Wednesday, March 06, 2019

Extranet Collaboration Manager (ExCM) Best Practices

When using SharePoint as an Extranet, you will have many options and decisions to make and we hope to share some insights that we have seen from several years of working on SharePoint Extranets day in and day out. Can you ignore some of these suggestions? Probably, but we only do this for a living… what do we know?

So, with that being said here is a list of our recommended best practices for installing and using ExCM. 

Separate Extranet Web Application

If your extranet will be hosted on the same SharePoint Farm as your Intranet, we recommend a separate web app for extranet. This is one of the first steps in creating a secure extranet that is also easy to use. You can follow our documentation on Setting up a Web Application for your Extranet.

Use SSL Certificate

An SSL certificate, commonly known by the name Secure Sockets Layer, is a standard security protocol that’s used to ensure the safety of transmitted data over the Internet. Basically, when you use SSL certificates, an encrypted link is created that protects the connection between a browser and a web server, or between computer systems. This means that your external user can type in a password and know that it is securely being transmitted. You would think this step would be self-explanatory, but we are including it as it has come up before. Why you should use an SSL.

Remove Intranet-related UI Elements from Extranet Sites

Not all of the out-of-the-box features of SharePoint are intended to be used in every use case. For Extranet use cases, there are several user interface (UI) elements and features that are primarily intended for Intranet use cases and therefore we recommend removing them from your Extranet web applications.

The Intranet-intended features that we recommend that you remove from your extranet web applications are:
* Links to Newsfeed, OneDrive, and Sites
* User Profile Service
* Links for Sharing, Following, and Client Synchronization
   Below are some links to help you accomplish this in your environment.

Extranet Web Application

When implementing Extranet Calibration Manager (ExCM) 2016, 2013 or 2010, we recommend using an extranet web application that is configured to use multi-mode authentication (as opposed to using an extended web application, as was the common practice with SharePoint 2007/2010). Active Directory is used as the authentication provider for internal users (your employees) and the ASP.NET SQL Membership Provider is used for external users (your customer, vendor, or other collaboration business partners).

Where to install Extranet Collaboration Manager

Install and deploy ExCM 2016 or 2013 R2 on your Central Administration server AND the Microsoft SharePoint Foundation Web Application service must be started on that server and remain started.

Best Practices After Installing ExCM

·   Create a Root site collection as a general information site collection and a landing page
·   Create a separate site collection per external engagement (subsites for separate interaction with external engagement)
·   Turn on invitations

Applying Master Pages with Extranet Collaboration Manager 2016

Extranet Collaboration Manager 2016 (ExCM) is a SharePoint add-in developed by PremierPoint Solutions that streamlines SharePoint extranet collaboration and simplifies SharePoint extranet administration. In ExCM, a master page can be applied to the anonymous pages (registration, sign-in, and password reset) to achieve the desired look and feel.  There are three options when selecting a master page:
  • ExCM anonymous master page (vanilla)
  • Site default master page
  • Custom master page

You should consider two factors when choosing the master page for your site:  branding and anonymous access.  You also need to take into account the anonymous access configuration of your Web Application and the site that will run the anonymous pages.

Option 1 – Web Application with No Anonymous Access
In this configuration, the anonymous master page provided by ExCM will be applied.  This page has a very “vanilla” look as you can see from the screenshot below.   Anonymous Access is not enabled on either the Web Application or the IIS site itself.

Web Application

IIS Manager

Option 2 – Web Application with Anonymous Access (Site Default)
In this scenario, the site default master page will be used.  To make this work, Anonymous Access must be enabled on both the Web Application and the IIS site.  In addition, you will need to set up Anonymous Access on “Lists and Libraries” at the top level or root site to allow the master page to function properly.  This can be found under the “Site Permissions” menu:

Web Application

IIS Manager                             

Notice how the sign in page now takes the look of the Team Site template which was used when this Web Application was created.  This was achieved without any extra configuration:

In addition, if a subsite or subsite collection is using a separate master page, each page will inherit the same look and feel (registrations that occur at the  site will use the AWBikes master page).
The drawback to this configuration is that each subsite will need to have the appropriate anonymous access level set up to function properly (Lists and Libraries).

Option 3 – Web Application with Custom Master Page
The last option is to create a custom master page for use with your site.  This is done with SharePoint Designer and requires a little more work.  However, the page would be applied to all of the sites in the Web Application, thus preventing any further configuration.
You can either edit an existing master page or start from scratch.  If you chose to start with the master page provided by ExCM, then you would not need to enable Anonymous Access and would configure it like Option 1.  You can find our master page at the following location:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\TEMPLATE\LAYOUTS\SPSolutions\ExCM

Otherwise, you would need to use the Anonymous Access levels outlined in Option 2.
Information for creating a custom master page with SharePoint Designer can be found on the Microsoft Office website here:

In summary, Extranet Collaboration Manager 2016 provides multiple options with regard to the master page you can use.  The best solution for your deployment will depend on your specific needs with regard to the overall look and feel of your site, as well as the requirements for Anonymous Access.

