Just SharePoint

This article describes how to import user profile information of enabled user accounts from Active Directory directory services to Microsoft Office SharePoint Portal Server 2003.

You configure import settings for user profiles that you want to import on the Configure Profile Import page of SharePoint Central Administration. SharePoint Portal Server uses the (&(objectCategory=person)(objectClass=user)) LDAP search filter and user profile information of all user accounts in Active Directory are imported to SharePoint Portal Server. This filter imports all enabled and disabled user accounts to SharePoint Portal Server.

You can filter the user profile information that you want to import from Active Directory by adding query clauses to the LDAP search filter in the User filter box in the Search Settings area of the Configure Profile Import page.

To import user profile information of only user accounts that are enabled, use the (&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2))) LDAP search filter.

Import User Profile Information of Enabled User Accounts from Active Directory to SharePoint Portal Server

To import user profile information of user accounts that are enabled in Active Directory to SharePoint Portal Server, follow these steps:

1.On the Site Settings page of the portal site, on the User Profile, Audiences, and Personal Sites page, click Manage profile database.

2.On the Manage Profile Database page, click Configure profile import.

3.On the Configure Profile Import page, in the Source area, click Custom source.

4.In the Access Account area, type the user account name and password of the user account that has appropriate permissions to access Active Directory.

5.In the Full Import Schedule area, click to select the Schedule full import check box, and then specify the full import schedule that you want.

6.In the Incremental Import Schedule area, click to select the Schedule incremental import check box, and then specify the incremental import schedule that you want.
Note If the Schedule incremental import option is not available (appears dimmed), click to select the Import from Active Directory by using the incremental method check box in the Source area.
Important To perform incremental imports for Microsoft Windows 2000 Server Active Directory, the user account that you use to perform the import operation must have the Replicating Directory Changes permission. This permission is not required to perform incremental imports for Microsoft Windows Server 2003 Active Directory. To assign the Replicating Directory Changes permission to the user account that you use to perform the import operation, follow these steps:

a.Start Active Directory Users and Computers.

b.On the View menu, click Advanced Features.

c. Right-click the domain object, and then click Properties.

d. Click the Security tab.

e. In the Group or user names list, click the user account that you want to use to perform the import operation.
If the user account is not displayed in the list, click Add, type the name of the user who you want to add, and then click OK.

f. In the Permissions for UserName list, click to select the Allow check box next to the Replicating Directory Changes permission, and then click OK.

7.Click OK.

8.On the Manage Connections page, do one of the following as appropriate to your situation:

•Click the name of the domain that you want to edit, and then click Edit.
-or-

•Click New connection to add a new domain controller that contains the user profiles that you want to import.

9.On the Edit Connection or Add Connection page (as appropriate to your situation), in the Search Settings area, do the following:

a.In the Search base box, type the distinguished name (DN) of the Active Directory object from where you want to import the user profiles.
The DN of the search base object defines the location in Active Directory where you want to start your search. The following are examples of DNs:

•DC=DomainName, DC=com

•CN=Users, DC=DomainName, DC=com

•OU=OrganizationalUnit, DC=DomainName, DC=com

b. In the User filter box, type the following LDAP search filter:

(&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2)))

c. Under Scope, specify the scope level, page size, and page time-out options that you want.

10.Click OK.

 

REFERENCES

For more information about how to write LDAP search filters, visit the following Microsoft Web site:

http://msdn2.microsoft.com/en-us/library/ms180883(vs.80).aspx (http://msdn2.microsoft.com/en-us/library/ms180883(vs.80).aspx)

For more information about LDAP search filters, see Request for Comments (RFC) 2254. To do so, visit the following Internet Engineering Task Force (IETF) Web site:

http://www.ietf.org/rfc/rfc2254.txt?number=2254 (http://www.ietf.org/rfc/rfc2254.txt?number=2254)

 

Source

With Office Server SP1 out now, it looks like we will see a lot security features updates like this one.

This article describes how to set restrictions on a site collection on a computer that is running Microsoft Office SharePoint Server 2007 Service Pack 1 (SP1). The article discusses how to allow access only for users in a particular organizational unit (OU).

