Thursday, 22 September 2016

What are Levels of SharePoint Administration?

What are Levels of SharePoint Administration?
Most levels of the server and site hierarchy have a corresponding administration group. The administration groups that have administrative permissions at different levels are described in the following list:
  • Server or farm level
  • Farm Administrators group: Members of the Farm Administrators group have Full Control permissions to and responsibility for all servers in the server farm. Members can perform all administrative tasks in Central Administration for the server or server farm. They can assign administrators to manage service applications, which are instances of shared services. This group does not have access to individual sites or their content by default.
  • Windows Administrators group: Members of the Windows Administrators group on the local server can perform all farm administrator actions. Administrators on the local server can perform additional tasks, such as installing new products or applications, deploying Web Parts and new features to the global assembly cache, creating new Web applications and new Internet Information Services (IIS) Web sites, and starting services. Like farm administrators, members of this group on the local server have no access to site content, by default.

  • Shared services level
  • Service application administrators: These administrators are designated by the farm administrator. They can configure settings for a specific service application in a farm. However, these administrators cannot create service applications, access any other service applications in the farm, or perform any farm-level operations, such as topology changes. For example, the service application administrator for a Search service application in a farm can configure settings for that Search service application only.
  • Feature administrators: A feature administrator is associated with a specific feature or features of a service application. These administrators can manage a subset of service application settings, but not the entire service application. For example, a Feature administrator might manage the Audiences feature of the User Profile service application.

  • Web application level
  • The Web application level does not have a unique administrator group, but farm administrators have control over the Web applications within their scope. Members of the Farm Administrators group and members of the Administrators group on the local server can define a policy to grant individual users permissions at the Web application level.

  • Site level
  • Site collection administrators: These administrators have the Full Control permission level on all Web sites in a site collection. They have Full Control access to all site content in that site collection, even if they do not have explicit permissions on that site. They can audit all site content and receive any administrative message. A primary and a secondary site collection administrator can be specified during the creation of a site collection.
  • Site owners: By default, members of the Owners group for a site have the Full Control permission level on that site. They can perform administrative tasks on the site, and on any list or library within that site. They receive e-mail notifications for events, such as the pending automatic deletion of inactive sites and requests for site access.

Wednesday, 14 September 2016

AppFabric installation failed because installer MSI returned with error code 1603

Today we are writing about an issue occurring when we are trying to installing SharePoint 2016 on Microsoft Windows server 2016 standard version, the prerequisites installer fails with the error "AppFabric installation failed because installer MSI returned with error code : 1603".

We have found this solution about this issue like here seems to be that the path to the PowerShell executable that's needed for the AppFabric installation was incorrect. 

Below are the steps with screen shots which we followed to rid out from this issue:

We will go to the system environmental Variables and we will do entry for the same.

  • Go to system properties and by click on Right click on computer and selecting Properties and select advanced system setting.

  • Select Environmental variables under advanced tab, it will launch to next wizard

  • Here delete exiting entry if we have any other and create new entry by clicking on new and save the same.
Variables Name: PSModulePath
Variable values: %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\  

Sunday, 4 September 2016

Maximum password age grayed out, cannot change password on windows server 2012 or 2016 domain controller.

Today I am writing about “how to modify Maximum password age on windows server domain controller”, we have faced this issue in our organization our DC password use to get expire on every 42 days that was the causing to restrict access the users, SharePoint sites, Project server site. In one word we can say everything was getting mess up. So we did Google and find the solution but as per the solution the option was grayed out where we can modify server password days or we can put never expire password.

Any way we found the solution and fixed the issue, now we are working without any issue occurring on the server.
Below are the steps by step solution with screen shots:
  • Logon to the server with administrator user name and password.
  • Click windows+ and enter gpmc.msc
  • Once we will hit enter, Group policy Management wizard will get open, see below:
  • Navigate the option to server, Group Policy Management> Forest: server Name> Domains>server Domain> and select Default Domain Policy. Here we will right click on the same and click on edit.
  • Once we will click on edit option, it will open Group policy Management editor, here we will select required option to do modify. See below for more:
  • Here we will select navigate to below option to do modify for Maximum password Age.
Computer Configuration>Policies>Windows settings> Security Policies>password Policy
  • Here we will select Maximum password age we will select and double click on that, now can find the option is enabled over here. Finally we reached to option where we can set out our issue.
  • Select the Maximum password age properties and under the tab security policy setting and modify as per our requirement.

