SharePoint 2010 Configure PowerShell Commands I will likely use

From the Training Kit

CHANGE THE PORT OF CENTRAL ADMINISTRATION

Set-SPCentralAdministration -Port <PortNumber>
Where: <PortNumber> is an available port, greater than 1023 and less than 32767.
You can learn more about how to change the port of Central Administration in
the TechNet articles “Change the Central Administration Web site port number
SharePoint Server 2010)” at http://go.microsoft.com/fwlink/?LinkID=192720 and

 

CREATE A NEW WEB APPLICATION WITH CLASSIC MODE AUTHENTICATION

New-SPWebApplication -Name <Name> -Port <Port> -HostHeader <HostHeader>
-AuthenticationMethod <AuthenticationMethod> [-AllowAnonymousAccess]
[-SecureSocketsLayer] -URL <URL> -ApplicationPool <ApplicationPool>
-ApplicationPoolAccount <ApplicationPoolAccount> -DatabaseName <DatabaseName>

New-SPWebApplication -Name "Contoso Partner Portal" -Port 443
-HostHeader "partners.contoso.com" -AuthenticationMethod "NTLM" -SecureSocketsLayer
-URL "https://partners.contoso.com:443" -ApplicationPool "SharePoint Extranet Applications"
–ApplicationPoolAccount (Get-SPManagedAccount "CONTOSO\SP_WebApps")
-DatabaseName "SharePoint_Content_Partners"

The above command creates a new application pool. If the application pool already exists, you
would not include the -ApplicationPoolAccount parameter and value.

The -SecureSocketsLayer parameter, if specified, enables SSL for the web application.
As you learned in Lesson 1, you must also use IIS Manager to create the certificate in
the server’s certificate store and bind the certificate to the IIS Web site.

CREATE AN AUTHENTICATION PROVIDER

$ap = New-SPAuthenticationProvider [-UseWindowsIntegratedAuthentication]
[-DisableKerberos | DisableKerberos:$false] [-UseBasicAuthentication] [-AllowAnonymous]

CREATE A WEB APPLICATION WITH CLAIMS BASED AUTHENTICATION

A Windows authentication provider is constructed that uses only NTLM—Kerberos is disabled—and passed as the authentication provider for the new web application.
$ap = New-SPAuthenticationProvider –UseWindowsIntegratedAuthentication
–DisableKerberos
New-SPWebApplication -Name "Contoso Partner Portal" -Port 443
-HostHeader "partners.contoso.com" –AuthenticationProvider $ap –SecureSocketsLayer
-URL "https://partners.contoso.com:443"
-ApplicationPool "SharePoint Extranet Applications"
–ApplicationPoolAccount (Get-SPManagedAccount "CONTOSO\SP_WebApps")
-DatabaseName "SharePoint_Content_Partners"

CREATE A WEB APPLICATION WITH FORMS-CLAIMS AUTHENTICATION

Forms Based Authentication (FBA) is an identity management system that is based on ASP.NET membership and role provider authentication. The credentials are authenticated against an identity store, which can be AD DS; a database such as a SQL Server database; or an LDAP data store such as Active Directory Lightweight Directory
Services (AD LDS), Novell eDirectory, Novell Directory Services (NDS), or Sun ONE. Each ASP.NET role is treated as a domain group by the authorization process in SharePoint Server 2010. The resulting information about the user is converted into claims by the STS, thus FBA is also called Forms-Claims authentication.

$ap = New-SPAuthenticationProvider -ASPNETMembershipProvider "MyMembershipProvider"
-ASPNETRoleProviderName "MyRoleManager"
New-SPWebApplication -Name "Contoso Partner Portal"
-Port 443 -HostHeader "partners.contoso.com" –AuthenticationProvider $ap
–SecureSocketsLayer
-URL "https://partners.contoso.com:443"
-ApplicationPool "SharePoint Extranet Applications"
-ApplicationPoolAccount (Get-SPManagedAccount "CONTOSO\SP_WebApps")
-DatabaseName "SharePoint_Content_Partners"

