November 2007 - Posts

• Restricting Available Templates in MOSS07

  Some companies have a list of corporate approved site templates that they only want users to be able to select when creating new sites.  One way that I found to restrict this is to create a Feature that uses the WSS OM to change the list of available template.  You could then “staple” this feature to templates that you want a restricted list of site templates on.        public override void FeatureActivated(SPFeatureReceiverProperties properties)         {             SPWeb site = (SPWeb)properties.Feature.Parent;             site.AllowUnsafeUpdates = true;             // Standard Publishing Feature must be activated             PublishingWeb publishWeb = PublishingWeb.GetPublishingWeb(site);             publishWeb.Web.AllowUnsafeUpdates = true;             // Create a collection to store selected SPWebTemplates             Collection<SPWebTemplate> temp = new Collection<SPWebTemplate>();             //Get all available templates for a given lanugage             Microsoft.SharePoint.SPWebTemplateCollection templates = site.GetAvailableWebTemplates(site.Language);             // Add specific templates to our collection             temp.Add(templates["STS#0"]);             temp.Add(templates["MPS#1"]);             temp.Add(templates["MPS#2"]);             // Update the templates that are available             publishWeb.SetAvailableCrossLanguageWebTemplates(temp, false);             publishWeb.Update();             site.AllowUnsafeUpdates = false;         } Posted Nov 21 2007, 09:24 PM by undercoverlaptop with 2 comment(s)

• Filtering Active Directory Accounts from People Picker

  Overview There are two locations in SharePoint where users can “find” other users in the system; either by performing People search using the search services or using the People Picker control. Results can be different from both locations because they are pulling from different data sources. The People Search pulls from the SharePoint Profile database, which is a list of all the users that were pulled in from Active Directory that matched a certain filter criteria. The people picker on the other hand pulls directly from Active Directory and because of this, the people picker typically return more results. This is due to the fact that it is grabbing users that are disabled, service accounts and users that don’t have email address (duplicate accounts in our AD structure due to multiple domains). Problem People picker is returning users that are disabled and service accounts. Also, due to our infrastructure, a number of users have multiple accounts across the domains but only one “main” account. The main account is always the account that has an associated email address; all other accounts don’t have email address. Resolution Using the stsadm tools, it is possible to set a custom Active Directory filter on the people picker control. This can be done with the following command. Stsadm –o setproperty             –pn peoplepicker-searchadcustomfilter             –pv -<LDAP filter>             -url  <WebApplication url> Example Syntax: Stsadm –o setproperty              –pn peoplepicker-searchadcustomfilter              -pv “(|(&(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(objectcategory=group))”              -url http://myportal This example filters out accounts that don’t have email address or are disabled. Because security groups don’t always have email addresses, we did an OR statement to make sure they are still included. This command must be run against each web application that should have the custom filter applied to the People Picker. On a side note, it appears that the People Picker doesn’t just pull from Active Directory but also pulls information from the Site Collection list of users who have “hit” the site. This in my opinion is a bit annoying because accounts that have been disabled (people leaving the company) stick around. Figures. I thought I'd share this with everyone as this seems to be undocumented stsadm command.  I noticed it in the list of available properties to set using setproperty but couldn’t find a SINGLE thing on the web so we asked a Microsoft representative if he had any guidance. Note: The line breaks are for readability and should not be in the batch file or command line. Posted Nov 21 2007, 08:57 PM by undercoverlaptop with 5 comment(s)