Richard Willis – SharePoint Learning Kit Coordinator, SalamanderSoft Owner

I now have a way to script bulk loading of photos from Sims into SharePoint, for example to enable the use of the Learning Gateway My Children web part.

The script is in 2 parts. First extract the photos from Sims using our free Photo Export tool

PhotoExport.exe simsuser simspassword outputFolder /names:mapping.csv

where mapping.csv is a csv file mapping admission numbers to Active Directory login names

The use the PowerShell script in my last blog entry Using PowerShell to Bulk Upload Files to SharePoint to upload the images to SharePoint.

You could even set up a scheduled task to automatically upload them on a predefined schedule.

While building a school’s Learning Gateway I needed to bulk upload all their student images into a picture library so that the My Children web part could display them. Since there were several hundred of them I wrote a little PowerShell script to perform this.

$siteUrl = "http://sharepoint/schools/test"
$listName = "Students Picture Library"

[system.reflection.assembly]::LoadWithPartialName("Microsoft.Sharepoint")
$site = New-Object Microsoft.SharePoint.SPSite($siteUrl)
$web = $site.OpenWeb()$list = $web.Lists[$listName]
$fileCollection = $list.RootFolder.Files

$files = get-childItem -Exclude *.ps1

foreach ($file in $files)
{
    $stream = $file.OpenRead()
    $uploaded = $fileCollection.Add($file.Name, $stream, $TRUE)
    "Uploaded " + $file.Name

    if ($stream) {$stream.Dispose()}
}

if ($web) {$web.Dispose()}
if ($site) {$site.Dispose()}

In order to use this:

1. Save as as .ps1 file in the same folder as the files to upload.
2. Change the site url and name of the list at the beginning of the script to your values
3. Make sure that only the files to upload and the ps1 file is in the folder
4. Open PowerShell using Run As Administrator
5. Navigate to the folder
6. Run the .ps1 file

The script will then iterate through all files in the current folder and upload them to the given list, overwriting them if they already exist.

I’ve updated the free Sims Photo Extract Utility to have the following extra functionality:

• Choose image format to save as
• Ability to read a csv list of names to save images as. Useful for example if you want to save the images with their network login name – you would just have to provide a csv linking their Admission Number to login name
• Display list of years if an invalid year is passed

Details of how to use these are detailed in the README.txt file and by running PhotoExport /?.

I’ve also fixed a bug where the wrong extension was used in some circumstances.

You can download the updated version from http://www.salamandersoft.co.uk/utilities.html.

I have just released SharePoint Learning Kit 1.5 Release Candidate which is available from the downloads page.

The main changes are to support Claims based authentication in SharePoint 2010.

Unless any major bugs are found I will move this to the stable version on 1 Feb 2011.

Changes

Rewrite of Domain Group Enumeration Of Members

I’ve completely rewritten the code to pull the members from Active Directory domain groups. Both to handle claims based authentication and to increase performance. I’ve also handled the groups DOMAIN\Domain Users and NT AUTHORITY\Authenticated Users more gracefully. Groups such as BUILTIN\Administrators are now supported as well.

Users logging in via NTLM & Claims Based Authentication get all of their assignments

Previously if you had multiple authentication methods i.e. NTLM for internal access and claims based for external access, how you logged in made a difference to the assignments you saw. You should now get a consolidated view of your assignments.

Return All Button works

Bug fix. Return all button now works.

Users in OUs with forward slash in their name can be assigned to.

Bug fix. You can now assign work to users in an OU with a forward slash in it’s name.

Localise Calendar Control on Assignment Properties Page

It should now pick up the first day of the week from the site properties.

SLK Configuration Page can create Permission Levels in Claims Based Authentication Site Collections

Bug fix. Before this release it failed to do so.

I’ve just uploaded the SharePoint Learning Kit 1.5 source code to CodePlex. I’ve been waiting until I had an automated build process to handle the releases for SharePoint 2010 and SharePoint 2007, which is now present.

