Create Office 365 Groups Naming Policy

Leave a comment

As we see greater interest from our clients in Teams, I’ve turned my attention to Office 365 groups administration, specifically on groups naming policy.

To create a naming policy for groups in your Office 365 tenant, you’ll need to use PowerShell.

I followed these instructions to view the current naming policy settings in my tenant by typing the following command:

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id

I expected to get some values, but I got this wonderful error instead:


So, where did I go from here?

I started to breakdown the command above, by running just the Get-AzureDirectorySetting.

It returned nothing. This tells me that there are no settings currently in place.

So, I had to configure the groups settings in my Office 365 tenant.

To do that, I could get the available template IDs by typing Get-AzureAdDirectorySettingTemplate or use the DisplayName value for “Group.Unified”


To Create a Naming Policy

I followed these steps to complete the creation of my naming policy:

  1. Create a new settings object for the Group.Unified template
  2. Configure the object to allow guests access (You could apply additional settings or leave this step out completely.)
  3. Set my settings to the new object


I applied the groups naming policy as seen in the below screenshot.



In OWA, I could see the new settings in effect. Be sure to use an account not in these administrator roles: Global Admin, Partner Tier 1 and 2 Support, User Account Admin, or Directory Writers to test the policy.


In summary, creating a naming policy can help users identify and categorize groups in the address book and enforces a consistent naming standard for Office 365 groups in your organization.

The naming policy is applied to groups created in Outlook, Microsoft Teams, SharePoint, Planner, Microsoft Stream, Dynamics 365 for Customer Engagement, Power BI, and many others.

Azure Active Directory (Azure AD) attributes are used in the creation of this policy. The supported attributes are [Department], [Company], [Office], [StateOrProvince], [CountryOrRegion], and [Title].

If you include these attributes in your naming policy, keep in mind that the total length of these prefixes and suffixes is restricted to 53 characters.

Thanks for reading!


Azure Information Protection Administrator Role

Leave a comment

Great news for organizations that have concerns about granting Global Admin or Security Admin rights to users who need to manage Azure Information Protection policy.

The Azure Active Directory team have added a new role named Information Protection Administrator.  Members of this role can manage Azure Information Protection labels and policies using Azure portal, and use RMS PowerShell

Note that the role is currently in public preview.


Great news!!

SharePoint 2013:Subsite Creation Error

Leave a comment

Users with ‘Full Control’ permission on a site collection, even site collection administrators, could not create a subsite.

The only error they receive is “Sorry, you don’t have access to this page”SubSiteAccessDenied

First, I thought it had something to do with permissions on the hidden list (/Lists/TaxonomyHiddenList).  I granted the users ‘Full Control’ on this list.  Nope, that wasn’t it.

Then, I thought it was related to the Master Pages or Page Layouts.  I granted the users ‘Full Control’ on this list, too.  Nope, that wasn’t it either.

After digging through the ULS, I found the following entries.

