System Administration Troubleshooting

Expiring Service Accounts…

Recently I read an article regarding service accounts and how they should never be set to expire.  Bold statement that in some respects I agree with.  In the context of the author, I completely understand their frustration with the identity management system not properly alerting the end user that their account was about to be disabled and in turn bringing their development system to a screeching halt. 

In the context of an enterprise environments, password and user account expiration are standard obligations that not only ever system administrator must adhere to, but every user on the domain.  From an information assurance traceability perspective, without an account sponsor for each and every domain user object, there runs a risk of information loss and accessibility to information by individuals that should not have such access.

By and far I would see the majority of user account responsibilities and issues falling on the shoulders of the system administrator.  From an availability perspective, they are the engineer that ensures the system continues to operate properly.  While they may not be the face of a system, without their diligent caretaking, the other engineers and analysts are unable to perform their duties.

One core responsibility of a system administrator is to keep a running list of user accounts that are used in their Microsoft Windows Networking Infrastructure to include the service accounts used for MOSS, SQL and any other third party software that is operating which may have adverse effects on the availability of the system if disabled.  As a part of the technical governance, one of the responsibilities of the system administrator should clearly state and define that they track user accounts used within the system (some might even call this a best practice).

An appropriate checklist to ensure user account availability would potentially include (but not be limited to):

  • Listing of all service accounts (display name, UPN, sAMAccountName, POC, etc.)
  • Where each of the accounts reside in the OU structure
  • What security groups each of the accounts belong to at the local server level, the domain level, and the enterprise level
  • If there are any DCOM modifications required for a service account to operate properly on a server
  • What the operating period for the service account is (i.e. does it have a definitive expiration date)
  • GPO policy on the particular set of service accounts
  • Password change policy timeline

In my experience, I’d say that the majority of system outages and incidents that have occurred when either a service account expires, the password aging that is required catches the administrator off guard when they forget to change it, the core network switches that provide for general connectivity go offline, or a new GPO is pushed down and inadvertently modifies security groups or other domain user object properties.  Three of these four issues can be easily mitigated by the system administrator with proper notifications and alerts.  Networks are networks and you never know when your core switch is going to have a board go bad or worse melt due to over processing (I’ve not seen the latter, but I have seen the former).

Based on the context of the environment, a system administrator should have a maintenance calendar in SharePoint linked to Outlook that users are subscribed to and receive alerts which provide pertinent information.  Such information could potentially include when the next maintenance period is and what will be accomplished during the system outage. Additionally, and maybe it’s wishful thinking on my behalf, the System Administrator hopefully has a relationship of some sort with the Domain Admins or help desk and knows what the policy states in terms of how many days an account is valid for before expiration.

Should user accounts expire or passwords age?  It depends on the context.  How you approach the issue and handle it is a separate story.  Working in the context of an enterprise system requires a higher specification of diligence to properly ensure system availability.  In a small environment or dev system, rarely do I find password aging or expiration enabled, thereby reducing the risk of availability due to AD issues.

What works for your organization?


TechNet iCalendar Reminders…

The other evening, I discovered that my esteemed colleague, Spencer Harbar, will be presenting a MSDN webcast on the topic of “SharePoint Products and Technologies for Internet Site Development: Content Deployment”.  Upon registering, I realized that I didn’t have Outlook setup to connect to my work e-mail (rather it’s set up for my test servers on the home network) so there wasn’t an easy way to add the iCalendar reminder to my Outlook calendar that I use for work that alerts me on my BlackBerry.

Perhaps it would work on my Google Apps domain that I have setup for personal e-mail, right?  Unfortunately the iCalendar file (ics format) was not readable by the Google Calendar on my first attempt.  Doing a little Googling, I came across several articles that stated compatibility issues between Microsoft iCalendar reminders and other non-Microsoft iCalendar systems.

So that led me to download the iCalendar object, open it in Outlook and then save it to yet another iCalendar object, slightly reformatted which then apparently could be imported into my Google Calendar.  “Huh?”

Reading through the IETF RFC 2445, I pondered whether or not Microsoft is following the proper format to provide a well formed iCalendar object.  From the looks of it they are, however I’m perplexed as to why the Google Calendar is incapable of importing the object without having it reformatted through Outlook first.  Is it due to the fact that it’s looking for the PRODID field which looks to be missing?