NOTE: Here if we will select 0 Option, password will not expire.

Thanks, Hope this will help some one ☺

Saturday, 3 September 2016

How to Create New Organization Unit using Windows interface on Windows Server 2016- Step by Step with screenshots

In our previous article we have installed windows server 2016, installing and configuring Active directory, join a machine with Domain and etc.…
See below link for above articles:

In this Article, we will learn the about “How to create OU in Active directory on Windows Server 2016”. OU (Organization Unit) is type of container where we can store Users, Computers, Groups and OUs. It’s used for organization structure to keep easy everything.
Creating Organizational Unit (OU) in Active directory:

  • We need to open Active Directory users and Computers, click on start button and click on administrator tools or user DSA.MSC command.
  • Here select Domain server rom active directory users and computers and right click on the domain, Select New> Organization Unit. See below:
  • Click on that, it will new wizard called OU here we will assign Name and click on ok.
Note: Check protect container from accidental deletion, it will protect for accident delete we can remove later on also.
  • Now we can see on the domain page new OU is created called “LAB”.
Here we can create or move Computers, users Groups and OUs same as usual method.

Thanks ☺

Friday, 2 September 2016

How to Join a Windows 10 PC to a Domain (Windows Server)

In our recent post we have described how to install windows 10, windows server, how to install Active directory and etc.
See below link to how to install and for remaining:

So today, we are writing about “How to Join a Windows 10 PC to a Domain” step by step with screen shots. As we know a domain based network provides us centralized administrator to control entire network from a single computer which we called Server.

To join a domain, we must first verify below requirement and information:
  1. Administrator privileged user account of domain server
  2. Name of Domain server
  3. Computer (Windows PC) should have assigned IP address manually or by DHCP server.
  4. We must verify firewall rule should enable or firewall should off.
  5. We must have administrator rights on the windows 10 computer

After all the above requirement or prerequisites, here we will go ahead to join windows 10 with domain.
In our case we are joining domain with windows server 2016 AD hosted server.

Below are the step by step solution to join domain:

  • Start windows 10 machine with administrator rights.
  • Verify firewall rules and current status, to check on windows search firewall and check the status.
  • We will verify IP address is assigned? And we will ping with server IP address if it’s pinging then we are set to for further step
  • Select start button and click on setting, it will go to setting wizard here click on system
  • Once we will click on system it will take us to another and here click on about then select Join a Domain on this page from right side

  • Once will click on JOIN A DOMAIN, It will ask to enter Domain name, so enter domain name and click next for user name and password of domain administrator and click ok.
  • It will ask to add an account, here we can assign user name and account type or we can skip as well, in our case we are skipping so we are clicking on skip, next will ask for restart.
  • So we have restarted our system successfully and we are on the login home page, here we can see the joined domain name appearing, now we are logging with test use to check the same.

  • Yes, we are able to login with domain user on this machine. And we have verified window 10 machine information is created on windows server.

Thanks ☺


How to migrate SharePoint list items & documents whilst preserving metadata properties

Preserving Metadata properties is a major concern when migrating SharePoint items using native processes. To ensure that metadata remains consistent through the migration you will need to follow the steps laid out in this article:

  1. At the destination, create a blank list. You don’t have to recreate the custom files and list structure in the destination list.

  1. Now create a source custom list with a custom field “comments” as shown below:

  1. In the source custom list note the time in the modified field (Metadata properties).

  1. Go to Site Actions -> Site settings -> click on “Content and structure” under Site Administration.

  1. Then open the source custom list and select the items that you want to move.

  1. Then in the Move dialog box, select the Destination Custom list in which you want to move your list items and then click OK.

  1. Now in the destination list you will see that all items have been moved and custom fields have been created. In the below screenshot you can see that new custom fields are created and the Metadata properties of list items are preserved.


If you’re relying solely on native migration processes, ensuring that metadata properties are preserved during SharePoint migrations is time consuming and repetitive. Fortunately, there are better ways of going about it. Some automated, third-party migration solutions can perform a variety of migrations whilst preserving all metadata and hierarchies. LepideMigrator for Documents is one such solution. It provides a fully customizable mapping of attributes that allows you to automatically migrate the required metadata in a fraction of the time that native processes take.

Specialy thanks to: Peter Gregg (Author for this article)