Archive
[Nintex Workflow] Add user to Site Collection Administrator group with REST API
Helping people to automation their workplace is my passion and lucky for me I also get paid to do so !
This week I was finishing working with a partner to improve the (poor) automation steps required by Matter Center, which no-one can really complain because Microsoft made it open-source.
Matter Center documentation requires to create each client as a new site collection in PowerShell, but this is not quite possible if the users registering these new clients on a daily basis are regular Office 365 users and not SharePoint Administrators.Thanks to a few Nintex Workflows we managed to do all the configuration in the background.
Thanks to a few Nintex Workflows we managed to do all the configuration in the background.
Today’s post is not about the site collection creation so I will spare the details, but in summary and very high level, I developed 4 workflows, 1 CSOM Javascript to be executed on the browser, and 1 Nintex Form of course for submitting the new client on desktop or mobile.
Now this quick blog post is regarding the challenge that we had to add the user as a Site Collection Administrator of that newly created site collection.
Since there is no mention of the sort in http://bit.ly/1TUw4AY it may useful for someone, so here it is:
- Create a new Nintex workflow in an Office 365 site list.
- Download and Import the .NWP workflow file available here to replace the blank workflow
- Edit a few of the actions at the beginning of the workflow to set the variables (I never hard-code UserName and Password for instance, so you will see a few Lookup to a different list to get the value, which you can replace since they will be showing an error once imported into your list)
Note: In this workflow, the “user” I am adding to the Site Collection Administrators group is actually the “CreatedBy” of the list item, which may sound strange since the user running that workflow may be the CreatedBy. However this is NOT the case (refer to above point: we do not want all users to be SharePoint admins!), here is how you should sequence the workflow to start:
1) After the List Item is created, a first workflow (run by CreatedBy) i.e. called “Start and Call workflow 2” and in the workflow we just add a “Start Workflow”
2) then within that first workflow we just add a “Start Workflow” making sure that this action is bein executed in an “App Step” in order to use “elevated privilege”.
3) finally all the actions are happening in Workflow2 (which you imported in step 2)
Hope this helps someone.
François.
via François on SharePoint & more http://bit.ly/1TUwgjP
|
French native Sharepoint Consultant living in London. A crossway between a designer, developer and system architect. Prefers stretching the limit of out-of-the-box features rather than breaking them into code. When not working with Microsoft Sharepoint François is often found on Web2.0 News sites and related social networking tools.
This article has been cross posted from sharepointfrancois.wordpress.com/ (original article) |
#ProjectOnline #OData reporting API updated to remove #HTML tags #Office365 #BI #Excel #PowerBI
|
I am a Project Server and SharePoint consultant but my main focus currently is around Project Server.
I have been working with Project Server for nearly five years since 2007 for a Microsoft Gold Certified Partner in the UK, I have also been awared with the Microsoft Community Contributor Award 2011. I am also a certified Prince2 Practitioner. This article has been cross posted from pwmather.wordpress.com (original article) |
Recently you might have noticed that the Project Online OData reporting API has been updated to remove the HTML tags, I tweeted about this last week. So before this changed the data would have look like this:
Notice the HTML tags such as and </li></ul></ul></ul> in the StatusSummary field. In the PDP the data looks like this in the Status Summary multiline text field:
If you are still seeing HTML tags for projects these will be updated once edited and saved, After making a change to a project custom field and clicking Save on a PDP (this does a Project Summary Publish too) for this example project I then see the following in the OData feed:
As you can see the HTML tags are now removed from the StatusSummary field. So now in your Excel or Power BI reports you will no longer have to either use VBA in Excel to remove these or use a similar Power Query function in Excel or Power BI as detailed here.
The only down side to this change is if you use a report that can render the HTML tags to maintain the formatting set in the multiline project level custom fields on the PDP this will be lost. For example, for PS+ we use a Reporting add-in that maintains the multiline custom field formatting as seen below:
After the update this formatting is lost as expected making the data harder to read:
All is not lost though, if you want to maintain this formatting just using CSOM / JSOM or REST to get the data for the multiline project custom fields. In the example below using the REST (/_api/ProjectServer) API you can see that the HTML tags are still available:
Here the fields are referenced using the Internal Name rather than the Name, for example Custom_x005f_4d0daaaba6ade21193f900155d153dd4. So you will need to update any custom add-ins / reporting tools to get the multiline custom field data from these API’s if you wish to maintain the formatting.
