function specific calendars or sub-sites
        • Department Manager Contact information
        • Important Contact information
        • Message from Manager/Director
        • Quick Links Menu
        • Important documents
      • Other content in the Department Portal site collection
        • Department Employee list
        • Management Focus page
        • Department Calendar
        • PTO Calendar - This will include a request form and approval workflow which may be a serial workflow. Is not normally publically accessible.
        • Announcements List
        • Manager's Blog
        • Departmental self-help knowledgebase - may include departmental glossary
    • Example Departments
      • Human Resources
        • Navigational Elements
          • Department Global Top Nav Bar
          • Quick Launch Menu
            • Benefits
            • Policies and Procedures
            • Employee Handbook
            • HRMS LoB system
            • Employee Surveys of various sorts
            • Position Descriptions
            • Careers / Job Postings
        • Department Portal
          • Welcome page with the standard departmental elements
          • Quick links list to HR specific pages or external sites
        • Specific content usually includes
          • Benefits sub-site which addresses
            • Healthcare
            • Insurance
            • Profit Sharing
            • Investments
            • PTO
            • Bonuses
            • Special programs
            • Provider Links
          • Policies and Procedures library (may be wiki or document library)
          • Surveys
          • Media Center
            • Required new-employee training videos
            • Required continuing education videos
          • Careers sub-site which addresses
            • Standardized job descriptions
            • Job postings
            • Application procedures
            • Hiring process
            • New hire request system
            • Job application system
          • Private working sites for
            • Employee on/off boarding
              • Includes automation to integrate with Information Technology, Finance, and Facilities
            • Policy development
            • Benefits research/planning
      • Information Technology
        • Navigational Elements
          • Department Global Top Nav Bar
          • Quick Launch Menu
            • Self-Help Knowledgebase
            • Instructional videos
            • Outage Calendar
        • Department Portal
          • Welcome Page with the standard departmental elements
          • Departmental Calendar will usually include Scheduled Outages and on-call schedule
        • Specific content usually includes
          • Help Desk sub-site
            • Issue Tracking/Ticketing system
            • Issue submission form
            • Self-Help knowledgebase
            • Help Desk staff technical knowledgebase
            • Help Desk procedures
          • Team/project sites - may or may not be private to internal IT or Team
            • Infrastructure
            • Databases
            • Messaging/telephony
            • Network
            • Development

 

Not all of these options are requested by all clients. And there are as many variations on this as there are clients. But, when gathering requirements or building demos, this list gives a good idea of what can make clients sit up and say YES!

 

Keep Sharing…

Kevin  

December 11
Bulk Import User Profile Photos to SharePoint 2013 from File Share

I had a recent client who was migrating to SharePoint 2013 from a non-SharePoint intranet. They wanted to use a new SharePoint 2013 intranet portal to replace many functions currently in the old intranet and also some other systems. They had been storing employee photos in a file share which had been referenced programmatically by their Human Resources Information System but this was not accessible by all employees. Through a complex bit of code, these had been referenced by their old intranet but it was slow and not easily searchable. They wanted to use SharePoint 2013 MySites to contain company-wide employee information which was searchable and accurate. Getting the rest of the requirements is outside the scope of this article. However, the big issue was not really the creation of the user profiles in SharePoint 2013, nor the import of user data from both Active Directory and their HRIS. It was how to get their employee pictures (over 4000 employees) into the new user profiles. Of course it could be done manually, but that's a lot of work. And since the HRIS was where they initially captured the employee picture new photos would always be placed in the file share. So, we needed a way to be able to repeat the import as part of a regular onboarding process.

Enter our old friend PowerShell.

