Author Archives: rcheing

Introduction to Sharegate and Sharepoint My Sites Migration

I recently had the opportunity to design and implement two Sharepoint migrations.  One was from Sharepoint 3.0 to Office 365 and the other was Sharepoint 2003 to Sharepoint 2013.

For the original project (WSS 3.0 – O365), we originally chose the Dell Sharepoint Migration Suite, however, I encountered a lot of issues with it, mainly the fact that I was having difficulty migrating data because it was very inconsistent, some of it was there and some of it was missing.

In the end, I opted to use a tool called “Sharegate” and I had such good experience with it, that I wanted to write a whole post dedicated to it.  Sharegate’s main feature is the Migrating Tool, but it does include a Sharepoint Management application that can report on anything that you could think of in a customer’s environment.  Need a report for files a certain size?  Got that.  Need a report to audit site collection permissions?  Got that too  Need a report to list the content of every site collection and subsites?  Check that one off too.  It even has a nice tool to find obsolete permissions in your environment and automatically clean them up in preparation to a migration.  Sweet!

The migration interface is pretty easy to use, you just connect to the source Central Admin (or Site Collection or Subsite) and then connect to the destination Central Admin or Sharepoint Administrator in Office 365’s case.  You can then drag and drop the content to be copied and choose to overwrite or merge any differences.  This process can be done with Sharepoint, OneDrive and even Google Drive.  I also love the fact that you can run a pre-migration check report and be able to resolve any issues beforehand, so as to have the smoothest possible run.

Where I think this application excels the most, is the ease of use and how easy it is to map user and group permissions for content you are migrating for which a user is no longer active at your organization.  I was also able to script out the migration to save time and make sure any errors due to configuration of the migration minimized.

For those interested in my Sharegate Migration Powershell Script and how to use it for your My Sites migrations, follow these steps:

  1. Map your users and groups in the Sharegate Migration Tool, if you have no users, I would map the unresolved users and groups at the very least.
  2. In Sharegate, you should have the option to export this list into a SGUM file.
  3. Create a CSV file with the following headers, SourceURL, DestinationURL and sAMAccountName.  Populate these fields accordingly.  My CSV and Powershell was tailored specifically to migrate My Sites which is why you see the sAMAccountName field, which should be populated with the username of the person’s My Site who you are migrating.
  4. Put the CSV and SGUM file into the same folder as the below Powershell and run it.  I like to run it in the Powershell ISE.  The script will create a report for each user that it migrates.
#Import the Sharegate Powershell module.
Import-Module Sharegate

#Import CSV file with 3 columns; SourceURL, DestinationURL, sAMAccountName 
$table = Import-Csv -Path "C:\Script\SP2013-MySites-Restart.csv"
#Import user and group mappings from GUI exported file
$usermappings = Import-UserAndGroupMapping -Path "C:\Script\UserAndGroupMappings.sgum"

#Uncomment for incremental copy settings and uncomment copysettings parameter in line 22 "Copy-Site"
$copysettings = New-CopySettings -OnContentItemExists IncrementalUpdate

#Loop through each row in the CSV file
ForEach ($row in $table)
 #Set variables based on CSV columns
 $srcSite = Connect-Site -Url $row.SourceURL
 $dstSite = Connect-Site -Url $row.DestinationURL
 $username = $row.sAMAccountName

 #Copy site and capture migration results
 $result = Copy-Site -Site $srcSite -DestinationSite $dstSite -MappingSettings $usermappings -Merge -Subsites -InsaneMode -CopySettings $copysettings
 #Export results to Excel workbook
 Export-Report $result -Overwrite -Path C:\Script\MySites-Results\$username.xlsx

Sharepoint 2010 Foundation SP2 is supported on Windows Server 2012!

Recently, I built out a Windows Azure System Center “cloud lab” environment.  I needed to install the Service Manager 2012 R2 Self-Service Portal which according to Kevin Holman’s SCSM 2012 R2 Quick Deployment Guide is supported on a Windows Server 2008 R2 and Sharepoint 2010 platform.

Well….it still requires either a full blown Sharepoint 2010 or Foundations installation.  However, Windows Server 2012 R2 is supported using the Sharepoint 2010 Service Pack 2 update.

Go ahead and grab Sharepoint 2010 Foundations SP2 and install away on your Windows Server 2012 R2 servers!

PowerShell: Creating a Cloud Service Azure Virtual Machine

While creating my Azure System Center cloud lab, I found it too cumbersome to provision new virtual machines.  Below is a powershell script I created to provision a new server, either Windows Server 2012 Datacenter or Windows Server 2008 R2.  The script also handles assigning a virtual network subnet, VM name, static IP and also joining the server to Active Directory.

