The blogs of Black Marble staff

Setting SharePoint 2013 User Profile Service Application Permissions Using PowerShell

My last post about the SharePoint 2013 MySite Newsfeed and required additional permissions on the User Profile Service Application dealt with adding the required permissions to the UPSA using the SharePoint 2013 GUI. Alternatively, you can add the required permissions using PowerShell:

#Grab a reference to the User Profile Service Application $serviceapp = Get-SPServiceApplication | where {$_.DisplayName -eq "User Profile Service Application"} #Return the SPObjectSecurity object for the Service Application $security = Get-SPServiceApplication $serviceapp | Get-SPServiceApplicationSecurity #Setup our claim provider $claimprovider = (Get-SPClaimProvider System).ClaimProvider #Specify the required principal $principal = New-SPClaimsPrincipal "Domain\UPSAppAccount" -IdentityType WindowsSamAccountName #Grant the required permissions on the Service Application Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control" Set-SPServiceApplicationSecurity $serviceapp -ObjectSecurity $security

Using PowerShell allows us to add this part of the configuration to a script rather than having a manual step to perform once the PowerShell has completed (as we all know, these additional manual steps tend to get forgotten).

Did I delete the right lab?

It was bound to happen in the end, the wrong environment got deleted on our TFS Lab Management instance. The usual selection of rushing, minor mistakes, misunderstandings and not reading the final dialog properly and BANG you get that sinking feeling as you see the wrong set of VMs being deleted. Well this happened yesterday, so was there anything that can be done? Luckily the answer is yes, if you are quick.

Firstly we knew SCVMM operations are slow, so I RDP’d onto the Hyper-V host  and quickly copied the folders that contained the VMs scheduled to be deleted. We now had a copy of the VHDs.

On the SCVMM host I cancelled the delete jobs. Turns out this did not really help as the jobs just get rescheduled. In fact it may make matters worse as the failing of jobs and their restarting seems to confuse SCVMM, took it hours before it was happy again, kept giving ‘can’t run job as XXX in use’ and losing sight of the Hyper-V hosts (needed to restart the VMM service in the end).

So I now had a copy of three network isolated VM, so I

  • Created new VMs on a Hyper-V host using Hyper-V manager with the saved VHDs as their disks. I then made sure they ran and were not corrupted
  • In SCVMM cleared down the saved state so they were stopped (I forgot to do this the first time I went through this process and it meant I could not deploy the stored VMs into an isolated environment, that wasted hours!)
  • In SCVMM put them into the library on a path our Lab Management server knows about (gotcha here is SCVMM deletes the VM after putting it into the library, this is unlike MTM Lab Center which leaves the original in place, always scares me when I forget)
  • In MTM Lab Center import the new VMs from the library
  • Create a new network isolated environment with the VMs
  • Wait……………………….

When it eventually started I had a network isolated environment back to the state it was when we in effect pulled the power out. All took about 24 hours, but most of this was waiting for copies to and from the library to complete.

So the top tip is try to avoid the problem, this is down to process frankly

  • Use the ‘mark a in use’ feature to say who is using a VM
  • Put a process in place to manage the lab resources. It does not matter how much Hyper-V resource you have you will run out in the end and be unable to add that extra VM. You need a way to delete/archive out what is not currently need
  • Read the confirmation dialogs, they are there for a reason

Powershell ISE–Windows 8

It’s been a while since I have used PowerShell on a client operating system. I have been running Windows 8 for a while now, but have not needed to use Powershell. I wanted to write a small Powershell and thought I would use the ISE (Integrated Scripting Environment) provided by Microsoft. I was surprised to find that when i hit the Windows key and searched for Powershell, the console appeared but nothing appeared for the ISE.


I thought it must be that I needed to enable a Windows feature or download it from Microsoft. Before trying both of those options I decided to fire up an instance of PowerShell and see if i could launch the ISE.


Which did launch the ISE for me.


As a shortcut if i type ‘Powershell ise’ in the start search box it will launch an instance of Powershell and execute the command to launch the ISE.

New book from Gojko Adzic ‘Impact Mapping’

A common problem with getting software developed is the needing to get everyone aiming for the same goal. This too often gets lost in the development process; the real goal of the business is not communicated to the development team.  It maybe that the goal professed by the business is not the one they even really want, but their current viewpoint obscures the true goal.