Using a PowerShell script, we were able to reference a .csv file which contained necessary information to create a repeatable import process. The .csv file was created by their HRIS, but could be created in other ways for different scenarios. For this article, the format of the .csv file was:

domain_user_name

path

email

aalejandro

file://Network_Share/Marketing/EmployeePhotos/Axel00049.jpg

AXEL.ALEJANDRO@DomainName.Com

aanderson

file://Network_Share/Marketing/EmployeePhotos/Addie00532.jpg

ADDIE.ANDERSON@DomainName.Com

aaugustin

file://Network_Share/Marketing/EmployeePhotos/Audra01398.jpg

AUDRA.AUGUSTIN@DomainName.Com

abream

file://Network_Share/Marketing/EmployeePhotos/Allan00422.jpg

ALLAN.BREAM@DomainName.Com

aburgos

file://Network_Share/Marketing/EmployeePhotos/Alexandra00035.jpg

ALEXANDRA.BURGOS@DomainName.Com

 

They also had a couple of wrinkles in the mix…

The HRIS didn't store the user name with the domain suffix (domain\user). And more, they had two AD domain suffixes used for their employees. So, as users were imported from AD, their credentials might be domain1\user OR domain2\user. This is a wrinkle because the user profiles are referenced via that AD login name.

So, the PowerShell script needed to do the following:

  1. Find the domain user name
  2. Reference the proper network path to their employee photo
  3. Check which domain suffix was actually imported into SharePoint's user profile DB
  4. Assign the proper domain suffix to the user name to get the format of "Domain\Username"
  5. Import the employee photo to the user name
  6. Report any errors

Requirements to run this process are:

  • This must be performed using specific credentials which have elevated permissions within the farm. This means the credentials must be a member of the Farm Administrators group and must be listed as a Shell Admin in the SQL Server.
  • Need the following files placed in the same directory. In this example the directory is c:\scripts\
    • ImportUserPictures.ps1 – the PowerShell script which will perform the bulk picture import
    • UserPictureList.csv – a comma separated values file which contains import information. It should contain

 

This is the script for this process. It's not really complex.

 

Add-PSSnapin microsoft.sharepoint.powershell

 

[void][system.reflection.assembly]::loadwithpartialname("Microsoft.Office.Server.UserProfiles")

 

$csvFile = "c:\scripts\UserPictureList.csv"

 

$MySiteUrl = "http://mysites.domain.com/"

 

$site = Get-SPSite $MySiteUrl

 

$context = Get-SPServiceContext $site

 

$profileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context)

 

$csv = import-csv -path $csvFile

 

foreach ($line in $csv)

 

{

#Check which domain is being used for a particular user

try

{

$initialUserName = "domain1\" + $line.domain_user_name

$TestUserExists = ($profileManager.GetUserProfile($initialUserName))

$user_name = $initialUserName

}

catch

{

try

{

$initialUserName = "domain2\" + $line.domain_user_name

$TestUserExists = ($profileManager.GetUserProfile($initialUserName))

$user_name = $initialUserName

}

catch

{

$username = $line.domain_user_name

write-host -ForegroundColor Yellow $username "does not exist in the SharePoint user database"

$e1 = $username + "Does not exist in the SharePoint user database" | Out-file c:\scripts\useruploadlog.txt -Append

}

}

 

 

$up = $profileManager.GetUserProfile($user_name)

 

if($up)

 

{

 

$up["PictureURL"].Value = $line.path

 

$up.Commit()

 

write-host $user_name,"--->",$up.DisplayName,"--->",$line.path

 

$up = $null

 

}

 

}

#create thumbnails in Mysites

 

Update-SPProfilePhotoStore -MySiteHostLocation $mySiteUrl 2>> C:\scripts\useruploaderrors.txt

 

It may not be the solution to your issue, but maybe it will help you along.

Keep sharing!

 

October 30
Get a report of large lists in your SharePoint 2013 farm

 

The scenario today is one regarding performance and user experience. Our fictional client has a SharePoint 2013 farm on premises and about 1000 users who actually have adopted their SharePoint-based intranet and use it. They have, though, reported that some lists seem to load very slowly and sometimes don't show all the items in the list. They don't have a list of all the locations, and we suspect that there are multiple areas which may be impacted.