You can download it from http://slk.codeplex.com/SourceControl/list/changesets.

I’ve recently set some parent accounts up for a school and they were concerned that some parents would be unhappy that their names in their account name would be truncated. The reason for this is that the standard User logon name is limited to 20 characters. When you start getting double-barrelled names and want to use forename and surname in the account name you run out of characters very quickly.

Fortunately in Active Directory there’s 2 logon names you can use:

Pre-Windows 2000 user logon name: The is the "normal" logon name we all love and use daily and is of the format DOMAIN\UserName. The underlying attribute is sAMAccountName and is limited to 20 characters for the user name part. The sAMAccountName must be unique within the domain and Active Directory prevents you from creating duplicates.

User logon name. This is of the format UserName@domainpart and is referred to as the UPN – User Principal Name (not to be confused with a student’s UPN – Unique Pupil Number). The underlying attribute is userPrincipalName and has no practical restrictions on its length (it’s over 1000 characters). By default the userPrincipalName is sAMAccountName@<fully qualified domain name>, however you can have whatever you want as both the UserName and domainpart parts of the UPN. The UPN must be unique within the forest to be used to successfully log in with, however although Active Directory Users and Computers won’t allow you to create a user with a duplicate UPN, you can do so programmatically so there’s a potential gotcha there. Note this is not the same as the user’s email address, although it is a similar format, but could be the same if you wanted it to be.

From the names it’s obvious that Microsoft considers the UPN the recommended logon name, and the DOMAIN\UserName to be deprecated, but I’ve never come across an organisation using UPNs, so the Pre-Windows 2000 user logon name is still the most popular way of logging in.

Heading back to the original problem with the parent names, Salamander Active Directory is able to create users with whatever sAMAccountName and userPrincipalNames you want. So I created the parents with UPNs of the format Forename.Surname@parent.school.domain. This allows the school to provide account names without any truncated names in and makes it clear that they are parental accounts. Since SharePoint is using Active Directory as its authentication provider in this case, the parents now have nice log ins to SharePoint.

I haven’t had any time to write up anything about how the Drop Box works since I released. However, I have just realised that I created a presentation for Microsoft about it which does go into some detail. Rather than make everyone wait even longer for me to extract into written format here is the presentation. The detail is in the notes pages so make sure that you look at those.

I don’t know if SlideShare supports notes so I’ll link directly to the PowerPoint presentation itself.

I’ve just uploaded SLK 1.5 Beta 3 to CodePlex at http://slk.codeplex.com/releases/view/49988.

Changes over Beta 2 are:

Removal of Microsoft.LearningComponents.Compression.MRCI.dll

This was an unmanaged code (C++) dll used for decompressing parts of Class Server content. It’s platform version (x86 or x64) was causing problems installing on the other platform.

I’ve rewritten this in managed code and merged it into Microsoft.LearningComponents.Compression.dll.

I don’t know why it was in unmanaged code originally. Presumably the original developers had the code handy from Class Server and included it as was.

Central Administration Configure SharePoint Learning Kit page sets database permissions

The configure SharePoint Learning Kit page in Central Administration wasn’t setting the database permissions correctly. It was setting the permissions to the application pool identity of central administration rather than the identity of the Web Application it was configuring for. Presumably it wasn’t a bigger problem before as people were using the same user for central admin and their web applications. Best practise is to use different identities for these, and this seems to be more prevalent now.

Error Logging

There were multiple places which errors were logged into the event log. Only one of which I’d found before and updated for SharePoint 2010. I think I’ve got them all now, and am only using one function to log errors which is compatible with SharePoint 2007 & 2010.

Configure SharePoint Learning Kit Link in Central Admin

Done some more tweaking to try to get to display more consistently. You do need to deploy to one web application before it appears. Have fixed a permissions issue and added an icon for SharePoint 2010. Basic, but better than a broken link. Needs internationalizing though. Any volunteers?

