I was checking status of a pair of MOSS servers I had recently set up in a web farm. 

I noted that the cluster appeared to be functioning, but when connecting from WFE1, only WFE1's configuration could be loaded.  Likewise, when connecting to the NLB cluster from WFE2, only WFE2's configuration could be loaded.  The servers could not ping each other on any IP address.

Windows NLB has the ability to work in two different modes: “unicast” and “multicast.”Regardless of the mode you choose, NLB creates a new virtual MAC address assigned to the network card that has NLB enabled, and all hosts in the cluster share this virtual MAC. Then, all incoming packets are received by all servers in the cluster, and each server’s NLB drivers are responsible for filtering which packets are for that server and which are not.When in unicast mode, NLB replaces the network card’s original MAC address. When in multicast mode, NLB adds the new virtual MAC to the network card, but also keeps the card’s original MAC address.

Both unicast and multicast modes have benefits and drawbacks. One benefit of unicast mode is that it works out of the box with all routers and switches (since each network card only has one MAC address). The disadvantage is that since all hosts in the cluster all have the same MAC and IP address, they do not have the ability to communicate with each other via their NLB network card. A second network card is required for communication between the servers.

Multicast mode does not have the problem that unicast operation does since the servers can communicate with each other via the original addresses of their NLB network cards. However, the fact that each server’s NLB network card operating in multicast mode has two MAC addresses (the original one and the virtual one for the cluster) causes some problems on its own. Most routers reject the ARP replies sent by hosts in the cluster, since the router sees the response to the ARP request that contains a unicast IP address with a multicast MAC address. The router considers this to be invalid and rejects the update to the ARP table. In this case you’ll need to manually configure the ARP entries on the router. (Don’t worry if you’re lost at this point. Just be aware that if you’re using multicast mode, you’ll need to get one of your network infrastructure people involved.)

The bottom line is that you don’t want to use unicast in a Terminal Server environment unless you have two network cards. (That way, you can still connect to a specific Terminal Server if you need to via another adapter and another IP address.) If your servers have only a single network card, then you’ll want to use the multicast mode.

What it boils down to is that in my case, I needed to use Unicast because of the multi-subnetted environment, and I needed to use dual network cards on each server so that each node could talk to the others.  So that's what I did... AND IT WORKED FOR A WHILE.  This is important.  It threw me for a loop until I remembered that it had been working originally.  Something must have changed.

Event Type:        Warning
Event Source:      WLBS
Event Category:    None
EventID:           18
Date:              9/29/2008
Time:              11:00:20PM
User:              N/A
Computer:          WFE1
Description:
NLB Cluster 10.10.10.163 : Duplicate cluster subnets detected.  The network may have been inadvertently partitioned.  

...but per Microsoft, this is not a big deal:

 During the time that the cluster was partitioned, the members of the cluster converged into two or more separate clusters. This event is an informational message that reports the network had been partitioned and the WLBS hosts now have correctly converged in just one cluster. This event is benign but if it is logged repeatedly there may be an issue with the underlying network or the network infrastructure may be insufficient for the volume of traffic. STATUSThis behavior is by design.

Q. I Have Two Network Adapters on Each Server in My NLB Cluster. How Do I Ensure That All Outbound Traffic Goes Through Non-Load-Balanced Network Adapters? 

A. Sometimes it is desirable for performance or other reasons to direct all outgoing traffic through a different network adapter that the one that is being load balanced with NLB. This implies that there is more than one network adapter on each host in a cluster: NLB is bound to one network adapter called cluster network interface card, and the other network adapter does not have NLB bound to it. To make sure that the outbound traffic leaves each host through the non-cluster network adapter, do the following: 

Set the metric on the cluster network adapter to a higher value than the non-cluster network adapter. For example, if you have two network adapters on each host, set the non-cluster network adapter metric to 1 and cluster network adapter metric to 2. The network adapter with a higher metric means it is more expensive to use than the other one with a lower metric. That will ensure that the outbound traffic will be routed out of the non-cluster network adapter. 

If you want to use default gateways on both cluster and non-cluster network adapters, make sure the metric of the default gateway on the cluster network adapter has a higher value than the one on the non-cluster network adapter. If you do not want to route any outgoing traffic out of the cluster network adapter, you should not specify the default gateway for it at all.  