FollowedContent.FollowItem:Exception:System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))     at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)     at Microsoft.SharePoint.Library.SPRequest.AddOrUpdateItem(String bstrUrl, String bstrListName, Boolean bAdd, Boolean bSystemUpdate, Boolean bPreserveItemVersion, Boolean bPreserveItemUIVersion, Boolean bUpdateNoVersion, Int32& plID, String& pbstrGuid, Guid pbstrNewDocId, Boolean bHasNewDocId, String bstrVersion, Object& pvarAttachmentNames, Object& pvarAttachmentContents, Object& pvarProperties, Boolean bCheckOut, Boolean bCheckin, Boolean bUnRestrictedUpdateInProgress, Boolean bMigration, Boolean bPublish, String bstrFileName, ISP2DSafeArrayWriter pListDataValida… 667d969d-3189-d082-cda8-1bb13d261267
…tionCallback, ISP2DSafeArrayWriter pRestrictInsertCallback, ISP2DSafeArrayWriter pUniqueFieldCallback)     at Microsoft.SharePoint.SPListItem.AddOrUpdateItem(Boolean bAdd, Boolean bSystem, Boolean bPreserveItemVersion, Boolean bNoVersion, Boolean bMigration, Boolean bPublish, Boolean bCheckOut, Boolean bCheckin, Guid newGuidOnAdd, Int32& ulID, Object& objAttachmentNames, Object& objAttachmentContents, Boolean suppressAfterEvents, String filename, Boolean bPreserveItemUIVersion)     at Microsoft.SharePoint.SPListItem.UpdateInternal(Boolean bSystem, Boolean bPreserveItemVersion, Guid newGuidOnAdd, Boolean bMigration, Boolean bPublish, Boolean bNoVersion, Boolean bCheckOut, Boolean bCheckin, Boolean suppressAfterEvents, String filename, Boolean bPreserveItemUIVersion)     at Microsoft.SharePo… 667d969d-3189-d082-cda8-1bb13d261267
…int.SPListItem.Update()     at Microsoft.Office.Server.UserProfiles.SPSocialDataStore.WriteFollowedItem(FollowedItem item, FollowedItemData data)     at Microsoft.Office.Server.UserProfiles.SPSocialDataStore.Follow(FollowedItem item, FollowedItemData data, Boolean checkLimit)     at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal) 667d969d-3189-d082-cda8-1bb13d261267
Could not follow the url http://myportal.local/dept/<SiteCollection/<Sub-Site>/ 667d969d-3189-d082-cda8-1bb13d261267
SiteFeedFeatureReceiver: exception thrown while trying to auto-follow the web: Microsoft.Office.Server.UserProfiles.FollowedContentException: InternalError : Could not follow the item http://myportal.local/dept/<SiteCollection>/<Sub-Site>/ at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal)     at Microsoft.Office.Server.UserProfiles.FollowedContent.Follow(Uri url, FollowedItemData data)     at Microsoft.SharePoint.Portal.SiteFeedFeatureReceiver.AutoFollowWeb(SPWeb web) 667d969d-3189-d082-cda8-1bb13d261267
Feature receiver assembly ‘Microsoft.SharePoint.Portal, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c’, class ‘Microsoft.SharePoint.Portal.SiteFeedFeatureReceiver’, method ‘FeatureActivated’ for feature ’15a572c6-e545-4d32-897a-bab6f5846e18′ threw an exception: System.Threading.ThreadAbortException: Thread was being aborted.     at Microsoft.SharePoint.Portal.SiteFeedFeatureReceiver.AutoFollowWeb(SPWeb web)     at Microsoft.SharePoint.Portal.SiteFeedFeatureReceiver.FeatureActivated(SPFeatureReceiverProperties properties)     at Microsoft.SharePoint.SPFeature.DoActivationCallout(Boolean fActivate, Boolean fForce) 667d969d-3189-d082-cda8-1bb13d261267
Feature Activation: Threw an exception, attempting to roll back.  Feature ‘SiteFeed’ (ID: ’15a572c6-e545-4d32-897a-bab6f5846e18′).  Exception: System.Threading.ThreadAbortException: Thread was being aborted.     at Microsoft.SharePoint.SPFeature.DoActivationCallout(Boolean fActivate, Boolean fForce)     at Microsoft.SharePoint.SPFeature.Activate(SPSite siteParent, SPWeb webParent, SPFeaturePropertyCollection props, SPFeatureActivateFlags activateFlags, Boolean fForce) 667d969d-3189-d082-cda8-1bb13d261267

From what I can translate, the “Site Feed” feature was not able to be activated thus not allowing the new site to appear (or written) to “Sites you’re following” on the user’s My Site. This is true when selecting a Team Site, Project Site, or Community Site template.

I realized that all My Sites have been set to read-only (Governance Policy).  By switching from ‘Read-only’ to ‘Not locked’ via Central Admin, the users were able to create subsites successfully.


Learn more about Centric’s Portals and Collaboration Practice

Automating Site Directory in SharePoint 2013

Leave a comment

A while ago I posted on how to display Sites or Site Collections using Content Search Web Part here.

Well, since CSWP periodically displays “Sorry, something went wrong”, users are not happy with this solution.

So, I wrote a PowerShell script to update a list called “Site Directory”, and placed it on the home page.  I then added one additional logic to get new site collections created from the previous day.  After adding the script to Task Scheduler, I didn’t have to worry about missing newly created site collections.

To get all of the site collections created from the previous day, I used:

$Today = [DateTime]::Today
$Yesterday = $Today.AddDays(-1)

$siteCollections = Get-SPWebApplication http://demosite.vee.local | Get-SPSite -limit ALL | where {$_.RootWeb.Created -ge $Yesterday}

Now keep in mind, $Today will return today’s date at midnight and the same goes for $Yesterday (yesterday’s date at midnight).  I pointed this out to make sure that when you schedule this script in the Task Scheduler, you set it to run accordingly.  And, of course, replace the Web application with your Web application.