Minor bug fixes

I’ve slotted in a couple of minor bug fixes

I’ve recently had a number of queries about why everyone’s home folders have been renamed to Documents in the network share they reside in.

This obviously makes finding a particular users home folder difficult, especially in schools where administrators and teachers regularly look in the home folders.

This is a feature of Windows Vista, Windows 7 & Server 2008. A desktop.ini file is created when the user first accesses their home folder to give it a friendly display name of Documents and a custom icon. This is to make it look pretty and stand out when viewed under your profile in Windows Explorer.

However, the side effect is as above. Whenever anyone else views the folder, and this will normally be in the context of the network location it is stored, their Explorer will also read the desktop.ini file to get display information and give the impression that there are multiple folders called Documents.

As it’s only the display name which is changed you can still navigate into the folder by typing in the name in the address bar, which will auto-complete properly, but it’s not ideal.

The desktop.ini file is a hidden system file so you won’t see it unless you have your setting set up to view system files so unless you know what’s happening it can seem very mysterious.

Microsoft have a knowledge base article about this at http://support.microsoft.com/kb/947222.

In it, it suggests 3 options for stopping this behaviour.

1.    Put the home folder in a wrapper folder which is called the user’s username, but point the Active Directory attribute to the folder within it.

2.    Give the user exclusive rights to the folder.

3.    Deny read permission to the desktop.ini file in the home folder to other users. Then they won’t be able to read the display information and the name won’t change.

In a school environment, where there are legitimate reasons for other users to go into the students’ home folders option, 2 isn’t an option. Both 1 & 3 work nicely, but 3 seems cleaner to me as it doesn’t require any extra folders creating just to get round a display issue.

I’ve knocked up a quick PowerShell script to automate setting the permissions on the desktop.ini files. Note the groupName below should be changed to the name of an Active Directory group you want to be able to view the real folder names. Be careful that this group doesn’t include any back up process opoerators or backups could fail.

$folders = Get-ChildItem | where-object {$_.psiscontainer};

foreach ($folder in $folders)
{
    $ErrorActionPreference = "SilentlyContinue"
    $desktopIni = Get-ChildItem $folder -Filter desktop.ini -Force

    if ($desktopIni -ne $null)
    {
         $Acl = (Get-Item $desktopIni.FullName -Force).GetAccessControl("Access")
         $Ar = New-Object system.security.accesscontrol.filesystemaccessrule `
                   ("groupName","Read","Deny")
         $Acl.SetAccessRule($Ar)
         Set-Acl $desktopIni.FullName $Acl
    }
}

All you need to do is save this script as a .ps1 file in the directory containing your home folders. If they are split for example along intake years, you’ll need to do this in each containing folder. So in the example above, you would save in \\fileserver\Intake2008. Then change groupName to the name of an Active Directory group containing the users you want to see the real names. Open up PowerShell and navigate to the directory containing the script file and then run it.

If you haven’t run PowerShell scripts before you’ll need to set the execution policy to allow it, I normally use RemoteSigned. Run

help set-executionpolicy

and

help about_execution_policies

in your PowerShell prompt for more information.

Update 05 April 2011

Removed the use of Get-Acl as Set-Acl then tries to set the owner. Talked about back up operators. Thanks to Jay Hutter for both of those.
Update 16 September 2011

Added $ErrorActionPreference = “SilentlyContinue” at the start. Otherwise an error is thrown when re-running as you don’t have access to the desktop.ini files you modified last time.

I’ve uploaded a updated version of the free photo export from Sims utility. There are 2 changes:

1. Option to save the photos named as the internal sims ID rather than Admission Number and Staff Code. Run PhotoExport /? for help on how to do this.
2. It now handles the cases where the Staff Code contains characters which are not valid characters for a file name. It replaces these characters with –.

You can download the utility from http://www.salamandersoft.co.uk/utilities.html.