Wednesday, March 1, 2017

SharePoint Super User Account , Claim provider and Sharepoitn STS session time out - Powershell operations

 

Remove Super user account PowerShell Script

$wa = Get-SPWebApplication -Identity "Web App URL"

$wa.Properties.Remove("portalsuperuseraccount")

$wa.Properties.Remove("portalsuperreaderaccount")

$wa.Update()

iisreset

Add Super User Account PowerShell Script

stsadm -o setproperty -pn portalsuperreaderaccount -pv "account_name_as_it_appears_in_webapp_user_policy" -url https://www.url.com

stsadm -o setproperty -pn portalsuperuseraccount -pv "account_name_as_it_appears_in_webapp_user_policy" -url "https://www.url.com"

Or

https://www.url.com

$wa = Get-SPWebApplication -Identity "https://www.url.com"

$su = New-SPClaimsPrincipal “User Account” -IdentityType WindowsSamAccountName

$sr = New-SPClaimsPrincipal “User Account” -IdentityType WindowsSamAccountName

$wa.Properties["portalsuperuseraccount"] = ($su.ToEncodedString())

$wa.Properties["portalsuperreaderaccount"] = ($sr.ToEncodedString())

$wa.update()

iisreset

Ex

$wa = Get-SPWebApplication -Identity "https://www.url.com"

$wa.Properties["portalsuperuseraccount"] = “User Account”

$wa.Properties["portalsuperreaderaccount"] = “User Account”

$wa.Update()

iisreset

Find Current Supper User Account Information

$wa = Get-SPWebApplication -Identity "https://www.url.com"

$wa.Properties["portalsuperuseraccount"]

$wa.Properties["portalsuperreaderaccount”]

See the claims in Current Environment

$cpm = Get-SPClaimProviderManager

$cpm.ClaimProviders

Change Default Claim Provider to False

$cpm = Get-SPClaimProviderManager

$cpm.ClaimProviders

$cp = $cpm.ClaimProviders[5]

$cp.IsUsedByDefault = $false

$cp.IsEnabled =$false

$cpm.Update()

See Intranet Zone Information

$intranet = $wa.IisSettings.Item("Intranet")

$intranet

Set Claim Provider to Intranet Zone

$Intranet.ClaimsProviders.Add("Role Name")

$wa.update()

See IIS settings for Intranet zone

$intranet = $wa.IisSettings.Item("Intranet")

$intranet

Remove Claim Provider from intranet zone

$Intranet.ClaimsProviders.Remove("Role Name")

$wa.update()

Set Claim Provider to Default Zone

$default= $wa.IisSettings.Item("Default")

$Default

$Default.ClaimsProviders.Add("Role Name")

$wa.update()

STS Session Time Out

$sts = Get-SPSecurityTokenServiceConfig

$sts.FormsTokenLifeTime = (New-TimeSpan -minutes 5000)

$sts.Update()

Get-SPSecurityTokenServiceConfig

$sts = Get-SPSecurityTokenServiceConfig

$sts.CookieLifetime = (New-TimeSpan -minutes 5000)

$sts.Update()

Get-SPSecurityTokenServiceConfig

//Not Require

$sts = Get-SPSecurityTokenServiceConfig

$sts.LogonTokenCacheExpirationWindow = (New-TimeSpan -minutes 6000)

$sts.Update()

Get-SPSecurityTokenServiceConfig

$web = Get-SPWeb https://www.url.com

$su = New-SPClaimsPrincipal ‘UserID’ -IdentityType WindowsSamAccountName

$Token=$web.GetUserToken($su.ToEncodedString())

$bin=$token.BinaryToken

$hex=[bitconverter]::ToString($bin)

$hex.Replace("-","") > c:\Results.txt

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)