CPS’ PS+ solution is an Award Winner at the #Microsoft Partner Awards #WPC16 for #PPM #ProjectOnline / #ProjectServer

Paul Mather
I am a Project Server and SharePoint consultant but my main focus currently is around Project Server.
I have been working with Project Server for nearly five years since 2007 for a Microsoft Gold Certified Partner in the UK, I have also been awared with the Microsoft Community Contributor Award 2011.
I am also a certified Prince2 Practitioner.

This article has been cross posted from pwmather.wordpress.com (original article)

I am pleased to announce that CPS’ PS+ solution was an Award Winner in the recent Microsoft Partner of the Year Awards 2016 in the Project and Portfolio Management Competency.

PS+ logo

For a full list of winners and finalists see:

http://bit.ly/25xwdzo

Great work to all the partners that received awards.

Categories: Paul Mather, Work Tags:

[Nintex Workflow] Add user to Site Collection Administrator group with REST API

Helping people to automation their workplace is my passion and lucky for me I also get paid to do so !

This week I was finishing working with a partner to improve the (poor) automation steps required by Matter Center, which no-one can really complain because Microsoft made it open-source.
Matter Center documentation requires to create each client as a new site collection in PowerShell, but this is not quite possible if the users registering these new clients on a daily basis are regular Office 365 users and not SharePoint Administrators.Thanks to a few Nintex Workflows we managed to do all the configuration in the background.

Thanks to a few Nintex Workflows we managed to do all the configuration in the background.
Today’s post is not about the site collection creation so I will spare the details, but in summary and very high level, I developed 4 workflows, 1 CSOM Javascript to be executed on the browser, and 1 Nintex Form of course for submitting the new client on desktop or mobile.

Now this quick blog post is regarding the challenge that we had to add the user as a Site Collection Administrator of that newly created site collection.

Since there is no mention of the sort in http://bit.ly/1TUw4AY it may useful for someone, so here it is:

  1. Create a new Nintex workflow in an Office 365 site list.
  2. Download and Import the .NWP workflow file available here to replace the blank workflow
  3. Edit a few of the actions at the beginning of the workflow to set the variables (I never hard-code UserName and Password for instance, so you will see a few Lookup to a different list to get the value, which you can replace since they will be showing an error once imported into your list)

Note: In this workflow, the “user” I am adding to the Site Collection Administrators group is actually the “CreatedBy” of the list item, which may sound strange since the user running that workflow may be the CreatedBy. However this is NOT the case (refer to above point: we do not want all users to be SharePoint admins!), here is how you should sequence the workflow to start:
1) After the List Item is created, a first workflow (run by CreatedBy) i.e. called “Start and Call workflow 2” and in the workflow we just add a “Start Workflow”

2) then within that first workflow we just add a “Start Workflow” making sure that this action is bein executed in an “App Step” in order to use “elevated privilege”.

Nintex_Workflow_for_Office_365

3) finally all the actions are happening in Workflow2 (which you imported in step 2)

 

Hope this helps someone.

François.

via François on SharePoint & more http://bit.ly/1TUwgjP

François Souyri
French native Sharepoint Consultant living in London. A crossway between a designer, developer and system architect. Prefers stretching the limit of out-of-the-box features rather than breaking them into code. When not working with Microsoft Sharepoint François is often found on Web2.0 News sites and related social networking tools.

This article has been cross posted from sharepointfrancois.wordpress.com/ (original article)

Categories: Work Tags: ,

#ProjectOnline #OData reporting API updated to remove #HTML tags #Office365 #BI #Excel #PowerBI

Paul Mather
I am a Project Server and SharePoint consultant but my main focus currently is around Project Server.
I have been working with Project Server for nearly five years since 2007 for a Microsoft Gold Certified Partner in the UK, I have also been awared with the Microsoft Community Contributor Award 2011.
I am also a certified Prince2 Practitioner.