As we know, when a list or library has a large number of items the performance of the list/library and possibly the container site will diminish. The default List View Threshold is 5000 items returned in a view. This Resource Throttling is to reduce the number of full table or full database locks in a content database. When item view quantity exceeds 5000 rows returned, SQL Server will escalate a lock from row locks to table locks to be more efficient with resources. This can vary according to the overall performance of the database at the time of the query and may be escalated to a full database lock if performance is low. This increases query time which increases page load time. The List View Threshold means that users will not be able to see any items beyond that threshold when they navigate to a view of the list/library.

As we don't know which libraries and/or lists may be an issue, we can leverage our old friend PowerShell to help us out. Run the following script on your web front end server using your shell administrator credentials.

 

 

if ( (Get-PSSnapin -Name "Microsoft.SharePoint.Powershell" -ErrorAction SilentlyContinue) -eq $null )

{

Add-PsSnapin "Microsoft.SharePoint.Powershell"

}

# For Output file generation

$OutputFN = "d:\scripts\output\LargeListsData.csv"

#delete the file if already exists

if (Test-Path $OutputFN)

{

Remove-Item $OutputFN

}

 

#Write CSV Headers

Add-Content $OutputFN "List Name , site Collection , Site URL , Item Count"

 

#Get the web aplication URL

$WebAppURL = Read-Host "Enter the web application URL"

$SPWebApp = Get-SPWebapplication $WebAppURL

 

#Loop through all site collections, sites, lists

foreach($SpSite in $SPWebAPP.sites)

{

foreach($Spweb in $SPSIte.AllWebs)

{

foreach($SPList in $Spweb.Lists)

{

if($splist.ItemCount -gt 2000)

{

$content = $splist.title + "," + $spsite.rootweb.title + "," + $spweb.url + "," + $splist.itemcount

Add-content $OutputFN $content

}

}

$spweb.dispose()

}

$spsite.dispose()

}

write-host "Large List report generated successfully"

 

This produces a result much like this:

List Name

site Collection

Site URL

Item Count

Shared Documents

Clubhouse Home

http://clubhouse.widgets.com/sites/accounting

4234

Sheet1 test

Clubhouse Home

http://clubhouse.widgets.com/sites/customerservice/CallTracking

62490

IS Enhancements and Issues Log Time Tracking

Clubhouse Home

http://clubhouse.widgets.com/sites/enterpriseservices

3621

Merchant Auditing

Clubhouse Home

http://clubhouse.widgets.com/sites/enterpriseservices/auditing

2257

Stock Images 1

Clubhouse Home

http://clubhouse.widgets.com/sites/pdf

3314

Stock Images 3

Clubhouse Home

http://clubhouse.widgets.com/sites/pdf

4122

Curriculum

Clubhouse Home

http://clubhouse.widgets.com/sites/pdf/pmidevelopment

10934

MVP

Clubhouse Home

http://clubhouse.widgets.com/sites/projects

2598

Pro Trader Institute

Clubhouse Home

http://clubhouse.widgets.com/sites/salesandmarketing/sep

2635

Shared Documents

Clubhouse Home

http://clubhouse.widgets.com/sites/accounting

4234

Sheet1 test

Clubhouse Home

http://clubhouse.widgets.com/sites/customerservice/CallTracking

128490

IS Enhancements and Issues Log Time Tracking

Clubhouse Home

http://clubhouse.widgets.com/sites/enterpriseservices

3621

Merchant Auditing

Clubhouse Home

http://clubhouse.widgets.com/sites/enterpriseservices/auditing

2257

Stock Images 1

Clubhouse Home

http://clubhouse.widgets.com/sites/pdf

3314

Stock Images 3

Clubhouse Home

http://clubhouse.widgets.com/sites/pdf

4122

Curriculum

Clubhouse Home

http://clubhouse.widgets.com/sites/pdf/pmidevelopment

150934

MVP

Clubhouse Home

http://clubhouse.widgets.com/sites/projects

2598

Pro Trader Institute

Clubhouse Home

http://clubhouse.widgets.com/sites/salesandmarketing/sep

2635

Theme Gallery

Home

http://portal.widgets.com

2723

CARS

Home

http://portal.widgets.com/Forms

2007

Customers

Home

http://portal.widgets.com/Forms

2330

Workflow History

Home

http://portal.widgets.com/Forms

11452

 

Those I have indicated in yellow are close to the default threshold of 5000 items. Those in red are over the 5000 limit. In an environment where you have full administrative access to Central Administration, this may be increased by altering the Web Application settings. However, this is not recommended as you are almost guaranteeing a degradation in performance by doing so.

