Create a Report to Find SharePoint Online Licensed Users

by jess on August 10, 2016

No Comments

You can create a report on all SharePoint Online licensed users within your Office 365 tenant by following the example below:

Connect to Office 365 via PowerShell

Run the Commands Below in PowerShell ISE (Administrator Access)
The following commands will connect to your tenant, and then create a CSV report for you to filter on:

Import-Module MsOnline
Get-MsolUser -All | where {$_.isLicensed -eq $true -and $_.Licenses[0].ServiceStatus[7].ProvisioningStatus -ne "Disabled"} | Export-Csv "./SPOnlineLicensedUsers.csv"

More info:


Manage How External User Invitations Can Be Accepted for SharePoint Online

by jess on February 18, 2016

No Comments

Office 365 recently introduced a feature that lets tenant administrators better control how external user invitations can be accepted for SharePoint Online.

Default Behavior

When an external user invitation is set, the invitation can be claimed by any account. This can include someone who the original invitee forwards the e-mail to, or if somehow the e-mail is intercepted by another party.

Whoever accepts the invitation is then granted the permissions that were assigned with the original invitation. This can cause confusion for members of a SharePoint site, if someone other than the intended person accepts the invitation.

New “Account Match” Behavior

Microsoft introduced a setting which changes the behavior of external user invitations on a SharePoint Online tenant. More information can be found in the following Office 365 support article:

Use Windows PowerShell to control how external sharing invitations can be accepted

When enabled, the RequireAcceptingAccountMatchInvitedAccount parameter requires external users to accept invitations with the email account with which they originally received the invitation.

If the new value on the RequireAcceptingAccountMatchInvitedAccount setting within the tenant is set to “True”, the behavior can be changed. The new behavior requires that the account that accepts the invitation be the account that the invitation was originally sent to. If another account tries to claim the invitation, they receive an error from SharePoint Online.

This optional setting helps ensure the intended parties are accepting the invitations to the site, and reduces confusion if the original invitation is forwarded, and a secondary party unintentionally claims the invite.

Set The “Account Match” Behavior On Your Tenant

To change your SharePoint Online tenant to require the accounts match for external users across your site collections, follow the steps below:

  1. Install a recent version of the SharePoint Online Management Shell.
  2. Once installed, either open the SharePoint Online Management Shell, or my personal preference, use Windows PowerShell ISE. The ISE editor should load the SharePoint Online modules transparently. (If not, try either logging out of your Windows session, and logging back in, or restarting your computer.)
  3. Connect to your SharePoint Online tenant using the following PowerShell command. Replace the tenant and account placeholders with your tenant information.
    • Connect-SPOService -Url https://<tenant> -credential <admin account>


  4. When prompted, log in to your Office 365 account using your normal credentials:
  5. (Optional) Check the current value for the RequireAcceptingAccountMatchInvitedAccount setting by using the following command:
  6. Update the value for the RequireAcceptingAccountMatchInvitedAccount setting to True:
    • Set-SPOTenant -RequireAcceptingAccountMatchInvitedAccount $true
  7. (Optional) Check the updated value for the RequireAcceptingAccountMatchInvitedAccount setting by repeating the following command:

Add a Field Label for “Sort By” in a SharePoint 2013 Search Center

by jess on February 16, 2015

No Comments

Recently, I had a request to add a text label to the Sort By field in a SharePoint 2013 Search Center, so that end users would more quickly figure out what the field floating in the middle of the results page was for. This is a quick tip for those looking to do the same thing.