This article has been cross posted from pwmather.wordpress.com (original article)

Recently you might have noticed that the Project Online OData reporting API has been updated to remove the HTML tags, I tweeted about this last week. So before this changed the data would have look like this:

image

Notice the HTML tags such as   and </li></ul></ul></ul> in the StatusSummary field. In the PDP the data looks like this in the Status Summary multiline text field:

image

If you are still seeing HTML tags for projects these will be updated once edited and saved, After making a change to a project custom field and clicking Save on a PDP (this does a Project Summary Publish too) for this example project I then see the following in the OData feed:

image

As you can see the HTML tags are now removed from the StatusSummary field. So now in your Excel or Power BI reports you will no longer have to either use VBA in Excel to remove these or use a similar Power Query function in Excel or Power BI as detailed here.

The only down side to this change is if you use a report that can render the HTML tags to maintain the formatting set in the multiline project level custom fields on the PDP this will be lost. For example, for PS+ we use a Reporting add-in that maintains the multiline custom field formatting as seen below:

image

After the update this formatting is lost as expected making the data harder to read:

image

All is not lost though, if you want to maintain this formatting just using CSOM / JSOM or REST to get the data for the multiline project custom fields. In the example below using the REST (/_api/ProjectServer) API you can see that the HTML tags are still available:

image

Here the fields are referenced using the Internal Name rather than the Name, for example Custom_x005f_4d0daaaba6ade21193f900155d153dd4. So you will need to update any custom add-ins / reporting tools to get the multiline custom field data from these API’s if you wish to maintain the formatting.

Categories: Paul Mather, Work Tags:

Extract #ProjectOnline or #ProjectServer 2013 / 2016 Timesheet data #PowerShell #Office365

Paul Mather
I am a Project Server and SharePoint consultant but my main focus currently is around Project Server.
I have been working with Project Server for nearly five years since 2007 for a Microsoft Gold Certified Partner in the UK, I have also been awared with the Microsoft Community Contributor Award 2011.
I am also a certified Prince2 Practitioner.

This article has been cross posted from pwmather.wordpress.com (original article)

This PowerShell script will use the Project Reporting OData API to extract the timesheet data between the given start and end dates. The user running the script specifies the source PWA instance URL, Username and password. They then enter the start and finish dates in yyyy-mm-dd format and run. The data will then be displayed in the console and output to a CSV file.

This script example can be downloaded here: http://bit.ly/1sn9BmN

To get the script to work you will need to reference the DLL as seen in the image below:

image

This can be installed from the SharePoint Online Client components / management shell. I used the dll from the SharePoint Online Management Shell in this example.

Please note, this has only been tested in PowerShell 3.0 and might not work in other versions. If you have any issues try this in PowerShell 3.0.

Firstly it will prompt for the source PWA URL:

image

Then the username and password:

image

Then the start and finish dates in yyyy-mm-dd format:

image

The script will output the data to the console:

image

It will also create a CSV file in the same folder that the PowerShell script is run from:

image

The CSV file:

image

This was only run against a test PWA instance in Project Online and only my account had timesheet data for the given period, it will return all of the timesheet data for all resources for the given start and finish dates.

This example requires the user to enter the environment details when running but it could easily be updated to hard code these then the PowerShell script could be scheduled to run weekly or monthly etc. The start and finish dates could be made dynamic too.

Whilst this only reads data, as always, this script is provided as is with no warranties etc. use at your own risk and test on a test environment before using on a production environment.

Categories: Paul Mather, Work Tags:

So, you want to delete users with the Azure AD Graph API? Good luck with that!

You might think that deleting users using the Azure AD Graph API would be pretty straightforward right?  You already have a registered application that succeeds in updating and creating new users.  This link doesn’t provide any warnings about hidden dragons or secret pitfalls.

Rest assured, there is at least one gotcha that’s primed to eat your lunch when it comes to deleting users.  Fortunately for you, True Believers, I’m here to show you how you too can quickly overcome this less than obvious configuration issue.

According the the Azure AD Graph Reference deleting user the is a simple operation.  All you have to do is send the HTTP Verb “DELETE” to the URL of the user you want to delete.

Example:

http://bit.ly/1VZ0GVf{user_id}[?api-version]

The user_id can be the UserPrincipalName. In other words, the E-mail address of the user.

As an example, I will delete a pesky AD user named “John Doe”.  This John Doe character has got to go!