To resolve such things, I have listed some standard approaches:

Consider creating indexed columns for the large lists. In general, an index on a column enables you to quickly find the rows you want based on the values in that column, even when working with millions of items.

Each additional column index will consume additional resources in the database and adds some overhead to every operation to maintain the index. Therefore, add indexes only to columns that will be used actively for filtering in views on the list or library.

Consider creating filtered views based on column indexes. For a view to quickly filter through a large number of items, the first column that you specify in the filter must be indexed. Other columns you specify in the view filter may or may not be indexed, but the view does not use those indexes. You also need to make sure that the first column of the filter does not return more items than the List View Threshold.

Consider management of the Recycle Bin. Items here are not actually deleted from the database and so are still considered part of the list index.

Consider using Search as an alternative to views. Because Search has its own indexing mechanisms, it is not subject to the List View Threshold or other related limits.

 

I hope this helps you out when you are in this boat.

 

Keep sharing!

 

Kevin

October 22
Make Promoted Links work for you

As a third entry in my series about SharePoint 2013 Promoted Links web part, I offer up more about how to make the Promoted Links lists work for you. This series is demonstrated in an online session for the SharePoint Power Hour, sponsored by Rackspace.

Promoted links example:

For step-by-step instructions on how to create your own Promoted Links visit http://sharepoint.rackspace.com/2013-Articles

In previous articles I've already shown how to display Promoted Links in multiple lines in a responsive design format

And also how to make them display completely vertical. In this article I want to show you how to control the look & feel of this type of list.

These are wonderful, but now I wish to show you the CSS properties to manipulate the Promoted Links web parts. These all can be applied in a custom style sheet file or per page, as we've already discussed.

 

  • .ms-promlink-body
  • .ms-promlink-header
  • .ms-tileview-tile-root
  • .ms-tileview-tile-content
  • .ms-tileview-tile-detailsBox
  • .ms-tileview-tile-content
  • .ms-tileview-tile-content
  • .ms-tileview-tile-content img
  • .ms-tileview-tile-detailsListMedium
  • .ms-tileview-tile-descriptionMedium
  • .ms-tileview-tile-titleTextMediumExpanded
  • .ms-tileview-tile-titleTextLargeCollapsed
  • .ms-tileview-tile-titleTextLargeExpanded
  • .ms-tileview-tile-titleTextMediumCollapsed
  • .ms-tileview-tile-descriptionMedium

 

Using these styling properties we can manipulate most any aspect of the Promoted Links tiles. An example of how we may make the links behave in particular ways – we will shrink the tiles, shrink the images, shrink the mouse hover overlay, change the font and font sizes, and change the hover color from grey to a blue.

The CSS code for this is below:

 

<style unselectable="on">

.ms-promlink-body {

height:100px;

width:100%;

}

 

.ms-promlink-header {

visibility:hidden;

}

 

.ms-tileview-tile-root {

height:110px !important;

width:110px !important;

}

 

.ms-tileview-tile-content, .ms-tileview-tile-detailsBox, .ms-tileview-tile-content > a > div > span {

height:100px !important;

width:100px !important;

}

 

.ms-tileview-tile-content > a > div > img {

max-width:100%;

width:100% !important;

}

.ms-tileview-tile-content img {width: 100px; height: 100px;}

ul.ms-tileview-tile-detailsListMedium {

height:100px;

padding:0;

}

 

li.ms-tileview-tile-descriptionMedium {

font-size:11px;

line-height:16px;

