How to copy a SharePoint group from one site collection to another

I started working on this task a few days ago but I was not very lucky, I was not careful enough and I’ve spent a lot more time than usual. I am trying to copy a few groups from one site collection to another, instead of recreating them manually. You must add to this script the source and target site collection and then filter for the groups you are interested to copy. Make sure the owner(group or user) exists in the destination site collection, don’t load this variable from the source site collection as this will give you big problems if you choose a group. The groups are unique for each site collection. I loaded the owner group from the  source site collection and the groups I created were corrupt. I had to make changes in the content DB directly, a procedure which is not recommended by anyone. The following script will create groups with the same name, same members, your defined owner and by default only the owner will be able to change the content of the group. It will also copy the group description.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Input variables
$SourceWebURL = "http://source"
$TargetWebURL = "http://destination"
#In my scenario I will add a SharePoint group as the groups owner but you choose to use a user instead, make sure the user or group is available
#in the destination site collection
$ownername = "your owner group name"
#below define your string on which you filter for the groups to copy. You can choose to copy all groups or create your own filtering. 
#I filtered for groups which match a certain string. Change this based on your needs.
$yourstring = "*something*"
#Get the Webs
$SourceWeb = Get-SPsite $SourceWebURL
$TargetWeb= Get-SPWeb $TargetWebURL
$owner = $targetWeb.groups[$ownername]
#Get the Source groups
$SourceGroup = $SourceWeb.rootweb.sitegroups | where {$ -like ($yourstring) }
foreach ($group in $SourceGroup)
 $TargetWeb.SiteGroups.Add($group.Name, $owner, $null, $group.description)
 $destinationGroup = $TargetWeb.SiteGroups["$Group"]
 $destinationGroup.owner = $owner
foreach ($user in $Group.users){$TargetWeb.SiteGroups["$Group"].AddUser($user)}

SharePoint 2013 offline and unattended installation plus initial configuration

It’s a long time since I did not post anything, it was a busy period for me. Now that I live the most amazing time of my life I also try to focus on learning and work as much as I can. I can tell you this is quite difficult!

I’ve been thinking about writing this post for quite some time but I did not find the time to do it and as soon as I started I’ve discovered that there is a lot to learn before doing it.

First to put this into context, as I started to learn SharePoint 2013 because there will be an upgrade of the farm I manage at work, I’ve been thinking about documenting everything. Posting this on the blog so that the same community that helps me solve my problems and further develop my skills to also benefit from my work seemed like a very good idea for me.  I am very new to teaching something to other people and as I’ve discovered this is not an easy task, even when you know a product like SharePoint very well it’s still very hard to express that knowledge and to transfer it to a different person in a way that the person really understands what you want to transmit. And then there are the technical and organisational parts, people that create very good videos you see on YouTube put a lot of work in that, of course with time it gets easier but as I started it doesn’t look as easy as it looked before starting it.

Now going back to the subject, I plan to do a video training series on how to install, configure manage SharePoint 2013 and if everything goes well I’ll get into some upgrade topics as this is a very important part for me considering together with my team we will need to migrate a full SP2010 farm to SP2013 in the near future.

Please see here the video guide posted on YouTube and follow this blog post for links to the resources used in this session.

Why do I post an installation and initial farm configuration you might ask. Well there are a lot of guides on the internet, there is a lot of information, many options and to be honest at the beginning I got a little confused. Then there are small bits of information which are very good but I ended up with no great guide on how to install SP2013. I have to tell you that I am interested in a very easy way of doing it, I don’t want to spend too much time installing SharePoint.

In my case the installation is done on servers not connected to the internet. SharePoint is a great product to be used as the internal portal and many companies have their intranet not connected to the internet, most often when the intranet is a classified network.

When you install SP2013 exactly as with SP2010 there are actually two parts:  download and install the prerequisites and then install the SharePoint bits.   After you end the installation phase you will need to setup your farm using the “SharePoint 2013 Products Configuration Wizard”   which will help you create a new farm, choose a farm passphrase, creates the configuration database and the central administration database. The problem is this wizard will create those two databases with the default name and if you store another installation of SharePoint on the same instance you will get easily confused, even more when you used the same wizard on the other SP2010 farm stored on the same SQL.  So that was one requirement for me, to be able to specify the config and CA databases names. After you finish this wizard you have a SharePoint platform and the tools to manage it. It’s not really a farm because you create a farm using the second wizard proposed by Microsoft, the “Farm Configuration Wizard”. This wizard will deploy for you depending on what you select a number of service applications, all the time using the default values for the database names and configuring the service applications with a set of default settings.  You are able to specify a service account to be used as the application pool account for the service applications. The next step in this wizard is to create your first web application and the first site collection. This brings also a problem because the first web application will have a content database name of WSS_Content and it is created by default, there is no way to skip it.