Writing it to a list was pretty straightforward, I added a category to the list, so I would have an additional option to display different views on the page.

In this list (Site Directory), there’s a hyperlink column.  I wanted the users to click on the hyperlink using a display name instead of the URL.  So, the $hyperlink in the script, will display the “friendly name”(ex: Coffee Beans) instead of the URL (ex: http://demosite.vee.local/dept/coffee%20beans).

foreach($siteCollection in $siteCollections)

  $web.Title + "," + $siteCollection.Url + "," + $web.Created | Out-File -Encoding Default -Append -FilePath $outFile;

$newItem = @{}
$sites = Import-Csv -path $outFile

$web = Get-SPWeb "http://demosite.vee.local";
$list = $web.GetList("http://demosite.vee.local/lists/Site Directory");

foreach($site in $sites)
  $siteURL =  $site.URL
  if($siteURL -match "/apps/")
    $category = "APPS"
  elseif($siteURL -match "/dept/")
    $category = "DEPT"
    $category = "DEFAULT"
    $newItem = $list.items.Add();
    $newItem["Title"] = $site.'Title'
    $hyperlink = $site.URL + ", " + $site.Title
    $newItem["SiteURL2"] = $hyperlink
    $newItem["Category"] = $category

Well, since I made this change, the users are happy.  No complaints! 🙂


CSWP: Display Template Listing Sites/Site Collections

1 Comment

One of the clients I’m working with wanted to list all of their site collections and place a “directory” on a single page with some groupings (based on managed paths).

The easiest way I could think of was to use Content Search Web Parts (CSWPs).

I used the following query:


My search result looked like this.


Note: You can change the query to display all sites within a site collection by using STS_Web instead of STS_Site.

The OOTB list of sortable items of the Query Builder didn’t have an option for me to sort the site title alphabetically.  So, I made a change to the SiteTitle in Search Scope (Managed Properties) to include sortable.  And I waited until Search finished crawling/indexing the modified setting.

After Search finished indexing, I was able to select the the setting I needed to sort the sites by their titles.

I selected the Two Lines Display Template.  However, the OOTB display was not exactly what the client was looking for.


So I started modifying the display template to get rid of the icon/image displayed in front of each link and the spacing between the links.

I renamed my Display Template to “Item_NoImageOneLine.html”, changed the Title to “No Image One Line”, added a style tag, and commented out the image section.

<div class="cbs-Item" id="_#= containerId =#_" data-displaytemplate="Item1Line" style="padding-bottom:5px">
<!--<a class="cbs-ItemLink" title="_#= $htmlEncode(line1.defaultValueRenderer(line1)) =#_" id="_#= pictureLinkId =#_">
<img class="cbs-Thumbnail" src="_#= $urlHtmlEncode(iconURL) =#_" alt="_#= $htmlEncode(line1.defaultValueRenderer(line1)) =#_" id="_#= pictureId =#_" />
<div class="cbs-Detail" id="_#= dataContainerId =#_">
<a class="cbs-Line1Link ms-noWrap ms-displayBlock" href="_#= linkURL =#_" title="_#= $htmlEncode(line1.defaultValueRenderer(line1)) =#_" id="_#= line1LinkId =#_">_#= line1 =#_</a>

Here’s the final result.


Learn more about Centric’s Portals and Collaboration Practice

SharePoint 2016 – Change MinRole Error a72id

Leave a comment

After hearing and reading a whole lot about the new MinRole in SharePoint 2016, I had to see what it’s all about by building my own VM.

For this post, I installed SQL Server 2014 and SharePoint 2016 Beta on the same VM server.  I ran the SharePoint Configuration Wizard to get all services and Central Admin provisioned.

I selected the ‘Single-Server Farm’ in the Server Role wizard.


I checked ‘Servers in this farm’, so far so good.


I then tried to convert from ‘Single-Server Farm’ to ‘Application’ using Central Administration.  I got this lovely ‘Sorry, something went wrong’ message.


So, I searched the ULS and found these two entries.