}

 

.ms-tileview-tile-titleTextMediumExpanded, .ms-tileview-tile-titleTextLargeCollapsed, .ms-tileview-tile-titleTextLargeExpanded {

padding:3px;

}

 

.ms-tileview-tile-titleTextMediumCollapsed {

background:none repeat scroll 0 0 #002E4F;

font-size:12px;

line-height:16px;

min-height:36px;

min-width:97px;

padding-left:3px;

position:absolute;

top:-36px;

}

 

li.ms-tileview-tile-descriptionMedium {

font-size:11px;

line-height:14px;

padding:3px;

}

</style>

 

This is only one example of what you may do with these styles properties. Play with it and make it your own.

Remember to check out the SharePoint Power Hour video to see this in action.

Keep sharing!

 

Kevin

 

October 19
New Racker Here

Hello. My name is Kevin…and I am a Racker. I've been a Racker for 14 days. (mass voices respond, "Hello, Kevin")

Isn't that how these meetings start?

Yet again I have moved on to another company in hopes of furthering my career goals.

On my last day at Valorem Consulting I reflected on the company and why I was leaving. I had been there for 4 1/2 years and had seen the company grow from 3 Full-time employees to over 75 in that time. The company is growing well and doing great business. It is just growing in directions which are not comfortable for me. It has nothing to do with the size, nor does it have anything to do with the individuals with whom I worked. It isn't even about my clients, for whom I have great respect and desire to see them succeed. It just feels like I need to go elsewhere.

And the grass looks greener at a company called Rackspace, based in San Antonio, TX.

I accepted an offer from them a few weeks ago and started on October 6th. I will work from my home office here in Overland Park, KS. It is better in all the usual areas of compensation, insurance and other benefits. In that, they are not unique among many potential employers that come my way every day. What set them apart was a feeling that what will be doing matters to someone besides me. Instead of a feeling that what I do in IT and the platform in which I specialize is a necessary burden, I was greeted with smiling faces and a potential to feel appreciated.

The company flew me to their headquarters, call The Castle, in San Antonio, TX. I spent my first week in the best new employee onboarding experience of any company for which I have worked. It was engaging, interactive, and full of what my new manager referred to as "Kool-Aid". I spent most of last week at the Castle getting to know some of the Cloud Services and SharePoint hosting teams. It was fun. I joined 6000+ Rackers (the term used by employees and executives to refer to every Rackspace employee) of which 3500-ish are at the Castle. It is hard to describe the Castle.

The entrance looks very much like any other large company that just happens to reside in a 1.2 million sq. ft. renovated shopping mall. There is reception, security, and all the other trappings. That is where the completely respectable look ends.

Pass through security and enter into a world combining professionalism with an insane asylum. Or maybe Bohemian Wall Street is better. Or maybe think early Bill Gates, Steve Wozniak, and Steve Jobs – but put their creativity and utter geekdom into Delta House.

When my first official offer letter arrived, it was titled "Welcome Home". And except for not having my family and friends with me, it was kinda like that at the Castle. You find conference rooms with a GPS-enabled smartphone App by looking for Cheerios, The Shire, The Bookstore, the Tardis, and just about any other aspect of geekdom you can think of to name a conference room. People are encouraged to express themselves in their workspace through flags, decorations, nick-nacks, etc. There are video games, ping pong, and a 10,000 sq.ft. fitness center. Work hard. Play hard. It can work. But the biggest thing was that the people were helpful, friendly, encouraging, welcoming and seemed to genuinely want to be there – ALL OF THEM!

I kept wondering when the proverbial other shoe was going to drop, and even asked that of some people. Their replies, "Well, I've been here (insert 1-15 years) and it hasn't fallen yet." KOOKY!!!!

Since I was in San Antonio over a weekend, I got to play tourist and see the Alamo, visited the Hard Rock, Cowboy's Harley Davidson and a few other cool places along the Riverwalk. I think I gained weight since the hotel didn't have a way for me to cook, so everything was restaurants or fast food. But, it was all still a good time.