In this new book from Gojko Adzic provides a excellent introduction to Impact Mapping as a tool to help address this problem. It describes using workshops and simple graphical tools as a way to tackle this problem of keeping an eye on the true goal. These are tools to use well before starting down the user story/ALM path to make sure the goal of your project is sound, known and measurable.

This is a refreshingly thin books that should be easily accessible to anyone involved in software projects irrespective of their technical skill level or team role. Well worth a look by everyone

TFS 2012 - TfsSyncIdentities

Update 17/12/2012: Neno has now published his official 2012 version. The .exe can be found here

A number of our customers use the TfsSyncIdentities tool by Neno Loje. When running the TfsSyncIdentities on a 2012 instance the following error appeared:


I fired up an instance of ILSpy to try to understand what the application was doing. It turns out that the application is using a service reference to call to the JobService web service.

My guess was that the web service had changed in some way in 2012. I created a new console application in visual studio and copied the code from the Main method disassembled in ILSpy and placed it in my application. I then added a service reference to http://TFS:8080/tfs/TeamFoundation/Administration/v3.0/JobService.asmx. Once I added the required references, I had to change the following method call from:

   1: jobWebServiceSoapClient.QueueJobsNow(new Guid[]  
   2: {  
   3: Guid.Parse("544dd581-f72a-45a9-8de0-8cd3a5f29dfe")  
   4: }, true);]


   1: jobWebServiceSoapClient.QueueJobs(new Guid[]
   2: {  
   3: Guid.Parse("544dd581-f72a-45a9-8de0-8cd3a5f29dfe")  
   4: },true, 0);

Hit F5 and you should have a TfsSyncIdentities application that works with TFS 2012. When run against a 2010 instance the sync still ran successfully with the new version of the application.


Black Marble at the 2012 Abbey Dash

Another good turn out this year for the Age UK Abbey Dash 10K in Leeds. Over 9000 runners this year, certainly seemed much busier than previous years.



Again Black Marble had staff members running. As with last year we did a wisdom of crowds based handicap race for the impressive Black Marble trophy (we all estimate each others expected times, the winner is who beats mean estimate the most). This year there was a tie to the second between Jon and Becky, who are as we speak negotiating over trophy sharing for the next year.


Congratulations to all who took part, I am sure plenty of good causes benefited from the efforts of everyone who ran

Upcoming free events from Black Marble

Winter is rushing on, so it is time for a new season of Black Marble events in Yorkshire.

21 Nov 2012 (All day) - Whats New in SharePoint 2013

All the updates and announcements from the Microsoft SharePoint Conference around SharePoint 2013.

27 Nov 2012 (AM) - An Introduction to Windows 8 Development

We welcome Microsoft Evangelist Mike Taulty to present a morning on Windows 8 for developers.

27 Nov 2012 (PM) - ReBuild

Bringing the key announcements and developments from Microsoft Build about Windows 8

5 Dec 2012 (All day) - Architecture Forum in the North 5

Our Architecture Forum returns, now in its 5th year, and Black Marble and Microsoft once again invite you to join us for a unique opportunity to learn about the latest technologies and best practices from luminaries in the field of computing.

17 Jan 2013 (AM) - A Windows Azure Update

Take time to out to explore a round-up of what’s new in Windows Azure from the last 12 months. Join our experts for their views on what’s been happening, what’s coming and how it will impact your business.

30 Jan 2013 - The Tenth Annual Technical Update - AM

From Windows 8 to Windows Phone 8, to Visual Studio 2012 and SharePoint and Office 2013 – join us as ever for our views on the new releases, as we focus on the story for IT managers and Business Decision Makers.

30 Jan 2013 - The Tenth Annual Technical Update - PM

From Windows 8 to Windows Phone 8, to Visual Studio 2012 and SharePoint and Office 2013 – join us as ever for our views on the new releases, as we focus on the story for developers and Technical Decision Makers.

For full details and registration check out the Black Marble site

Why does ‘Send to > email link’ in SharePoint open Chrome on my PC?

I must have clicked something in error on my Win 8 PC as when I open one of our SharePoint 2010 sites and select a file, right clicked and selected Send To > Email Link instead of an Outlook email opening my PC tries to open Chrome.

A bit of quick digging showed the issue was that the file association for mailto: was wrong. You can check this setting in IE > Internet Options > Programs > Internet Programs > set Programs (button)


Once I changed this to Outlook I got the behaviour I expected