Find and export the list of users who has not completed About Me section in their Office 365 profile

This is the article 08 in this series.

Having a complete profile in Office365 is not just a benefit for user himself, but for the entire organization which directly impacts on productivity. A finished profile leads to better visibility and eventually results in faster communications across hundreds of thousands of employees in an enterprise setup. Ultimate idea of Office Delve (latest interface of profile comes with more capabilities such as recent activities) is to provide overall insights of a user information and his activities/engagements which makes obvious sense for anyone.

Nevertheless, none of these would be in action unless you have a complete profile with basic details entered in. No matter how much HR would try to push, we still spot a lot of random users who haven’t completed their profiles.

With this short and sweet article series, I’m trying to give you the steps that we followed during the identifying process as requested by our HR. screenshots may differ than our production setup, but you surely will get the point here.

I had to use some PowerShell scripting to get this list out from Office 365 and generate a CSV file for each criteria so that HR can directly reach out to the user via emails and advice to take an action to update the profile on the spot. As a result, we were able to get 100% completeness of profiles across a 5000+ employee organization.

There is no out of the box reporting when it comes to Profile Completeness in Office 365, therefore we have no option other than PowerShell. PowerShell is the ultimate tool for O365 administration, whenever graphical interface has a barrier, hence, make sure you dig around it to understand its capabilities to go beyond.

FINDING USERS WITH EMPTY ABOUT ME SECTION IN THEIR PROFILE (This Article)

In this article I’m trying to explain the steps it takes to find out the users who has not filled “About Me” section in their Office 365 profile (or simply, delve profile).

So here we go, following are the requirements before we get started:

• Azure AD PowerShell Module – download here
• Azure AD Administrator rights
• SharePoint Online Administrator rights
• SharePoint Online PnP Module – Download here

Script steps breakdown:

First and foremost, we need to fetch the Office365 credentials and then connect to both SharePoint Online Admin Centre and Azure Active Directory.

$cred = get-Credential
Connect-AzureAD -Credential $cred
Connect-PnpOnline -Url https://mantoso-admin.sharepoint.com/ -Credentials $cred

Then let’s fetch all users in this tenant, who are internal to the company and that have at least one license assigned to them.

$Users = Get-AzureADUser | Where {$_.UserType -eq 'Member' -and $_.AssignedLicenses -ne $null}

Now to create an empty array in which we will later store the output (user list who has not filled the About me field).

$NoAMUsers = @()

Now we will dig in through each user, and check if they hold a SharePoint profile (This is because About Me field is hosted in SharePoint online, not in Azure AD). If the property exists, and empty, it simply means the About me section has not filled by this user.

foreach ($user in $Users) 
{
    $SPProfile  = Get-PnPUserProfileProperty -Account $user.UserPrincipalName -ErrorAction SilentlyContinue
        if ($SPProfile -ne $null)
        {
          if ($SPProfile.UserProfileProperties.AboutMe -eq "")
            {
               $NoAMUsers += $user
            }
        }
}

And, finally we can export the SharePoint result to a CSV through below part.

$NoAMUsers | Select DisplayName, UserPrincipalName | Export-Csv -Path "C:\Tools\reports\NoAMUsers.csv" -NoTypeInformation

If you need to obtain a similar report on other user criteria’s, here are the other articles of this series which would help you to achieve it.

1. Find and export list of users with no Manager Name set in Office 365 profile:
2. Find and export list of users with no Manager Name set in Office 365 profile:
3. Find and export list of users with no Profile Picture set in Office 365 Account:
4. Find and export list of users with no Birthday set in Office 365 profile:
5. Find and export list of users with no Country set in Office 365 Profile:
6. Find and export list of users with no Department set in Office 365 Profile:
7. Find and export list of users with no Skills Defined in Office 365 profile:
8. Find and export the list of users who has not completed About Me section in their Office 365 profile

DISCLAIMER NOTE: This is an enthusiast post and is not sponsored by Microsoft or any other vendor.

