When you throw claims authentication in the mix of AD users and SharePoint user profiles there is some things you should be aware of:

  • Use your Identity Provider to make the user profile sync connection to the domain
  • There's no built in mapping between the user profile identifier and claim (or forms) users identity provider; missing this will give you more than one user profile per user!

Setting up the sync connection with Identity Provider

Set up with claims user and Identity Provider can be setup in the Central Admin or through this PowerShell cmdlet


But beware, it is only intended for SharePoint Online environments, now you are warned!

I found it working on “on premise” fine, but there is no warranties!

Specific for the Claims scenario I will just point out the following parameters.
All the parameters are explained on this TechNet article:








Specifies the Claims Provider ID or Name for an authentication type while a Web App is configured.




Specifies the Authentication claim Provider that will be used to encode the User Profile accounts names. For example, Windows/Forms etc. This means if a user logs in using the given Authentication Type, then a profile can be found by looking up a claim encoded credentials.

The PowerShell could look something like this:

#provision connection with Claim Provider Add-SPProfileSyncConnection
-ProfileServiceApplication 888ds256-9ad9-53a9-f135-99eecd245670b `
-ConnectionClaimProviderIdValue "ClaimProviderName" `
-ConnectionClaimProviderTypeValue "Trusted" `
-ConnectionForestName "fabrikam.com"-ConnectionDomain "Fabrikam" `
-ConnectionUserName "Testupa" `
-ConnectionPassword convertto-securestring "Password1" `
-ConnectionSynchronizationOU "OU=SharePoint Users,DC=fabrikam,DC=com"



  • Only in SharePoint 2010 Service Pack 1 !
  • The account running the PowerShell window must be added as an administrator for the UPA.
  • Remove-SPProfileSyncConnection does not delete sync connections!
  • … see below

Others explaining the use of this cmdlet


Mapping between AD user and Claim user

When setting up a SharePoint 2010 application with claims authentication, there's no built in mapping between the AD user profile's and claim (or forms) user. (see my former post User profile property mappings in SharePoint and Active Directory and the TechNet article http://technet.microsoft.com/en-us/library/gg750254.aspx#section2

In claims-based Web applications, SharePoint Server uses the Claim User Identifier property (SPS-ClaimID) to match an authenticated user to the correct user profile. If the SPS-ClaimID is not mapped to the directory service attribute that you want to use as the user identifier, when a user is authenticated, he or she is not matched to the correct user profile and will not see the imported user profile data.

Worst case this will give you more than one user profile per user.

The mapping between the claim user and the AD user is done by setting the SPS-ClaimID (Claim User Identifier) to sAMAccountName (UserName)through the User Profile Service Application.

Claim User Identifier

This property mapping must be manually inserted if using Forms or Trusted Identity providers.

claim user props mapping

Or you can use PowerShell to set this mapping. The AddNewMapping cmdlet can do just that.

$synchConnection.PropertyMapping.AddNewMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User, $spsPropertyName, $userPropertyName)

Remember to do a full sync after setting this property mapping!


This CodePlex project contains a PowerShell script to help you automate the creation of SharePoint 2010 User Profile Synchronization connections, User Profile Properties and User Profile Property mappings.

Create/Manage SPS2010 User Profile Properties or Sync Connection from Powershell

Other use full links:

Tags: , | Categories: SharePoint Configuration

The User profile synchronization with AD comes with a build in property mapping. The following page from The TechNet Library describes the profile properties and link to their corresponding directory service attributes:

Default user profile property mappings (SharePoint Server 2010)

User profile property AD DS attribute






































<specific to connection>


<specific to connection>


<specific to connection>

All user profile properties

The following link lists all the user profile properties with internal name, display name and data type that SharePoint Server 2010 provides by default:

Default user profile properties (SharePoint Server 2010)

SP2010 default user profile properties

Full table at: http://technet.microsoft.com/en-us/library/hh147513.aspx

Verify user data

The Active Directory Users and Computers snap-in

The Active Directory Users and Computers snap-in is often the interface to the user attributes.

Go her to see the mapping of UI labels and AD attribute in the property pages that are displayed by the Active Directory Users and Computers snap-in:

User Object User Interface Mapping

AD User General Property Page

more at: http://msdn.microsoft.com/en-us/library/windows/desktop/ms677980%28v=vs.85%29.aspx

LDAP Browser

When it comes to navigation through the LDAP directory data there is several tools to choose from. My favorite is the LDAP directory browser from Softerra; http://www.ldapbrowser.com/download.htm

It comes free of charge if you only need read-only operations.

LDAP browser

Tags: , | Categories: SharePoint Configuration

Of course there is a print button in all Microsoft Office programs and even in Office Web App!

Well I thought so… But there is no print functionality in Office Excel Web App in the SharePoint Online.

The hunt begins:

Searching Microsoft Office Support

In search of the holy print button I found this at http://office.microsoft.com/en-us/web-apps-help/print-an-excel-workbook-from-the-browser-HA010379748.aspx

There is a nice headline saying “Print an Excel workbook from the browser”, sounds good but it only gives us two possibilities:

  • By using the Print command in Internet Explorer
  • By opening the workbook in Excel, and using the Print features there

Well, nothing new there!

Office support excel print


Using the Browsers print button will give you a print with the toolbar on, not very useful. If using Excel on the computer is an option then this is for now the best choice.