I am glad that I stayed extra time in San Antonio to get to know some coworkers and get to ask questions of people without having to schedule meetings. I got to experience a bit of the Rackspace culture - which ROCKS btw- and maybe even made a few new friends (which would be kinda strange for me).

But...10 days away from everyone else I know, especially my darling wife Trudy, is a bit too much. I missed her and I missed home. I missed my friends, my brother masons, and familiar surroundings. Mostly it was the people. Wierd, huh!!??

I'd love to visit The Castle (Rackspace HQ) again. San Antonio is a nice city just like any other large city. But, maybe for only a few days at a time. Or spend the extra and take Trudy with me. That could make ALL the difference.

For now, I am home and ready to get to work.

Maybe it's because the Kool-Aid is fresh. But things seem pretty darn ok. RACKER TO THE CORE!

Stay tuned as I have a LOT of blogging to catch up on.

Keep sharing…

Kevin

August 15
SharePoint 2013 Promoted Links in Vertical

As a followup to my earlier blog on Display Promoted Links on Multiple Rows, I wanted to let you in on a couple other tidibits about the Promoted Links CSS. The basic styles in that post will take effect for all the Promoted Links web parts on a page. If you put it in a style sheet, then it will make that happen for the entire site.

But, what if you wanted to make sure they display vertically? Say in a right-hand column...maybe for important links or advertisements? Microsoft never gave us that option...but maybe they will...someday. Or maybe they knew ​we could style it and just never announced it.

In any case, if you constrain the width to 170px instead of the 100% from the earlier post, then you will get vertical columns.

     <style type="text/css">
           .ms-promlink-body {width:170px}
           .ms-promlink-header {visibility:hidden}
     < /style>

Or what if you wanted to place two Promoted Links web parts on the same page and display one horizontally and one vertically? Well, we're going to help you out. Still using our same CSS we just add the web part's ID, as indicated by the #.

     <style type="text/css">
          #msozonecell_webpartwpq6 .ms-promlink-body {width: 170px }
          #msozonecell_webpartwpq6 .ms-promlink-header {visibility:hidden}
     </style>

So...now Promoted Links web parts are even more useful.

Have fun!

August 11
Display Promoted Links on Multiple Rows

I have seen many people struggle with using the Promoted Links list in SharePoint 2013. This is a great way to add a small bit of pizazz to an otherwise boring list of links and it is Out-of-the-Box. J

But, if you put too many links into the list, the tiles will still only display on a single row. This will cause horizontal scroll buttons to appear between your tiles and the web part chrome. And while this does allow for a variety of screen sizes (you just see fewer tiles without scrolling left/right) it no longer looks as "cool" as you might expect. If you're looking for more of a "responsive design" feel then you might be tempted to create extra metadata columns in your Promoted Links list to be able to categorize and create multiple filtered Tile views. While this can be a workaround, it is clunky and still doesn't look "cool".

I have seen a single jQuery solution from Creative SharePoint (http://blog.creative-sharepoint.com/2013/09/displaying-promoted-links-on-multiple-lines/) it seems to frighten some even though it works well enough, but you do have to edit the script if you want to change how many tiles display in a single row before the break. So I get it. I have also found that the script only works reliably, all the time, for all users, when it is uploaded to the ~sitecollection/_catalogs/masterpage/Display Templates/ folder. If this is the case in your environment and you have permissions to place a file there, go for it.

If, however, you aren't comfy with jQuery, want a true responsive design look & feel or just want a solution you can use even if all you have permissions for is editing a single page…then consider handling this with custom styling. I've recently been trying to dig deep into this area of SharePoint and found a solution that works every time for every user.

Basically we use CSS to change set the width property of the Promoted Links web parts to 100%. This will expand the web part to take up all the horizontal space it is allowed in its location (page, rich text field, web part zone, etc.). Then when it has placed as many tiles as it can in this space it will automatically start a new row. If you have enough tiles, you may have 3, 4 or more rows this way, depending on your screen resolution and window sizing. Unfortunately, doing only this will still get us the horizontal scroll buttons. And you'll have some unexpected behavior in this situation.