I will go over how my lab is setup on Azure in a separate post, but in summary you will need to have a virtual network assigned to a region and have associated a cloud service to the virtual network.  You will also need to have already provisioned a storage account.

Now without further delay….the powershell code:

#Set Azure Subscription and Storage Container

$Subscription = "Pay-As-You-Go"
$Storage = "Storage Account Name"

Set-AzureSubscription -SubscriptionName $Subscription -CurrentStorageAccount $Storage

#Image Name - "Windows Server 2012 R2 Datacenter" or "Windows Server 2008 R2 SP1"
$Image = (Get-AzureVMImage |
Where { $_.ImageFamily -eq "Windows Server 2012 R2 Datacenter" } |
sort PublishedDate -Descending | Select-Object -First 1).ImageName

#VM Details
$VM = "VM Name"
$ServiceName = "Cloud Service Name"
$Location = "East US"
$VMSize = "Medium"
#Extra Small (A0) Shared 768 MB $0.02 (~$15/month)
#Small (A1) 1 1.75 GB $0.09 (~$67/month)
#Medium (A2) 2 3.5 GB $0.18 (~$134/month)
#Large (A3) 4 7 GB $0.36 (~$268/month)
#Extra Large (A4) 8 14 GB $0.72 (~$536/month)
$Domain = ""
$IP = "X.X.X.X"
$Subnet = "Subnet-1"
$TimeZone = "Eastern Standard Time"
$OU = 'CN=Computers,DC=ddomain,DC=com'

#Domain Join Credential
$AdminUser = "ADJoinAccount"
$AdminPasswd = "StrongPassword"

#Local Administrator Credential
$UserID = "LocalAdmin"
$Passwd = "StrongPassword"

#Create VM
New-AzureVMConfig -Name $VM -InstanceSize $VMSize -Image $Image -DiskLabel "OS" |
Add-AzureProvisioningConfig -WindowsDomain -AdminUserName $UserID -Password $Passwd -Domain $Domain -DomainPassword $AdminPasswd -DomainUserName $AdminUser -JoinDomain $Domain -TimeZone $TimeZone -MachineObjectOU $OU |
Set-AzureSubnet -SubnetNames $Subnet |
Set-AzureStaticVNetIP -IPAddress $IP |
New-AzureVM -ServiceName $ServiceName -Location $Location

System Center Universe 2015! Secure your spot! (Microsoft – Ft. Lauderdale, FL)


One Day. One Universe. One Cosmic Event. Back for its FOURTH year, it’s SCU 2015! 

Join us for this globally-available interactive experience spanning 6 continents, hosted by Catatpult Systems. This year, SCU will feature TWO FULL breakout tracks, allowing for more speakers, content and subject matter deep dives. Hear from an all-star cast of presenters including Microsoft technical visionaries and MVPs while interacting with worldwide user group
communities such as myITforum during the live event. At SCU 2015, you will gain insider knowledge around System Center, Microsoft Azure, Enterprise Mobility Suite, Windows Server and more!

Post event, continue your worldwide engagement with SCU-sponsored communities and user groups as well as SCU Network broadcasts. Don’t miss your chance to get in on the action!

View the live simulcast and engage in the conversation. Breakfast, lunch and snacks will be provided throughout the day for all attendees. 


Brad Anderson | Wally Mead | Anders Bengtsson | Cameron Fuller (MVP)

Dieter Wijckmans (MVP) | Jason Sandys (MVP) | Johan Arwidmark (MVP)

John Savill (MVP) | Kent Agerlund (MVP) | Kirk Munro (MVP) | Maarten Goet (MVP)

Marc van Eijk (MVP) | Pete Zerger (MVP) | Roman Yuferev | Symon Perriman

Travis Wright (MVP)


Troubleshooting SCEP Anti-Malware Policies on Clients.

Today I want to talk about how to troubleshoot System Center Endpoint Protection (SCEP) anti-malware policies on your client PCs.  Since the introduction of SCCM 2012 SP1, a new feature called “Client Side Merge” was introduced.  Basically, if multiple anti-malware policies are targeted to the same collection, the policy with the highest priority wins when there are conflicting settings.

For a quick overview of which policies are being applied, you can open the log at C:\Windows\CCM\Logs\EndpointProtectionAgent.log or you can open the SCEP client, click on the drop down arrow next to the “Help” menu and choose “About”.  This will bring up a window with a list of all policies being applied, however, this will not tell you which one has the highest priority.