CREATE A SITE COLLECTION USING WINDOWS POWERSHELL

New-SPSite -Url "<URL for the new site collection>"
-ContentDatabase <Content Database Name> -Name "<Name for Top-Level Site>"
-Template <Template> -OwnerAlias "<domain\user>" [–OwnerEmail "<e-mail address>"]
[-SecondaryOwnerAlias "<domain\user>"] [-SecondaryOwnerEmail "<e-mail address>"]

New-SPSite -Url "http://teams.contoso.com" –ContentDatabase "SharePoint_Content_Teams"
-Name "Contoso Departments, Teams, and Projects" –Description "Collaboration sites for
Contoso departments, teams, and projects" -Template "STS#0" -OwnerAlias
"CONTOSO\SP_Admin" –OwnerEmail SP_Admin@contoso.com

A close examination of the parameters of this command reveals that when you create a site collection—an SPSite object—you also create the top-level website—an SPWeb object—in the site collection.  Although the site collection and top-level website are two different objects that are created  simultaneously, and cannot exist without each other, you can optionally create one or more additional websites within the site collection, typically referred to as subsites or child sites.

VIEW ALL SITE COLLECTIONS USING WINDOWS POWERSHELL

Get-SPWebApplication "<WebApplicationURL>" | Get-SPSite –Limit ALL | Format-List
-Property URL,ContentDatabase,Owner,SecondaryContact

Unfortunately, the SPSite object does not expose all of the properties that you configurewhen using the New-SPSite cmdlet. For example, the email address of the primary site collection administrator, and the name, description, and template used for the top-level website are not properties of the resulting SPSite object. Some of these properties are members of the SPWeb object for the top-level website. Others are exposed by the SPSiteAdministration object.

Get-SPSiteAdministration |
Select URL,Title,Description,RootWebTemplate,OwnerLoginName,OwnerEmail

only the content database name is not immediately available to the Get-SPSiteAdministration cmdlet

Get-SPWebApplication "http://teams.contoso.com" | Get-SPSite -Limit ALL |
ForEach {$_ | Get-SPSiteAdministration |
Select URL,Title,Description,RootWebTemplate,OwnerLoginName,OwnerEmail ;
$_ | Select ContentDatabase}

DELETE A SITE COLLECTION

Remove-SPSite -Identity "<URL>" [–GradualDelete]   More here

ASSIGN SITE COLLECTION OWNERS

Set-SPSite -Identity "<SiteCollection>" -OwnerAlias "<DOMAIN\User>"
-SecondaryOwnerAlias "<DOMAIN\User>"

ASSIGN SITE COLLECTION ADMINISTRATORS

Set-SPUser –Identity "<DOMAIN\Username>" –IsSiteCollectionAdmin

CONFIGURE A QUOTA FOR A SITE COLLECTION

One of the important site collection settings is the quota, which specifies the storage limit values for the maximum amount of data that can be stored in a site collection. Data includes the following:

1. Documents stored in document libraries
2. List items
3. Attachments
4. Previous versions of documents, items, and attachments, if versioning is enabled
5. Configuration
6. Content in the Recycle Bins
7. A storage limit, in megabytes, applies to all sub sites in site collection.

Set-SPSite -Identity "<Site>" -MaxSize <StorageLimit> -WarningLevel <WarningLevel>

Set-SPSite cmdlet. -QuotaTemplate to reapply the template and thereby to apply its new settings

More info here http://go.microsoft.com/fwlink/?LinkID=192708

LOCK OR UNLOCK A SITE COLLECTION

Set-SPSite -Identity "<SiteCollection>" -LockState "<State>"

The following are States
Unlock Unlocks the site collection and makes it available to users.
NoAdditions Prevents users from adding new content to the site collection.
Updatesand deletions are still allowed.
ReadOnly Prevents users from adding, updating, or deleting content.
NoAccess Prevents access to content completely.

ADD A MANAGED PATH USING

New-SPManagedPath [-RelativeURL] "</RelativeURL>" -WebApplication <WebApplication>

</RelativeURL> is the relative URL for the new managed path. The type must be a valid partial URL, such as site or sites/teams/

REMOVE A MANAGED PATH

Remove-SPManagedPath [-Identity] <ManagedPathName> -WebApplication <WebApplication>

ADD A CONTENT DATABASE

When you create a web application, you specify the name of the initial content database. You can later create additional content databases for the web application.

New-SPContentDatabase -Name <ContentDbName> -WebApplication <WebApplicationName>

 

Move a Site Collection Between Content Databases

Move-SPSite <http://ServerName/Sites/SiteName> -DestinationDatabase
<DestinationContentDb>

You can use the -ContentDatabase parameter of the New-SPSite cmdlet to create a site
collection in a specific content database.

View All Site Collections

Get-SPWebApplication "http://teams.contoso.com" | Get-SPSite -Limit ALL |
ForEach {$_ | Get-SPSiteAdministration |
Select URL,Title,Description,RootWebTemplate,OwnerLoginName,OwnerEmail ;
$_ | Select ContentDatabase}

VIEW SERVICE INSTANCES

Get-SPServiceInstance -Server <Server Name>
If the -Server parameter is omitted, the cmdlet returns all service instances in the farm

START A SERVICE

Start-SPServiceInstance -Identity <SPServiceInstancePipeBind>

You can use the Stop-SPServiceInstance cmdlet to stop a service

<SPServiceInstancePipeBind> is a service instance—for example, an object retrieved
by using the Get-SPServiceInstance cmdlet—or a GUID of the service instance that you
want to start.

The following example assigns a service instance to a variable, and then uses the
Start-SPServiceInstance cmdlet to start the service instance

$ServerName = "SP2010-WFE1.contoso.com"
$ServiceName = "Managed Metadata Web Service"
$ServiceInstance = Get-SPServiceInstance –Server $ServerName |
Where { $_.TypeName –eq $ServiceName }
Start-SPService $ServiceInstance

CREATE A MANAGED METADATA SERVICE APPLICATION

New-SPMetadataServiceApplication –Name <Name> -DatabaseName <Database Name>
-ApplicationPool <Application Pool>

New-SPMetadataServiceApplication -Name "Managed Metadata Service – Research and
Development" -DatabaseName "SharePoint_Service_Metadata_Research" -ApplicationPool
"SharePoint Web Services Default"

You can delete service applications by using the
Remove-SPServiceApplication cmdlet. Use the Get-Help cmdlet to learn more about
Remove-SPServiceApplication. Some service applications have a specific Remove-SP* cmdlet.
Type Get-Command Remove*SP*Application for a list of these service applications.

CREATE AN APPLICATION CONNECTION (PROXY)

New-SPMetadataServiceApplicationProxy –Name <Name> -ServiceApplication <Service
Application Name>

New-SPMetadataServiceApplicationProxy -Name "Managed Metadata Service – Research and
Development" -ServiceApplication "Managed Metadata Service – Research and Development"

CREATE A NEW SERVICE APPLICATION CONNECTION GROUP

New-SPServiceApplicationProxyGroup –Name <Name>

New-SPServiceApplicationProxyGroup –Name ResearchAndDevelopment

ADD A SERVICE APPLICATION CONNECTION TO AN APPLICATION CONNECTION GROUP

Add-SPServiceApplicationProxyGroupMember [-Identity] <Proxy Group Name> –Member <Proxy>

<Proxy> is the GUID of an application connection or a variable representing an application
connection. <Proxy> can also be an array of connection objects or GUIDs. For example, the following command adds the application connection named Managed Metadata Service – Research And Development to the application connection group named ResearchAndDevelopment:

$proxy = Get-SPMetadataServiceApplicationProxy "Managed Metadata Service – Research And Development" Add-SPServiceApplicationProxyGroupMember "ResearchAndDevelopment" –Member $proxy

To remove a service application connection from an application connection group, use the
Remove-SPServiceApplicationProxyGroupMember cmdlet.

CONFIGURE APPLICATION ASSOCIATIONS

The following example associates the web application http://research.contoso.com with the ResearchAndDevelopment proxy group.

$web = Get-SPWebApplication "http://research.contoso.com"
$web.ServiceApplicationProxyGroup = Get-SPServiceApplicationProxyGroup ("ResearchAndDevelopment")
$web.Update()

To set a web application back to using the [default] group, use the following commands:
$web = Get-SPWebApplication "http://research.contoso.com"
$web.ServiceApplicationProxyGroup = Get-SPServiceApplicationProxyGroup("")
$web.Update()

RESTRICTING ACCESS TO A SERVICE APPLICATION

1. Retrieve the local farm ID:
$farmID = Get-SPFarm | select id

2. Retrieve the web application service account:
$webapp = Get-SPWebApplication http://intranet.contoso.com
$username = $webApp.ApplicationPool.UserName

3. Create a new claims principal that contains the web application service account:
$principal = New-SPClaimsPrincipal $username -IdentityType WindowsSamAccountName

4. Retrieve the security object of the service application:
$serviceapplicationname = "Managed Metadata Service"
$spapp = Get-SPServiceApplication -Name $serviceapplicationname
$spguid = $spapp.id
$security = Get-SPServiceApplicationSecurity $spguid
In the preceding example, the service application is named “Managed Metadata Service.” Change this value to match the name of the service application for which you want to modify access permissions. The name assigned to the $serviceapplicationname variable must match the display name of the service application exactly, including capitalization.

5. Add the web application service account to the security object of the service application:
$rights = "Full Control"
Grant-SPObjectSecurity $security $principal -Rights $rights

The rights will generally be “Full Control,” but can vary based on the service application and your requirements. To determine what rights are available for a service application, run the following code:
$serviceapplicationname = "Managed Metadata Service"
$spapp = Get-SPServiceApplication -Name $serviceapplicationname
$rightslist = Get-SPServiceApplicationSecurity $spapp
$rightslist.NamedAccessRights

6. Remove the local farm ID from the security object of the service application:
Revoke-SPObjectSecurity $security $farmID

7. Assign the updated security object to the service application:
Set-SPServiceApplicationSecurity $spapp -ObjectSecurity $security

8. Display and review updated permissions:
(Get-SPServiceApplicationSecurity $spapp).AccessRules

 

RESTORE FARM-WIDE ACCESS TO A SERVICE APPLICATION

$serviceapplicationname = "Managed Metadata Service"
$farmID = Get-SPFarm | select id
$claimProvider = (Get-SPClaimProvider System).ClaimProvider
$principal = New-SPClaimsPrincipal –ClaimType `
"http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid"
-ClaimProvider $claimProvider -ClaimValue $farmid
$spapp = Get-SPServiceApplication -Name $serviceapplicationname
$spguid = $spapp.id
$security = Get-SPServiceApplicationSecurity $spguid
Grant-SPObjectSecurity -Identity $security -Principal $farmID -Rights "Full Control"
Set-SPServiceApplicationSecurity $spguid -ObjectSecurity $security

Configure Trust between Farms

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content <Path\Filename.cer> -Encoding byte

EXPORT THE STS CERTIFICATE
The following example shows how to export the STS certificate from the consuming farm:
$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export("Cert") | Set-Content <Path\Filename.cer> -Encoding byte

The administrators of the publishing and consuming farms then import each other’s root
certificate, and use the certificate to establish a trust relationship. This can be done by using
Central Administration or Windows PowerShell.

IMPORT THE ROOT CERTIFICATE AND CREATE A TRUSTED ROOT AUTHORITY

The following example shows how to import the root certificate and create a trusted root
authority:
$trustCert = Get-PfxCertificate <Path\Filename.cer>
New-SPTrustedRootAuthority <Farm Name> -Certificate $trustCert

<Farm Name> is a descriptive name of the farm from which the root certificate was
exported. This becomes the display name of the trusted farm.

The administrator of the publishing farm must also import the STS certificate that was copied from the consuming farm and use the imported certificate to create a trusted service token issuer.

$stsCert = Get-PfxCertificate <Path\Filename.cer>
New-SPTrustedServiceTokenIssuer <Farm Name> -Certificate $stsCert

Where:
<Path\Filename.cer> is the path and filename of the STS certificate to import.
<Farm Name> is a descriptive name of the farm from which the STS certificate was exported. This becomes the display name of the trusted service token issuer.

