Saturday, July 25, 2015

SharePoint 2013 Central Administration Overview







SharePoint 2013
Central Administration Overview













RANJITH NEELA






Contents


SharePoint Administration
Here are some of the areas of Central Administration that you should be aware of.  This is by no means all you need to know about Central Administration.  SharePoint Administrators need to have a solid working knowledge of all of the capabilities of this critical web console.  Therefore, Tribridge recommends administrators review Microsoft TechNet sections related to major sections of Central Administration and purchase a good book on administering SharePoint.

Central Administration Home

The screen shot below shows the home page for Central Administration.  This document will briefly explain the purpose of each section, but will not cover each item in detail.


Application Management

Manage web applications

Allows you to add, delete, and manage web applications.  Here you will find your portal web application(s), plus the Central Administration web application.
To manage a web application, select it from the list and use the options under the Web Applications tab in the Office ribbon.

  • New – Create a new SharePoint web application which, in turn, creates a new IIS web site with an associated SQL database which can be used for creating new SharePoint sites.
  • Extend – Extend a web application if you need to have separate IIS web sites that expose the same content to users.  This option is typically used for some types of extranet deployments, plus environments where it is technologically impossible to reuse the same IIS web application. An Extended Web Application reuses the same content databases as the selected web application.
  • Delete – Remove an entire SharePoint web application and, optionally, its content database.
  • General Settings – configure default behavior for general web application functionality.   Under this option you will the submenus listed below.  Some of the more important features are listed.
    • General Settings
      • Time Zone
      • Quota
      • Alerts
      • Browser file handling
      • Recycle bin settings
      • Maximum file upload size
    • Resource Throttling
      • Threshold settings for lists
    • Workflow
      • General workflow settings
    • Outgoing E-mail
      • Settings for outgoing email
    • Mobile Account
      • Outbound mobile account settings
    • SharePoint Designer
      • Options for enabling SharePoint Designer at the Web Application level
  • Manage Features – Lists all of the available features at the Web Application level, which can be activated or deactivated.
  • Managed Paths – Specify which paths of the web application’s URL namespace can be used for creating new site collections.
  • Service Connections – Specify the service applications and connections that are used by the selected web application.
  • Authentication Providers – Configure the memberships and role providers that are used to authenticate users per web application zone.
    • Authentication type – allows you to choose between Windows, Basic, Forms, and SSO.
    • Anonymous Access – Allows you to enable anonymous access for sites.
    • IIS Authentication Settings – Allows you to choose between Kerberos and NTLM.
  • Self-Service Site Creation – Enable users to create their own site collections within a web application.  
  • Blocked File Types – Define the file types that are not allowed to be added to a Web application or globally to the farm.
  • User Permissions – Select granular user permissions for lists, sites, and views.
  • Web Part Security – Define the default web part settings for a site collection.
  • User Policy – Define broad permission policies.
  • Anonymous Policy – Define anonymous access policies, when anonymous access has been enabled under the Authentication Providers section.
  • Permission Policy – Configure advanced user permissions policies for a specific web application.

Configure alternate access mappings

This is where you configure the URL “aliases” used to access the web applications in the farm.

Create site collections

Allows you to create a new top-level site collection within a web application.

Delete a site collection

Allows you to completely remove a top level site and all sub-sites, including all of the content it contains. You cannot delete a database using this command.

Confirm site use and deletion

Allows you to require owners to confirm that their site collections are in use.  Additionally, you can configure automatic deletion for unused Web site collections.

Specify quota templates

Allows you to set the storage limits for the various site templates.  For example, a personal site is set to a default limit of 100MB.  You can increase or decrease this amount.  You can also create new quotas for other types of site templates.  You can also set up email alerts to be sent to the site owner if they are nearing their limit.

Configure quotas and locks

Allows you to configure the maximum size of a site collection and whether new content can be added.  You can use this feature to set a site collection as read-only, or prevent access completely.  You can also specify a quota template to be applied to the site. Site collections should be kept under 85GB, if possible.

Change site collection administrators

Allows you to specify the primary and secondary owners of the site collection.

View all site collections

View all site collections in the farm.  This will include the main portal site, plus all of the personal mysites.

Configure self-service site creation

Enable users to automatically create their own site collections within a web application.

Manage service applications

Allows you to create and manage service applications.