SCEP Client:

So, how do you figure out which policies are being applied to the client PCs and which one has the highest priority and its settings are being merged?

Method 1:  Check the Windows Registry

  1. Open regedit.exe on the client PC.
  2. Navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy
  3. You will see a list of all anti-malware policies along with all merged settings which are shown with a value of “0x00000002”.  In the screenshot below, you can see that “SWS EP VIP Policy” has all its settings merged into the other two policies.  This is because this policy has the highest priority among the other two policies; causing its settings to be merged with the others.

Method 2:  Command-line Windows Registry query

  1. Open a command-prompt in administrative mode.
  2. Run the following command:
    reg query HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy /f 2 /d
  3. You will see the below output showing the merged settings from the policy with the highest priority:

References:  Niall Brady

Simple ways to test SQL connectivity

While installing Configuration Manager 2012 R2, you may have a problem connecting to the remote SQL server.  Here are some ways you can use to test remote SQL connectivity from your Primary SCCM server:

  1. Telnet to the SQL server’s listening port on 1433.  This approach will require a telnet client.  To install the native telnet client on Windows 7/8.1, run the command "OptionalFeatures.exe" and then place a checkmark next to “Telnet Client” and click on OK.
    To use telnet.exe to connect to the SQL server’s port 1433, open a command prompt and type "telnet.exe <sqlserverhostname_or_ip> 1433".  If connection fails, troubleshoot your SQL server accordingly.  A successful connection will appear as a blank screen:
  2. Create an ODBC System DSN to see if connection is successful.  To add a “System DSN” open the ODBC Data Source Administrator by running the following command "C:\Windows\System32\odbcad32.exe" (64-bit) or "C:\Windows\SysWOW64\odbcad32.exe" (32-bit).  Then click on the “System DSN” tab and click on “Add…”.
    Select “SQL Server” and click on Finish.
    In the “Create a New Data Source to SQL Server” window, name the data source anything you want as we won’t be saving this connection – it’s just a connectivity test.  In the “Server” field enter your SQL server’s hostname or IP.
    Leave the next screen on defaults and continue.
    Again, leave the next screen on defaults and continue.
    The next screen you can also leave on defaults and click on Finish.
    In the configuration summary window, click on “Test Data Source…”.
    If test was successfull, you will see the below message.
  3. Last but not least and probably the less intrusive way of testing SQL connectivity is by use of Universal Data Link files (.UDL).  This method does not require the installation of a telnet client or has as many steps as the “System DSN” method and support for this method is built into every windows version.  You can delete the file afterwards to “clean-up” the system.  Right-click anywhere on your desktop and select “New”, then “Text Document”.
    Name the text document anything but make sure to change the “.TXT” to “.UDL”.  Then double-click on the resulting file.
    Double-click on the .UDL file and type the hostname or IP of your SQL server, then select a user account with permission to the SQL server and select a database.  Then click on “Test Connection”.
    If connectivity test was successful, you will receive the below message:

This isn’t an exhaustive guide to testing SQL connectivity.  Your mileage may vary depending on what the root cause of your connectivity issue, but these steps will certaintly start you off in the right direction.

How to create a collection of computers by installed software.

We’ve all been there, needing to create collections of computers by installed software in SCCM.  Sometimes even needing to list computers that have two or more installed software on them.

So how do you create these collections?  Read on below…

For this example, I am going to create a collection that will list all computers with “iTunes”.  Then I will show you how to add multiple software.

  1. In “Assets and Compliance” go to your Device Collections and right-click and choose “Create Device Collection”.
  2. In the “Create Device Collection Wizard” enter a name for this new collection and you will want to limit the search to either “All Systems” or another collection of your choosing.  I have about 3000 clients in the All Systems collection so I will choose another smaller collection for this example.
  3. In the next screen, click on “Add Rule” and then click on “Query Rule”.
  4. In the “Query Rule Properties”, enter a name for this query, “All computers with iTunes” and then click on “Edit Query Statement..”
  5. In the next window, you’ll want to click on “Show Query Language” and then copy/paste the below code and click on OK:
    inner join
    SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId
    SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "iTunes%"
    SMS_G_System_ADD_REMOVE_PROGRAMS.Version like "%" order by SMS_R_System.Name

  6. Once back in the “Query Rule Properties” window, click on OK to close and go back to the “Create Device Collection Wizard” where you can add more direct rules, query rules or include/ exclude collections.  For now, click on Next.
  7. In the Summary step, click on Next.
  8. Once complete, click on Close.
  9. You will notice that the icon for your new collection is refreshing and that your member count will be “0”.
  10. Wait a few moments before right-clicking and selecting “Refresh” or press F5.
  11. All done!