So, we set another property to hide the promoted links header and the scroll buttons go away.

If you already have a custom style sheet you are calling in your site, then place the following in that custom .css file.

.ms-promlink-body {width:100%}
.ms-promlink-header {visibility:hidden}

Or, if you like, or only want this behavior on a single page, add a Script Editor Web Part to the page and put the following in the source.

<style type="text/css">
.ms-promlink-body {width:100%}
.ms-promlink-header {visibility:hidden}
< /style>

Now you have a nice clean look that is truly responsive to screen/window sizing.

Have fun. Keep Sharing.

Kevin

December 16
Kerberos Tokens

It seems that more and more my clients are coming up against issues that keep them from implementing pass-through authentication via Kerberos protocols. Most often it seems the issue is in regards to authentication tokens that are too large - stemming from an Active Directory that is out of control.

This article is to summarize information from a variety of sources and my own experience to try to assist in keeping Large Token Size something that can be mitigated in your own environment.

Kerberos Primer

The Kerberos protocol is a secure protocol that supports ticketing authentication. A Kerberos authentication server grants a ticket in response to a client computer authentication request, if the request contains valid user credentials and a valid Service Principal Name (SPN). The client computer then uses the ticket to access network resources. To enable Kerberos authentication, the client and server computers must have a trusted connection to the domain Key Distribution Center (KDC). The KDC distributes shared secret keys to enable encryption. The client and server computers must also be able to access Active Directory directory services. For Active Directory, the forest root domain is the center of Kerberos authentication referrals.
 
Kerberos allows a client’s identity to be impersonated by a service to allow the impersonating service to “pass” that identity to other network services on the client’s behalf. NTLM does not allow this delegation.
 

Kerberos enabled services can delegate identity multiple times across multiple services and multiple hops. As an identity travels from service to service, the delegation method can change from Basic to Constrained but not in reverse. This is an important design detail to understand: if a backend service requires basic delegation (for instance to delegate across a domain boundary), all services in front of the backend service must use basic delegation. If any front end service uses constrained delegation, the back service cannot change the constrained token into an unconstrained token to cross domain boundary.
Protocol transition allows a Kerberos enabled authenticating service (front end service) to convert a non-Kerberos identity into a Kerberos identity that can be delegated to other Kerberos enabled services (back end service). Protocol transition requires Kerberos constrained delegation and therefore protocol transitioned identities cannot cross domain boundaries.
Constrained Delegation is required for services which leverage the Claims to Windows Token Service. Constrained delegation is required to allow protocol transition to convert claims to windows tokens.

 

Users may be members of many Active Directory groups, which can increase the size of their Kerberos tickets. If the tickets grow too large, Kerberos authentication can fail. It was reported that some Active Directory users were members of 1400+ Active Directory groups.

The user cannot authenticate because the Kerberos token that is generated during authentication attempts has a fixed maximum size. Transports such as remote procedure call (RPC) and HTTP rely on the MaxTokenSize value when they allocate buffers for authentication.
 
Kerberos uses the Privilege Attribute Certificate (PAC) field of the Kerberos packet to transport Active Directory Group membership. If there are many group memberships for the user, and if there are many claims for the user or the device that is being used, these fields can occupy lots of space in the packet. If a user is a member of more than 120 groups, the buffer that is determined by the MaxTokenSize value is not large enough. Therefore, users cannot authenticate, and they may receive an "out of memory" error message.
 
The behavior caused is that a user may be prompted for credentials repeatedly when attempting to access data external to SharePoint. Instead of an actual prompt, the user’s credentials may be presented multiple times via the Kerberos protocol and still may fail authentication. In many cases, Windows NTLM authentication works as expected.
 
This problem can occur even though the credentials you provide are valid and can be utilized to obtain access to the same computer through direct access. However, the Wininet.dll file may not allocate a sufficient buffer for containing the user's Kerberos token.
 
