Thursday, August 15, 2019

Example Powershell to Automatically Update SharePoint Managed Navigation in Team Sites “associated” to a central Publishing Site

This set of Powershell commands goes along with a demonstration I do at various SharePoint conferences during my presentation titled “Making the Most of SharePoint Managed Metadata”.
In the demo, I show how you can achieve something similar to the global navigation experience that SharePoint Online now offers using Hub sites and associated Team Sites (see this blog post for what that is all about), but by using the traditional SharePoint Publishing Site template along with traditional Team Site templates.  This can be done in SharePoint Server 2010, 2013, 2016, 2019 and SharePoint Online.

In my demo, I show how to create a new Team Site and then “associate” it with the main Publishing site by inheriting (actually, the official terminology is “Pin Term with Children”) its Managed Metadata-based Global Navigation.

The only catch with this is that after the new Team Site is created and its Global Navigation “associated” with the central Publishing site, the Global Navigation in any existing Team Sites does not get automatically updated.  So, in my demo I run some SharePoint Powershell as the last step that will loop through all of the “associated” Team Sites and update their Managed Navigation settings to include the new Team Site.

This Powershell is very specific to my demonstration and only provided here as a resource for someone wanting to do something similar.  To use it, you would need to read through it and make an effort to think about what it is doing.  Then, you would need to figure out how you could adapt it to work in your specific scenario and\or environment.

Also, this Powershell will only work with on-premises SharePoint Server.  If you need for it to work with SharePoint Online, you would have to take the concepts and come up with your own SharePoint Online version.

Example from my “Making the Most of SharePoint Managed Metadata” demo:


Add-PSSnapin "Microsoft.SharePoint.PowerShell" –ErrorAction SilentlyContinue

#Set variables

#The name of the Term Store in the local SharePoint Farm
$termStoreName = "Managed Metadata Service"

#The name of the Global Term Group that is used in the central Publishing Site
$globalTermGroupName = "Navigation"
#The name of the Global Term Set that is used in the Global Term Group
$globalTermSetName = "Intranet Global Navigation"

#Get the list of site collections that are attached to the central Publishing site collection
#In this demo, I have a list named "IntranetAttachedSites" that has an item for each Team site collection that is to be "associated"
$requestPortalWeb = Get-SPWeb http://intranet/sites/requests
$list = $requestPortalWeb.Lists["IntranetAttachedSites"]
$listItems = $list.GetItems()

#Update the navigation for each attached site collection
foreach ($listItem in $listItems) 
    $localTermGroupName = $listItem["Term Group Name"]
    $localTermSetName = $listItem["Term Set Name"]

    $web= Get-SPWeb $listItem["Title"]
    $site = $web.Site
    $navSettings = New-Object Microsoft.SharePoint.Publishing.Navigation.WebNavigationSettings($web)
    $taxSession = Get-SPTaxonomySession -Site $site
    $termStore = $taxSession.TermStores[$termStoreName]

    $globalTermGroup = $termStore.Groups[$globalTermGroupName]
    $globalTermSet = $globalTermGroup.TermSets[$globalTermSetName]

    $localTermGroup = $termStore.Groups[$localTermGroupName]
    $localTermSet = $localTermGroup.TermSets[$localTermSetName]

    # remove all the existing terms from the local Term Set

    # pin the terms to the local term set from the master term set
       $t = $localTermSet.ReuseTermWithPinning($_)

    # copy the sort order from the master term set
    $localTermSet.CustomSortOrder = $globalTermSet.CustomSortOrder 


Making the Most of SharePoint Managed Metadata – Managed Navigation Demo

Over the past couple of years (2018 and 2019), I have been making a presentation at several SharePoint conferences titled “Making the Most of SharePoint Managed Metadata”.  In the presentation, I do several demonstrations that show how to use some of the advanced features of the Managed Metadata Term Store to help your business users get more value.  In this blog post, I am providing the “backup” slides I have on hand for one of the demos in case something goes wrong with the live demo – such as loss of Internet connectivity!

Anyway, here are my “backup” slides for my Managed Navigation demo that essentially document what I show the crowd in the live demo. 