In this case, the solution involved going to each network adapter on WFE1 and WFE2 and, under Advanced TCP/IP Properties, deselecting the "automatic metric" property and specifying the explicit values of "1" for the Production NIC and "2" for the NLB NIC.  After that, it started working perfectly.

I recently deployed a SharePoint extranet using Microsoft Office Search Server Express 2008 (MSSX), which turned out to be quite interesting.  I will share all the salient details of that adventure in my next post.  But first: 

1. Using Windows CALs for the anticipated number of users.
2. Using the External Connector license (this is the same type of license that would cover an internet-facing Terminal Server).
1. The External Connector costs $2000 per server.  (Interestingly, an EC license for Terminal Server costs $8000.) 
3. Using Windows 2003/2008 Web Edition, which does not require CALs or an EC license, but can’t host a SQL instance.  There are some strict limitations to using Windows Web Edition and most IT folks avoid it because it can limit flexibility, but it’s a cost effective solution, and it does cost less than Standard Edition.

Note: Actually, I have conflicting information on this.  On this page it says that Windows 2003 Web Edition will allow you to install SQL 2005 Express Edition; however, this may only pertain to the R2 edition of Windows 2003.  I've tried to install SQL Express on Web Edition in the past, and it wouldn't let me, but that was before R2.  Maybe someone could confirm this?Updated 9/26/08: SharePoint MVP Mike Walsh confirms that you still can't put SQL Express on Windows 2003 Web Edition; it has to be on a second server.

References:

• Office & SharePoint Pro: License to Fill: Licensing WSS for the Extranet
• Office & SharePoint Pro: Licensing WSS
• Windows IT Pro: Using SharePoint for Extranets
• WSS Collutions: About Licensing 
• Microsoft: Pricing for Windows 2003 R2 Editions
•  Microsoft: External Connector Licensing
• Microsoft: Windows 2003 Web Edition Licensing
• Microsoft: Pricing for MOSS Editions
• Microsoft: MOSS FAQ 

• (Updated 9/26/08): Mike Walsh asked that I be a little clearer in my wording, so I will clarify:
• The WSS Collutions article I linked to was written in 2003 for the 2.0 version of WSS.  He actually updated this article after I linked to it, so if you read it yesterday you might want to go back and take another look.  
• There is no license covering WSS specifically.  You are licensing the connection to Windows.
• The important thing to remember is that Microsoft is concerned about authenticated access to the server.  
• Mike Walsh makes a good point: "Licensing is as always something that should be checked with Microsoft."  
• Anonymous users do not require licensing.  Mike seems to be saying that even if you are only serving anonymous users, you will still need an External Connector license.  Although my original assumption came from reading the SharePoint FAQ (text is below), I will follow the MVP's guidance on this one. 
• Another useful link is a terse "Supplemental" statement from Microsoft about licensing and WSS:
• Windows SharePoint Services conforms to the Windows Server 2003 licensing model.
• The usage of the Windows SharePoint Services on Windows Server 2003 Web Edition, is limited to front-end Web serving tasks. The data storage portion of Windows SharePoint Services may not be installed or used on Windows Server 2003 Web Edition.
• The External Connector is different from the edition of MOSS called Microsoft Office SharePoint Server 2007 for Internet Sites, which is essentially MOSS 2007 Enterprise with a blanket license covering unlimited connections. 
• From the MOSS FAQ:
• If I am using forms authentication or any other third-party authenticationsystem with external users, do I still need to purchase Windows Server 2003External Connector (EC) license? 
• Yes. External users that are authenticated, by any means, would requireeither a Windows CAL or a server with an External Connector license.
• If I am using SharePoint for an Internet facing website do I still need topurchase Client Access Licenses ("CALs")?  
• If you are creating an Internet- or Extranet-facing website, it isrecommended that you use Microsoft Office SharePoint Server 2007 forInternet sites. This license does not require the purchase of Client AccessLicenses. However, all content, information, and applications on thehosted using an "Internet Sites" edition cannot be accessed by employeescreating, sharing, or collaborating on content which is solely for internaluse only, such as an intranet portal scenario.

