AD Groups and SharePoint Groups

Choosing between AD Groups and SharePoint Groups. What is the best approach for assigning permission levels in SharePoint?

Here are some guidelines:

A general rule of thumb is the less security principals you have, the more scalable your security design will be.  In other words, it is easier to assign permission levels to 1 group than 100 users.

Avoid assigning permission levels directly to user accounts—use either an Active Directory (AD) group or a SharePoint group to contain the users.  If there is a one-to-one mapping between an AD group and a SharePoint permission level, you could assign permissions to the AD Group rather than creating a SharePoint group, but if you always use a SharePoint group, you have a clean way to add more users/groups later if you need to.

Use SharePoint groups over AD security groups.   You can delegate control of SharePoint groups to site administrators.  If you use AD groups, there could be a bottleneck getting users added/removed from them since only a select few in the organization have permissions.  Another issue with AD groups is you cannot view the members in SharePoint, making it difficult to determine who has access to what.

Difference between SharePoint Groups and AD Groups:

Domain Groups

•       Normally created and maintained by the IT department
•       Can be used across different SharePoint sites and site collections
•       Organizations may already have good AD group structures that map well to your SharePoint implementation
•       Groups can be nested - e.g. you can add another AD Group as a member to an existing AD group
•       No features for users to submit a request to join a group

SharePoint Groups

•       The creation of groups can be done by business users
•       When a group is being created, you can define who "owns" the group
•       Can allow users to submit a request to join a group
•       Can determine who has permissions to see the users within groups
•       Groups are created within a particular Site Collection - cannot be used in other site collections
•       You cannot add a SharePoint Group as a member of another SharePoint group (no nesting)
•       SharePoint Groups cannot be used in other systems (e.g. network Shares)
•       The SharePoint Groups are separate from Active Directory - so you can go wild with the SharePoint Groups without upsetting your AD administrator

References:
http://www.sharepointblogs.com/johnwpowell/default.aspx
http://guru-web.blogspot.com/2007/10/difference-between-sharepoint-and-ad.html

Increase size for incoming e-mails in SharePoint

Recently we had an issue for receiving emails with larger file attachments in SharePoint. Here is how we fixed this issue.

Note: We have maximum email size set to 10 MB in MS Exchange. So MS Exchange will not allow any emails bigger than 10 MB. Also default setting for maximum email size in SMTP Virtual server is 2 MB.

Steps to modify SMTP Virtual Server properties and increase incoming email size limit to accept bigger emails in SharePoint.

1. Open IIS on SharePoint Server where SMTP Virtual Server is hosted.

2. Right click on Default SMTP Virtual Server and select properties.

3. Click on "Messages" tab of Default SMTP Virtual Server Properties.

4. Change "Limit message size to(KB)": 10240

5. Change "Limit session size to(KB)": 51200

6. Click "Apply" and then "OK" button at the bottom.

- We can NOT increase this limit more than 10 MB (10240 KB) because this is the maximum email size allowed in MS Exchange.

- You will not be able to receive emails bigger than 10 MB even by setting this limit to 20 MB or more. (Provided you have maximum email size set to 10 MB in MS Exchange Server of your company).

SQL queries for analyzing SharePoint farms

=====================================================
Query to get total number of items in each list of SharePoint farm:
=====================================================

Use SP_DB01

select

case when webs.fullurl = ''

then 'Portal Site'

else webs.fullurl

end as [Site Relative Url], webs.Title As [Site Title],

case tp_servertemplate

when 104 then 'Announcement'

when 105 then 'Contacts'

When 108 then 'Discussion Boards'

when 101 then 'Docuemnt Library'

when 106 then 'Events'

when 100 then 'Generic List'

when 1100 then 'Issue List'

when 103 then 'Links List'

when 109 then 'Image Library'

when 115 then 'InfoPath Form Library'

when 102 then 'Survey'

when 107 then 'Task List'

else 'Other' end as Type, tp_title 'Title', tp_description As Description, tp_itemcount As [Total Item]

from lists inner join webs ON lists.tp_webid = webs.Id

Where tp_servertemplate IN (104,105,108,101, 106,100,1100,103,109,115,102,107,120)

order by tp_itemcount desc

Note: Repeat above query for each SharePoint content database.

==========================
Query to find all site collections:
==========================

Use SP_DB01

Select SiteId, FullUrl, Title, Author, TimeCreated
From Webs
Where ParentWebId IS NULL

Note: Repeat above query for each SharePoint content database.

=======================================================================================
Query to get Site Collection Statistics - Created, Owner, Contents size, Bandwidth usage, Last Modified etc.
=======================================================================================

Use SP_DB01

select distinct a.fullurl as [SiteUrl], a.TimeCreated as Created,

b.tp_login as [SiteAdmin],

sum(cast(c.size as decimal))/1024/1024 as [recyclebin],

cast(d.bwused as decimal)/1024/1024 as [BandwidthUsed],

cast(d.diskused as decimal)/1024/1024 as [SiteSize],

cast(d.diskquota as decimal)/1024/1024 as [SiteMaxQuota],

d.id as [SiteID],(select db_name(dbid) from master..sysprocesses where spid=@@SPID) as [Content_DB],

(select @@servername) as [ServerName],

d.lastcontentchange as [LastContentChange],

(select datediff(day,d.lastcontentchange,current_timestamp)) as [DaysSinceLastChange]

from webs as a inner join

sites as d on a.siteid=d.id inner join

userinfo as b on a.siteid=b.tp_siteid left join

recyclebin as c on a.siteid=c.siteid where b.tp_siteadmin = '1' and a.parentwebid is null

group by a.fullurl, b.tp_login, d.diskused, d.id, d.bwused, d.diskquota, d.lastcontentchange, a.TimeCreated

Order by a.fullurl

Note: Repeat above query for each SharePoint content database.

References:
http://blogs.technet.com/corybu
http://www.codeplex.com/MSITSRF
http://www.codeproject.com/KB/dotnet/QueriesToAnalyzeSPUsage.aspx