Azure

I use PostMan to to get my API calls properly formatted.  It also helps to ferret out problems with permissions or configurations. This helps me to *know* that it works before I write my first line of application code.

Note: Notice that I have an OAuth Bearer token specified in the header.  I won’t cover how I got this token in this post.  If you want to know more about how I acquire tokens for Console Applications send me an E-mail!

PostmanDelete1

Assuming you have your tenant ID, user ID, and OAuth token all set correctly then all you need to do is click “Send”.  Your user is deleted as expected… right?

NOPE! you encounter the following JSON error response:

{
“odata.error”: {
“code”: “Authorization_RequestDenied”,
“message”: {
“lang”: “en”,
“value”: “Insufficient privileges to complete the operation.”
}
}
}

Your first reaction may be verify that your application registration is assigned the proper permissions on the AD Graph.  However, there is no permission that allows you to delete. You can only get variations of Reading and Writing.

AzurePermission

What do you do?  If you Google Bing around a bit you will find that your Application needs to be assigned an administrative role in Azure. It needs a ServicePrincipal.  So, off you go searching the competing, overlapping, portals of Azure trying to figure out how to assign an application roles within a resource.  You may even be successful.  We weren’t.

I had to use remote PowerShell to add my application to the appropriate role in order to delete users from AD.

REMOTE POWERSHELL TO AZURE AD

I used instructions from this MSDN article to download and install the Azure AD Module.  First I downloaded the Microsoft Online Services Sign-In Assistant for IT Professionals RTW.  Next, I grabbed the Active Directory Module for Windows PowerShell (64-bit version).  Once I had my PowerShell environment up and running, I cobbled together a quick script to Add my Application registration to the “User Account Administration” role.  Here is how I did it!

THE CODEZ

# Log me into my MSDN tenant using an account I set up as “global admin”.
$tenantUser = ‘admin@mytenant.onmicrosoft.com’
$tenantPass = convertto-securestring ‘Hawa5835!’ -asplaintext -force
$tenantCreds = new-object -typename System.Management.Automation.PSCredential -argumentlist $tenantUser, $tenantPass

Connect-MsolService -Credential $tenantCreds

# Get the Object ID of the application I want to add as a SPN.
$displayName = “MyAppRegistrationName”
$objectId = (Get-MsolServicePrincipal -SearchString $displayName).ObjectId

# Set the Role name and the Add the Application as a member of the Role.
$roleName = “User Account Administrator”
Add-MsolRoleMember -RoleName $roleName -RoleMemberType ServicePrincipal -RoleMemberObjectId $objectId

PLAY IT AGAIN SAM

If you execute the PowerShell above (and it’s successful) then you can attempt to invoke the API again.  Click Send!

DeleteSuccess

Notice this time PostMan returns an HTTP status of 204 (no content).  This is the appropriate response for a DELETE.  Let’s check our tenant to ensure Jon Snow is dead or rather John Doe is deleted.

DeleteProof

He’s gone!  You are good to go.

CONCLUSION

Azure is a dynamic, new technology.  Documentation is changing almost daily. It can be frustrating to navigate the changing landscape of marketing terms and portals.

All the information you need to sort out this error is out there. However, I found it to be scattered and not exactly applicable to what I was doing.  The PowerShell snippets existed in parts, one to log in to a remote tenant, one to add the role.  This post simply serves to bring the information together so you can quickly get past this problem and on to writing more code.

 

Cheers!

 

 

Chris Clements
I am a senior software developer and development team lead in Houston Texas. I am passionate about the “art” of software development. I am particularly interested in software design patterns and the principles of SOLID object-oriented code. I am an evangelist for test driven development. I love to think and write about my day-to-day experiences in the trenches of enterprise IT. I relish the opportunity to share my experiences with others.

From the wire to the presentation, I am holistic solutions guy. I have broad experience in client side technologies such as Javascript, Ajax, AngularJS, Knockout, and Bootstrap. I have extensive experience with MVC, MVVM, and ASP.NET Web Forms. I am strong in SQL Databases, performance tuning, and optimization. I also have a background in network engineering, wide-area and inter-networking.