Administrators can use the stsadm.exe command to set restrictions on a site collection to allow access only for users in a particular OU. To do this, follow these steps:

1. Click Start, click Run, type cmd, and then click OK.

2.At the command prompt, type the following command, and then press ENTER:

cd /d %programfiles% \Common Files\Microsoft Shared\Web Server Extensions\12\BIN

3.At the command prompt, type the following command, and then press ENTER:

stsadm.exe –o setsiteuseraccountdirectorypath –url site collection url -path OU path

For example, type the following at the command prompt:

setsiteuseraccountdirectorypath –url http://server/sites/s1 -path "OU=MSCRM,DC=redmond,DC=corp,DC=microsoft,DC=com"

Note The path will be the full distinguished name of the OU. The command will set the restrictions to allow only users under "OU=MSCRM,DC=redmond,DC=corp,DC=microsoft,DC=com" to be added to the site collection http://server/sites/s1.

To obtain the OU path, type the following at the command prompt, and then press ENTER:

stsadm.exe –o getsiteuseraccountdirectorypath –url site collection url

When the administrator uses the Stsadm.exe tool or another management tool to manage the site collection, the administrator will be added as a user to the site collection. The command in step 3 will block the administrator from managing the site collection if the administrator does not belong to the OU. To enable the administrator to manage the site collection, type the following at the command prompt, and then press ENTER:

stsadm.exe -o setproperty -url webappurl -pn "peoplepicker-serviceaccountdirectorypaths" -pv paths

Note In this command, paths is a placeholder for a semicolon-separated list of distinguished names.
To see the list of allowed administrator directory paths, type the following at the command prompt, and then press ENTER:

stsadm.exe -o getproperty -url webappurl -pn "peoplepicker-serviceaccountdirectorypaths"

Related KB

If you want to create site collections using create site button, you need to do the following:

1. Enable Self Service Site Creation in Central Administration
2. Change behavior of the Create Site button on Site Directory

Enable Self Service Site Creation in Central Administration

1. Open the Central Administration site

2. Click Application Management

3. Click Self-service site management

4. Select the correct web application (that step is easy to miss)

5. Select On for Enable Self-Service Site Creation and click Ok.

Change behavior of the Create Site button on Site Directory

1. From the portal, use the Site Actions menu, select Modify All Site Settings. If you are not on top level site you will need to go to Top Level Site Settings.

2. Under site collection administration, select Site Directory Settings.

3. Select the checkbox to create new site collections from sites directory.

Thanks to Mark

You upload a document or a file that was created by using the 2007 Microsoft Office system to a Microsoft Office SharePoint Portal Server 2003 Web site. When you do this, SharePoint Portal Server cannot index the 2007 Office document or file.

This issue occurs because the 2007 Office iFilters are not included in SharePoint Portal Server 2003. Therefore, the following 2007 Office file formats are not indexed by SharePoint Portal Server 2003:

•.docx

•.docm

•.pptx

•.pptm

•.xlsx

•.xlsm

To resolve this issue, install a 2007 Office program, such as Microsoft Office Word 2007, on the computer that is running SharePoint Portal Server. By default, this procedure also installs the 2007 Office iFilters. To do this, follow these steps:

1.Install Word 2007 on the computer that is running SharePoint Portal Server.

2.Click Start, point to Administrative Tools, and then click SharePoint Central Administration.

3.On the SharePoint Portal Server Site Settings page, click Configure search and indexing in the Search Settings and Indexed Content section.

4.On the Configure Search and Indexing page, click Include file types in the General Content Settings and Indexing Status section.

5.On the Specify File Types to Include page, click New File Type.

6.On the Add File Type page, type the file name extension for the file type that you want to add in the File extension box. The 2007 Office system uses the following file name extensions:

•.docx

•.docm

•.pptx

•.pptm

•.xlsx

•.xlsm

7.Click OK.

KB Article 944445

Microsoft have released an important security bulletin for Windows SharePoint Services v3 and MOSS 2007 – MS07-059.

HowTo for MOSS 2007

Download Security Update to a C:\Downloads\SharePoint

Run this command from the cmd prompt (Assuming your moss installation files are copied to C:\Server12)

officeserver2007-kb937832-fullfile-x86-glb.exe /extract:C:\Server12\Updates

Check C:\Server12\Updates folder to find new files!

HowTo for WSS3

Download Security Update to a C:\Downloads\SharePoint

Run this command from the cmd prompt (Assuming your moss installation files are copied to C:\WSS)

wssv3-kb934525-fullfile-x86-glb.exe /extract:C:\WSS\Updates