My two largest customers suddenly both decided they wanted to stop playing around with a test MOSS server, and put SharePoint into production.  So all week I've been building and configuring small SharePoint farms.  I ran into a real headache today, which I'll discuss below.

First, here are the two deployments:

SharePoint Farm with No Load Balancing:

This solution means you have a single web front-end server, but multiple servers in the farm, mostly for distribution of load.  This customer wanted a dedicated indexing server, with the index replicated over to a share on the WFE server.

 Figure 1: Generic SharePoint Farm without Network Load Balancing

SharePoint Farm with Load Balancing:

This customer decided to go with load balancing, which means you have multiple WFE servers all serving the same content.  In this case we did not set up any dedicated servers; the indexing and searching is distributed across both MOSS servers.     

Figure 2: Generic SharePoint Farm with Network Load Balancing 

Let's face it: Information Technology is a large enough discipline that it's easy to put yourself in a situation where you go from respected expert to bumbling moron in the blink of an eye.  It's bound to happen, since SharePoint crosses so many technologies.  Today, it was something as seemingly simple as setting up a two-node NLB cluster.

I'm not going to cover the specifics of setting up NLB, because that is covered elsewhere in lavish detail.  But I will pass along a gotcha. 

In NLB, there are two modes for traffic: Unicast and Multicast.  Unicast basically means the network card is dedicated to NLB traffic, and Multicast means you can use it for both NLB and regular traffic.  In the second figure above, the two MOSS servers each had one network card, so my plan was to use Multicast.  Everything converged beautifully and the clouds parted and the angels sang.  I got MOSS installed and joined to the farm.  I was able to browse to the "Portal" site hosted on the clustered IP, from several different servers. 

However, I couldn't reach the site from my laptop.  Or even ping the clustered IP.  Nobody else could, either.  Some of you are already nodding your heads.  Bonus points to you.

We found out that all the machines on the same subnet could connect to the clustered IP just fine, but nobody else could.  Since this is an enterprise with numerous subnets, this presented a problem. 

It turns out that due to the way Multicast works, some gateways do not route its traffic properly.  Older routers can't handle Multicast at all. Newer ones can, but this functionality is often turned off.  So in the end, we added another NIC to each MOSS server (luckily these are virtual machines, so it was easy), switched to Unicast, and the problem was resolved.

So here is a rule of thumb: Multicast is fine if you have a single subnet.  But use Unicast if you have more than one subnet (or a WAN). 

As soon as we switched over and reconverged, everything worked wonderfully again.  The clouds didn't part this time, but I still felt pretty good about it.

I haven't posted for a while, because as I'm sure you're all aware, there are only so many minutes in the day and when you fill them with doing SharePoint, there is very little time to talk about SharePoint.  What happened is that I got very busy with multiple designs and deployments for numerous customers, both large and small.  My sales people seem to have gotten their brains wrapped around the product, too, so we're doing a lot of pre-sales work.  It is a growing market and I appear to have it nearly cornered in my neck of the woods.  No one else is offering SharePoint consulting services here.

We did another SharePoint demo today, presenting Microsoft Search Server 2008 Express, and I noticed a trend in customer reactions.  Some customers get spooked by SharePoint just because it’s so big.  Although all the technicians in the room had an appreciation of the technical niceties of the product, the decision-maker—who is not very technical—grew overwhelmed by the potential complexity of setting it up and putting it to use.  I know the salesman had wanted to keep things simple, but the technicians asked a lot of questions, which I did my best to answer.

Just before she left, I tried to assuage her concerns by saying that a lot of people take away different perceptions of SharePoint: some are interested in calendars, some in enterprise search, some in document sharing.  They don’t have to understand or even use the other parts; it doesn’t need to be a holistic solution.  She replied that unfortunately, she tends to think holistically.  She said she might have to rethink her expectations for SharePoint, although she did mention there were several things she liked about it.

I went to lunch with my wife afterward and lamented this fact:

SharePoint, even the free versions, is simply too big. Unfortunately it’s a Microsoft product, which means it’s full featured and configurable to the nth degree.  I tell people all this, but sometimes it doesn’t turn out the way I intended.  Some people get excited and think of the possibilities.  Others become discouraged.  I’ve had three demonstrations resulting in the latter.