Let’s take a look at the services offered with Office 365

Downloading and reading the Microsoft Office Web Apps Service Description.docx at http://www.microsoft.com/download/en/details.aspx?id=13602 gets me no further. Print is offered for Word and PowerPoint Web Apps but not in Excel.

SkyDrive has it

I was pretty surprised when I spotted the print button at the SkyDrive Excel Web App.

Comparison of the two Excel Web Apps in SkyDrive and Office 365:
SkyDrive Office 365
Excel_webApp_SkyDrive Excel_webApp_Office365

The print in Excel Web App in SkyDrive opens a new window with the workbook content and gives you the choices to print the active sheet or print selection.

But why not this functionality in Office 365?

Not coming soon

Reading the smoke signals from mount Redmond, the print in excel is nowhere in the recent roadmap for Office 365, telling me that we have to wait a couple of month, at least.

Tags: , , , | Categories: SharePoint related

QuerySting paramerters in the URL can help you edit pages where the edit button is missing (ex. SharePoint 2007 list views) or you need to throw away a web part that’s messing with your page from the web part maintenance view.

Function URL
Add Web Parts/Browse ToolPaneView=2
Add Web Parts/Search ToolPaneView=3
Edit Mode mode=edit
View mode mode=view
Shared view PageView=Shared
Personal view PageView=Personal
Maintenance view contents=1

You can combine some of the urls ex Edit personal view: …aspx?PageView=Personal&mode=edit

Tags: , , , | Categories: Tips and tricks | SharePoint Configuration

Problems with disabled accounts from former employees in your SharePoint User Profile Store ?

This will help you set up Exclusion Filters in the User Profile Synchronization


1) Browse to Central Administration Site > Manage Service Applications > User Profile Service Application.

2) On the Manage Profile Service: User Profile Service Application page, click the  Configure Synchronization Connections. This will take you to a page where all the synchronization connections are.

follow this excellent post from Spencer Harbar at harbar.net (http://www.harbar.net/archive/2011/02/22/323.aspx)

He explains how to set up filters with the userAccountControl attribute from AD user object.


Tags: , , | Categories: Tips and tricks | SharePoint Configuration | SharePoint related

Accessing a SharePoint server from outside a network with a Forefront TMG.

The following 2 scenarios can give you an Internal Server Error

  • View properties on document
  • Editing a list view

Full error text:

Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)



The reason why this happens is that the HTTP filter in Forefront has a URL protection mechanism wich will block URLs containing escaped characters after normalization.

To fix this:

  1. Open the properties of the firewall policy.
  2. Under the Traffic tab. Click Filtering
  3. Uncheck Verify normalization in the URL Protection section


Verify normalization will block URLs containing escaped characters after normalization.


Tags: , , | Categories: SharePoint related | SharePoint Configuration

In SharePoint you can only view alerts per site. That means you cannot see all your alerts at once.

View my alerts on a site

At the top of the site, click User name , and then click My Settings, click My Alerts.

View alerts for other people on a site

As a Site Administrator you can view alerts of other users on your site through Site Actions -> Site Settings -> Under Site Administration -> User Alerts select the person whose alerts you want to view and select Update.

View all my alerts

There are several solutions for this, CodePlex and other SharePoint companies have some.
Outlook to the rescue! If you are using Exchange your Exchange mailbox will keep track of all your alerts and where these are subscribed from.
Choose Rules and Alerts.. select the Manage Alerts tab.

blog-manage-all-alerts - small

Tags: , , , | Categories: SharePoint Configuration | Tips and tricks

Recently found this excellent post explaining the SharePoint UserProfile picture sizes and naming convention.


Naming convention for the thumbnail files:

Thumbnail Image File Name Size
Large domain_username_LThumb.jpg 144x144
Medium domain_username_MThumb.jpg 96x96
Small domain_username_SThumb.jpg 32x32

The full URL of the medium thumbnail (like, “ http:///User Photos/Profile Pictures/__MThumb.jpg”) is stored in the user profile database.

You can use this information like:

var picUrl = profile[PropertyConstants.PictureUrl].Value as string;
this.imgUser.ImageUrl = picUrl.Replace("_MThumb", "_LThumb"); 


 read the full post Photo Management in SharePoint 2010 


Tags: , | Categories: SharePoint Development | Tips and tricks

Got the message:

>>The document could not be opened for editing. A Windows SharePoint Services compatible application could not be found to edit the document. <<


This is a challange and there is several possibilities:

Tags: , | Categories: SharePoint related

Using the in the the wrong parameter with the SPWeb.GetList method you will receive a FileNotFoundException with the following very SharePoint-ish error message:

System.IO.FileNotFoundException: <nativehr>0x80070002</nativehr>

The stacktrace will often give more information but the ULS log it wil simply show:


So the parameter is incorrect; Either the URL does not specify a valid path to the website, or the list does not exist in the website.

The GetList method gets the list that is associated with the specified server-relative URL to the root folder of a list, such as /sites/sitecollection/subsite/Lists/Announcements.


You can use the SPUrlUtility.CombineUrl with your webs server relative URL like this:

var list = web.GetList(SPUrlUtility.CombineUrl(web.ServerRelativeUrl, 
"lists/" + listFolderName));

I prefer to use the SPWeb.GetList over the SPWeb.Lists Property. Endusers can easy change the list title in the GUI but it is harder to change its URL.

Be aware; there are other methods casting System.IO.FileNotFoundException!

Tags: , , , | Categories: SharePoint Development | Tips and tricks