12/29/2015 09:21:35.41         OWSTIMER.EXE (0x109C)                           0x316C        SharePoint Foundation                 Topology                             a72id        Exception        Failed converting server ‘VMSP2016T’ from ‘Application’ to ‘Application’ role. System.InvalidOperationException: Invalid search service unprovisioning: application ‘Search Service Application’ still has a ready component ‘in search service instance’ on server ‘VMSP2016T’.     at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.ThrowIfComponentsRunning()     at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Unprovision()     at Microsoft.SharePoint.Administration.SPServerRoleManager.<>c__DisplayClass4.<UnprovisionServiceInstance>b__3()     at Microsoft.SharePoint.Administration.SPServerRoleManager.ConfigureServiceInstanceInternal(SPServiceInstance serviceInstance, Action configureAction)     at Microsoft.SharePoint.Administration.SPServerRoleManager.C…        9b04509d-281a-f0ea-9175-4a569f8e73cf

12/29/2015 09:21:35.41*        OWSTIMER.EXE (0x109C)                           0x316C        SharePoint Foundation                 Topology                             a72id        Exception        …onfigureServiceInstance(SPServiceInstance serviceInstance)     at Microsoft.SharePoint.Administration.SPServerRoleManager.ConfigureServer(Boolean throwOnFailure)     at Microsoft.SharePoint.Administration.SPServerRoleConversionJobDefinition.Execute(Guid targetInstanceId) StackTrace: at onetnative.dll: (sig=55ee5f49-67a4-4a49-9862-19eec61e14d2|2|onetnative.pdb, offset=3712D) at onetnative.dll: (offset=1E35E)        9b04509d-281a-f0ea-9175-4a569f8e73cf

I tried unprovisioning, re-provisioning Search and all of its components, and tried and tried without success to convert to the ‘Application’ role.

I ended up disconnecting and reconnecting the server from its configuration database via PowerShell.  Credit for this solution goes to Nik Charlebois.

Disconnect-SPConfigurationDatabase -Confirm:$False

Connect-SPConfigurationDatabase -DatabaseServer SharePointDB -DatabaseName SharePoint_Config -Passphrase (ConvertTo-SecureString “P@ssw0rd1” -AsPlainText -Force) -LocalServerRole “Application”



As you can see from the Get-SPServer command that the server is now running as an ‘Application’ role.

Just to re-validate, I launched Central Admin and voila!  My server is now configured as ‘Application’.



Add E-mail to People Search Display Template


This is a follow up to my previous post on adding phone extension to people results page (PeopleResults.aspx).

This post provides steps on how I added e-mail with action (mailto) to people search.

WorkEmail is one of the default user profile properties already mapped in SharePoint both in User Profile Property and in Search Schema. This makes my job a bit easier because all I have to do is modify my Display Template to include this value.  Some of the steps listed here are the same as my previous post.  I hope this makes things easier than flipping back and forth between the two.

  1. If you already have a custom display template for Item_Person, skip to step 6.  If this is the first time you need to edit the display template for people results, continue to the next step.
  2. From Search Center, select the following:
    • Site Settings
    • Master pages and page layouts
    • Display templates
    • Search
  3. Download ‘Item_Person.html’, save it on your local drive with a different name (ex: My_Item_Person.html)
  4. Modify Title. This will be used later when I modify the People Search Core Results Web Part.
  5. <title>My People Item</title>
  6. In <div id=”ContactInfo”>tag, add
                                        if(has_email == true) {
                                            <div id="WorkEmailField">
                                                var encodedWorkEmail = $htmlEncode(ctx.CurrentItem.WorkEmail);
                                                var displayWorkEmail = Srch.U.getSingleHHXMLNodeValue(hhProps, "workemail");
                                                if ($isEmptyString(displayWorkEmail)) { displayWorkEmail = encodedWorkEmail }
                                                <div id="WorkEmailValue" class="ms-srch-ellipsis" title="_#= encodedWorkEmail =#_"><a href="mailto:_#= encodedWorkEmail =#_"> _#= displayWorkEmail =#_ </a></div>

7.  Save My_Item_Person.html, upload it to the Display Template/Search gallery, and publish it

8.  From Search Center, type in a query term (ex: Executive)

9.  From ‘Site Settings’, select ‘Edit Page’

10.  Edit ‘People Search Core Results’ Web Part

11.  Expand ‘Display Templates’, select ‘Use a single template to display items’, select My People Item, then select ‘OK’

12.  Check In and Publish the People Results page (PeopleResults.aspx)

Your results page shoud look similar to the following.  Note that the OOTB results page only displays Name, Title, and Department


Again, these steps may not be the greatest, but they worked for me.

Older Entries