Extract #ProjectOnline or #ProjectServer 2013 / 2016 Timesheet data #PowerShell #Office365
|
I am a Project Server and SharePoint consultant but my main focus currently is around Project Server.
I have been working with Project Server for nearly five years since 2007 for a Microsoft Gold Certified Partner in the UK, I have also been awared with the Microsoft Community Contributor Award 2011. I am also a certified Prince2 Practitioner. This article has been cross posted from pwmather.wordpress.com (original article) |
This PowerShell script will use the Project Reporting OData API to extract the timesheet data between the given start and end dates. The user running the script specifies the source PWA instance URL, Username and password. They then enter the start and finish dates in yyyy-mm-dd format and run. The data will then be displayed in the console and output to a CSV file.
This script example can be downloaded here: http://bit.ly/1sn9BmN
To get the script to work you will need to reference the DLL as seen in the image below:
This can be installed from the SharePoint Online Client components / management shell. I used the dll from the SharePoint Online Management Shell in this example.
Please note, this has only been tested in PowerShell 3.0 and might not work in other versions. If you have any issues try this in PowerShell 3.0.
Firstly it will prompt for the source PWA URL:
Then the username and password:
Then the start and finish dates in yyyy-mm-dd format:
The script will output the data to the console:
It will also create a CSV file in the same folder that the PowerShell script is run from:
The CSV file:
This was only run against a test PWA instance in Project Online and only my account had timesheet data for the given period, it will return all of the timesheet data for all resources for the given start and finish dates.
This example requires the user to enter the environment details when running but it could easily be updated to hard code these then the PowerShell script could be scheduled to run weekly or monthly etc. The start and finish dates could be made dynamic too.
Whilst this only reads data, as always, this script is provided as is with no warranties etc. use at your own risk and test on a test environment before using on a production environment.
So, you want to delete users with the Azure AD Graph API? Good luck with that!
You might think that deleting users using the Azure AD Graph API would be pretty straightforward right? You already have a registered application that succeeds in updating and creating new users. This link doesn’t provide any warnings about hidden dragons or secret pitfalls.
Rest assured, there is at least one gotcha that’s primed to eat your lunch when it comes to deleting users. Fortunately for you, True Believers, I’m here to show you how you too can quickly overcome this less than obvious configuration issue.
According the the Azure AD Graph Reference deleting user the is a simple operation. All you have to do is send the HTTP Verb “DELETE” to the URL of the user you want to delete.
Example:
http://bit.ly/1VZ0GVf{user_id}[?api-version]
The user_id can be the UserPrincipalName. In other words, the E-mail address of the user.
As an example, I will delete a pesky AD user named “John Doe”. This John Doe character has got to go!
I use PostMan to to get my API calls properly formatted. It also helps to ferret out problems with permissions or configurations. This helps me to *know* that it works before I write my first line of application code.
Note: Notice that I have an OAuth Bearer token specified in the header. I won’t cover how I got this token in this post. If you want to know more about how I acquire tokens for Console Applications send me an E-mail!
Assuming you have your tenant ID, user ID, and OAuth token all set correctly then all you need to do is click “Send”. Your user is deleted as expected… right?
NOPE! you encounter the following JSON error response:
{
“odata.error”: {
“code”: “Authorization_RequestDenied”,
“message”: {
“lang”: “en”,
“value”: “Insufficient privileges to complete the operation.”
}
}
}
Your first reaction may be verify that your application registration is assigned the proper permissions on the AD Graph. However, there is no permission that allows you to delete. You can only get variations of Reading and Writing.
What do you do? If you Google Bing around a bit you will find that your Application needs to be assigned an administrative role in Azure. It needs a ServicePrincipal. So, off you go searching the competing, overlapping, portals of Azure trying to figure out how to assign an application roles within a resource. You may even be successful. We weren’t.