Enable Sorting in Search Results

To enable the Sort By feature in a search results page, perform the following steps:

  1. Edit the Search Results page
  2. Modify the Search Results Web part
  3. Under the “Settings” heading, click Show sort dropdown

When viewing the search results page, you should now see a field floating under the Search Navigation, but above the actual search results. In this case, the request was to add a text label next to the field to make it more clear what its purpose was:

Add a Label to the Sort By Field


Initially, I thought it would be simple to use jQuery, which was already in the environment, to just find the structure in the DOM and insert a field label. In looking at the generated DOM in the page, I could see the following structure:

However, I found after several attempts to get a handle on #Sortby or #SortbySel using jQuery, that there was a timing issue between jQuery attempting to get ahold of the DOM structure, and SharePoint actually generating the elements. Using several event methods with jQuery, I kept coming up with null references. This should be simple, so time for a new approach… which reminded me of a comic I had seen on Hugh Wood’s blog:

Modern CSS

In this particular case, the end users of the Search Center were all using IE 11 and/or Google Chrome, so we had modern web browser capabilities at our disposable. Since I had the DOM structure, and knew what the HTML markup was for the field and its containers, I decided to use the CSS ::before selector to dynamically generate the field label.

I added an Alternate CSS file to the Search Center site settings, and used the following CSS to generate the label:

#ResultHeader #Actions #Sortby::before {

content: “Sort By: “;

font-weight: bold;

Once the CSS was added, we now had a label on the Sort By field, without timing issues!

Passing HTML in Nintex Workflow Start Workflow Web Service

by jess on October 15, 2014

No Comments

Nintex Workflow provides the capabilities to start other workflows using the “Call Web Service” workflow action. One of the benefits of this method, is that you can pass workflow variable values through the web service through the associationData parameter. The Nintex Community site has a good basic write-up on how do to this:

Start a Workflow using a Web Service

One of the tips missing from the article is how to pass HTML data using the web service method. If you follow the article to the letter, you will find that your data is not represented on the child workflow.

To pass HTML data, you need to use the “XmlEncode” Inline Function when creating your association data string. This will make the value of your data safe for transport:


When the child workflow starts and receives the passing data, I have found it will automatically decode the value, and make it available for normal HTML display.

Parsing Values with Commas
If the value of your variable has commas contained within it, you might find that the function truncates the text value when the workflow runs. This is apparently due to the way the inline function is passed information from Nintex Workflow, separating values with commas. To protect against this, wrap your variable reference with {TextStart} and {TextEnd}:


This will pass the full value of your XML encoded content so you can complete the process!


Repairing Corrupted System Files in Windows 8 and Windows 8.1

by jess on January 11, 2014


I recently had an issue with a corrupted file on one of my Windows 8.1 Pro computers. When I would run the System File Checker command (sfc /scannow), which was used by other versions of Windows in the past, I would receive a message that corruption was found, but could not be repaired:


In investigating the CBS.log file, located at C:\Windows\Logs\CBS\CBS.log, I saw entries like the following:

2014-01-11 10:41:19, Info CSI 000004c7 [SR] Beginning Verify and Repair transaction
2014-01-11 10:41:23, Info CSI 000004c8 Hashes for file member \SystemRoot\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB do not match actual file [l:36{18}]"Amd64\CNBJ2530.DPB" :
Found: {l:32 b:iFGN8kqBrULckYGGWwjgESo5hfk/GDgVttoobZ/7h/o=} Expected: {l:32 b:n520k714Uu3utHa5JGQ6HQYbZphKhlMWq5pEmfnCDuw=}
2014-01-11 10:41:23, Info CSI 000004c9 [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-01-11 10:41:28, Info CSI 000004ca Hashes for file member \SystemRoot\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB do not match actual file [l:36{18}]"Amd64\CNBJ2530.DPB" :
Found: {l:32 b:iFGN8kqBrULckYGGWwjgESo5hfk/GDgVttoobZ/7h/o=} Expected: {l:32 b:n520k714Uu3utHa5JGQ6HQYbZphKhlMWq5pEmfnCDuw=}
2014-01-11 10:41:28, Info CSI 000004cb [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-01-11 10:41:28, Info CSI 000004cc [SR] This component was referenced by [l:186{93}]"Microsoft-Windows-Printer-Drivers-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.INF_prncacla"

After some additional research, I found a very useful post on the newer Deployment Imaging and Servicing Management (DISM) tool. One of the benefits of this newer command, is that it can download updated files from Windows Update, rather than relying solely on an offline cache.