The initial iCalendar reminder form Microsoft:

DESCRIPTION:Thank you for your interest in Microsoft Events. We w
ould like to remind you of the following event: TechNet Webcast:
How Microsoft Does IT: Designing, Developing, and Deploying Share
Point Server 2007 Publishing Portals (Level 300). nnPlease revi
ew the information below.nnEvent Code: 1032396521nEvent Name:
TechNet Webcast: How Microsoft Does IT: Designing, Developing, an
d Deploying SharePoint Server 2007 Publishing Portals (Level 300)
nStart Date: 1/27/2009nStart Time: 9:30 AM (GMT-08:00) Pacific
Time (US & Canada)nEnd Date: 1/27/2009nEnd Time: 10:30 AM (GMT-
08:00) Pacific Time (US & Canada)nnPlease click on the followin
g link for more information regarding this Event https://msevents We look forwa
rd to seeing you at the Event!
SUMMARY:Live Webcast - TechNet Webcast: How Microsoft Does IT: De
signing, Developing, and Deploying SharePoint Server 2007 Publish
ing Portals (Level 300)

What I received upon exporting from Microsoft Outlook 2007:

PRODID:-//Microsoft Corporation//Outlook 12.0 MIMEDIR//EN
DESCRIPTION:Thank you for your interest in Microsoft Events. We would like
    to remind you of the following event: TechNet Webcast: How Microsoft Does
    IT: Designing, Developing, and Deploying SharePoint Server 2007 Publishi
    ng Portals (Level 300). nnPlease review the information below.nnEvent
    Code: 1032396521nEvent Name: TechNet Webcast: How Microsoft Does IT: Desi
    gning, Developing, and Deploying SharePoint Server 2007 Publishing Porta
    ls (Level 300)nStart Date: 1/27/2009nStart Time: 9:30 AM (GMT-08:00) Pac
    ific Time (US & Canada)nEnd Date: 1/27/2009nEnd Time: 10:30 AM (GMT-08:0
    0) Pacific Time (US & Canada)nnPlease click on the following link for mo
    re information regarding this Event
    spx?r=1300308275&c=en-US&t=4. We look forward to seeing you at the Event!
SUMMARY:Live Webcast - TechNet Webcast: How Microsoft Does IT: Designing,
    Developing, and Deploying SharePoint Server 2007 Publishing Portals (Leve
    l 300)
    N">n<HTML>n<HEAD>n<META NAME="Generator" CONTENT="MS Exchange Server ve
    rsion 08.00.0681.000">n<TITLE></TITLE>n</HEAD>n<BODY>n<!-- Converted f
    rom text/plain format -->nn<P><FONT SIZE=2>Thank you for your interest i
    n Microsoft Events. We would like to remind you of the following event: Te
    chNet Webcast: How Microsoft Does IT: Designing, Developing, and Deployi
    ng SharePoint Server 2007 Publishing Portals (Level 300). </FONT></P>nn<
    P><FONT SIZE=2>Please review the information below.</FONT>n</P>nn<P><FO
    NT SIZE=2>Event Code: 1032396521</FONT>nn<BR><FONT SIZE=2>Event Name: Te
    chNet Webcast: How Microsoft Does IT: Designing, Developing, and Deployi
    ng SharePoint Server 2007 Publishing Portals (Level 300)</FONT></P>nn<P>
    <FONT SIZE=2>Start Date: 1/27/2009</FONT>nn<BR><FONT SIZE=2>Start Time:
    9:30 AM (GMT-08:00) Pacific Time (US &amp; Canada)</FONT>nn<BR><FONT SI
    ZE=2>End Date: 1/27/2009</FONT>nn<BR><FONT SIZE=2>End Time: 10:30 AM (GM
    T-08:00) Pacific Time (US &amp; Canada)</FONT>n</P>nn<P><FONT SIZE=2>P
    lease click on the following link for more information regarding this Even
    t <A HREF="
    >. We look forward to seeing you at the Event!</FONT></P>nn</BODY>n</HT

Is it just me or is there some variance between the two iCalendar objects?  The Google iCalendar specification for formatting of an iCalendar object merely requires:

PRODID:< [enter ID information here] >
(other header information goes here)
(event details for individual event)
(event details for individual event)

Any thoughts on why the variance of the objects would cause an issue for the first ICS to not be importable, but the second could be after being processed by Outlook 2007?