I had to use remote PowerShell to add my application to the appropriate role in order to delete users from AD.
REMOTE POWERSHELL TO AZURE AD
I used instructions from this MSDN article to download and install the Azure AD Module. First I downloaded the Microsoft Online Services Sign-In Assistant for IT Professionals RTW. Next, I grabbed the Active Directory Module for Windows PowerShell (64-bit version). Once I had my PowerShell environment up and running, I cobbled together a quick script to Add my Application registration to the “User Account Administration” role. Here is how I did it!
THE CODEZ
# Log me into my MSDN tenant using an account I set up as “global admin”.
$tenantUser = ‘admin@mytenant.onmicrosoft.com’
$tenantPass = convertto-securestring ‘Hawa5835!’ -asplaintext -force
$tenantCreds = new-object -typename System.Management.Automation.PSCredential -argumentlist $tenantUser, $tenantPass
Connect-MsolService -Credential $tenantCreds
# Get the Object ID of the application I want to add as a SPN.
$displayName = “MyAppRegistrationName”
$objectId = (Get-MsolServicePrincipal -SearchString $displayName).ObjectId
# Set the Role name and the Add the Application as a member of the Role.
$roleName = “User Account Administrator”
Add-MsolRoleMember -RoleName $roleName -RoleMemberType ServicePrincipal -RoleMemberObjectId $objectId
PLAY IT AGAIN SAM
If you execute the PowerShell above (and it’s successful) then you can attempt to invoke the API again. Click Send!
Notice this time PostMan returns an HTTP status of 204 (no content). This is the appropriate response for a DELETE. Let’s check our tenant to ensure Jon Snow is dead or rather John Doe is deleted.
He’s gone! You are good to go.
CONCLUSION
Azure is a dynamic, new technology. Documentation is changing almost daily. It can be frustrating to navigate the changing landscape of marketing terms and portals.
All the information you need to sort out this error is out there. However, I found it to be scattered and not exactly applicable to what I was doing. The PowerShell snippets existed in parts, one to log in to a remote tenant, one to add the role. This post simply serves to bring the information together so you can quickly get past this problem and on to writing more code.
Cheers!
|
I am a senior software developer and development team lead in Houston Texas. I am passionate about the “art” of software development. I am particularly interested in software design patterns and the principles of SOLID object-oriented code. I am an evangelist for test driven development. I love to think and write about my day-to-day experiences in the trenches of enterprise IT. I relish the opportunity to share my experiences with others.
From the wire to the presentation, I am holistic solutions guy. I have broad experience in client side technologies such as Javascript, Ajax, AngularJS, Knockout, and Bootstrap. I have extensive experience with MVC, MVVM, and ASP.NET Web Forms. I am strong in SQL Databases, performance tuning, and optimization. I also have a background in network engineering, wide-area and inter-networking. This article has been cross posted from jcclements.wordpress.com/ (original article) |
Reading a SharePoint Online (Office 365) List from a Console Application (the easy way)
In a previous post I talked about our strategy of using scheduled console applications to perform tasks that are often performed by SharePoint timer jobs.
As we march “zealously” to the cloud we find ourselves needing to update our batch jobs so that they communicate with our SharePoint Online tenant. We must update our applications because the authentication flow between on premise SharePoint 2013 and SharePoint Online are completely different.
Fortunately for us, we found the only change needed to adapt our list accessing code was to swap instances of the NetworkCredentials class for the SharePointOnlineCredentials class.
Imagine that this is your list reading code:
using (var client = new WebClient())
{
client.Headers.Add(“X-FORMS_BASED_AUTH_ACCEPTED”, “f”);
client.Credentials = _credentials; //NetworkCredentials
client.Headers.Add(HttpRequestHeader.ContentType, “application/json;odata=nometadata”);
client.Headers.Add(HttpRequestHeader.Accept, “application/json;odata=nometadata”);
/* make the rest call */
var endpointUri = $”{_site}/_api/web/lists/getbytitle(‘{_listName}’)/Items({itemId})”;
var apiResponse= client.DownloadString(endpointUri);
/* deserielize the result */
return _deserializer.Deserialize(apiResponse);
}
The chances are your _credentials object is created like this:
_credentials= new NetworkCredentials(username,password,domain);
Here, the username and password are those of a service account specifically provisioned a for SharePoint list access.