I think that’s the way to approach it. 

Hi All,

I'm sure most of you who play with SharePoint also wear the DBA hat from time to time (or the other way around).  I have been working with a customer who has hundreds of instances scattered across the enterprise.  This script customized to answer several questions, but mainly to report on the patching level of each instance.  Note that this is not a discovery tool; you have to know the instance names ahead of time, and have to have access to them.  

Anyway, I find it comes in handy when you have lots of instances to manage.

SQL Server Auditing Tool

This is a custom VBScript I developed to quickly audit a number of SQL Server instances at once.  The script uses SQL DMO libraries to connect to SQL 2000 and 2005 instances on the network, using Windows authentication to connect and gather properties of each instance to include:
 

• Instances:
• Name and SQL version (also indicating service pack)
• When the instance was installedo   The version and service pack of the Windows OS
• Databases:
• Name, file location, file size
• Tally of disk space consumed by all databases in instance

Paste the following code into a text file and save it as DBChecker.VBS.  You can then call it from a command line using CSCRIPT.  Don’t just double-click on the VBS file because it will output the results in a series of Windows popups, which is annoying as hell.

You can “pipe” the output to a text file, e.g. CSCRIPT DBChecker.vbs sql01\sharepoint sql01\tigerpaw sql01\tigerpawtest > dbcheck.txt

You can then paste the comma-delimited text into word and convert it to a table for reporting.  Or you can open the txt file in Excel. 

wscript.echo "Database Size and Location Reporter"
wscript.echo "  Size = Total Size of Data File + Transaction Log of DB."
wscript.echo "-------------------------------------------------"

'Configure array based on command line arguments
'               If no arguments, assume local hostname
If Wscript.Arguments.Count = 0 Then
    arrComputers = Array(".")
Else
    Dim arrComputers()
    For i = 0 to Wscript.Arguments.Count - 1
        Redim Preserve arrComputers(i)
        arrComputers(i) = Wscript.Arguments(i)
    Next
End If
 
For Each strComputer in arrComputers

'Connect to instance:
                strDBServerName = strComputer
                Set objSQLServer = CreateObject("SQLDMO.SQLServer")
                objSQLServer.LoginSecure = True
                objSQLServer.Connect strDBServerName

'Instance information   
                wscript.echo "SQL Instance: " & strDBServerName
                wscript.echo "Version: " & objSQLServer.VersionString
                wscript.echo "Number of databases: " & objSQLServer.Databases.count

'Table header
                wscript.echo "Database, Size (MB), PrimaryFilePath, LogFilePath"

'Iterate through all Databases in instance
                for i = 1 to objSQLServer.Databases.count

                                set objDB = objSQLServer.Databases(i)
                                intSize = objDB.Size
                                intTotalSize = cdbl(intTotalSize) + cdbl(intSize)
                                strDBName = objDB.Name
                                WScript.Echo strDBName & ", " & intSize & ", " & objDB.PrimaryFilePath& ", " & objDB.TransactionLog.LogFiles(1).PhysicalName

                next

'Post total size of all databases in instance
                wscript.echo "   Total: ," & intTotalSize & ","
                wscript.echo "-------------------------------------------------"

intSize = 0
intTotalSize = 0

'Next Instance
Next

Hi All,

I had a heck of a time finding all the information I needed to complete this task, so I thought I'd put it all together in one place, in case any of you are ever tasked (like I was) to implement TFS 2008.

I’ve figured out how to get Visual Studio 2005 Professional to connect to and create Team Projects on Team Foundation Server 2008.  There are a few patches to install, but it works!

1.   Install Team Explorer 2005

• This adds the basic functionality of the Team Explorer to the vs 2005 environment.  You get the ability to open and create Team Projects. 
• However, attempting to create a Team Project on a TFS 2008 server, you get the following error:

 

 

This is due to the fact that you’re trying to create a workspace on a WSS 3.0 site instead of a WSS 2.0 site.  There is a patch available. But in order to install the patch, you have to re-apply Visual Studio 2005 SP1.

2.   Install (or re-apply) Visual Studio 2005 SP1

• Note: there are two components to the service pack, which will run separately.  The first is the general VS 2005 update.  Then a second wizard runs to update the Team Explorer.