This article has been cross posted from jcclements.wordpress.com/ (original article)

Reading a SharePoint Online (Office 365) List from a Console Application (the easy way)

In a previous post I talked about our strategy of using scheduled console applications to perform tasks that are often performed by SharePoint timer jobs.

As we march “zealously” to the cloud we find ourselves needing to update our batch jobs so that they communicate with our SharePoint Online tenant.  We must update our applications because the authentication flow between on premise SharePoint 2013 and SharePoint Online are completely different.

Fortunately for us, we found the only change needed to adapt our list accessing code was to swap instances of  the NetworkCredentials class for the SharePointOnlineCredentials class.

Imagine that this is your list reading code:

using (var client = new WebClient())
{
client.Headers.Add(“X-FORMS_BASED_AUTH_ACCEPTED”, “f”);
client.Credentials = _credentials;  //NetworkCredentials
client.Headers.Add(HttpRequestHeader.ContentType, “application/json;odata=nometadata”);
client.Headers.Add(HttpRequestHeader.Accept, “application/json;odata=nometadata”);

/* make the rest call */
var endpointUri = $”{_site}/_api/web/lists/getbytitle(‘{_listName}’)/Items({itemId})”;
var apiResponse= client.DownloadString(endpointUri);

/* deserielize the result */
return _deserializer.Deserialize(apiResponse);
}

The chances are your _credentials object is created like this:

_credentials= new NetworkCredentials(username,password,domain);

Here, the username and password are those of a service account specifically provisioned a for SharePoint list access.

In order to swap the NetworkCredentails class for SharePointOnlineCredentails first, you  need to download and install the latest version of the SharePoint Online Client Components SDK here (http://bit.ly/1rKS6N8).

Once the SDK is installed  add a reference to the Microsoft.SharePoint.Client and Microsoft.SharePoint.Client.Runtime libraries.  Assuming a default installation, these binaries can be found here: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\.

Be certain to reference the 16.0.0.0 version of the dlls.  If you get the 15.0.0.0 version (which is currently the version in NUGet) your code may not work!

Now you can “new up” your _credentials like this:

_credentails = new SharePointOnlineCredentials(username,password);

But “TV Timeout!” (as a colleague likes to say after a couple brews at the pub) the password argument is a SecureString rather than the garden variety string.  You will need a helper method to transform your plain old string into a SecureString.  Here is how we do it:

public static SecureString GetSecureString(string myString)
{
var secureString = new SecureString();
foreach (var c in myString)
{
secureString.AppendChar(c);
}
return secureString;
}

One last thing to note; the SharePointOnlineCredentials class implements the System.Net.ICredentials interface. That’s what allows us to simple swap one class for another.

Therefore,  if you are following the SOLID principles and using dependency injection then the extent of your code changes may look like this:

var securePassword = SecureStringService
.GetSecureString(settings.SPOPassword);

container.Register<ICredentials>(()
=> new SharePointOnlineCredentials(username, securePassword));

Now that is cool!

Cheers and Happy Coding!

 

Chris Clements
I am a senior software developer and development team lead in Houston Texas. I am passionate about the “art” of software development. I am particularly interested in software design patterns and the principles of SOLID object-oriented code. I am an evangelist for test driven development. I love to think and write about my day-to-day experiences in the trenches of enterprise IT. I relish the opportunity to share my experiences with others.

From the wire to the presentation, I am holistic solutions guy. I have broad experience in client side technologies such as Javascript, Ajax, AngularJS, Knockout, and Bootstrap. I have extensive experience with MVC, MVVM, and ASP.NET Web Forms. I am strong in SQL Databases, performance tuning, and optimization. I also have a background in network engineering, wide-area and inter-networking.

This article has been cross posted from jcclements.wordpress.com/ (original article)

Good site for learning promises with jQuery

Hi everybody,

I know it has been a while since I have personally blogged… whilst in a quiet period in my role I decided to teach myself JavaScript promises via jQuery.

This site was invaluable: http://www.htmlgoodies.com/beyond/javascript/making-promises-with-jquery-deferred.html

Till the next time…

Cheers

Giles

Categories: Work Tags: , ,
Follow

Get every new post delivered to your Inbox.

Join 495 other followers

%d bloggers like this: