Adding Users/Groups – SharePoint – Powershell

A few times I’ve had to add users to specific SharePoint groups using powershell. I made the below script, which splits up each of the processes in the user creation and permission handling into transparent chunks. That way it’s easier to take what you need ๐Ÿ™‚
The below users are external identity provider users, based on UPN. There is a domain users group being added also. The rest of the code should be self explanatory.

#Defines the site to work with
$URL= '' 

#Gets the required web and site objects to work with
$Site= Get-SPSite $URL

#Creating Users
$JD=get-spweb $url | New-SPUser -UserAlias 'i:0e.t|Azure ACS|'
$ON=get-spweb $url | New-SPUser -UserAlias 'i:0e.t|Azure ACS|'
$AA=get-spweb $url | New-SPUser -UserAlias 'i:0e.t|Azure ACS|'
$MS=get-spweb $url | New-SPUser -UserAlias 'i:0e.t|Azure ACS|'

#Creating Groups
$DUContoso=get-spweb $url | New-SPUser -UserAlias 'c:0-.t|Azure ACS|Contoso\Domain Users'

#Get site default groups (using just "$web.Sitegroups" will show all of them.)
$HROwn=$web.SiteGroups["HR Owners"]
$HRMem=$web.SiteGroups["HR Members"]
$HRVis=$web.SiteGroups["HR Visitors"]

#Adding Users to groups



SharePoint Infrastructure Review

To aid others in correcting their SharePoint farm and to make the right choices, or simply to review their farm compared to standards, i’ve shared some of the most frequent issues / misconfigurations / things to consider whenever implementing a SharePoint farm.

This document contains the most frequent sources of issues in regards of a SharePoint infrastructure.
Each consequence of observation has been explained and recommended action stated, furthermore the type of observation has been set. The type classification is based on the authors experience and knowledge and should be challenged were project requirements state differently.
This infrastructure review is focused on SharePoint, IIS, SQL and partly Windows Server. This review does not include or only very limited to Hardware, NLB or network.

I expect to update the document when new items appear.
SharePoint Infrastructure Review (located on Google drive)

Workflow Manager & Service Bus – Bug

There is a bug in the following CUโ€™s for Workflow Manager and Service Bus which potentially breaks your workflow manager. So have a look on the Workflow Manager server for an Access Denied error against some workflow manager databases. If I get time, I will dig a bit more into the issue.

Cumulative Update for Workflow Manager 1.0 (KB2799754)
Cumulative Update for Service Bus 1.0 (KB2799752)

The following thread describes a possible workaround for the issue.

SharePoint Infrastructure Design Specification

After a good while I’ve decided to create a generic SharePoint infrastructure design specification that is very much in line with what I use. The idea is to use the template as a baseline and add only what is correct, remove what is not needed.
This document serves as an infrastructure specification and should be created together with your solution architect. This document does not replace a solution design.

Feel free to use, give any credit you can ๐Ÿ™‚

SharePoint Infrastructure Design Specification (located on Google drive)

28-12-2016: Updated Design to match SharePoint 2016 installation as default. Minor typos and updates. Added additional security requirements and service descriptions.
26-09-2016: I’ve created an example of the simplest SP farm setup possible. This will show the document in on of the most reduced forms. This shows a single SharePoint server, hosting an intranet with a search service application.
Example (located on Google drive)

Web Server security – SSL/TLS

Following the recent attention from the Heartbleed vulnerability, it might be a good idea to have a look at your general SSL/TLS configuration. Being unable to write something more accurate I’ve only supplied to links which details out SSL/TLS versions and support on the different Windows O/S and a free SSL testing tool.
Which protocol is used depends on the server/client negotiated compatibility level. It will, by default use highest possible. – However exploiters will always use lowest possible ๐Ÿ™‚

Support for SSL/TLS protocols on Windows

SSL Test tool

SharePoint 2013 – Workflow Management – Starting a workflow using Powershell

Had a simple task of creating a Powershell script that would be able to start a SharePoint workflow. Shouldn’t be too much a problem, I mean just get the web, get the list, find the associated workflows and start the right one using Powershell. How hard can it be?
Failing really short on examples on the web I had help from great colleagues again, puzzled together the below. The below code will start a specific workflow on all items within a designated list. The below should give the foundation to work with other management type tasks for SharePoint Workflows; Start, Start, Cancel etc.
I might update with additional examples, if needed ๐Ÿ™‚

The Code

$sourceWebURL = '<URL>'
$sourceListName = '<List Name>'
$TargetWorkflow = '<Workflow Name>'
$spSourceWeb = Get-SPWeb $sourceWebURL
$spSourceList = $spSourceWeb.Lists[$sourceListName]

#Getting a Workflow manager object to work with.
$wfm = New-object Microsoft.SharePoint.WorkflowServices.WorkflowServicesManager($spSourceweb)
#Getting the subscriptions
$sub = $wfm.GetWorkflowSubscriptionService()
#Getting the specific workflow within the list of subscriptions on the specific list. (SP2010 associated workflows basically)
$WF = $sub.EnumerateSubscriptionsByList($spSourcelist.ID) | Where-Object {$_.Name -eq "$TargetWorkflow"}
#Getting a Workflow instance in order to perform my commands.

Foreach($item in $spSourceList){
	#Creating the dictonary object I need to parse into StartWorkflow. This could be most other workflow commands.
	$object = New-Object 'system.collections.generic.dictionary[string,object]'
	$object.Add("WorkflowStart", "StartWorkflow");
	$wfis.StartWorkflowOnListItem($WF, $item.ID, $object)

Microsoft.SharePoint.Client.WorkflowServices namespace

Additional credit
Frej Laursen, Joachim Bach & Per Jakobsen.

SharePoint with Azure Access Control Service

This article describes the installation process of using Azure Access Control Service (ACS) as an identity provider for SharePoint. This article uses Windows Live-ID as test.

This article uses ACS as the first federator after the consuming application with reference to the below architecture.


1: Administrative access to the Azure ACS. (
2: Access from SharePoint solution to Azure ACS url. (Internet browsing available)
3: Access to public URL of SharePoint solution. (SharePoint exposed to the internet)

Installation SharePoint with Azure Access Control Service