3.   Install hotfix VS80sp1-KB932544-X86-ENU.exe

• This will configure the Team Explorer to properly create projects on TFS 2008 sites.

I had deployed WSS at a customer site, and they were really enjoying it, making particular use of the Datasheet view of lists, which they used as a sort of shared spreadsheet.  Then, suddenly, one day it stopped working everywhere, on every machine.  What would happen when you tried to view any list in Datasheet view is a quick redirect to Standard View, with a message at the bottom that said:

"The list cannot be displayed in Datasheet for one or more of the following reasons: A datasheet component compatible with Windows SharePoint Services is not installed, your browser does not support Active X controls, or support for ActiveX controls is disabled  in http://<website>."

I Googled and researched and experimented but did not find any answers to my problems. 

Here are the salient details:

1. The server hosting WSS is a domain controller, and no office components are installed on it.
2. The workstations are all running Office 2003 Standard (Excel and Word, no MS Access)
3. Shortly before this happened, I had attempted to create a GPO to add the WSS site to all users' Trusted Sites,so they wouldn't be nagged for a login.  I don't think it worked correctly.  I am mentioning this not becaause I now think it caused the problem, but because I chased it for so long as a possible culprit.
4. This issue appears to have begun affecting all workstations at the same time.
5. No error appears in any event log or WSS log.

I opened a Microsoft case on it, and they isolated the problem to the client, and not the server (as I had assumed).  I had been leaning toward the server as the source of the problem; how else could it have affected all workstations at once?  But it turns out that the Datasheet view uses a library called STSLIST.DLL, which is actually a Microsoft Access component for SharePoint (and not Excel, as I had thought).  But you shouldn't need MS Access to be able to use STSLIST.  They had me try a bunch of different fixes, including:

1. Repairing/reinstalling Office 2003. No joy.
2. Installing/Re-applying Office 2003 SP2 (no joy)
3. Downloading and registering a new version of STSLIST.DLL (11.0.8200.0), no joy.
4. Installing or upgrading to Office 2007, any edition: SUCCESS.

Yes, installing Office 2007 solved the problem on any workstation we put it on.  However, the customer balked at being forced to upgrade all her workstations, since Office 2007 is expensive.  WSS should not require Office 2007.  Remember Good, Better, Best?  There ought to be a way to make it work with Office 2003, like it was working originally.  Microsoft agreed.  But since we had a viable (albeit expensive) solution, and the fact that the lists could be edited in Standard View, the case was deprioritized to "pure research".

Finally, the MS engineer got back to me and said he had seen this problem occurring at several other sites, and that it was now a known issue.  They have apparently come up with a fix for this, in the form of a public hotfix, which you can download here:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;949670

The KB article does not mention my specific problem but the MS engineer said what was happening is that, when Office 2003 and 2007 components are installed side by side on the same workstation, the WSS libraries were pointing to the wrong Office libraries.  So this fix is supposed to take care of it.

I have not had the time to test this out, but I thought I'd post it here anyway in case some of you were seeing the same issue elsewhere.  I'll know by the end of the week if this is the answer to my problems.

Hi folks, 

I'm lucky enough to work at a company that rewards innovation and independant thought.  For my annual performance evaluation, I was handed a six-page "self-evaluation" form.  It was actually a Word 2003 document intended to be printed out and thrown in a file cabinet, but that's so... twentieth century, don't you think?  I couldn't help myself.  I took the form and converted it to an InfoPath 2007 form and submitted it via email to my boss.  He was impressed.

Some of the improvements I made:

• Each question is its own "section", which can be added or removed from the form to create customized evaluations.  For example, I am a developer, but for non-developers, you could omit the "Adheres to company coding standards" section.
• I assigned a point-value to each response.  There are three possible "scores" per question:
• Below Satisfactory (1 point)
• Satisfactory (2 points)
• Above Satisfactory (3 points).
•  Depending on the response, I used conditional formatting to adjust the shading of each section based on the numeric value of each response:
• 1 = Light Pink
• 2 = White
• 3 = Light Green
• By default, this shading is not displayed when the form is printed, which results in a cleaner hard copy. 
• The evaluation form was split up into three groups: Company-Wide issues, Job-Specific Tasks, and Self-Improvement. 
• The first two sections are where the scoring is done.  Each of these sections tallies up their subtotals and compares it to the Low, Average, and High scores possible. 
• The last section adds up the aggregate score.  Managers can use these scores to determine how the employee's strengths and weaknesses balance out.
• I was going to try to implement a graph to give a visual representation of all this, but there is no built-in charting functionality in InfoPath.  I thought I might experiment by dropping in an Excel charting object, but I didn't have time to figure it out. I wanted to finish this within a day.