In this demo, I show how you can achieve something similar to the global navigation experience that SharePoint Online now offers using Hub sites and associated Team Sites (see this blog post for what that is all about), but by using the traditional SharePoint Publishing Site template along with traditional Team Site templates.  This can be done in SharePoint Server 2010, 2013, 2016, 2019 and SharePoint Online.

In my demo, I show how to create a new Team Site and then “associate” it (actually, the official terminology is “Pin Term with Children”) with the main Publishing site by inheriting its Managed Metadata-based Global Navigation.

Wednesday, May 08, 2019

How To Answer The Five W's When Using ExCM's Auditing Tools

If you are a SharePoint Administrator managing your internal and external users you are probably asked one, or more of the Five W’s on a regular basis.

Who invited Who?

What security group was the new user added to?

When was the last time the user logged in?

Where in the country is the new user located?

Why is the new user not approved for access?

All of our example questions can be answered if you have the right auditing capabilities in place to access the information.

ExCM provides your company with the necessary auditing tools so that you can keep track of extranet users, extranet roles, invitations, registrations, and Site Sponsors activities. Below you will find a quick guide to help you manage this information using ExCM.

These features can be accessed by selecting the Settings icon, then select Site Settings.

Under Extranet Management, you have several auditing options: Extranet Users, Extranet Roles, Invitations, Registrations and Site Sponsors.

Extranet Users

When selecting Extranet Users, you can view information about the user's e-mail address, the date the user was created, last login date, activity date for that user, date the user was locked, date the user changed their password, and if the user has been approved or unlocked by the green or red indicator.

Extranet Roles

To view the users within a Role, first select Extranet Roles, then select the Role you would like information about. Select the Roles tab in the top ribbon then select View Users in Role.

You can view information about, the user's e-mail address, the date the user was created, last login date, activity date for that user, date the user was last locked, date the user changed their password, and if the user has been approved or unlocked by the green or red indicator.


When selecting Invitations, you can view the invitee’s email, the user that sent the invitation, the sent date, the expiration date, and the security definitions selected for the invited user.

To view more information on an invitation select an invite, select the Invitations tab from the top ribbon, then select View Invitation.

This view gives you a detailed view of the user invitation:


When selecting Registrations you can view the register’s login name, email address, registration status, registration date, the registered user’s security definitions, and the approval status.

For more registration information, select the user then the Registrations tab from the top ribbon, and View Registration.

This gives you a detailed view of the user registration:

Site Sponsors

When selecting Site Sponsor, you can view the Site Sponsors, any expiration dates for a Site Sponsor, the Associative Security Definitions, and the Administrative Security Definitions that each Site Sponsor has been granted.

ExCM’s auditing capabilities give an Administrator a wide range of tools so that they can adequately maintain real-time information on users and keep access records up to date for an ever-changing workplace and extranet environment. 

Monday, April 15, 2019

How and Why to use an Account Name or an Email Address as a Username when using ExCM

Extranet Collaboration Manager (ExCM) is used by many organizations as a tool to provide the best extranet security possible when collaborating with suppliers and clients. Because of this, we are frequently asked by our customers if they should use a unique username or an email address as the username, and what are the advantages and disadvantages of doing this? Below you will find some of the most common pros and cons for using an email for a username verse using a unique user supplied username.

Emails vs Usernames

·        Emails by design are unique like a username
·        Emails in many cases are easy to remember
·        When setting up a new account you can bypass having to ask for the email               address if it is also the username

·        People do sometimes change their email addresses
·        Email addresses can be exposed publicly
·        In some rare cases, people share an email address and would need separate             usernames
·        When using a mobile device typing a username can be easier depending on the         number of characters being used

So, you have weighed the pros and cons and have decided that your organization would be better served by using a user-supplied username instead of an email address, but now you need to know how to change the ExCM settings to allow the new format.
Here are the directions for making the update to the username from an email address. First, you will need to go to the content site web.config file and search for the attribute that reads:

You can simply change this to "false" and have separate usernames and e-mail addresses.

Now you have a Username and E-mail Address field in the registration form.

Note: Existing users will still need to use their e-mail address to authenticate...this will only affect users created after you make the web.config edit.   