At a minimum, remember to signup for the event to hear Spence on SharePoint 🙂

MSDN Webcast ICS
Outlook 2007 MSDN Webcast iCalendar ICS file

Now Playing: ColdplayX & YSwallowed In The Sea


What’s in your Website?

This afternoon while scaling through Google Reader, attempting to catch up on what’s going on in the SharePoint Community, I came across Mike Gannotti’s “Websites as Graphs” post.  I remember coming across a similar generator several years ago but thought, why not see what my current site looks like – besides everyone likes visualizations and spider charts right?  There are some other nifty displays of “popular” websites such as CNN, Yahoo, etc. over at Websites as graphs.

So without further adieu, SharePoint Dan in its infancy (maybe a year from now I’ll do an update to show how it’s changed…)

Web Site Graph of

But what do the colors mean?

blue: for links (the A tag)
red: for tables (TABLE, TR and TD tags)
green: for the DIV tag
violet: for images (the IMG tag)
yellow: for forms (FORM, INPUT, TEXTAREA, SELECT and OPTION tags)
orange: for linebreaks and blockquotes (BR, P, and BLOCKQUOTE tags)
black: the HTML tag, the root node
gray: all other tags

What’s in your Website?  Websites as graphs

Now Playing: Sir Simon Rattle/City Of Birmingham Symphony OrchestraStravinsky: Firebird; Petrushka, etcThe Firebird – Ballet (1910 version): Lullaby (Firebird)

Designer SharePoint

First Thoughts… Wrox Books: Professional Microsoft Office SharePoint Designer 2007

Way back in July of 2008, I saw “yet another book on SharePoint” publicized via Amazon and decided to add it to my ever growing collection and knowledge base of books on SharePoint and associated networking infrastructure technologies and development methods.

Nonetheless, yesterday, 2 January 2009, a mere six months after putting in my pre-order, Professional Microsoft Office SharePoint Designer 2007 arrived.  It’s a fairly hefty compendium of knowledge surrounding the SharePoint Designer Tool that allows for WYSIWIG “FrontPage-esque” interactions with the SharePoint Services platform.

The topics from the book look to be fairly interesting and include the following topics:

– Ways to create extensions to SharePoint and SharePoint Designer with examples in both C# and

This along is an interesting topic to me as there are several different methods and approaches in the SharePoint Community as to how to create such extensions.

The anatomy of SharePoint master pages and themes

Both great topics that are near and dear to my heart as branding is something that clients typically will want to do first… the proverbial, “How can I make SharePoint look less like of SharePoint.”  Of course I’m not quite certain I would approach this topic with SharePoint Designer for an Enterprise implementation and deployment but would more over recommend the use of Visual Studio 2008 with the built in Designer view to provide for real time capabilities when creating and modifying master pages that will reside on the file system for optimal performance.

Considerations for governing the use of SharePoint Designer in your enterprise

This is a topic that I’m definitely interested to read more about (and will be blogging about).  I’m thankful that the authors chose not to use the term “Best Practices” as their are several tradeoffs that exist when providing for the use of SharePoint Designer within an Enterprise.  As the Pragmatic Programmers would say, “Remember to consider the context.”

Overall, the book looks to be an interesting read and weighs in at a novel 517 pages.  Congratulations to Woodrow W. Windischman, Bryan Phillips and Asif Rehmani for their contribution to the SharePoint Community through their time and dedication to sharing this knowledge with all of us.

Now Playing: Johannes Brahms – Classic Yo-YoIV. Allegro molto from Sonata for Cello and Piano in F Major, Op. 99


Dual Monitors = Increased Productivity

So I finally went ahead and ordered a 24″ Dell Flat Panel Ultrasharp and have to say that I’m quite pleased. So now I’ve got a 24″ widescreen sitting next to my 20″ cube TFT – sweetness… now just have to get a video card with dual DVI. Any recommendations?