The cool thing about InfoPath is that, when you post it to a SharePoint document library, your data fields can be "promoted" to appear in the list, and views can be created based on these values.  So now the managers can organize employees by their various scores and drill down into the details.

Anyway, each of the questions has a field for "comments", for which I used a rich-text field.  As a lark, for one question I put the answer below, more to test the formatting functionality than anything else.  Although wordy, I felt it answered the question, so I left it.

 ---------------------------------------------------------------------------------- 

Voluntary outside learning
Definition of this benchmark:  Takes time outside of work to keep up on developments in the IT business.  Magazine subscriptions, reading, web sites etc are sources for this learning.
Employee Performance Level: Above Satisfactory
 

Comment:

Jonas Salk had it right.  Doing what you enjoy isn't work.  It is a labor of love.

 ----------------------------------------------------------------------------------

It was a pretty good performance review.  They gave me a raise.

Hi All,

I ran across this problem at more than one site.  When you go into Central AdministrationàOperationsàBackup and Restore  and attempt to queue a SharePoint backup, it appears to simply sit there without ever starting.  The status message reads “Status: Preparing current backup/restore job. If the backup/restore job does not begin after five minutes, make sure that the SharePoint Timer Service is running.”  Normally the job starts within seconds, but now it never begins.  If you click “Timer Job Definitions” you see that there is an object named “Backup/Restore”, but if you go to Timer Job Status, you see that it is not running.

Clicking “Refresh” is about as effective as repeatedly pushing the elevator call button to make it hurry up.

No errors or messages appear in the event logs.  This is unusual because SharePoint is very prolific in its errors when something is wrong.  Even delving into the SharePoint logs at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\LOGS\ bears little useful information. 

I’ve seen this both on MOSS and WSS servers.

Well, I did a little digging and I found someone else who is having the same problem.

http://www.eggheadcafe.com/software/aspnet/29497541/wss-30-backup-problems.aspx

It appears that the recent Daylight Savings Time patch (or the subsequent clock change) has screwed something up in the SharePoint timer.  What’s going on it that the job is starting very, very late.  Furthermore, once it starts, it apparently takes a longer time to finish.  A couple of people reported that when they modified the DST clock settings on the server hosting their WSS sites so that it would not “Automatically adjust clock for Daylight Savings Time”, the problem vanished. 

I haven’t been able to verify this, since I am currently at a site where the WSS implementation is sitting on a domain controller.  Rolling the clock back on a DC isn’t a smart move.

Have any of you seen this issue?

Today, at a customer site, I addressed a problem that annoyed users more than usual.  It seems that they can't sign up for alerts or assign each other tasks, and they get an error screen that offers to fix the problem, but leads to a dead end.  I evaluated it, and created this write-up: 

Among the many pieces of information collected and presented by SharePoint, some of this information comes directly out of Active Directory.  AD was always intended to be a directory first, a central repository for information about users, phone numbers, email, etc. I’ve seen phone systems that tap directly into AD, for example.  But most places I’ve been, AD is simply treated as a place to store user accounts, and much of the information on each account is left blank.
 
SharePoint’s strength (or weakness, if you’re a cynic) is that is depends on AD for certain pieces of information.  MOSS periodically queries AD and updates all user profiles with this information, such as who works for whom, phone numbers, department information, and email addresses.
 
Problem:
It’s this last piece of information that, when missing, breaks some functionality in SharePoint.  In order for people to be able to sign up for alerts (e.g. to be notified when a document is changed, an item is added to a list, or status changes on a task), or be assigned tasks, or a multitude of other collaborative processes, the email address field must be populated in AD.  Otherwise, they get an error like this:

And if they click the friendly link to set their email address, they get this (sorry for all the redaction):

…which is to say, a completely useless page where they can’t change anything.

