Monthly Archives: June 2011

Wrox Real World Sharepoint 2010 – Chapter 5

[Chapter 5: Using PowerShell with SharePoint 2010]

PowerShell shortcut property:

C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe  -NoExit  ” & ‘ C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\CONFIG\POWERSHELL\Registration\\sharepoint.ps1


$ver = $host | select version

if ($ver.Version.Major -gt 1) {$Host.Runspace.ThreadOptions = “ReuseThread”}

Add-PsSnapin Microsoft.SharePoint.PowerShell

Set-location $home

To explicit declare a type for a cmdlet variable, such as:


you can do this:


** Object pipeline

e.g., C:> Get-SPWeb http://portal/* | where {$_MasterUrl -like “*/v4.master”}}

$_ means the current object in the script block. How do you kow what parameters can be piped into a cmdlet? use “help Get-SPWeb -full”.

You will see Accept Pipeline Input and Accept Pipeline input is True/False.

– Filter:
Get-SPSite – Limit All -Filter {$_Owner – eq “wrox/spadmin”}


C:\> 1..10 | ForEach-Object {
if ($- -eq 5) {continue}
Write-Host $_

you get:

foreach ($i in 1..10) {
if ($i -eq 5) {continue}
Write-Host $i

you get:

Functions and Scripts
function New-ManagedAccount {
$cred=Get-Credential “wrox\spfarm”
return New-SPManagedAccount -Credential #cred

To load a script: (*.ps1)
C:\> . .\Functions.ps1

To accept parameters:
function New-ManagedAccount ([string]$accountname) {
$cred=Get-Credential $accountname
return New-SPManagedAccount -Credential #cred

Check if a variable if NULL:

if ($account -eq $null)

Get-Command -pssnapin Microsoft.Sharepoint.Powershell
returns all sharepoint powershell commands

Get-Command -noun SPService* | sort noun | ft name
returns all commands with “SPService” in name, sorted by name, and return name only.

To see members (properties) of an object:
Get-SPSite http://* | Get-Member

Start- and Stop-SPAssignment – used to dispose of objects after using them.

E.g.,: (Simple)
Start-SPAssignment -Global


Wrox Real World Sharepoint 2010 – Chapter 4

[Chapter 4: Claimed-Based Authentication]

kerberos use a Key Distribution Center (KDC) to safeghuard information and broker ticket issuance. As such, Keberos is commonly known as network-based identity, because Keberos protocol provides third party authentication where a user proves his or her identity by the use of a centralized server.

Bundled identity information in the digtal context is often referred to as a token, or security token. A security token can contain any number of arbitrary claims. Each claim represents a piece of information – referred to as [assertions]. Each of the token is digitally signed to ensure validity.

Each token in a CBA is generated by a security token service (STS). If user has more than one identities, then an [identity selector] is used.

Components of a claimed-based authentication:

** Active Directory Federation services (AD FS) — the central component in a claimed-based environment is STS, and Microsfot’s STS solution is ADFS (ADFS is a STS).  ADFS issues SAML token in response to WS-Trust requests. Supports both active and passive clients. Can be used from a web and client environment.

** Windows Identity Foundation (WIF) —

** Cardspace — Microsoft’s version of identity selector.

Configuring Sharepoint Claim-based authentication: By default, Sharepoint 2010 includes a trusted STS. the web service name in IIS is “SecurityTokenService”.  Use “Get-SPTrustedIdentityTokenIssuer” command to examine the “IdentityClaimTypeInformation”, it is possible to findout exactly what claims Sharepoint is expecting.

In a real world, ASFS 2.0 will be hosted on a separate server.

(P.129, 6/4. 12:24 PM)