Last week I had to do something interesting. To send emails from a Sharepoint farm in a Cloud environment.I have sent mails from Sharepoint through Microsoft Exchange server.But this was a new thing for me.The difference here was I didnt have exchange server.I had to configure SMTP server instead and use a gmail account for this. I learned one more new thing in Sharepoint. To begin with we will configure SMTP server in Windows Server 2008 to forward email to Gmail server which will send ouy the actual email.
Configuring SMTP Server
1) Go to Control Panel, click on Turn Windows features on or off, go to Features, click Add Features, select SMTP Server from the list, click Add Required Role Services, click Next -> click Install.
2) Open Internet Information Services (IIS) 6.0 Manager under Administrative Tools, expand the node with your local computer name on it, right click on SMTP Virtual Server, right click on Properties
On the Access tab, click on Relay, select All except the list below and click OK
On the Delivery tab, click on Outbound Security, on the new window that opens select Basic Authentication and type your Gmail id and password in the Username and Password fields, and also select TLS encryption
Click Apply, click OK Configuring Gmail 1) Make sure POP is enabled for your Gmail account (Settings -> Forwarding and POP/IMAP). Configuring Central Administration
1) Open SharePoint Central Administration, go to System Settings, go to Configure outgoing e-mail settings. 2) Type your computer name in the field Outbound SMTP server 3) Type your Gmail email address in field From addressandReply-To Address
Go to Site Actions ->Create Site->Put in the Title, Description, URL Name, and Pick up the right template -> Click OK
2. How to create a list?
Go to Site Actions -> View All Site Content->Create -> Custom List ->Enter the List Name, Description ->Click OK
3. How to add columns to a list? Click on the list name on the left hand side of the page -> Go to Settings ->Create Column ->Enter Column Name, Select the Type, Description, and Make the choices as per need. -> Click OK
4. How to edit a list?
Click on the list name on the left hand side of the page ->Go to Settings- > List settings -> Title, description and navigation-> Make changes as per need
5. How to delete a list?
Click on the list name on the left hand side of the page ->Go to Settings - > List settings -> Delete this list -> Prompt -> Are you sure you want to send this list to the site Recycle Bin? -> Click OK
6. How to add an alert to a list?
Click on the list name on the left hand side of the page -> Actions->Alert Me->Make the choices -> Click OK
7. How to add a new item in a list?
Click on the list name on the left hand side of the page. -> This takes you to the list-> click on New ->Item-> fill in the columns -> click OK.
8. How to add an attachment with an item in the list?
Click on the list name on the left hand side of the page. -> This takes you to the list-> click on New ->Item-> fill in the columns -> Click Attach file->Browse to the file to upload->click OK.
9. How to delete an item from a list?
Click on the list name on the left hand side of the page. -> This takes you to the list ->Choose an item-> Right click-> Delete Item ->You get a message “Are you sure you want to send this item to the site Recycle Bin?” -> Click OK.
10. How to add an alert to an item?
Click on the list name on the left hand side of the page. -> This takes you to the list-> click on the item->Right click->Alert me-> Make the choices -> Click OK
11. How to create document library?
Go to Site Actions -> View All Site Content->Create -> Libraries-> Document Library ->Enter the name of document library and fill in the other choices -> Click OK
12. How to create a new folder in a Document Library?
Click on the document library name on the left hand side of the page. -> This takes you to the document library -> click on New-> New folder -> Put in the name of the folder -> Click OK
13. How to upload documents to a document library?
Click on the document library name on the left hand side of the page. -> This takes you to the document library ->Click on Upload-> Upload Document-> Click on Browse-> Select the document -> Click OK.
14. How to upload multiple documents to a document library?
Click on the document library name on the left hand side of the page. -> This takes you to the document library ->Click on Upload-> Upload Multiple Documents-> Click on Browse-> Select the documents to be uploaded -> Click OK. When you are prompted to upload document-> click Yes
15. How to delete a document from a Document Library?
Click on the document library name on the left hand side of the page. -> This takes you to the document library -> Select the item to be deleted-> Right click -> Delete. Click OK on being prompted.
16. How to restore an item from recycle Bin?
Click on recycle bin on left hand side of the page –>Check the items to be restored. Click Restore Selection. Click OK on being prompted
17. How to delete an item from recycle Bin?
Click on recycle bin on left hand side of the page –Check the items to be deleted. Click Delete Selection. Click OK on being prompted
18. How to create a page?
Go to Site Actions -> Create Page->Give a page name, description, pick up the layout. Click OK
19. How to Edit a Page?
Go to Site Actions on the right hand side of the page -> Edit Page-> Add the OOB webparts or remove the webparts from the page. The webparts can be moved around the page as per requirement.
20. How to activate a Feature?
Go to Site Actions -> Site Settings -> Modify all Site Settings -> Site Administration -> Site Features->Select the feature -> Click Activate.
21. How to deactivate a Feature?
Go to Site Actions -> Site Settings -> Modify all Site Settings -> Site Administration -> Site Features-> Select the feature -> Click Deactivate.
22. How to check out documents in a document library?
Click on the document library name on the left hand side of the page. -> This takes you to the document library ->Select the document -> Right Click -> Check Out
23. How to check in documents in a document library?
Click on the document library name on the left hand side of the page. -> This takes you to the document library ->Select the document -> Right Click -> Check In.
24. How to discard a check out for documents in a document library?
Click on the document library name on the left hand side of the page. -> This takes you to the document library ->Select the document -> Right Click -> Discard Check Out.
25. How to Edit Documents in a Document Library?
Click on the document library name on the left hand side of the page. -> This takes you to the document library ->Select the document -> Right Click -> Check Out -> Select the document -> Edit in Microsoft Word -> Make the changes to the document -> Save the changes -> Go to the document in the document library -> Check In -> Put in your comments -> Click OK.
SharePoint supports a variety of authentication mechanism. “Support” may be a loose term as SharePoint does not really authenticates any asset directly, rather it relies upon IIS and what IIS can support using the provider framework within ASP.NET 2.0. Most of these methods are end user facing.
When a user visits a SharePoint site how the web site will get the users credential validated? In this scenario, browser (e.g., IE, Fire Fox, Chrome, etc) is the client. Here you have a wide variety of selection to choose from.
To fulfill the end user’s for a resource (e.g., link to a file) on a SharePoint site, SharePoint becomes the client (on end user’s behalf) and request ADO.NET to get the file from database. Now .NET runtime installed on Server becomes the client and submits a request to SQL Server to get the requested content from its data-store. The process unwinds and end-user eventually gets what he requested.
Is the user actually entitled to see and get the content is determined by the process of authorization that SharePoint keeps a full control of. Here again it uses the ASP.NET (role) provider framework model to determine the user’s eligibility. Validating a user is “Authentication” that SharePoint outsourced to IIS and determining the user’s eligibility is “Authorization” that SharePoint decide to keep in-house.
When it comes to inner working of SharePoint servers and services running on same server or across different servers it always requires you to choose Integrated Authentication as its plumbing is built into the foundation of Windows Server. For integrated authentication, there are two methods (protocols) that are available and supported in a SharePoint implementation are NTLM and Kerberos.
NTLM is a lightweight and efficient protocol with its foundation into early networking products that Microsoft built before NT (LAN Manager!! – ring any bell?).
Kerberos is industry de facto with its roots into UNIX based systems.
There have been enough discussions and great write up at various Microsoft & Community Sites discussing the reasoning for one or the other and my intent is not to start that debate again. With time and maturity of product and the increased awareness in community weight is shifting more towards Kerberos than NTLM and there are good reasons for it. A SharePoint implementation might be happier with Kerberos but as a SharePoint practitioner you need to have a holistic view of a customer’s environment where NTLM might be better for simple usage and its low maintenance overheads. For a client project where post implementation support is limited or difficult, I would think twice before deciding for Kerberos. For example, a simple change in a service account context may result in errors or broken functionality. People might not know what the cause is but they will see a product (SharePoint) that stopped working giving a bad repo to product and/or the implementers. Kerberos vs. NTLM
Those who have networking background from old Novell and NT time may recall IPX vs IPX/SPX ODI or IPXODI, NetBEUI vs. TCP/IP. IPX and NetBEUI were simple to implement non-routable protocols that just worked in small LAN environments where networking begins and ended with simple File & Print Sharing or may be some dumb terminals. Those, who in early days, implemented TCP/IP might recall the overhead of configuring the TCP/IP protocol stack on computers, and running in duplicate IP issues, or maintaining a list of available IP addresses. Configuring was not that straight forward either – install, set & load the vendor provided drivers, configure the IP address, mask, gateway and DNS at the least and it machine is moved to different network go and reconfigure it. Though TCP/IP was much better protocol and de facto in Unix environments but for many implementation it was not worth going through the configuration and maintenance overhead unless interoperability or internetworking is needed. Over the passage of time, story got lot better and now SOHO devices, (like broadband devices for home networking) come with self managed TCP/IP stacks and built-in DHCP servers.
If the SharePoint implementation that you working on is a typical, single farm, simple AD domain with few servers in the farm, and have no other application that requires to know (authenticate) who the end user is you will be just fine with NTLM.
If you have a complex large farm or farms, large number of users on the farm and in AD and integrates with other applications like SSRS you can achieve better results with Kerberos.
Kerberos solves multi hop application domain authentication challenges without requesting user to authenticate again NTLM is chatty, means it talks a lot with your domain controller to check if user credentials have the appropriate permissions (role) to access the resource. Whereas, Kerberos protocol is less chatty but has larger overhead as at authentication time it reads all the groups/roles that user has and use that cached information. The performance characteristics of Kerberos has a lower point of diminishing return if your Directory Service (AD) has lot of users and groups and user is member of many group. How many is too many? I don’t have any matrix or performance test results but in my experience and based on what I know (or I think I know) many users might mean many tens of thousands of users and many groups means few thousand AD groups and many groups for user means few hundred groups that your typical user is member of.
Decision support documentation for Kerberos that we see in SharePoint and many other places like TechNet, informs you to make sure Kerberos is supported in your environment. When you ask IT System Engineer if they support Kerberos many if not most will answer in No – we don’t use Kerberos. In reality Kerberos is extensively used by Windows OS and network Services that windows provides. Windows self-managed these Kerberos registration and deregistration without you ever knowing about. Network objects that you see in AD, like servers and workstations and services running under Local System accounts they all have Kerberos SPN (Service Principal Name) registered with AD. The proper term for what I have been Kerberos registration and deregistration is SPN (de)registration. SPN – Service Principal Name. Where it gets reregistered is KDC – Key Distribution Center; a service that runs on Domain Controller. Once an asset (object like a server host or a service like a web or LDAP Server) a token is issued that that holder carries for the duration. Here it kind of resembles to a DNS record’s TTL (Time to Live) or a commuter train ride pass good for a day. Directory Objects (like hosts and registered services) that windows networking manage maintain these tokens and they get expired and renewed with you ever knowing about it. The SPN that do not get registered automatically is for configuration setting that you chose to implement as part of your design like SPN registration for a name given to a web server like intranet.example.com or mysite.example.com or the SQL server instance running under a domain user account (opposed to Local System). So the system administrators needs to know how to (un)register a SPN for such user created instance and the implications of duplicate entries or how to go about identifying the problem and resolving it. Think about SPN like an IP address or email address. It has to be unique on the network or internetwork. Two people cannot have same email address but a person can have more than one email address, or two computers cannot have same IP address but a given computer can have more than one IP address (some wise sys admin might say I have a server that has dual port NICs and both ports have same IP address. This is called teaming, outside world still sees it as a single IP address and it’s the vendor’s provided driver or firmware that is managing them for either redundancy or for increased capacity) Not everything is Kosher or Halal. So when you implement the Kerberos you still have low level OS components that require NTLM and you cannot block the NTLM traffic and expect things to work as normal. One thing that is going to run into problems is search components and the file or IPC shares that you have for inter-service communications or when index files get copied to query servers. Unlike duplicate IP address issues, one nice thing about integrated authentication using Kerberos is it will fall back to NTLM if it cannot figure out Kerberos. By figuring out I mean, if Kerberos is not properly configured. The story has gotten lot better with SharePoint v3 (i.e., WSS v3 and MOSS 2007). When the product was released Web Application Servers were supported on Kerberos and now with Infrastructure Update release (post SP1) SSP, SharePoint Web Services sites are also supported to run with Kerberos. Not to forget about SQL the muscle behind the SharePoint that can be configured to run with Kerberos.