In the first post in this series on SharePoint extranets and User management we walked through the authentication and authorization challenges with a bit on pricing and licensing. In this post we'll explore the free samples and freeware solutions along with cheaper point solutions for self service and in the next post we'll walk through more fully featured off the shelf extranet and management solutions, suites and packs.
I do caution you about CodePlex solutions or freeware. Often these solutions are put together by individuals or companies that simply want to share the source, but don't have the time or resources to support the solution. Be cautious with any install that lacks support since you WILL BE faced with upgrade(s) in the future and want to make sure you can support your own environment as you upgrade. Many of these solutions will save you time in the short term, but understand the long term investment and potential challenges.
If you're still in the planning stages, you may want to look at a number of Extranet Planning Resources I put together in this older post. If you're concerned high level about extranets, I put together an overview of SharePoint in the extranet discussing security, back in 2007.
This post is about awareness of free tools, and cheaper point solutions...
- Joel Oleson
Now for the challenge. Let's say you've setup FBA with AD in the extranet. How do you manage those accounts? You can find samples for your user store and samples for the ASP.NET authentication with WSS and MOSS. But the real challenge is user management. You can find user management samples on Technet for carrying out common management tasks. YUK. You don't want to have to go into AD Users and Computers and one by one add the accounts (maybe in a small environment).
Here is a list of solutions around User and Site Management, many of which include source code and samples.
External Collaboration Toolkit for SharePoint - The External Collaboration Toolkit for SharePoint (ECTS) uses Active Directory Application Mode (ADAM), Microsoft SQL Server®, Windows SharePoint Services 3.0, and custom software to provide collaboration services. The part that's burried is you manage site creation approval workflow, and user account creation workflow both from the web UI. The interface looks like a total non-designer and someone who doesn't understand the styles in SharePoint, but if you get past that, it's very functional and hey, you can fix it and contribute it back to the community. The source code can be found on the Community Kit site on CodePlex.
NOTE: Even if you decide not to use this kit, you can learn a lot from the extranet installation and operations guide that is not listed anywhere else. For example, LDAP ports and configuration are very important to understand for a lot of extranet configurations.
SharePoint Happenings - freeware Site Creation and Approval Workflow - Whenever any user anywhere within a site collection creates a new site, this workflow is initiated and that site is locked until a site collection administrator explicitly approves the site for use. I haven't used it, but it sounds cheap and easy. I love freeware until I need support. :)
http://www.codeplex.com/AccessChecker - Who has access reports
http://www.codeplex.com/sptoolbox - IT Tools for common problems solved by simple solutions or tools.
CodePlex.com/Governance - a number of tools designed and built by Microsoft IT, plus links to other "governance" and management-related tools and solutions.
Microsoft IT (CodePlex) Site Delete Capture 1.0 - Simply captures sites that are deleted by end users and backs them up to disk using the event model. You have a recycle bin, but this is basically a site recycle bin (available only to administrators). (Works with WSS 3.0 and Office SharePoint Server 2007)
MS IT (CodePlex) Site Life Cycle Management 1.1 - Notify, Backup then Delete Unused, Unneeded sites. You can also configure locks, archiving and deleting of unused sites. (Works with WSS 3.0 and Office SharePoint Server 2007)
Gary Lapoint's STSADM Extensions (FREE and download the source!) are incredibly rich and have a lot of application for extranet and internet environments. Some of my favorites are gl-createsiteindb (target the creation of a site in existing database, definitely important when trying to group data together from different site collections), gl-convertsubsitetositecollection, (You can imagine a partner that needs to get broken off based on relationships or typical site sizing issues), and a lot more. You may want to look at the list and item import and export commands that you just wish were in the box.
SharePoint Administration Toolkit contains multiple tools and may have others as time goes on. The first is Batch Site Manager - it can be used to Move, Lock, and Delete Site Collections and schedule bulk operations often to reduce the size or better manage the content databases. The second is more of a fix up tool called "Update Alert" which can be used to fix up alert issues related to renaming of Web applications, URLs, or zone-related problems. More detail is available in the Admin toolkit whitepaper.
The download links for the SharePoint Administration Toolkit:
Since the first release of the Admin toolkit, another version has been released. In this V2 version you get a light profile replication tool for syncing some of the attributes. If you like this tool, but only have WSS or have a mix, you should look at the supported version by Bamboo which will synchronize between contact lists, user lists, for WSS and between the MOSS profile and WSS user info.
The download links for the SharePoint Administration Toolkit v2.0
At Bamboo, what you'll find is a number of point solutions that were designed to help people who had specific problems and were able to clearly articulate those problems, from more control in site creation (such as being able to provide specific templates, or governance around site names) to simple User Account Setup Web Part that allows you to put this Web Part where delegation can truly happen around user provisioning, password reset whether it's the project managers or support that's running it, or even administrators, it's all in the SharePoint UI. I'll talk about the bundling of these after I give them to you so you can see how they help address a number of problems as it relates to self service.
Bamboo Self Service solutions around User Management and Site Management (definitely key resources for Extranets)
User Account Setup (HW07) - Automatically create a user account in Active Directory (or NT) and SharePoint at the same time. The user can enter Active Directory information as well as designate which SharePoint groups and permissions are assigned to the user account. Assign SharePoint groups, rights, and attributes from one location. Automatic E-mail notification on creation, includes built in audit log. Administrators have the option of using an Administrative Account to create users in SharePoint or using the logged in Web Part user’s account to create users in SharePoint (i.e., impersonation). Available SharePoint Groups for adding users can be retrieved from the Site Collection or the current site when configuring the Web Part. Secure tool pane is only visible to user with Administrative Permission. (Security Trimmed), Supports zones and forms based authentication, Delegate usage. Set user options to require initial password change, restrict password change, or create non-expiring passwords.
User Directory (HW08) - Provides the ability to "write back" to AD or SharePoint Profile, and provides a rich user interface where users can either maintain their own information or support can easily update the information. You can view your user organization in a user-friendly tree view by organizational chart, or alphabetical order by last name. Users can view all profiles but can only edit their own. You may just want to make this Admin or internal-only accessible in your extranet, but it could be a very rich partner directory.
User Profile Plus (HW29) - a rich profile store and directory for WSS. Looking for a richer directory based on data like the MOSS profile?
User Profile Sync (HW19) - Here's a gem. Depending on where your data is, you can sync it with other sources. I was surprised they missed Farm to Farm - MOSS profile to MOSS Profile. Seems like that would be easier than what they've done. But wow ,AD to UserInfo for WSS (Very Nice, I know I've seen a lot of support issues on that one).
- MOSS 2007 User Profile database to Active Directory.
- Active Directory to a WSS 3.0 User Information List.
- WSS 3.0 User Information List to one or more WSS 3.0 User Information List(s).
- Active Directory to a Contacts List in WSS 3.0 or MOSS 2007.
- A Contacts List in WSS 3.0 to one or more WSS 3.0 User Information List(s).
User Redirect (HW13) - Protect sensitive data by redirecting users from restricted site pages quickly and easily. (I can definitely see making sure partners stay out of the user info pages). Also includes Group Redirect (HW12) which has similar functionality for restricting cross site groups access to sensitive pages.
Site Creation Plus (HW28) - It gives administrators the ability to better manage the creation of sites by standardizing URL and user group naming and restricting the site template that users can select. For users, it simplifies the site creation process by reducing the number of choices they must make and by adding new sites to a Links list automatically. This ensures that they complete an important step in the site creation process that is often forgotten. You can enforce templates! (Joel - now here's one that will reduce the overhead associated with site creation in the extranet. The out of the box self service doesn't give you this kind of control.)
Password Change (HW06) - Users can change their own Active Directory, FBA, LDAP compliant Directory password from a SharePoint Web page.
Password Expiration (HW23) - Provide expiration notice and notification within the site! (I haven't seen this elsewhere and can imagine using this even if you purchase other off the shelf solutions. Even if you're running with simple NT Challenge response, it's always a challenge to know when your password is going to expire.)
Password Reset (HW10) - Interface allows reset of Active Directory, FBA or LDAP based directory passwords and issues a new temporary password via E-mail to the user that adheres to your password security policy.
Others you may want to consider that don't apply directly to what we've been talking about...
System Log Manager (HW43) , Alert Plus (HW05) , Alerts Administrator (HW39), Group Email (HW14), My Alerts Organizer (HW40)
Also look for these future products in the next quarter... (often these end up available for free in beta form in the Bamboo Labs)
- SharePoint Analytics Solution Accelerator
- Site Management Solution Accelerator
In my next post, look for the fully featured extranet SharePoint User Management Solutions, Suites and packs.
Oct 09 2008, 03:32 PM
Filed under: User Directory Web Part, Joel Oleson, User Account Setup Web Part, User Profile Plus, Site Creation Plus, Password Expiration Web Part, Password Change Web Part, Password Reset Web Part, Extranet, User Management, Guest Blog
As Sr. Technical Product Manager for SharePoint Products and Technologies at Microsoft, I owned the technical messaging and product positioning for the IT Professional audience. With more than 12 years of experience in the Internet Industry, I have a vast background in Web technologies. First, starting out with Internet and intranet application web design including enterprise backend data storage. I later moved into design and infrastructure architecture, engineering, and operations. I'm now a community evangelist for SharePoint and working to help companies solve their IT issues related to deployment and governance.