In order to swap the NetworkCredentails class for SharePointOnlineCredentails first, you need to download and install the latest version of the SharePoint Online Client Components SDK here (http://bit.ly/1rKS6N8).
Once the SDK is installed add a reference to the Microsoft.SharePoint.Client and Microsoft.SharePoint.Client.Runtime libraries. Assuming a default installation, these binaries can be found here: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\.
Be certain to reference the 16.0.0.0 version of the dlls. If you get the 15.0.0.0 version (which is currently the version in NUGet) your code may not work!
Now you can “new up” your _credentials like this:
_credentails = new SharePointOnlineCredentials(username,password);
But “TV Timeout!” (as a colleague likes to say after a couple brews at the pub) the password argument is a SecureString rather than the garden variety string. You will need a helper method to transform your plain old string into a SecureString. Here is how we do it:
public static SecureString GetSecureString(string myString)
{
var secureString = new SecureString();
foreach (var c in myString)
{
secureString.AppendChar(c);
}
return secureString;
}
One last thing to note; the SharePointOnlineCredentials class implements the System.Net.ICredentials interface. That’s what allows us to simple swap one class for another.
Therefore, if you are following the SOLID principles and using dependency injection then the extent of your code changes may look like this:
var securePassword = SecureStringService
.GetSecureString(settings.SPOPassword);
container.Register<ICredentials>(()
=> new SharePointOnlineCredentials(username, securePassword));
Now that is cool!
Cheers and Happy Coding!
|
I am a senior software developer and development team lead in Houston Texas. I am passionate about the “art” of software development. I am particularly interested in software design patterns and the principles of SOLID object-oriented code. I am an evangelist for test driven development. I love to think and write about my day-to-day experiences in the trenches of enterprise IT. I relish the opportunity to share my experiences with others.
From the wire to the presentation, I am holistic solutions guy. I have broad experience in client side technologies such as Javascript, Ajax, AngularJS, Knockout, and Bootstrap. I have extensive experience with MVC, MVVM, and ASP.NET Web Forms. I am strong in SQL Databases, performance tuning, and optimization. I also have a background in network engineering, wide-area and inter-networking. This article has been cross posted from jcclements.wordpress.com/ (original article) |
Good site for learning promises with jQuery
Hi everybody,
I know it has been a while since I have personally blogged… whilst in a quiet period in my role I decided to teach myself JavaScript promises via jQuery.
This site was invaluable: http://www.htmlgoodies.com/beyond/javascript/making-promises-with-jquery-deferred.html
Till the next time…
Cheers
Giles
#ProjectServer and #SharePoint 2010 / 2013 / 2016 May 2016 Cumulative Update #PS2010 #SP2010 #PS2013 #SP2013 #MSProject
|
I am a Project Server and SharePoint consultant but my main focus currently is around Project Server.
I have been working with Project Server for nearly five years since 2007 for a Microsoft Gold Certified Partner in the UK, I have also been awared with the Microsoft Community Contributor Award 2011. I am also a certified Prince2 Practitioner. This article has been cross posted from pwmather.wordpress.com (original article) |
The Office 2016 May 2016 updates and cumulative updates are now available, please see the links below:
Project 2016 May 2016 update:
http://bit.ly/1XjYSFG
SharePoint Server 2016 May 2016 update – Project Server 2016 fix:
http://bit.ly/23FHTxb
The Office 2013 May 2016 updates and cumulative updates are now available, please see the links below:
Project Server 2013 May 2016 CU Server Roll up package:
http://bit.ly/1XjYSFI
Project Server 2013 May 2016 update:
http://bit.ly/23FHR8J
Project 2013 May 2016 update:
http://bit.ly/1XjYSFK
Also worth noting, if you haven’t done so already, install Service Pack 1 http://bit.ly/1uorn2C first if installing the May 2016 CU.
The Office 2010 May 2016 updates and cumulative updates are now available, please see the links below:
Project Server 2010 May 2016 CU Server Roll up package:
http://bit.ly/1XjYTJI
Project Server 2010 May 2016 update:
< no update this month>
Project 2010 May 2016 update:
http://bit.ly/23FHTxd
SP2 is a pre-requisite for the Office 2010 May 2016 updates.
As always, fully test these updates on a replica test environment before deploying to production.
Introduction to #Microsoft Flow with #ProjectOnline #IFTTT #WebHooks #OfficeDev #Yammer #Office365
|
I am a Project Server and SharePoint consultant but my main focus currently is around Project Server.
I have been working with Project Server for nearly five years since 2007 for a Microsoft Gold Certified Partner in the UK, I have also been awared with the Microsoft Community Contributor Award 2011. I am also a certified Prince2 Practitioner. This article has been cross posted from pwmather.wordpress.com (original article) |
At the end of April Microsoft’s Flow was made available as preview. Microsoft Flow is an If This Then That (IFTTT) service with many built in web hooks or connections to different services. You can connect to services like SharePoint Online, CRM or Twitter to name a few. A blog post from Microsoft can be found here.
In this post we will see an example of using Microsoft’s Flow service with Project Online – Microsoft’s Office 365 PPM application. When a project is created we will post a message in Yammer. Once signed in, click on My Flows from the top navigation bar:
From here you can view preconfigured templates or create from blank. Currently there aren’t any templates for Project Online so click create from blank. On this page you will see all of the services you can work with currently in the preview version:
Either start typing Project or scroll down the list to Project:
For this example I will choose “Project Online – When a new project is created”. You then need to sign into the Project Online PWA site:
Enter your credentials for the target Office 365 tenant when requested. Then enter the URL of the PWA site:
Now click the + button to either add an action or add a condition:
For this example we will just add an action without any conditions. You can add conditions in if needed though like below, if the project name contains “delivery” do something:
Also notice the advance mode where you can type the query condition:
For this demo we don’t need any conditions so I will remove that and just add an action and search Yammer:
Then select “Yammer – Post message” and click the sign in link then follow the steps to allow the access:
It’s your call to allow the access or not for services for this demo I have but only do this if you accept the terms of service. Then you can complete the details for the Yammer post:
This is what I have done:
Then give the Flow a name:
Click Create Flow and after a few seconds you will see the message stating this was created:
Click Done and the wizard is complete:
You can edit / delete the Flow from the My Flows page:
Now if I create a Project in that Project Online instance a new post will be created in the Yammer group. There maybe a minute or so delay before you see the post in the Yammer group once you create the project but here it is:
The project – “Paul Mathers test project”:
In Yammer, the post including the project name:
Notice the post if from Microsoft PowerApps.
You can check the Flow runs from the My Flow pages, click the i button at the end:
You will then see the following:
This is just a simple example – there is so much you can do even in the preview version of Flow – I’m sure more and more web hooks and functionality will be added before this is GA. Take a look today, it is very easy to use as you can see.
#ProjectOnline / #ProjectServer #Project site provisioning using #Office365 PnP remote provisioning #SharePoint #PowerShell
|
I am a Project Server and SharePoint consultant but my main focus currently is around Project Server.