Snickering about Microsoft aside, this is an intentional design.  SharePoint is supposed to pull this property from the user’s AD account, and even if I set the field to allow users to edit their email, it would be overwritten by default every time the AD query was run.
 
Sharepoint has extensive property mapping, and the “Work E-mail” field is mapped to the AD “mail” property, which is editable on the “General” tab of the user’s AD account:

You can see that even though I can bring up my non-administrator account, I can't edit most of the properties.   It has to be done by someone with elevated permissions.

There are a lot of other pieces of information that SharePoint can use that are typically left blank, as well:

The Organization tab is used to bring a neat feature into SharePoint: it will use this information to create a mini-org chart on each user’s profile, so you can see a user’s supervisor(s) and peers at a glance.

So at this site, where there are a large number of users and administrators typically didn't bother to fill out the complete properties when creating users, the result is that SharePoint becomes less useful--or even broken.  The organization recently installed an Exchange server, but it was incorrectly implemented.  I believe the reason no one’s email address is current in their AD profile is a problem with the MS Exchange implementation at this company.  When Exchange is installed, it adds numerous properties to a user’s profile, and I pretty am sure that this email field on the General tab is automatically populated when the user is assigned a mailbox. 

 Since this company isn’t set up with a typical configuration, this property has to be populated manually by an administrator. I proposed three possible solutions:

1. Undertake a project to do a mass-population from a CSV file, using CSVDE or a similar scripting tool.  
• Actually the company had been looking at a tool that would do this for them, but had not gotten a budget together. 
2. Unmap the email field so that it is not refreshed whenever there is a profile import task performed by SharePoint (schedule is run once daily).  Also, set SharePoint permissions to allow users to edit this field.
• Problem: this will require a great deal of administrative overhead because email addresses are subject to change, and users may not be inclined to edit their own information, which will lead to an inconsistent user experience.
3. Allow users to submit a request for helpdesk to update their active directory profile information.
   

In the end, we chose option #3.  Using InfoPath 2007, I created a simple web-based form to allow users to enter all the information (per the screenshots noted above) and submit it via (plain text) email to the helpdesk mailbox.  I believe this is the most straightforward approach and it helps the IT staff because they won’t have to track down lots of contact and HR information.  Since not everyone is using InfoPath 2007, I published the form to the MOSS site to be rendered as a web form, and specified that the form submitted via email not use an attachment; it was a static HTML table.

By and large, this took care of the problem.  The MOSS site currently has light usage, so the volume of user requests for IT to update their profiles would also be light.  When IT gets around to purchasing their AD-automation tool, this form method can be retired. 

Once again InfoPath saves the day!  I think I will write more about it in an upcoming post.

Despite having some misgivings, I went ahead and installed Vista SP1 on my laptop (after making the appropriate funeral arrangements and updating my will).  As a Microsoft Partner, I have access to the download ahead of the general public.  It surprised me that Microsoft did not originally plan to make it available to developers and partners early, so they could test it.  But I suppose enough people complained bitterly that they caved in and gave us access.

Anyway.

I went into it with several expectations:

1.       That it might do something horrible and irreversible to the operating system, based on shoddy drivers or a third party program.

2.       That it might resolve the unrelenting lag experienced when opening My Computer or a network share

3.       That it might resolve the most annoying of all my Vista-related problems, which is that the laptop hangs when coming out of standby and must be hard-booted.

4.       That it might add some interesting functionality to the OS.

I was wrong on all but one of these assumptions.  It did not kill my computer.  It has not noticeably improved performance (although I am still evaluating this).  And the OS seems to behave exactly as it did before. The only new thing I’ve seen so far is that the RDP client has some extra information.   All of which, I guess, you’d expect from an service pack.  You don’t want sweeping changes, you just want added stability.

And stability I got.  I am still testing this, but it looks like the standby-lockup issue has gone away. 

Anyway, I just wanted to throw my test-case out there.  My laptop is loaded with specialized software, 64-bit drivers, and connects to numerous networks.  It went off without a hitch.