After spending some time online I decided I want to skip both wizards and create my own scripts to deploy the farm.

Let’s start!

Phase 1

Install SharePoint Prerequisites offline and unattended.

1. Downloading the prerequisites

For this task you need to know on which platform you will install SharePoint and choose the right solution. I install SharePoint on a Server 2012 OS so I chose Craig Lussier’s script to download the prerequisites. It is the second script in his package and the name is very easy to guess. When you run the script you need to give a path where you will save your prerequisites.  Move those files to your SharePoint server or more easily if you install multiple servers put the files on a network share.

2. Creating the PrerequisiteInstaller.Arguments.txt

You can download a predefined sample here (right click, save as), and do a search and replace with the path where you stored the prerequisite installer files on your network share. Make sure you leave everything on one row. My file works fine for Server 2012. If you have a different infrastructure please adapt your path for the network share and where it is necessary also change the file name.  Prerequisites have a different name when you install them on different platforms.

3. Copy your SharePoint 2013 installation media to a network share and paste the PrerequisiteInstaller.Arguments.txt next to the Prerequisiteinstaller.exe. When you launch the prerequisiteinstaller.exe it will search for the arguments text file and if it’s there it will be used to install the prerequisites from the location you specified in your text file.

4. Launch the prerequisiteinstaller.exe and sit back while the prerequisites are installed.

Phase 2

Unattended installation of SharePoint 2013

For this part I had a few requirements: to install to a custom folder, a complete version of SharePoint 2013 and to have no interaction during the install process.

I will tell you here about what other options I found. The most used by admins seems to be AutoSPInstaller.   With AutoSPInstaller you create an input file and then it automatically installs SharePoint, configures your farm and so on.  Probably it’s great tool for people who do a lot of installations every day or week. My problem was that it does not allow you to select a custom location where you will install SharePoint. I was not interested in deploying service applications because I plan to treat this subject separately.  There is the option to edit the scripts but it’s not on my radar as I find the unattended way of installing SharePoint 2013 too easy to complicate things.

1. In order to install SP2013 unattended you will need a config.xml file with your specific parameters.

For a very good guide which I found at the time I was writing this post please look here.  For my config.xml sample please use this one. Use your serial number, configure the location of the installation go to the next step or further customize using the guide.

2. Copy the path to your config.xml file and start from a PowerShell window the installation using the following  “.setup.exe /config your pathconfig.xml”

3. At the end of the process cancel the “SharePoint 2013 Products Configuration Wizard”

Deploying the Central Administration

Download the following scripts I prepared for you here. The scripts are marked in order. Supply your own values in each script following the guidelines you will see inside.

1. First script will create the Configuration database and the Central Administration database, will setup a farm passphrase and will setup the farm account. More information on the command here.

2. Second script will install the features and services available.  More information about each command  Initialize-SPResourceSecurityInstall-SPServiceInstall-SPFeatureInstall-SPHelpCollectionInstall-SPApplicationContent.

3. Third script will deploy the Central Administration web application.

4. There are two scripts marked with 4, you any of them to create one managed account or multiple managed accounts.

5. Script number 5 will deploy the “State Service” service application

6.  Rest of the scripts are not mandatory, but you can use the one for changing the account under which the AppFabricCaching service runs.

What’s next

Next I will deploy several web applications but I will not do a post on that one and I will configure the service applications one by one. I hope that at least for the most complex service applications I will do a video guide on how to install and configure.


Doing the installation using the method described here should take you half an hour, it took me 45 minutes explaining it and doing it on a virtual system.

Please feel free to submit feedback, or post your questions below.

EventID 2567 Unable to resolve Contentdistributor / Renewing self signed certificates used for FAST Search Server for SharePoint 2010

It all started with a lot of events in the application log of the SharePoint app servers. A lot of  events 2567. If you have never seen this event before you might think it is nothing that bad, in the end everything works fine(or at least it looks like).  If you see that event in your Windows logs most probably your crawls for FAST Search server are not working, you will see the crawls working all the time, without ending.

SCOM 2012 SP1 gives no message about this, search still works from SharePoint but the results are not up to date.

EventId 2567

<Provider Name=”Microsoft-SharePoint Products-SharePoint Server Search” Guid=”{C8263AFE-83A5-448C-878C-1E5F5D1C4252}” />
<TimeCreated SystemTime=”2013-07-17T11:10:32.008550800Z” />
<Correlation />
<Execution ProcessID=”4952” ThreadID=”5452” />
<Security UserID=”S-1-5-21-39937011-1643330254-59529505-77556” />
<Data Name=”string0“></Data>
<Data Name=”string1“>Failed to initialize session with document engine: Unable to resolve Contentdistributor</Data>

You will also see messages in the ULS logs.

This is caused because the certificate used to authenticate SharePoint servers to FAST Search Server has expired.

Renewing the self signed certificate is very easy, I’ll give you an easy step by step below. I am only talking about self signed certificates in this article but  the recommended way to use FAST Search with SharePoint is to use certificates from your CA.

Lets’s start!

You have four big steps:

Step 1

Stop FAST Search services

Step 2

Renew the certificate on the FAST Search primary server  and then on each non-administration FAST Search server.

Step 3

Start FAST Search services on each server after you renewed the certificate.

Step 4

Import and configure the FAST Search connector for SharePoint(on each server used in the FAST Search topology).

Step 1

On your FAST Search boxes stop the FAST Search services. If you have multiple servers in you FAST Search infrastructure start with the administration server.  To find out which one is this server  run  “nctrl status” and see which one has the config role listed, start with this one.

You will need to stop two services: fastsearchservice and fastsearchmonitoring.

In order to stop the services open a powershell window  and type:

net stop fastsearchservice
net stop fastsearchmonitoring

or just use Services and stop: “FAST Search for SharePoint” and “FAST Search for SharePoint Monitoring”.

Step 2

Start with the FAST administration server, and renew the self signed certificate. Open a powershell window and browse to your FAST Search installation folder \FASTSearch\installer\scripts and run:

.\ReplaceDefaultCertificate.ps1 -generateNewCertificate $true

Supply a password for this certificate, you will be required to use the same key both on the other FAST servers but also on the SharePoint servers.

If you have multiple FAST Search servers you must first start the services listed at step 3 on the FAST config server before doing step 2 on the second FAST Search server(which is not your FAST config server).

Step 3

Start the two FAST Search services you stopped at step 1 by using start instead of stop.

net start fastsearchservice
net start fastsearchmonitoring

Step 4

Move your attention to the SharePoint servers used in the FAST Search infrastructure.

Create a folder on each of those servers and copy the following two files from you FAST config server:

-The certificate from the FAST administration server located at


-the script located at the address below, from the same FAST admin server


On each SharePoint server hosting the administration component which is part of the FAST Search topology open an admin powershell window and browse to the location of the folder you created above and run:

.\SecureFASTSearchConnector.ps1 –certPath “folder location\FASTSearchCert.pfx” –ssaName “name of your content SSA” –userName “domain\username”

FAST topology

On each of the remaining SharePoint server configured as a Crawl component you will have to:

  1. Import the FASTSearchCert.pfx certificate in the certificate store under Certificates(Local Computer)\Personal.  Follow this guide to start the Certificates snap-in for the local computer and then this one to import the certificate.
  2. Run the following:
.\SecureFASTSearchConnector.ps1 -ssaName "name of your content SSA" -username "domain\username"

This command will return the thumbprint of the available certificates and a prompt asking whether you want to use the suggested certificate. In my case I had to do a restart of the server running the Admin component and the FAST Search servers before this command being successful.

The ssaName is the name of the content Search Service Application you use and the userName is the  user used on your SharePoint servers to run the “SharePoint Server Search 14” service.

You will receive a confirmation that the FAST Search connector successfully connected to the FAST servers. For example in my case this was not true on each server but everything worked fine even without confirmation.

Make sure you don’t forget any of the servers, if you miss one of them your crawls will start but will not finish, making this very hard to troubleshoot.

Use ULS logs to troubleshoot if you have any problem.

“Microsoft SharePoint Foundation Web Application” service stuck on starting/ “Microsoft SharePoint Foundation Web Application” service stuck on stopping

I came across this issue today when I had to provision a new web application, I tried to provision the web application from the central administration server where I don’t have the Microsoft SharePoint Foundation Web Application service running, for a good reason in my opinion, this is the first service I will stop on an application server, because it is the primary role for a web server.  In case you did not notice, not running this service on the server used to provision the new application will not give you the option to select an existing application pool, it gives you only the option to select an application pool running in the local IIS.

But if you are like me and decide to provision this web application from the CA server then probably you will start the Microsoft SharePoint Foundation Web Application service on this machine and wonder why it is stuck on starting, you wait 10-15-20 minutes and you decide that there is something wrong with your server, start to panic, search for solutions in places where yo don’t have to search etc…


If you started the Microsoft SharePoint Foundation Web Application service on your CA server you have to know that in my case it took almost one hour to start, during this time you can check the progress using he IIS console, you will notice web sites and application pools start to appear one by one. Just keep calm and wait.

In case you do not see any progress in IIS or in the ULS logs then you can start the deployment of this service using this STSADM command:

stsadm -o provisionservice -action start -servicetype spwebservice


But keep in mind that you have to wait a lot depending on the number of web applications you have.

Work in progress…..

Phase two

Everything worked fine after the  stsadm command was used. A second issue appeared as soon as I tried to stop the Microsoft SharePoint Foundation Web Application service after I finished my work. Doing so from the CA caused the service to be  stuck on stopping. Again use the same command but this time with the switch -stop instead of start, finished in one minute and then I issued iisreset /noforce.  Everything is back to normal now.

stsadm -o provisionservice -action stop -servicetype spwebservice

Error when trying to add a new item into an imported list(SharePoint 2007 to SharePoint 2010)

We have the following case:

A list created in SharePoint 2007 is imported to SharePoint 2010.

The exact method to export a list from SharePoint 2007 to 2010 was the following:

The content database containing the list in 2007 was backed up and then restored and attached to a SharePoint 2010 farm in a new web application. The content database created during the process of creating the web application is removed from the web application in Central Administration.

In order to upgrade and add the old content database to your web app you will use the following power shell command:

Mount-SPContentDatabase “MyDatabase” -DatabaseServer “MyServer” -WebApplication http://sitename

This will not only attach it to your desired web application but it will also upgrade it for SharePoint 2010. In my case it was with a lot of errors but it worked.

The errors are related to solutions which are not present in the 2010 farm but are used in the content database(web app). I was able to browse the sites in this content database using a different name.

Some columns cannot be used in 2010 due to the fact that those are custom types, but before I backup up the content DB in 2007, I created clones of the custom columns and copied the information as text, for example for the “block” column I created “block_new” to keep the information as text. I used the datasheet view to copy the information, for a small list it might work fine but for very large lists I am not sure if this is a solution.  After the attach I deleted the columns which were not usable and edited the name for the clones to match the old column names.

I used Central administration to export the list to a .cmp file which was imported in a production farm.

Everything worked fine except that when I tried to add a new item to the list I got the following error:

“Web Part Error: A Web Part or Web Form Control on this Page cannot be displayed or imported. The type could not be found or it is not registered as safe.”

I started to believe that I still have problems because of the import and the customization from 2007, because I don’t really know the old farm, have no idea what was used there and started to look on Google.

The problem is a lot of people suggest a different kind of solution. In my case it was very simple, I used SharePoint Designer to connect to the site, then opened the list and created a new aspx form for new items and selected this as default. I deleted the old one after that. In my case this solved the problem and I think it is related to the fact that we used a custom form used for new items.



How to reset the Farm Passphrase in Sharepoint 2010

You might find yourself in the same situation like me, you try to add a new server to your farm but after trying all the passphrases in your mind it seems like none of them work. Hope this happens on your test farm and not on the production one and not because you cannot fix it but this might signal other problems with the way you manage your farm, with your configuration management.

In order to change the Farm PassPhrase you need to log in to one of your farm  servers and open SharePoint 2010 Management Shell in admin mode(right click Powershell and select Run as administrator).

The two cmdlets you will use are:

ConvertTo-SecureString  Link to TechNet site

Set-SPPassPhrase Link to TechNet site

The Set-SPPassPhrase cmdlet is used to change the PassPhrase but it takes a secure string as parameter. In order to do that you will first have to define a secure string using:

$NewPassPhrase = ConvertTo-SecureString -asPlainText -Force -string YOUR_OWN_STRING

The string needs to be(if the default settings are used):

 “at least 8 characters; contains at least three of the following
four character groups: English uppercase characters (A through Z); English lowe
rcase characters (a through z); Numerals (0 through 9); Non-alphabetic characte
rs (such as !, $, #, %). Type a passphrase which meets these requirements. “

Please replace YOUR_OWN_STRING with…you guessed it your own string which will become the new PassPhrase. This cmdlet converts your string from plain text to a secure string. $NewPassPhrase will take the value  of this secure string during your powershell session.

In order to change the PassPhrase to your new secure string defined before you will use:

Set-SPPassPhrase -PassPhrase $NewPassPhrase

It will automatically prompt you to insert the string configured before even if you do not use the -confirm switch.

It will ask you to confirm your action by selecting Y and hitting enter.

This cmdlet will change the PassPhrase on all of your farm servers. If for whatever reason you want or you have to do it on each server use the -LocalServerOnly when you run the  Set-SPPassPhrase cmdlet(ex: Set-SPPassPhrase -PassPhrase $NewPassPhrase -LocalServerOnly).

Now keep track of this new Farm PassPhrase in a secure place.