Get the members of specific Office 365 role

Good day, this time I was asked to retrieve who the Company Administrators and SharePoint Service Administrators are from customer tenant.  The following is the steps I’ve used to deliver the requested Info:

  • I downloaded the Microsoft Online Service Sign-In Assistant from the following URL https://go.microsoft.com/fwlink/p/?LinkId=286152, proceeded to install
  • Install the Azure Active Directory for Windows PowerShell Module, as an Administrator loaded the PowerShell console and executed the Install-Module MSOnline command, specified yes, “Y” two times, first for NuGet and then for Untrusted Repository
  • Inside the PowerShell session, executed the following PowerShell commands:
  1. Import-Module MSOnline
  2. Connect-MsolService this command loaded an authentication window, you need to provide credentials
  3. Get-MsolRole, this command will list all the Office 365 roles, make sure you identify the one you need and copy the Object ID value
  4. Get-MsolRoleMember -RoleObjectId “rol ID” this command will display who the members of the role are

 

 

Reference:

https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell

 

Old school SharePoint tip

Good day colleagues, while supporting SharePoint 2010 custom application, suddenly new requirement out of the blue came up.  They said, stakeholder says that it will be great if this form can be accessed in a kiosk inside the plant, can you make it happen? Oh, and please remove the navigation stuff like the left and top links so kiosk will display only the form, no navigation or any other thing that may confuse people.

As a developer, you will think, not a problem I can use some CSS to hide some classes. But there is another simple way to get around about this, just add the:

http://yoursiteURL/Pages/DTCode.aspx?IsDlg=1 parameter in the query string of your URL and that will remove top navigation, top ribbon section, quick launch and will leave the whole page just for your web part.

 

Unsupported expression in good old InfoPath

Even though Is been announced that InfoPath is deprecated, but supported until April 2023 you can read more here  the reality is that there is a significant amount of customers that still rely on the InfoPath form based solutions for dealing with data entry challenges in the organization on a daily basis. As a consultant, I currently support multiple clients on InfoPath Form related issues.

Today I want to talk about a recent discovery and of course share the solution.

This is a custom list with an InfoPath list form used for storing OA’s (Operational Activities) assignment information, of course, this list has a bunch of fields for specifying the type, who is assigned to, location and most importantly how many hours per week (52 weeks) during the year each OA will take.

Operational Activities InfoPath based Form

Notice the Duration in Hours field, basically this field is automatically calculated based on the number of hours specified on each week. How many weeks do we have during a year? 52 weeks. So, you can guess that the formula to calculate the duration field will be something like this:

Formula for counting the hours on all the week’s during the year

 

 

 

But as soon you want to publish the Design Checker throws an error stating an Unsupported expression error.

Unsupported Expression Issue in InfoPath

After some research found out that the problem was more related to the size of the expression. So, be careful of creating huge long calculation expressions. What I did was to create 4 fields that represent each Quarter and add the formula to calculate the weeks for Q1, Q2, Q3 and Q4. Then I modified the formula in the Duration field to use the 4 quarter fields, something like: Q1+Q2+Q3+Q4.

Bottom line, you never stop learning a technology, even though is a deprecated one.

Make you SharePoint Admin chuckle for a minute

If you have Full Control permissions over a List or Document Library, navigate to the Library Settings and from the Columns section click the Created By column, this will take you to the Change Column form. Locate the section Additional Columns Settings, usually a Person or Group field has the Name (with presence) as the default show field value, well change to something else like Department and get your SharePoint Admin entertained for hours trying to figure it out.

Prevent Document Download in SharePoint Online

Good day colleagues, wanted to share with you all how to configure a document library that doesn’t allow users to download his content. In our scenario here is to expose a document library to a group of people inside the company, but the requirement was that these people shouldn’t be able to download the content, this is just a document library for content consumption, no collaboration at all and of course read only for visitors.

It is simple to achieve the desired outcome because there is a permission already in the system that allows us exactly what we need, but it has some limitations that you should know first before you commit to deliver what business ask us to do.

As general understanding please read the following descriptions about the permissions already available in SharePoint, please read to the end because you will see what permissions makes sense for us to use.

  • Full Control – Has full control.
  • Design – Can view, add, update, delete, approve, and customize.
  • Edit – Can add, edit and delete lists; can view, add, update and delete list items and documents.
  • Contribute – Can view, add, update, and delete list items and documents.
  • Read – Can view pages and list items and download documents.
  • View Only – Can view pages, list items, and documents. Document types with server-side file handlers can be viewed in the browser but not downloaded.

Yes, the View Only permission gives us the required behavior. In other words, this permission allows us to visualize documents inside a browser (of course with the help of Office Web Apps or Office Online Server) and documents cannot be downloaded. The question here is: What are the documents we can visualize in the browser using Office Online Server? The answer is Only Office Documents and what Office Documents are we talking about? Word, PowerPoint, Excel.

This means that:

PDF or any other file type that is not an office document can be downloaded ☹

Let’s explore how to configure this:

  1. Create a security group that has the View Only permission
  2. Create and configure a document library
  3. Test with another user that the download is not possible

Let’s see it in action here in this video, since now, thanks for reading, thanks for watching, thanks for sharing.

Just make sure your Read List and Read Item operation in your ECT have the same fields

Had some fun during the weekend. Customer asked me to add 3 new fields to an existing External Contents Type hosted on a SharePoint 2010 farm. Simple right?