Advertisement

SharePoint online external content sharing–Anonymous option grayed out

If you are staring at the screen what would have gone wrong with anonymous external sharing option which stays grayed out even after enabling the functionality from the Admin center, you are not alone as it seems to be a well-known issue. You can keep trying the Admin portal interface but this post is for those who didn’t got it sorted.

The usual place to look at when you need to enable this option in  SharePoint online is the Admin Centers —> SharePoint —> Sharing —> Sharing outside your organization

If the following options are enabled, you should be able to see the Anonymous option in the sharing prompt.

If you still do not see the option, you can go ahead and try this PowerShell code to enable this manually. This will immediately enable the functionality in your tenant.

1. Firstly, download and install SharePoint online management shell from here

2. Then find it from the start menu and run it with elevated permissions (Run as Administrator)

Run the following lines one by one (Customize the advised values to match your organization and URLs)

$adminUPN=”Admin Email address” (user the admin account you use to login to your office 365 Admin portal)

$orgName=”YourOrgname” (use initial domain, initialdomain.onmicrosoft.com)

$userCredential = Get-Credential -UserName $adminUPN -Message “Type the password.” (Don’t change anything here, the “type the password” is for the prompt textbox only)

You will be prompted for credentials verification. Provide the username/password and hit ok.

Connect-SPOService -Url https://$orgname-admin.company.com -Credential $userCredential (no change here either)

And here’s the final step. Do not run this for all site collections. Find out which are the ones requires external sharing and run it for those sites only.

Set-SPOSite -Identity https://myorg.sharepoint.com/sites/ExternalSiteName -SharingCapability ExternalUserAndGuestSharing

Change the link above with the site you want to enable the external sharing with.

Once PowerShell command returns the success, refresh the browser and you will see the feature enabled.

Azure AD App Only Authentication

In a simple way, App Only authentication is the ideal method if you want to execute  a task by daemon. This allows you to execute some code without the permissions of a user or without an auth token of a user.

As part of a series of articles, idea of this 1st post is to give you an basic  fundamental understanding on creating an Azure AD App and grant permissions for this App to communicate with SPO.

let’s get this started. Simply head on to your Office365 home page and switch to Admin Centers. From the left pane, click on “Azure Active Directory”. From Azure AD, search for “App Registrations” and click “Add new application registration” link.

A new application interface will pop-up for you. Enter a name, Application type and Sign-on URL and click “Create”. Sign-in URL can be any and it also can be amended later to reflect a different one. A future post will discuss this again on what sort of URLs are used here.

 

Once the app creation done, you will be given with the app ID and other details related to it.

Next- Select Settings –> Required permissions and Add

In this case the API going to be SPO. You can choose the right API based on the requirement.

Next, hit “Grant Permission” button on the required permissions tab to provide none-tenant admin user access the application.

A self-signed or public (commercial) certificate must be provided now and then update the Azure AD manifest accordingly.

Following PS can be used to provision the certificate but ensure you have installed OfficeDev PnP PowerShell.

$certroot = 'C:\Site Creator'
$certname = "IntelAi-Cert-1"
$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force
$startdate = Get-Date
$enddate = $startdate.AddYears(4)
makecert.exe -r -pe -n "CN=$certname" -b ($startdate.ToString("MM/dd/yyyy")) -e ($enddate.ToString("MM/dd/yyyy")) -ss my -len 2048
$cert = Get-ChildItem Cert:\CurrentUser\My | ? {$_.Subject -eq "CN=$certname"}
Export-Certificate -Type CERT -FilePath "$certroot\$certname.cer" -Cert $cert -Force
Export-PfxCertificate -FilePath "$certroot\$certname.pfx" -Cert $cert -Password $password -Force

Following line will copy a string to your clipboard

Get-PnPAzureADManifestKeyCredentials -CertPath 'C:\Site Creator\IntelAi-Cert-1.cer' | clip

Following is how the copied string would look like. It has to be added to the manifest file of the Azure AD application.