PUBLISH A SERVICE APPLICATION

Publish-SPServiceApplication -Identity <ServiceApplicationGUID>

$serviceapplicationname = "Managed Metadata Service"
Get-SPServiceApplication -Name $serviceapplicationname |
Publish-SPServiceApplication

INFORMATION ABOUT PUBLISHED SERVICE APPLICATIONSRETRIEVE

Get-SPTopologyServiceApplication

CONNECT TO A SERVICE APPLICATION ON A REMOTE FARM

The following example shows the use of the New-SPMetadataServiceApplicationProxy cmdlet to connect to a service application on a remote farm:
New-SPMetadataServiceApplicationProxy –Name <Name> -URI <Service Application URL>

Where:
<Name> is the name for the new application connection.
<Service Application URL> is the published URL of the Managed Metadata Service service application with which the new application connection will be associated.

ADD A SERVER TO THE FARM USING WINDOWS POWERSHELL
1. On the Start menu, click All Programs, Microsoft SharePoint 2010 Products, and then
click SharePoint 2010 Management Shell. You will type the commands in the following steps at the Windows PowerShellcommand prompt.
2. Type the following command to connect the server to a configuration database:
Connect-SPConfigurationDatabase -DatabaseServer "<DatabaseServer>" -DatabaseName
"<ConfigurationDatabaseName>" -Passphrase "<Passphrase>"

where:
<DatabaseServer> is the name of the server that hosts the configuration database
<ConfigurationDatabaseName> is the name of the configuration database
<Passphrase> is the farm passphrase

4. Type the following command to install the Help File Collections:
      Install-SPHelpCollection -All
5. Type the following command to install the Security Resource for SharePoint:
      Initialize-SPResourceSecurity
6. Type the following command to install the basic services:
      Install-SPService
7. Type the following command to install all the features:
     Install-SPFeature -AllExistingFeatures
8. Type the following command to install Application Content:
     Install-SPApplicationContent

Get-SPFarm | Select Servers

To determine the service connection point information for the current farm in AD DS, type the following command in SharePoint 2010 Management Shell:
Get-SPFarmConfig –ServiceConnectionPoint

To list all SharePoint farms in a domain by querying for serviceConnectionPoint objects,
run the following Windows PowerShell script:

#Change DC=Contoso; DC=Com to your target domain name
$Dom = ‘LDAP://CN=Microsoft SharePoint Products; CN=System; DC=Contoso; DC=Com’
$Root = New-Object DirectoryServices.DirectoryEntry $Dom
$sel= New-Object DirectoryServices.DirectorySearcher
$sel.SearchRoot=$root
$adobj=$sel.FindAll()
$adobj | ForEach-Object {$_.Properties.servicebindinginformation}

REGISTER A MANAGED ACCOUNT

Use the New-SPManagedAccount cmdlet to register a managed account by using Windows
PowerShell. To delete a managed account, use the Remove-SPManagedAccount cmdlet.

CONFIGURE NOTIFICATION OF EXPIRING PASSWORDS FOR MANAGED ACCOUNTS

Use the Set-SPManagedAccount cmdlet to configure the settings of a managed account by
using Windows PowerShell. This cmdlet allows you to configure automatic password changes
and all of the other settings that are exposed on the Manage Account page in Central
Administration.

Unfortunately, not all SharePoint accounts are managed accounts. Crawl accounts, use  profile synchronization connection accounts, and accounts in the Secure Store are not managed accounts. Therefore, you must manually change the password for these accounts in AD DS and then update the logon information for the accounts in SharePoint.

INSTALL A FARM SOLUTION IN WINDOWS POWERSHELL

Install-SPSolution –Identity <SolutionFileName> -Time <DateTime> -GACDeployment

<DateTime> is the date and time when you want the solution to be installed. If you omit the –Time parameter, the solution is installed immediately.

Some solutions created in Visual Studio by developers need components added to the Global Assembly Cache (GAC). When this is the case the developer should inform you and you must use the –GACDeployment parameter or the solution will not function fully. When no components need to be added to the Global Assembly Cache, you can omit this parameter.

IMPORTANT REMOVING FARM SOLUTIONS
You can uninstall farm solutions in Central Administration but you cannot remove them from the farm. Farm solutions will remain in the farm solution list and any farm administrator can reinstall them. To remove a farm solution completely, you must use the Windows PowerShell Remove-SPSolution cmdlet as described in the next section.

Uninstall-SPSolution –Identity <SolutionFileName>
Remove-SPSolution –Identity <SolutionFileName>
where <SolutionFileName> is the name of the solution file you uploaded to the farm.