  • SQL Server
    • Modify the pre-production database and alter the table to create 3 new varchar fields
    • Add some dummy content to some records in pre-production farm
  • SharePoint Designer
    • Open the pre-production site collection and locate the External Content Type
    • Open the external content type look at the operations and update the fields including the new ones

After saving the changes I proceeded to test, and got an error, the view was not displaying the data and gave me a correlation ID, after running a Merge-SPLogFile powershell command this is what I got:

Error while executing web part: System.InvalidOperationException: The Finder ‘SiteCodesRead List’ cannot be found in ViewGroup associated with SpecificFinder (Read Item) operation ‘SiteCodesRead Item’ in EntityNamespace ‘http://preportal.zzzz.com/sites/it’, Entity ‘YYY_SiteCodes_IT_Master’.

What this wonderful error description was trying to tell me is:

Just make sure your Read Item and Read List operation in your ECT have the same fields you dummy

Will not charge the customer for the time I spent figuring out this issue

Boost companywide communication with Office 365 and SharePoint Online

More than ever before is clear what organizations intent to do with a successful SharePoint implementation. In my experience lots of companies try achieve better collaboration and communication experiences for their users. We use team sites template to create share-spaces or workspaces for people to collaborate with content and information securely and inside the corporate network, in the other hand, we use publishing sites that allows a better and more sophisticated content authoring experience and publishing features that any communication related department can use for share company wide information accessible to everyone in the network.

As everybody know, Office 365 and SharePoint Online are evolving rapidly, innovation happens fast and get deliver so frequented now, instead of us waiting for a new version release of SharePoint every 3 years.

Today Microsoft started the release of Communication sites to Office 365 customers, so what does this mean?

Communication sites are a special type of site that already has a set feature to boost companywide communication, they already support events, news and other content responsive out of the box. So, no need to pay consultant any more to build beautiful and responsive intranet home pages with carousel web parts or content rollups on top of a publishing site.

Plan and use Communication site to:

  • Make your home page and sub-pages look great
  • Continue the discussion in context to ensure reach, retention and engagement
  • Dynamically pull in and display data, documents and information via web part improvements

Instead of me repeating what is already publish by Microsoft, I leave you the link to the official announcement. After reading this announcement ask yourself. Do you need help planning and adapting your existing Office 365 customizations and publishing investments to this new model?

Microsoft Forms, want to give it a try?  Here is a basic demo

Want to give a try to Microsoft Forms? Yesterday I created a Customer Satisfaction Survey demo to see at a glance the main features of this new technology now available for Office 365 commercial users. I was surprise to see how simple and slick the authoring experience is and of course love the final result. I can see so much power for specific set of scenarios. I just hope that Microsoft consider creating an API for allowing developer build forms and quiz programmatically as well as query the results.

I do see myself building risk matrix surveys (Survey Analysis for Evaluating Risks) for some O365 customers

Invoking User Profile Service when Selecting from People Picker in InfoPath

While supporting a customer on InfoPath development, he ask me how to retrieve data from a specific user using the Profile Web Service, but he want to invoke the service after selecting a user from a people picker control, problem was that the Action section in the people picker control was disable so he was asking why and how can we accomplish what he wants. I remember that I was able to implement same exact scenario a while back ago but didn’t remember how, so I did some basic research and this is what you need to do:

Step 1 – Create another field in the form of type Text (String) and make sure to set the default value equal to the people picker Account ID field, also it is critical to check the Refresh value when formula is recalculated check box control

Step 2 – Create an Action rule in the new text box control, this will get execute any time the people picker control change the continuing Account Id value

Essentially this as the actual concern, so now we are able to have a trigger action in order to query the User Profile Web Service.

Just use a Office 365 based credential when deploying programatically

So all people happy and kind of impress with Office 365 Pattern & Practices components, especially the ones that are related to Office 365, is so much easier and simpler the provision things up to SharePoint Online. Recently had to deploy some assets into SharePoint Online, I did use Office 365 PnP as our deployment approach. Everything work just fine in our Office 365 Dev environment but as soon I got to customer tenant our deployment console app didn’t work as expected.

First I notice that customer had ADFS set up and the code when trying to authenticate was throwing the following exception:

Unhandled Exception: Microsoft.SharePoint.Client.IdcrlException: Unable to get ticket due to unknown error.
at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String securityXml, String serviceTarget, String servicePolicy)
   at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String username, String password, String serviceTarget, String servicePolicy)
   at Microsoft.SharePoint.Client.Idcrl.SharePointOnlineAuthenticationProvider.GetAuthenticationCookie(Uri url, String username, SecureString password, Boolean alwaysThrowOnFailure, EventHandler`1 executingWebRequest)
   at Microsoft.SharePoint.Client.SharePointOnlineCredentials.GetAuthenticationCookie(Uri url, Boolean refresh, Boolean alwaysThrowOnFailure)
   at Microsoft.SharePoint.Client.ClientRuntimeContext.SetupRequestCredential(ClientRuntimeContext context, HttpWebRequest request)
   at Microsoft.SharePoint.Client.SPWebRequestExecutor.GetRequestStream()
   at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate()
   at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest()
   at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
   at Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryImplementation(ClientRuntimeContext clientContext,Int32 retryCount, Int32 delay)
   at Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryRetry(ClientRuntimeContext clientContext, Int32 retryCount, Int32 delay)
   at BrandingCAN.Program.Main(String[] args) in projectpath\Program.cs:line 41

Did some research and perform several recommendations, but unfortunately didn’t work at all. So, at this moment I still don’t understand what to do to make my console app to authenticate to O365 with ADFS set up and account. But, I did manage to solve the issue just using an Office 365 based credential instead of an ADFS based credential, and that’s what I wanted to share here.

Whenever you deploying something programmatically to O365, please use O365 based credentials like “accountname@company.onmicrosoft.com” and Office 365 PnP and all SharePoint Client APIs will perform as expected.