Wednesday, November 14, 2018

Video Demo: Implementing and Configuring FBA in SharePoint 2016 - Part 4 - Importing Users

PremierPoint Solutions Software Support Engineer and resident extranet guru, Mark Lewis, demonstrates the final phase in SharePoint 2016 Forms-based Authentication implementation: importing users:

Video Demo: Implementing and Configuring FBA in SharePoint 2016 - Part 3 - Editing the web.config file

PremierPoint Solutions Software Support Engineer and resident extranet guru, Mark Lewis, demonstrates the third phase in SharePoint 2016 Forms-based Authentication implementation: editing the web.config files:

Video Demo: Implementing and Configuring FBA in SharePoint 2016 - Part 2 - Create a SQL DB for FBA users

PremierPoint Solutions Software Support Engineer and resident extranet guru, Mark Lewis, demonstrates the second phase in SharePoint 2016 Forms-based Authentication implementation: creating a SQL database in which to store FBA users:

Video Demo: Implementing and Configuring FBA in SharePoint 2016 - Part 1 - Configuring the Web Application

PremierPoint Solutions Software Support Engineer and resident extranet guru, Mark Lewis, demonstrates the first phase in SharePoint 2016 Forms-based Authentication implementation: creating and configuring the web app:

Thursday, November 08, 2018

Create Nested Sub-site With ChangeBot (Relative URL)

We always recommend you create a site collection for every extranet site you create. There are many reasons why this is the preferred method, however, some of our customers have found that multiple levels of sub-sites are best for their environment. These customers still want to use ChangeBot to automatically create sites, add users, and other general maintenance items on these nested sub-sites but run into an issue with how to populate the URL. Do you allow your users to manually enter it and possible have a typo?

Below are the steps for setting up your ChangeBot Request Profile so that you can successfully build your Relative URL and provision a site at a subsite level. In the steps below, we have two variables that can be populated with a drop down box (Inputs.Subsite and Inputs.SiteTitle) and the key to making it work correctly is in Step 10... using $inputs.Subsite/$Inputs.SiteTitle to define our Subsite and sub-subsite title to form the URL.

Example Usage:

  1. Create an Input Property cooresponding to the subsite name
  2. Generate site collection property output through Create Site Collection Activity
  3. Create a new activity in the execution plan of your request profile
  4. Set the Activity Type to Create Site
  5. Click the function button next to the Site Collection box
  6. Click the Property Group drop down and select Execution Properties
  7. Click the Property drop down and select the Properties.[SiteCollectionProperty] that was previously defined

Wednesday, November 07, 2018

Redirection Receiver-Choose a Picture Dependant on Registration Response

Let’s say we wanted to add an image to a User’s profile to quickly identify them as a member of an external customers’ organization. Perhaps you work with multiple vendors and you want to add their logo to the user’s profile. Following the below steps will allow you to add a photo to an external user based on selecting an answer from a drop down list on the registration page.
The first step we need to do if you have not already, is to add the picture column to the Hidden user information list for the site collection in question. We are working in the root site collection, which we suggest all users have access to, so you only have to do this step on the root site collection. If however, you do not allow users access to the root site collection, then this step will need to be repeated on all site collections you want to view a users’ picture on.
Navigate to <sitecollectionurl>/_layouts/15/people.aspx?MembershipGroupId=0. now, you will see 2 new menus.

Thursday, November 01, 2018

ExCM Lost In Translation

In the 2003 movie Lost In Translation, Bill Murray and Scarlett Johansson’s characters, being the odd couple they were, found a way to communicate and translate their emotions and interest while stuck in a country and culture they knew nothing about. Just like in the movie, the merging of two individuals, cultures, languages or businesses can lead to communication issues and all around frustration.

Tuesday, October 02, 2018

Using an Extranet Registration Receiver to Map External User Data in SharePoint

Registration Receiver

One of the first things that I do when I get something new is make it uniquely my own. When I got my new desk, I broke out the drill and installed a USB Hub. New car… seat covers and dice for my mirror. New house… paint every room in the house (ok, so that one was actually my wife’s choice) but I think there is something about customizing or personalizing that makes the experience feel special and unique in some way. Your SharePoint extranet powered by ExCM should be no different!


Most people who have worked with SharePoint for a while know that Active Directory is the default location that is used to pull user information from. What some do not know is that there is another list that can be populated by AD called the User Information List, or sometimes called the Hidden User Information List (HUIL). Typically this list is kept in Sync with Active Directory by the User Profile Service taking data from AD and adding it to the HUIL. In this article we will walk you though how to use this HUIL to store data about your external users. To access your HUIL, just browse out to;

For instance: