Wednesday, 29 August 2007

Choosing members of an existing group for user profile import

I needed to set up a User Profile import connection to include members of a specific group rather than the whole directory (can be quite useful for preventing lots of useless account appearing, such as service accounts). This is what I did:

- Go to Site Settings > Manage profile database > Configure profile import.

- Select “Custom Source“. This will let you create import connections

By the way, this is also how you can configure to import from multiple domains in a forest without having to specify the entire forest

Also, this is how you get the “Manage connections“ link on the Manage Profile Database screen

- It should ask you for the connection settings

- Fill in User Filter

(&(objectCategory=Person)(objectClass=User)(memberOf=[distinguised name of the group]))

Example 1 - This LDAP query selects any account from members of the specified group in AD:
(&(objectCategory=Person)(objectClass=User)(memberOf=CN=Group1,OU=Domain Distribution Groups,DC=domain,DC=co,DC=uk))

Example 2 - This LDAP query selects only enabled accounts from members of two groups in AD:
(&(objectCategory=Person)(objectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=2)((memberOf=CN=Group1,OU=Domain Distribution Groups,DC=domain,DC=co,DC=uk)(memberOf=CN=Group2,OU=Domain Distribution Groups,DC=domain,DC=co,DC=uk)))

Wednesday, 22 August 2007

Problems getting the MOSS RSS Viewer working through a proxy server

This is quite a common problem, but I am posting it here in case I forget it later!

It is well documented that you have to add an entry into the web.config file in C:\Inetpub\wwwroot\wss\VirtualDirectories\, but I found that it can be quite fussy as to how these lines are formatted. The lines I added were as follows (I have left the /appSettings and /configuration references in as pointers):

<proxy usesystemdefault = "false" proxyaddress="http://proxy.domain.internal:8080" bypassonlocal="true" />

These are the things that I tried to get it working:
- Ensured that all the indentations were correct for the and defaultProxy references.
- Entered http:// at the start of the proxy address rather than just have the FQDN.
- Ensured that there were no blank lines between any of the code.

Wednesday, 1 August 2007

ISA Server 2006 and Windows Server 2003 SP2

I would strongly advise following steps 2 and 3 in the following article BEFORE installing ISA Server 2006 on 32-bit Windows Server 2003 with SP2: BTW, step 2 only needs to be done on multi-core multi-processor servers (mine were 2 socket dual core HP DL380's).

I had all sorts of issues before implementing these fixes - I couldn't tell you wish one solved the problems but it is probably a good idea to do both just in case.

If implementing step 2 and setting the mask to assign NICs to separate processors, I assigned NIC1 port A to processor thread 0, NIC1 port B to processor thread 1, NIC2 port A to processor thread 2 and NIC2 port B to processor thread 3.