I then ran the following command to use DISM to check for corruption, as well as repair any issues it found:

DISM /Online /Cleanup-Image /RestoreHealth

After running the command, it says it found corruption, and repaired the issue. I returned to the CBS.log file and saw the following:

Checking System Update Readiness.

(p) CSI Payload Corrupt (Fixed) amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB

Operation: Detect and Repair
Operation result: 0x0
Last Successful Step: Entire operation completes.
Total Detected Corruption: 1
CBS Manifest Corruption: 0
CBS Metadata Corruption: 0
CSI Manifest Corruption: 0
CSI Metadata Corruption: 0
CSI Payload Corruption: 1
Total Repaired Corruption: 1
CBS Manifest Repaired: 0
CSI Manifest Repaired: 0
CSI Payload Repaired: 1
CSI Store Metadata refreshed: True

Total Operation Time: 655 seconds.

I was also able to see where DISM had downloaded new files through Windows Update:

2014-01-11 11:08:14, Info CBS Appl: Evaluating package applicability for package KB2878971-printscan~31bf3856ad364e35~amd64~~6.3.9600.16384, applicable state: Installed
2014-01-11 11:08:14, Info CBS REPR: WU scans package KB2878971-printscan~31bf3856ad364e35~amd64~~6.3.9600.16384 that is required by CBS
2014-01-11 11:08:14, Info CBS DWLD: PopulateDownloadFileList is called, must be express package.
2014-01-11 11:08:14, Info CBS Repr: File list: Payload amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB requested
2014-01-11 11:08:14, Info CBS Exec: (Repair) Job has been saved for package: KB2878971-printscan~31bf3856ad364e35~amd64~~6.3.9600.16384.
2014-01-11 11:08:14, Info CBS Asynchronous Session: 30346991_3064396655 finalized. [HRESULT = 0x00000000 - S_OK]
2014-01-11 11:08:14, Info CBS Session: 30346991_3071347097 initialized by client WindowsUpdateAgent.
2014-01-11 11:08:19, Info CBS Session: 30346991_3113639432 initialized by client WindowsUpdateAgent.
2014-01-11 11:08:19, Info CBS DWLD: Bundled index = 0
2014-01-11 11:08:19, Info CBS DWLD: Windows update server URL:
2014-01-11 11:08:19, Info CBS DWLD:Content is Full-Cab package.
2014-01-11 11:08:19, Info CBS DWLD: Windows update server URL:
2014-01-11 11:08:19, Info CBS DWLD:Content is Express package.
2014-01-11 11:08:19, Info CBS DWLD: Windows update server URL:
2014-01-11 11:08:19, Info CBS DWLD:Content is Express package.
2014-01-11 11:08:19, Info CBS Repr: Finished collecting payload.
2014-01-11 11:08:19, Info CBS Repr: Finished repairing CBS Store.

When running the SFC utility a second time, it verified that there were no issues – it was fixed!


Fixes in SharePoint 2010 Service Pack 2

by jess on July 31, 2013

No Comments

Microsoft recently released Service Pack 2 for SharePoint, which can be downloaded on “Updates for SharePoint 2010 Products” page. Below are the fixes specifically included in the updates:

Fixes in the SP2 Update

  • Navigating to a SharePoint site with a BlackBerry device may open a non-mobile page.   Adding RIM6 into compat.browser allows users to access SharePoint pages and view documents in mobile view.
  • If anonymous access is enabled for SharePoint 2010 SP1 (or later Cumulative Update), attempts to to access the site via a mobile device will receive an authentication prompt.
  • Customers are unable to use spell check in Korean when running SharePoint on Windows Server 2012.
  • Displaying Summary Links Web Part in personalizing view; generating confusing error message.
  • Deployment fails for content types containing a formula field in Italian.
  • File attachments are not deleted due to incorrect URL formatting.
  • If requireExactUrl is not set for openweb calls, the PublishingWeb constructor may spawn variation pages  into incorrect locations while attempting re-creation of failed label during create hierarchies.
  • Incremental content deployment fails, giving the following error: FatalError: The given key was not present in the dictionary.
  • Spell Checker doesn’t work properly with Internet Explorer 10.
  • Rich text editor spell checker may work incorrectly on 64 bit machines.
  • Customers encounter issues sending e-mail from workflows when the From address uses a non-Unicode character set.
  • Updated VBE7.dll to fix safe array corruption for x64 hosts when calling UDF methods using safe array arguments directly from the host.
  • SQL exceptions will appear in the log when running update statistics timer.
  • Improved performance of the AllUserData table.
  • Getting a feed against a discussion board fails if feed contains more than zero items.
  • SharePoint 2010 client object model now has compatibility for accessing SharePoint 2013 servers.
  • Windows 8 users with Internet Explorer 10 receive an error when trying to open a document from SharePoint 2010 directly in the Office client.
  • Call GetChanges won’t return changes in certain cases where the change log has been edited and no parameters are set.
  • STSAdm MigrateUser fails when SQL server is not in domain.
  • Attempting to delete a child web from site settings causes the page to fail.
  • There is no exposed method to recalculate the second stage recycle bin size.
  • April 2011 Calendar View does not display correctly with Amman System Time zone.
  • Users can create a scenario where a site loses permissions.
  • After deleting a web that contains historical document versions in the RecycleBin, rows are abandoned in the database.  These rows bloat the size of the database, causing difficulty with database management operations such as backup/restore, complicating upgrade and other scenarios.
  • After creating alerts on a document library with unique permissions and moving the contents using SPFolder.MoveTo method, the permissions seem to be lost and even the farm administrator is not able to delete these alerts.

We aren’t in the coffee business, serving people. We’re in the people business, serving coffee.– Nabi Saleh


Redirect non-encrypted HTTP traffic to SSL-enabled HTTPS in IIS 7+

by jess on July 12, 2013

1 Comment

It used to be that redirecting HTTP traffic to the SSL-enabled equivalent was a convoluted process, especially in IIS 6 and previous versions. Weird tricks using error codes on specific default files in the web site, etc. Back in the IIS 6 days, it made me greatly miss using mod_rewrite with Apache on Linux.

Thankfully Microsoft caught on a few years back, and released an official IIS extension called URL Rewrite, which is essentially the equivalent of Apache’s mod_rewrite. Using URL_Rewrite, you can fairly easily implement a rule to detect if the browser session is using SSL, and if not, redirect it to wherever you want the browser to go.

Below are the steps to handle the SSL direct of a web site using URL_Rewrite within IIS:

  • Set up your web site to listen on both port 80 (HTTP) and port 443 (HTTPS), or whatever ports you are choosing to use. In the bindings, make sure you have associated a valid SSL certificate, etc. I’m kind of assuming you have already done this, and just want to handle a redirect at this point.
  • On your IIS 7+ web server(s), install URL Rewrite. My preferred method is to use the Microsoft Web Platform Installer, which will sometimes do some extra work for you beyond just installing an .msi file, depending on the IIS extension you are installing (like Web Deploy).
  • Once you have URL Rewrite installed, open the IIS Manager.
  • In the left-hand pane, select the web site you would like to apply the redirect rule to.
  • In the main window for the web site, under the IIS category, click the icon for URL Rewrite to add a new rule that only applies to this site.


  • You should see the URL Rewrite configuration screen for this web site. Under Actions on the right, click Add Rule(s)…


  • Go ahead and take the default rule template of Blank rule, and click OK.