Let's say you have decided to keep the default settings and use the user's email address as the username, but you notice that the default ExCM sign-in screen shows “User Name:” instead of “Email:”. What if you want to change the verbiage on the sign-in screen to show “Email”?

To do this you will need to browse out to "C:\inetpub\wwwroot\wss\VirtualDirectories\COMPANYURL\App_GlobalResources" and open the excm.en-US file and make the appropriate change.

Once you have opened the file you can run a search for “User Name”, then look for the "<value> User Name: <value>" and change “User Name” to “Email”. Next, save the file, and run an IIS reset.

Refresh your browser and you should see that the sign-in page now shows “Email:”, which will hopefully make things less confusing for the end user.

These changes are just a few of the many ways ExCM strives to make your extranet experience seamless and tailored for you and your extranet users. 

Tuesday, April 02, 2019

What To Know When Migrating Extranet Collaboration Manager (ExCM)

With SharePoint 2019 on the horizon, you may be considering upgrading. If you are using ExCM for your extranet needs, then you may wonder about the process and how involved it is. Hopefully, with the help of this guide, you will see that the ExCM migration may be the easiest part of your upgrade! If you are still leery, contact us about our migration assistance package and let us walk you through migrating ExCM.

Whether you are going to follow Microsoft’s detach/attach method for migrating, or you will be using a tool such as Metalogix or Sharegate, the process is mostly the same… there are just a few extra steps with Microsoft’s path.

The first step of your migration is to build out your new SharePoint environment. When building the new environment, you will use the same web app name, URL, database name, role and role provider, etc. Basically the same structure, just a different version of SharePoint. While you will have the same names, the content will be empty. For example; If you have an extranet at, the page will still exist, but there will not be any subsites or content on the site. At this point, you should be able to browse out to the root site collection and a page should load.

When you have the new version of SharePoint installed and looking like your old SharePoint environment, The next step is to install the correct version of ExCM in your new environment. Once installed, configure ExCM with the same settings as your previous version. If your new environment is using a new SQL server, name the database created during the setup Wizard the same as the old database. This way, once you have tested the installation of ExCM, you can simply delete this blank database and migrate the previous database containing all your extranet users over.

If you are not using a new SQL database, you will need to name your database something similar to the original database name (ex. Instead of ExtranetDirectory you may use ExtranetDirectory1) This way, once you have tested your new environment to ensure the install was a success, you can delete the ExtranetDirectory1 database and change your web.config file so that all references to ExtranetDirectory1 now point to ExtranetDirectory.

We have had many customers that have migrated from 2010 or 2013 to 2016 and whether they are using the detach/ attach method or a migration tool the biggest issue we have seen them run into seems to be an issue with the transfer of registration fields from the old ExCM to the new ExCM. This can be caused by having the wrong settings in the migration tool that prevent the content database from fully transferring the correct data. Whatever the reason the fix is pretty easy. After transferring the content data to your new ExCM environment you can delete the registration and then recreate it.

To help lead you in the right direction we have provided a couple of links to PremierPoint Solutions documentation on migrating from SharePoint 2010 to 2013 and SharePoint 2013 to 2016.

The primary thing to remember when migrating is to have a plan laid out and always make backups when possible.

Wednesday, March 06, 2019

Extranet Collaboration Manager (ExCM) Best Practices

When using SharePoint as an Extranet, you will have many options and decisions to make and we hope to share some insights that we have seen from several years of working on SharePoint Extranets day in and day out. Can you ignore some of these suggestions? Probably, but we only do this for a living… what do we know?

So, with that being said here is a list of our recommended best practices for installing and using ExCM. 

Separate Extranet Web Application

If your extranet will be hosted on the same SharePoint Farm as your Intranet, we recommend a separate web app for extranet. This is one of the first steps in creating a secure extranet that is also easy to use. You can follow our documentation on Setting up a Web Application for your Extranet.

Use SSL Certificate

An SSL certificate, commonly known by the name Secure Sockets Layer, is a standard security protocol that’s used to ensure the safety of transmitted data over the Internet. Basically, when you use SSL certificates, an encrypted link is created that protects the connection between a browser and a web server, or between computer systems. This means that your external user can type in a password and know that it is securely being transmitted. You would think this step would be self-explanatory, but we are including it as it has come up before. Why you should use an SSL.