Token Size Calculation
MaxTokenSize value:
TokenSize = 1200 + 40d + 8s
This formula uses the following values:
·         d: The number of domain local groups a user is a member of plus the number of universal groups outside the user's account domain that the user is a member of plus the number of groups represented in security ID (SID) history.
·         s: The number of security global groups that a user is a member of plus the number of universal groups in a user's account domain that the user is a member of.
·         1200: The estimated value for ticket overhead. This value can vary, depending on factors such as DNS domain name length, client name, and other factors.
 
 
It was noted that the MaxTokenSize registry entry for each of the SharePoint farm servers had been increased to 65535.
 
Known issues for token size
1.       The Local Security Authority (LSA) service generates the user Access Token from this SID buffer. The hard-coded limit of customer definable SIDs for this token is 1,015. If you use "trusted for delegation" accounts, (Which is the case when SharePoint is using pass-through authentication via Kerberos protocol) the buffer requirement for each SID may be doubled. In these scenarios, you can only store approximately 800 Domain Local Group SIDs when a MaxTokenSize value of 64K is used.
2.       The Internet Information Server (IIS) uses a reduced request buffer size to mitigate a denial of service attack vector of 64 KB. However, a Kerberos Ticket in an HTTP request is encoded as Base64 (six bits expanded to eight bits). Additionally, and the Kerberos Ticket is using 133 percent of its original size. Therefore, when the maximum buffer size is 64 KB in IIS, 48 KB of a Kerberos Ticket can be used.
 
If you set the MaxTokenSize registry entry to a value that is larger than 48000, and the buffer space is used for SIDs, an IIS error may occur. However, if you set the MaxTokenSize registry entry to 48000, a Kerberos error may occur.

November 09
Gearing up for SPC12

The Microsoft SharePoint Conference 2012 is beginning in just a couple of days. I am attending and am looking forward to the break from work. However, I don't feel a part of the SP Community as I did for SPC09. Since taking this consulting job, I've had little time for user groups, SharePoint Saturdays or other conferences. I don't have Twitter access from most client sites, so can't keep up on the daily topics. And while I used to blog about all sorts of SharePoint issues, I find that what I want to blog about now is part of company intellectual property so always am walking a thin line when I do post a new blog.

There will be some familiar faces – familiar to me anyway – at SPC12. And perhaps some will even be friendly. This conference is supposed to be huge, so I don't envision having a lot of "face" time with individuals.

I've filled my daily schedule with educational sessions and left little time for running around the Exhibitor floor. I have volunteered to spend some time in the Community Hub and maybe that will be fun. I imagine the evenings will be filled to overflowing with people trying to make connections and push the envelope of propriety just because they are in Las Vegas and feel they can get a bit wild. The Bon Jovi concert should be fun…at least the music should be good.

For all the organized fun, the training, and the throngs of people – it will likely be a time of finding out just how much the community has moved on without me over the past three years. Not that even my ego would be big enough to think that I was essential, but perhaps at least a welcome part.

So, I journey this weekend to Las Vegas with mixed feelings. Maybe by the end of the week there will be more good memories than blah or bad.

See you in Vegas!

1 - 10Next

 ‭(Hidden)‬ Admin Links

6/4/2015 5:45 PM   KCOG Meeting 
6/9/2015 7:00 PM   SharePoint - Kansas City Users Group 
7/2/2015 5:45 PM   KCOG Meeting 
7/14/2015 7:00 PM   SharePoint - Kansas City Users Group 
8/6/2015 5:45 PM   KCOG Meeting 
8/11/2015 7:00 PM   SharePoint - Kansas City Users Group 
9/3/2015 5:45 PM   KCOG Meeting 
9/8/2015 7:00 PM   SharePoint - Kansas City Users Group 
10/1/2015 5:45 PM   KCOG Meeting 
10/13/2015 7:00 PM   SharePoint - Kansas City Users Group 
(More Events...)

 ‭(Hidden)‬ Send Feedback