  • New – Create a new service application.
  • Connect – Connect to existing service applications.
  • Delete – Delete the selected service application or service application connection.
  • Manage – Manage settings for the selected service application.
  • Administrators – Assign administrators for the selected service application.
  • Properties – Edit common properties for the selected service application.
  • Publish – Make the service application available to other server farms.
  • Permissions – Change permissions on which accounts can access the service application.

Configure service application associations

Specify the service applications used by each web application.

Manage services on server

Allows you to select the services that will run on each server in the farm.  You can also start and stop the services from here. Note that certain services, such as the User Profile Synchronization Service, may not run effectively when started on multiple servers.

Manage content databases

Allows you to add or configure content databases that are attached to a web application.
  • Add Content Database – Allows you to create a new content database, or add an existing content database to the web application.
  • Manage Content Database Settings – Allows you to update properties of a content database.
    • Database status – Used to control whether or not new site collections can be created in the database.  When set to Ready, the database is available for hosting new site collections. Change the site collection quota to block new site collections from being included in the database.

Specify the default database server

Define the default server where new content databases will be created.

Configure the data retrieval service

Enable the farm or a given web application to communicate with data consumers and sources through SOAP and XML.

System Settings

Manage servers in this farm

Allows you to configure and enable services to run on the local farm.  This page shows you the servers in the farm, and which services are running on each server.  You can then select a server to view and manage all of the services running on that server.

Manage services on server

Allows you to select the services that will run on each server in the farm.  You can also start and stop the services from here.

Configure outgoing e-mail settings

Define the default outgoing email server and addresses.  This is used for alerts, workflows, etc.

Configure incoming e-mail settings

Allows you to establish email-enabled document libraries and lists.  With this feature enabled, users can send documents to the specified email address.  Those documents can then be added to SharePoint document libraries and lists.

Configure mobile account

Configure a web application to use a text messaging service (SMS) for alerts, invitations, or administrator notifications.

Configure alternate access mappings

This is where you configure the URL “aliases” used to access the web applications in the farm.

Manage farm features

Allows you to enable or disable farm-wide SharePoint functionality.

Manage farm solutions

Allows you to deploy or retract solution packages across the farm.   You can also perform these tasks using PowerShell.

Manage user solutions

Allows you to configure execution of site-collection-specific solutions within the local farm.  You can use this feature to block certain solutions from running, and specify how sandboxed solutions will run.

Configure privacy options

Allows you to configure privacy settings for the farm, such as opting in to the Customer Experience Improvement program, sending error reports to Microsoft, or enabled web-based help.

Configure cross-firewall access zone

Allows you to configure which URL zone should be used for cross-firewall access.  

Monitoring

Review problems and solutions

View the problems detected by the SharePoint Health Analyzer and take steps to solve those problems.
C:\Users\CHADDY~1\AppData\Local\Temp\msohtmlclip1\03\clip_image001.png


Review and correct any issues necessary.  Some issues are not as important as others, or can be ignored completely.  

To read more information about an error, just click on the link.

If you have corrected an issue, you can try clicking the Reanalyze Now button, which will remove the item from the list if it is no longer a problem.
Some items also have an option to "Repair Automatically."  When this button is available, SharePoint is usually able to resolve the issue.  Therefore, the warning is issued so that SharePoint Administrators are aware of the trouble, and can allow SharePoint to correct the problem by clicking the button.


There are rules set up that SharePoint runs on a timer that periodically checks for issues.  You can even add your own rules to have SharePoint look for other problems, or you can edit or disable existing rules.

Review rule definitions

View and modify the list of rules that the SharePoint Health Analyzer will run to evaluate the health of your farm.  You can enable, disable, or change the schedule of existing rules, or create new rules.

Review job definitions

Allows you to review and toggle timer jobs that are defined in the farm.  

Check job status

View the status and results for the last execution of timer jobs that are enabled in the farm.

View administrative reports

Allows you to view reports such as crawl rates and query latency, in order to tune performance.

Configure diagnostic logging

Enable and configure advanced logging settings for the farm.  You can change settings such as where logs are written, how long they are stored, the maximum storage amount, etc.

Configure usage and health data collection

Enable usage analysis and define a processing schedule.  You can specify which events to log, the log file location, etc.

View health reports

View various reports that can help you determine the health of the farm.  For example, you can view a report of the top active users, or a report that shows which pages are loading the slowest so that you can optimize them to load faster.


Backup and Restore

This section allows you to perform various backup and restore tasks.  It should be noted though, that you cannot schedule any backups from Central Administration.  Therefore, it is not recommended to use these features as the sole Disaster Recovery solution.  At a minimum, all of the SharePoint databases should be routinely backed up.  Those backup files may be used with these features to recover all or specific content when necessary.

Perform a backup

Allows you to backup portions of the farm to a file.  This page will show you a list of all the components that are contained within your farm, including your portal, the SharePoint configuration database, services, solutions, etc.  You can select all or specific components that you want to back up.  You then have the option to select the backup type, “Full” or “Differential”, and specify the backup location.

Restore from a backup

Allows you to restore content to the farm using a backup file.  With this option you will specify the backup directory location.  You will then be shown the content available to be restored from that backup, and will be able to select which items you want to restore.  You can only restore from backups that have been created from the “Perform a backup” option.  You can’t use this feature for restoring exports of sites or lists.

Configure backup settings

Configure the default backup and restore settings, such as the number of threads to use and the default backup file location.

View backup and restore history

Allows you to review backup and restore history.

Check backup and restore job status

Review current and previous backup and restore jobs.

Perform a site collection backup

Allows you to back up the contents of a site collection.  Here you only need to select the site collection and the backup location, and click Start.

Export a site or list

Allows you to export the contents of a site or list.  You can select an entire site, or a specific list, specify a file location to save to, and create an export file.  Additional options include the ability to export the security settings, and also to specify if you want to export all versions of the documents, or just the most recent.

Recover data from an unattached content database

Allows you to connect to a content database to explore the contents or retrieve data.  You can specify the name of a database restored from a backup. The restored database can exist either within the farm’s database server or on another database server. Then you can choose whether to browse the content, backup a site collection, or export a site or list.  Note that the description “Recover data” is a little misleading.  You can only create export files from this option.  You cannot use this option to restore data.  If you need to recover data from a content database, you would use this feature to create an export file of the content you need, then you would need to run the PowerShell import command Import-SPWeb to import the data from that export file back into SharePoint.

Check granular backup job status

View the status of an export or a site collection backup operation.

Security

Manage the farm administrators group

This is where you add users who will have full access to all settings in the farm.  They can also take ownership of any content site.

Approve or reject distribution groups

Allows you to approve or reject distribution groups that have been requested.  (The SMTP service must be installed on the server and Directory Management Service must be enabled under the Configure Incoming E-Mail settings section.)

Specify web application user policy

Configure advanced user permission policies for a specific web application.

Configure managed accounts

Specify the managed accounts and their password change schedules.  The managed accounts are the accounts that run the various application pools and services for SharePoint.  To ease administration, these accounts can be configured so that their passwords are automatically reset on a specified schedule. (Note: Tribridge is not recommending the automatic reset feature.)

Configure service accounts

Allows you select a service or application pool, and shows you the account currently associated with that service.  You can also change the associated account, or create a new managed account to be associated with the service.

Configure password change settings

Specify the global password change notification settings.  This includes the email address of the person to be notified when an account password is about to expire, how many days in advance to notify the user of the upcoming password expiration, etc.

Specify authentication providers

Configure the membership and role providers that are used to authenticate users per web application zone.  From here you can specify whether to use NTLM or Kerberos, for example.

Manage trust

Enable users to manage trusts with other SharePoint farms.  

Manage antivirus settings

Configure farm antivirus setting.  (SharePoint-specific antivirus software must be installed on the web server. Forefront Security for SharePoint is one such product.)

Define blocked file types

Define the file types that are not allowed to be added to a web application or globally to the farm.

Manage web part security

Define the default web part settings for a site collection.

Configure self-service site creation

Enable users to create their own site collections in a specified web application.  (This feature must be enabled in order for users to be able to create their My Site.)

Configure information rights management

Protect sensitive documents from being misused or distributed without permission once they have been downloaded from SharePoint.  (Windows Rights Management Services must be installed on an Active Directory server that is accessible by the SharePoint farm.)

Configure Information Management Policy

Displays all of the available information management policy features for use within lists, libraries, and content types.

Upgrade and Migration

Convert farm license type

Allows you to enter a product key to change the license type of your SharePoint installation.  For example, if you wanted to upgrade from SharePoint Server Standard to SharePoint Server Enterprise.

Enable Enterprise Features

If you have upgraded from the Standard license to the Enterprise license, this feature allows you to enable the Enterprise feature set.

Enable Features on Existing Sites

If you have upgraded from the Standard license to the Enterprise license, this feature allows you to enable all of the enterprise features across all existing sites.

Check product and patch installation status

View the current product and patch installation status.

Review database status

View the list of databases and their current upgrade status.

Check upgrade status

View the status of current and previous upgrade events.

General Application Settings

Configure send to connections

Allows you to create “Send To” connections that will be available to the entire web application.  This connection will appear in the “Send To” menu option when you have selected a document in a library.  Send to actions allow you to move or copy the selected document to another location, specified in the connection.

Configure document conversions

Enable and configure document conversion capabilities.  For example, you can convert InfoPath or Word documents to web pages, etc. The Document Conversion services must be enabled first.

Manage form templates

Allows you to view and upload InfoPath forms.  Most InfoPath forms can be published directly into the website from InfoPath.  However, if custom business logic in the form template requires “full trust” to run (For example, if it must run code that can access the file system) a server administrator must approve and deploy the form from this page.  See http://msdn.microsoft.com/en-us/library/ms772110.aspx for more information.

Configure InfoPath Forms Services

Adjust configuration settings for InfoPath forms to permit interaction with these forms in the browser.  

Upload form template

Allows you to upload an “Administrator-approved” InfoPath form template.  (It is much easier to publish forms directly through InfoPath.)

Manage data connection files

Upload data connections that can be used on InfoPath forms.

Configure InfoPath Forms Services Web Service Proxy

Allows you to enable and configure a proxy for data connections between InfoPath Forms Services and Web services.

Configure SharePoint Designer settings

Customize which SharePoint Designer capabilities are allowed for a given web application.

Farm Search Administration

Allows you to view and manage settings for the Search Service Application.  You can view crawl history, review crawl errors, run a crawl, etc.

Crawler Impact Rules

Allows you to manage crawler impact rules.  Crawler impact rules can be used to adjust the load that the crawler applies to the content sources.  You can set up a request frequency on specific URL’s.  For example, fewer simultaneous requests or a delay between requests will help minimize impact.

Configure content deployment paths and jobs

Allows you to manage content deployment jobs and paths.  Content deployment is used to deploy content from one site collection into another site collection.  The source and destination site collections can be in the same farm or in different farms.

Configure content deployment

Configure settings for content deployment, such as accepting or rejecting deployment jobs, servers that can receive the jobs, servers that can export the jobs, etc.

Check deployment of specific content

Allows you to specify the URL for an object to be deployed, then shows you the deployment status of the object.

Apps

Purchase Apps

If enabled, allows you to browse and purchase apps from the SharePoint App Store.

Manage App Licenses

Allows you to view and manage licenses for your purchased apps.

Configure Store Settings

Manage app acquisition settings.

Manage App Catalog

Create and manage an app catalog site for making apps available to end users.

Monitor Apps

Track usage of applications and review errors

Configure App URLs

Configure URLs for apps to run

App Permissions

Manage app permissions for the farm

Configuration Wizards

The only wizard available is the Farm Configuration Wizard, which is typically used when creating a new server farm.  It allows you to select which services will be used, and will create the new site.



Common Administrator Tasks

There are many options, features, and functions available from Central Administration.  However, once the farm is set up, most of these options will rarely or never be used.  This section covers some of the more common tasks that an administrator will need to perform.

Search Service


You can manage the crawl schedule or manually run crawls from the Search Service Administration page.  You can also set up search scopes and view analytics reports.

To get to Search Service Administration from the main Central Administration page, Application Management, select Manage Service Applications.  Next, from the list of services, select Search Service Application


Crawl Log - Shows you the crawl logs for each content source you have created.   You can see the number of successes and failures, or view crawl history and error messages.
Content Sources - Shows you the content sources that are available for crawling.  From here you can start a full or incremental crawl, or view the crawl log.  You can also edit the crawl schedule and configure the URL's that will be crawled.

Authoritative Pages - Allows you to identify authoritative pages in three levels.  This means that search results found within the authoritative pages that you identify will rank higher on the results page.  You can also identify non-authoritative pages, which will demote search results found in those sites.

Search Result Removal - Allows you to specify URLs that should not be crawled.  These URL's will be deleted from the search results and will no longer be indexed.

Improving Searches with Query Rules and Promoted Results

This feature is available from the main SharePoint site.  Browse to the portal home, select Site Actions, then Site Settings.  Scroll down to the Site Collection Administration group, and select "Search Query Rules."

In this section, you can add a query rule that displays a promoted results link at the top of the search results when someone enters a specific keyword. 

User Profile Synchronization

User Profile Synchronization has been configured and scheduled to run each night, so that changes to Active Directory will be propagated to the SharePoint Portal.  There may be times that you may need to update the User Profile Synchronization connection, or to manually run an import.  This may be required if the OU changes, or a new OU is create that must be synchronized.  

Update the Synchronization Connection
Under Application Management, select Manage Service Applications.
Under the list of services, click the link for User Profile Service Application.

Under the Synchronization heading, click Configure Synchronization Connections.


Click on the connection name and select Edit from the dropdown menu.
Enter the password for the User Profile Synchronization Account, then click the Populate Containers button to display the tree from Active Directory.  

Expand the tree to find the OUs that need to be synchronized, and select any nodes that apply.  You do not need to manually check each individual user.  Checking a top level node will automatically synchronize everything under it.  (You should avoid selecting the entire domain.)
Click the OK button to save the changes to the connection. Once you have made your changes, manually run a Full Synchronization.

Manually Run a User Profile Synchronization
From the User Profile Service Application management page, click on Start Profile Synchronization.

Select either an incremental or a full synchronization and click OK.  A full sync will be more resource intensive, but may be needed if you are adding new OU’s.  

To check on the status of the sync, watch the lower right corner of the User Profile Service Application management page.  You can refresh the page to see the current status.  This may take 10 to 15 minutes.

The Recycle Bin and File Recovery

When a user deletes an item, it will automatically be moved into their recycle bin, which is also referred to as the first stage recycle bin.  Deleted documents, list items, document libraries and lists will remain in a user’s recycle bin for the number of days specified in Central Administration (30, by default).  During this time, the item can be recovered by the user by simply browsing to his or her “Recycle Bin”, selecting the file to restore, and clicking the Restore Selection button.  A link to the Recycle Bin is available in the lower left side of the Quick Launch navigation.

The site collection administrator can view all deleted documents.  The list of deleted documents includes useful information such as the date and time the document was deleted, the user who deleted it, the document name, and original location.  This information can help the administrator locate a deleted file and restore it.
The “Second Stage” Recycle Bin contains all documents the users deleted from their Recycle Bins. It gives the Site Collection Administrator one last chance to recover an accidentally deleted document.  
The maximum storage that can be stored in the Second Stage Recycle Bin is configurable, but is defaulted to 50 percent of the site collection’s quota (if the site collection actually has a quota. Otherwise, it is infinite). The site collection administrator can access the Second Stage Recycle Bin by selecting the Site Settings option under the Site Actions menu.  Next, under the Site Collection Administration heading, click Recycle Bin.


Migrating User Names

When a user name gets changed, (for example, in the event a user’s last name changes due to marriage) you will need to migrate the user account from the old username to the new username with an STSADM or PowerShell command.
To change the user’s login
  1. Log into the WFE as the farm configuration account
  2. Run the command prompt as Administrator
  1. Type the following commands
    1. cd C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions
    1. stsadm.exe -o migrateuser -oldlogin domain\oldusernamehere -newlogin domain\newusernamehere -ignoresidhistory
To update User Profile information associated with the user

You can run the User Profile Import manually, or wait until the next nightly update.  To run manually, follow these steps.

  1. From the WFE, open Central Administration
  1. Click the link for Manage Service Applications

  1. Click the link for User Profile Service Application
C:\Users\CHADDY~1\AppData\Local\Temp\msohtmlclip1\09\clip_image002.png
  1. Click the link for Start Profile Synchronization
C:\Users\CHADDY~1\AppData\Local\Temp\msohtmlclip1\09\clip_image003.png
  1. Select Incremental, and click OK


  1. Watch the status until it shows idle again.  This may take 10 to 15 minutes.
C:\Users\CHADDY~1\AppData\Local\Temp\msohtmlclip1\09\clip_image005.png
  1. Make sure the user can log into the portal.  (Give them access to the site if they don't already exist in an AD group.)
  2. Once the user has logged in, they can go to their My Site or Profile and you should be able to find them in a search.

Here is some additional info about what the MigrateUser command does.

The Powershell equivalent command is Move-SPUser.  

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)