Remove Intranet-related UI Elements from Extranet Sites

Not all of the out-of-the-box features of SharePoint are intended to be used in every use case. For Extranet use cases, there are several user interface (UI) elements and features that are primarily intended for Intranet use cases and therefore we recommend removing them from your Extranet web applications.

The Intranet-intended features that we recommend that you remove from your extranet web applications are:
* Links to Newsfeed, OneDrive, and Sites
* User Profile Service
* Links for Sharing, Following, and Client Synchronization
Below are some links to help you accomplish this in your environment.

Extranet Web Application

When implementing Extranet Calibration Manager (ExCM) 2016, 2013 or 2010, we recommend using an extranet web application that is configured to use multi-mode authentication (as opposed to using an extended web application, as was the common practice with SharePoint 2007/2010). Active Directory is used as the authentication provider for internal users (your employees) and the ASP.NET SQL Membership Provider is used for external users (your customer, vendor, or other collaboration business partners).

Where to install Extranet Collaboration Manager

Install and deploy ExCM 2016 or 2013 R2 on your Central Administration server AND the Microsoft SharePoint Foundation Web Application service must be started on that server and remain started.

Best Practices After Installing ExCM

·    Create a Root site collection as a general information site collection and a landing page
·    Create a separate site collection per external engagement (subsites for separate interaction with external engagement)
·    Turn on invitations

Applying Master Pages with Extranet Collaboration Manager 2016

Extranet Collaboration Manager 2016 (ExCM) is a SharePoint add-in developed by PremierPoint Solutions that streamlines SharePoint extranet collaboration and simplifies SharePoint extranet administration. In ExCM, a master page can be applied to the anonymous pages (registration, sign-in, and password reset) to achieve the desired look and feel.  There are three options when selecting a master page:
  • ExCM anonymous master page (vanilla)
  • Site default master page
  • Custom master page

You should consider two factors when choosing the master page for your site:  branding and anonymous access.  You also need to take into account the anonymous access configuration of your Web Application and the site that will run the anonymous pages.

Option 1 – Web Application with No Anonymous Access
In this configuration, the anonymous master page provided by ExCM will be applied.  This page has a very “vanilla” look as you can see from the screenshot below.   Anonymous Access is not enabled on either the Web Application or the IIS site itself.

Web Application

IIS Manager

Option 2 – Web Application with Anonymous Access (Site Default)
In this scenario, the site default master page will be used.  To make this work, Anonymous Access must be enabled on both the Web Application and the IIS site.  In addition, you will need to set up Anonymous Access on “Lists and Libraries” at the top level or root site to allow the master page to function properly.  This can be found under the “Site Permissions” menu:

Web Application

IIS Manager                             

Notice how the sign in page now takes the look of the Team Site template which was used when this Web Application was created.  This was achieved without any extra configuration:

In addition, if a subsite or subsite collection is using a separate master page, each page will inherit the same look and feel (registrations that occur at the  site will use the AWBikes master page).
The drawback to this configuration is that each subsite will need to have the appropriate anonymous access level set up to function properly (Lists and Libraries).

Option 3 – Web Application with Custom Master Page
The last option is to create a custom master page for use with your site.  This is done with SharePoint Designer and requires a little more work.  However, the page would be applied to all of the sites in the Web Application, thus preventing any further configuration.
You can either edit an existing master page or start from scratch.  If you chose to start with the master page provided by ExCM, then you would not need to enable Anonymous Access and would configure it like Option 1.  You can find our master page at the following location:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\TEMPLATE\LAYOUTS\SPSolutions\ExCM

Otherwise, you would need to use the Anonymous Access levels outlined in Option 2.
Information for creating a custom master page with SharePoint Designer can be found on the Microsoft Office website here:

In summary, Extranet Collaboration Manager 2016 provides multiple options with regard to the master page you can use.  The best solution for your deployment will depend on your specific needs with regard to the overall look and feel of your site, as well as the requirements for Anonymous Access.