To add additional software to the collection, you can add a separate query to the collection’s properties by modifying the line in the code which specifies the software to search for, but keep in mind this will result in an “OR” operation meaning it will list computers with either one or the other.  If you want an “AND” operation then just modify the search criteria on the existing query:

  1. Right-click on the collection and click on Properties.
  2. In the ‘Membership Rules” tab click on Edit.
  3. You can update the query name in the “Query Rule Properties” window or just click on “Edit Query Statement…”
  4. Click on the “Criteria” tab and then select the toolbar button which looks like a yellow star.
  5. Choose the “Installed Applications” attribute class and the “Display Name” attribute and then click on OK.
  6. Change the operator to “is like” and then type the software title in the “Value” input box and make sure to include the wildcard “%” (not required if you want a specific title and are sure of the spelling).
  7. You will notice that the new software title has been added with an “AND” operator.  You can also change the operator to an “OR” using the button second from last which reads “&|”.  Click on OK.
  8. Back at the “Query Rules Properties” click on OK to close this window and then click on “Apply” or “OK” in the collection properties window to save the new changes.
  9. Again wait a few minutes before refreshing and it should update the collection membership as long as it finds the specified software on other computers.

South Florida System Center Users Group – LinkedIn

If you are a System Center professional living in South Florida or are interested in networking with a System Center professional in South Florida, make sure to join our user group on LinkedIn.

It was started on January 30, 2014 and we are planning on meeting at least twice a month with permission to use Microsoft’s Fort Lauderdale campus and other venues to meet.

For any questions, please contact the group’s owner, fellow colleague, Balaji Karrupuswamy or feel free to browse directly to the group’s link.

See you soon!

System Center Universe 2014

I know it’s been almost a month since System Center Universe 2014 was held in Houston, TX.  There were many industry experts that served as guest speakers, a few names I’m sure you all have heard, Kent Agerlund from Coretech and Wally Mead from Microsoft’s Configuration Manager team.

While all presenters entertained us with a wealth of information, industry tips and tricks and excellent demos, the very first presentation by Kent Agerlund stood out the most to me.  His presentation titled “Become the Hero in the Datacenter” (link to his PowerPoint deck), featured all open source tools meant to making the administration of your SCCM infrastructure much easier.  Make sure to check out his blog entry for a listing of all tools he discussed during his presentation.

If you did not attend either in person or via live stream, I would suggest to not miss next year’s session as there is a treasure trove of information that is discussed.

Recordings: To view the presentations from this year’s conference, please view thevideo playlist.

PowerPoint Presentations: To download the speakers’ PowerPoint presentations, click here.

Manage Microsoft Office 2013 volume licensing via command-line.

Microsoft Office 2013 ships with a great utility to manage volume licensing in the form of VBScript.  You can use it to manage volume licensing for the local computer or even a remote computer; provided you enter credentials with administrative access to the remote system.

This VBScript is called OSPP.VBS and is located here:

%ProgramFiles%\Microsoft Office\Office15\OSPP.VBS

To run this file, open a command prompt in administrator mode and change directory to the above path.

Some common switches I use are below:

  • Activating a license
    cscript.exe ospp.vbs /act
  • Resetting a license
    cscript.exe ospp.vbs /rearm
  • Status of a license
    cscript.exe ospp.vbs /dstatus
  • Input a new key
    cscript.exe ospp.vbs /inpkey:<KMS/MAK volume key>
  • Removing a license (You need to get the last 5 characters of the license to be removed via /dstatus)
    cscript.exe ospp.vbs /unpkey:<last 5 of volume license to be removed>
  • Manually set KMS host
    cscript.exe ospp.vbs /sethst:<FQDN of KMS host>
  • Manually set KMS host port
    cscript.exe ospp.vbs /setprt:<port - 1688 is default>
  • Manually configure DNS domain in which KMS SRV records are found
    cscript.exe ospp.vbs /skms-domain:<FQDN>
  • Of course if you need help, you can always display the full switch list by running
    cscript.exe ospp.vbs

You can also combine several commands into one continuous command to achieve several actions.  For example, to manually configure a KMS host, port and activate, use the following command:

cscript.exe ospp.vbs / & cscript.exe ospp.vbs /setprt:1688 & cscript.exe ospp.vbs /act


Also, here is a link to the KMS client setup keys for VL Office activations.  I hope this aids you with replacing and deleting volume licensing without having to reinstall the entire Microsoft Office Suite.