  • In the Edit Inbound Rule screen, give a meaningful Name to the rule, such as “Redirect HTTP Traffic to HTTPS”.


  • Leave the Requested URL field set to “Matches the Pattern”, and leave the Using field set to “Regular Expressions”.


  • In the Pattern field, enter the pattern of (.*) because we want to match anything in the URL. We are more concerned about whether or not SSL is being used or not, rather than what is contained within the URL in this case.


  • Expand the Conditions section, and click Add.


  • In the Condition input field, enter {HTTPS}. This will detect if SSL is being used by the web browser session.

  • In the Pattern field, enter ^OFF$. This is what will trigger the rule if SSL is not being used for the web session. Then click OK.


  • Scroll down to the Action section, and change the Action type to Redirect.


  • In the Redirect URL field, enter the following: https://{HTTP_HOST}/{R:1}

  • This action does a couple things. The {HTTP_HOST} variable will assign whatever host name is being used by the web client. That way you don’t have to hard code a domain name in the rule – although you could if you wanted. The {R:1} variable takes whatever is after the host name, and appends it to the redirect URL. So for example, if the browser is calling, the {R:1} variable appends the highlighted section of the URL to the redirect URL.


  • Next, make sure to check the checkbox for Append query string. This will make sure any URL parameters will be automatically appended to the redirect URL. Using the previous example, if the URL is the checkbox ensures the highlighted section is automatically appended to the redirect URL.


  • The next step is to decide the HTTP redirect type code you want to send the browser. You could send a Permanent (301) code if you always browsers and search engines to consider the HTTP URL to be essential an old and “shouldn’t be used” URL. However, I typically prefer to us the code for See Other (303), as that allows some flexibility in the future. Choose whatever makes sense in your situation.


  • Then click Apply in the Actions menu on the right, and then Back to Rules.


  • When you return to the URL Rewrite rules screen, you should see a new entry for the redirect rule we just created:


Now, try browsing to your web site using the HTTP version of the URL. You should be able to see within the web browser the URL is changed dynamically to the HTTPS equivalent of whatever URL you used, even if it had a long path with URL parameters in it. Any previously created links or bookmarks should now dynamically redirect to the SSL-enabled equivalent of the web site.

Hide Distribution List Membership in SharePoint 2010 User Profiles

by jess on July 9, 2013

No Comments

To hide Exchange distribution list memberships on SharePoint 2010 user profiles, follow these steps:

  • Access Central Administration
  • Access the User Profile Service Application
  • Under People, click Manage Policies


  • Under Memberships, click Distribution List, then click Edit Policy


  • Change the Policy Settings field to: Disabled
  • Uncheck the checkbox for User can override


  • Click OK

The distribution lists should now no longer display on individual User Profiles in SharePoint.


Spring Cleaning: Virtual Server 2005 Migrations to Hyper-V

by jess on July 6, 2013

No Comments

Doing some Spring cleaning (late) on some of our virtual infrastructure for some of our lab virtual machines. We have an old Virtual Center 2005 server that has multiple VM’s on it, and needed to migrate some of them to one of our Hyper-V servers. Once the process was down, it is fairly simple, and basically consists of:

  1. Convert the boot drive from SCSI to IDE
  2. Uninstall the network device
  3. Uninstall Virtual Server Additions
  4. Check the hardware abstraction layer (HAL)
  5. Move the virtual disk to the Hyper-V server
  6. Convert the virtual machine configuration using VMC2HV
  7. Power on the Hyper-V virtual machine
  8. Install a DVD Drive
  9. Install Integration Services
  10. Re-Activate Windows if needed

Some posts that I found helpful in the process were:

Windows Server 2008 Hyper-V Resource Kit: Chapter 8: Moving from Virtual Server 2005 R2 to Hyper-V

Virtual Machine Migration Guide: How To Migrate from Virtual Server to Hyper-V