I have been working with Project Server for nearly five years since 2007 for a Microsoft Gold Certified Partner in the UK, I have also been awared with the Microsoft Community Contributor Award 2011. I am also a certified Prince2 Practitioner. This article has been cross posted from pwmather.wordpress.com (original article) |
For many years now Project Server deployments have used Project Sites or known as Project Workspaces before Project Server 2010. Typically most deployments have custom requirements for the sites so custom site templates were created from a site created using the default Project Site template. The updated custom site template was then linked to the Enterprise Project Type so that new projects created used the new site template. The biggest issue with this approach was that if you wanted to update the site template later on down the line all of the existing project sites would either need manually updating or writing code to traverse through all the existing sites and make the changes. With the new online world in Office 365 there are other things to think about too. If you create a new custom site template based on the default Project Site template then Microsoft roll out a new feature in the base Project Site template – your new project sites wont get that change either. This is where the PnP remote provisioning engine is great. For a while now – at least a year or 2 I think, the best practise is to stick with the default site templates Microsoft provide, so the Project Site template for example. The Enterprise Project Types should use the default Project Site template so each new project gets a site created using the default site template. But what about my custom lists, or columns or views I hear you ask – deploy the custom artefacts once the site is created from the default site template. In this post I will give you a very quick introduction to the Office 355 PnP Remote Provisioning engine which is part of the PnP core component. PnP, known as Patterns and Practices – details can be seen here: http://bit.ly/24y2QwC. This will enable you to deploy your custom site artefacts.
For this example we will look at the PowerShell variant: http://bit.ly/26TKh8e but is also available with managed code. To get started with the PowerShell version follow the steps in the GitHub link to get the components installed. I have created a project / project site using the default Project Site template and added a new list called Change Requests that is linked to a Site Collection Content type in my root PWA site collection:
This list has two views:
I have also updated the default Risks list to use custom content type and included one new column:
I have added my new column to the All Items view:
This is the new site template I want to use. Typically this is where you would save as a template but not for this example.
Once the PnP components are installed on your machine, connect to the source project site using this command – update the Url for your site:
Connect-SPOnline –Url <source site URL>
Enter credentials if prompted to do so.
Now use the following command to extract the site:
Get-SPOProvisioningTemplate -Out C:\Temp\PnP\NewTemplate.xml
This process will extract the site definition and create an XML file in the specified location:
At this point the XML should be modified to remove unneeded properties. For example, as this project site is linked to a project already the property bag will contain certain properties referenced to the source site – I don’t want to overwrite these settings on my target sites so I removed the property bag entries highlighted below.
I have also removed properties for configuration I don’t need to update, other lists etc. See an example below, I have only left the two lists I have added / updated:
I don’t cover this here but I used Visual Studio – really one for the devs out there.
Once you are happy with the source XML file you are ready to deploy this to the existing project site/s. In this example I have a test project site created by the default Project Site template that has not been modified:
In PowerShell I now connect to the test target site using the command below – update the Url for your site:
Connect-SPOnline –Url <target site URL>
Then run the following command to apply the changes:
Apply-SPOProvisioningTemplate -Path C:\Temp\PnP\NewTemplate.xml
Once completed the test target site should be updated, in this example, with a new list and updated risk list. Once you are happy with the test target project site you could repeat the process on other project sites. I have found some settings are not set correctly and some do generate errors in PowerShell but there are usually monthly updates the PnP code so always ensure you regularly update the modules using the Update-Module command.
This is a very simple example using PowerShell, in production you might have a full script that has a list of Project Sites you want to update and get the script to update them all etc. Or better still, go down the manage code route and create an event driven SharePoint provider hosted add-in to do it. Either way, fully test this process on test project sites / projects first before any production projects / project sites!
Getting started with #ProjectOnline development #Office365 #ProjectServer #JavaScript #PowerShell #dotNET
|
I am a Project Server and SharePoint consultant but my main focus currently is around Project Server.
I have been working with Project Server for nearly five years since 2007 for a Microsoft Gold Certified Partner in the UK, I have also been awared with the Microsoft Community Contributor Award 2011. I am also a certified Prince2 Practitioner. This article has been cross posted from pwmather.wordpress.com (original article) |
Just a quick post to highlight a new code sample that has been added to the Project Online code samples on GitHub found here: http://bit.ly/1WQUcqx
The projTool tool has been created / updated to use CSOM instead of the PSI, Brian Smith has a great walkthrough for getting started with this tool on the link below:
On the GitHub samples you will find other examples for JSOM, CSOM and REST. A great place to start with Project Online development. You will also find some simple code samples / solution starters on the link below for Project Online / Project Server:
SharePoint (and Project Server) Shenanigans 
You must be logged in to post a comment.