Posts

AzureRM tasks in PowerShell Automation using Azure AD Principal - Part Two

Image
In Part 1  we had covered the topics of understanding Azure Service Principals and how to create them. In this part we will look at using the Service Principals in a secure manner when creating Azure Automation Runbooks and carrying out AzureRM tasks. We will not get into the details of how to create a automation account in Azure. It is very simple to follow the Microsoft Docs  to create an automation account and also learn how to create a runbook and schedule it. We will now focus on the how-to of using an Azure Service Principal in our PowerShell script. In this example we will use the Password-based Service Principal for simplicity. Maybe I'll create another post for the certificate based service principal in a later update. Note: The Service Principal can be used as any other account in Azure. So, you can use it with RBAC across Resource Groups/Resources as might be necessary. Go to your Automation Account resource and scroll down to find "Credentials" in t...

AzureRM tasks in PowerShell Automation using Azure AD Principal - Part One

So you need to run a PowerShell script inside a Azure Automation account and the script uses AzureRM cmdlets. How would you authenticate? Do you use a user account? But the user account could have more permissions than what is actually required for your script, opening a whole discussion around security. I have also seen organizations create user accounts that are used as service accounts. But what does Microsoft say? "Automated tools that use Azure services should always have restricted permissions. Instead of having applications sign in as a fully privileged user, Azure offers service principals. " So what is an Azure Service Principal? An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources. This access is restricted by the roles assigned to the service principal, giving you control over which resources can be accessed and at which level.  Service Principals offer 2 kinds o...

SharePoint Realm - Should it always be a GUID or can it be any string?

Image
SharePoint Realm is one of those things that is not discussed a lot in the SharePoint world, at least not until you are discussing oAuth and trust. In majority of cases, we are content with the default Realm ID that is set when we install SharePoint. What if some SharePoint administrator thought that it was perhaps cool to change the realm from GUID to any random string? Don't think its possible? Of course it is, just look closely at the Set-SPAuthenticationRealm cmdlet. Set-SPAuthenticationRealm [-AssignmentCollection <SPAssignmentCollection>] [-Confirm] [-Realm <String>] [-ServiceContext <SPServiceContextPipeBind>] [-WhatIf] [<CommonParameters>] Attribute Realm is a string and it allows an administrator to choose any string of his liking to be the new Realm ID. I just finished troubleshooting for a customer where the customer was unable to run any of the full-trust add-ins that they had on a new farm they had setup. The add-in...

Permanently delete SharePoint Online Site-Collection

For SharePoint administrators, there was quite a radical change with the introduction of O365/SharePoint Online. One of the biggest changes for them were the limitations to the Administration Portal. The Central Admin allowed admins perform a plethora of admin tasks which were either not anymore allowed or were no longer available via the UI. Of course many admins did prefer the PowerShell route, some tasks were just easier via the UI. One such task that I have seen most admins perform via the UI was the deletion of a site-collection including the recycle bin. This is commonly done when a site provision failed and the same site needed to be provisioned again. However, deleting a site-collection was not enough. It was still in the recycle bin, and SharePoint was always smart to prevent you from creating another site-collection while a site with the same URL was present in the Recycle Bin. In on-premises, it is possible for admins to access the Recycle Bin via CA and delete the site...

Quirks of uploading aspx files to a document library using SharePoint REST API

Uploading a file to a SharePoint document library using the SharePoint REST API can be very straight forward. Fast forward to  Microsoft Docs  and you are presented with all the information you need. A simple construct: Create a file and add it to a folder url : http : //site url/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/Files/add(url='a.txt',overwrite=true) method : POST body : "Contents of file" Headers : Authorization : "Bearer " + accessToken X - RequestDigest : form digest value content - length : length of post body Update a file by using the PUT method url : http : //site url/_api/web/GetFileByServerRelativeUrl('/Folder Name/file name')/$value method : POST body : "Contents of file." Headers : Authorization : "Bearer " + accessToken X - RequestDigest : form digest value X - HTTP - Method : "PUT" content - length : length of post b...

C# Extension Methods

C#.NET comes with a lot of string processing methods like Substring , Compare , IndexOf , Replace , etc. Although the number and scope of such methods are vast, programmers still constantly have to rewrite similar text processing methods over and over again to suit their needs. Luckily we can extend on them and create all kinds of advanced string methods in C#. public string Replace ( string oldChar, string newChar) public string Replace ( string oldString, string newString) We will focus on Replace method here. In C#, Replace method has the following two signatures: Replace method does not give us the flexibility to replace after/from a specified position in a string or to replace for a specified number of occurrences within the string. This was possible in VB6. So, especially in migration projects there arises a need where we need to have extension methods of Replace. The signature of the extension methods we will create are as follows: public s...

Can SharePoint 2013 Workflows be an option for lightweight BPM Tool?

Most employees in any organization would describe SharePoint as the Intranet or a document management system. What many fail to see are the other rich features on offer like social platform, record management, hosting public websites and last but not the least – a platform to host workflows. Workflows are crucial in orchestrating processes in any organization. Organizations often debate if they really need a white-labelled full-suite BPM solution for lightweight business processes? Can organizations with investments/plans for investments in SharePoint work around some of their less complex workflows in SharePoint? Workflow is perhaps one of the most overhauled functionality from SharePoint 2010 to SharePoint 2013. The introduction of the Workflow Manager (WM) ensures that Workflows no longer run in the SharePoint servers. This goes a long way to improve stability, scalability and transparency. The Workflow Manager, with its power and flexibility of Windows Workflow Foundati...