"keyCredentials": [
 {
  "customKeyIdentifier": "5lca+kziogw7T6MB4kUrxseK5m8=",
  "keyId": "84153f1a-90b7-4802-b99a-bb75d4f9a35b",
  "type": "AsymmetricX509Cert",
  "usage": "Verify",
  "value": "MIIDAjCCAe6gAwIBAgIQkawCJU0cWYxH8RamKNuqqTAJBgUrDgMCHQUAMBkx
 }
],

Select your application under app registrations in Azure AD. Replace the “KeyCredentials”:[], section, as shown below.

Now this can be tested whether the application has required permissions to connect to the SharePoint Online site. For the ClientID, you need to provide application ID of the app you have created.

$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force
Connect-PnPOnline -Url https://site.sharepoint.com/ -ClientId 0c01f61e-ba27-4ae7-ab19-174884a949fc -CertificatePath 'C:\Site Creator\Site-Cert-1.pfx' -CertificatePassword $password -Tenant intelai.onmicrosoft.com
$myWeb = Get-PnPWeb
$myWeb.Title

DISCLAIMER NOTE: This is an enthusiast post and is not sponsored by Microsoft or any other vendor.

SharePoint Granular Backup Failed and Site Went Inaccessible (Locked)

So you was thinking that site backup has no Interruption to the running (live) system ? Yes it is. I ran in to an issue where an Granular backup was executed through SharePoint Management shell while users were accessing the portal in SharePoint 2010 production farm.

Backup was terminated due to lack of space in destination drive and users are prompted with "Error: Access Denied Massage" which was in an extremely critical peak hour.

There were multiple set of backup jobs running parallel in SharePoint Shell and few of them were unable to complete due to lack of space. The person who was handling this closed all the SharePoint Shells and sites suddenly prompted this error to all users. Sites which are successfully backed up had no issues.

Checked the Content DBs of particular Web Applications and they looks green as Database Read-only mode is "No".

When Looking out for a possible reason, the "Lock" word came up to my mind and checked the "Quotas and Locks" in Central Administration (Application Management –> Site Collections –> Configure Quotas and Locks)

And Here we Go !. It was in the Read only Mode. Changing the status to the "Not Locked" Mode bought everything back to normal.

It has put the site in to maintenance mode during the backup and since it was not properly completed, the status yet remains in Read-Only mode. So a good point to think before you execute any backups in SharePoint. Plan for a drive with enough space and off-peak hour.

This is the command line resolution for the same

stsadm -o setsitelock -url http://sitename -lock readonly

stsadm -o setsitelock -url http://sitename -lock none

Here are some good facts in terms of Backup and Restore Planning in SharePoint From Microsoft – https://technet.microsoft.com/en-us/library/gg266384.aspx

Get Core Information of SharePoint 2013 Service Instances Using PowerShell (back to SharePoint 2010 PowerShell Output Format)

Get-SPServiceInstance allows you to get all the running Services in the farm with details such as Type, Name, Description GUID etc.… but in 2013 the Format is bit different and not listed down nicely like it was in 2010. too much to scroll down and find the specific Service’s details. Unlike in 2010 this is quite troublesome in 2013 for me to be honest because I only needed the Name | ID and Status listed so that I can simply pick the GUID of each Service. However New 2013 Output is more informative but isn’t what you needed in a specific situation. Just Like in below Figure.

I was in a need of stopping User Profile Synchronization Service which was in Starting Stage at one of my SharePoint 2013 Environment. Running the generic Get-SPService didn’t bought the GUID of Synchronization Service but only the User Profile Service.

If you thinking about the previous Get-SPService Instance result which is nicely listed all service instances, below is the way to get it. I was able to get all the Services listed with Core Information only which is same as 2010 output.

Get-SPServiceInstance -Server SPAPP01 | sort TypeName | Format-Table -AutoSize

Like above example, Sometimes you may not see the GUID fully here. Nothing related to SharePoint but Your PowerShell UI Settings so that output is compacted to adjust the width etc.…

You can use below settings to get your PowerShell UI adjusted . Click on the little Shell icon on top of the PowerShell (Options button) and you will get below tab opened. Save it and close the PowerShell and Open again.

Then Run the Command Again. Finally the Result in full List view. These are the core information’s I need and may be you are in a situation too. 

Hope This was helpful. lot more on PowerShell in Draft yet, will compose and Share soon !