Three Approaches to Auditing a SharePoint Farm
Now that my new Pluralsight course Upgrading Your Farm to SharePoint 2016 is nearly complete, I thought it would be a good time to get back into blogging about what I have learned along the way. First off, upgrades can take a LONG time. The more you practice and the more you learn (and fix) the better you will become at handling the little issues that inevitably pop up. In my case I created all of the problems that I encountered in my upgrade, so I knew what was coming, and I STILL ran into unexpected problems (I am looking at YOU workflow!).
In the course I spend a lot of time on approaches to auditing your farm and show 3 different approaches that you may take. In fact, often, I use all three for different reasons. So, here we go, three approaches to auditing your farm before you upgrade. Or anytime you need to know what going on with your farm or want to visually represent your farm to an audience who may need “reports” over raw data.
If you go to TechNet, they have a script that you can run (carefully, this one hits the farm pretty hard and can create HUGE log files). https://technet.microsoft.com/en-us/library/ff645391.aspx This script takes an approach that I had never seen before. Rather than choosing which properties to export, these scripts use the Export-Clixml cmdlet to export the returned objects into text files. So for example:
#Retrieve information about alternate access mapping
Get-SPAlternateURL | Export-Clixml .\Get-SPAlternateURL.xml
This command will grab all of your Alternate Access Mappings and save them in the Get-SPAlternateURL.xml file. If you open the file you will see a deeply nested xml file that represents the objects returned by the cmdlet. (Hint, you can control how deep to report with the -depth parameter.)
Now before you run off and consider PowerShell XML parsing…which you could do. Take a look at this. Since the file is a representation of the object in PowerShell. You can now copy the file to a separate machine, even one that does not have SharePoint installed, and you can “mount” the object with an Import-Clixml cmdlet.
$aams = Import-Clixml .\Get-SPAlternateURL.xml
Then do whatever it is you want to do with the resulting variable, like list all of the Uris and Zones.
$aams | Select Uri, UrlZone
Remember, this XML file is now an archive of the state of the object. So you can compare them before and after an operation, or send them to your friendly neighborhood consultant for review. It does not require SharePoint in order for the “reader” to “rehydrate” the object.
WARNING: The Get-SPWebApplication output can be HUGE! Start shallow and change the depth with caution.
If you have done any administration in SharePoint, you know that PowerShell is far easier to use to manage and maintain your farm. PowerShell is also an excellent option for creating documentation related to the present state of your farm. In my case I use PowerShell to create tab separated value log files that I present to my clients as Excel workbooks. I also tend to include checks for troubling issues that may cause problems. The nice thing about this approach is that the files are very portable and you can do conditional formatting in the workbook.
So, let’s use a Web Application audit as an example. You could enumerate the web applications with Get-SPWebApplication and then cherry pick the properties that you are interested in. In this case I am most interested in outgoing email server, Managed Paths, the number of content databases (I’ll do a separate content DB audit for additional details) the application pool, Claims vs. Classic and the number of AAMs. One issue I faced was how to present the Managed Paths so they were human readable. I chose to format the collection of managed paths as a comma separated string with a “!” after the explicit managed paths and a “*” after the wildcard managed paths.
#Managed Path Value Formatting
$alias = @{Name="Alias";Expression={"{0}{1}" -f $(if (!$_.Name){"/"}else{$_.Name}), $(if($_.Type -eq "ExplicitInclusion"){"!"}else{"*"})}}
#Web Application
foreach ($webapplication in $(Get-SPWebApplication))
{
$claims = 0
if ($webapplication.UseClaimsAuthentication)
{
$claims = 1
}
#Get the Managed Paths as a delimited string
$mps = Get-SPManagedPath -WebApplication $webapplication | Select $alias
$managedpaths = ($mps | Select -ExpandProperty Alias) -Join ", "
$webapplication.Url + "`t" + $webapplication.OutboundMailServiceInstance[0].Server.Address +"`t" + $managedpaths + "`t" + $webapplication.ContentDatabases.Count + "`t" + $webapplication.ApplicationPool.DisplayName + "`t" + $claims + "`t" + $webapplication.AlternateUrls.Count >> $webappoutfile
foreach ($contentdb in $webapplication.ContentDatabases)
{
#WebApp URL, Content DB, Content DB Size, Site Collection Count, Site Limit
$webapplication.Url + "`t" + $contentdb.Name +"`t" + $([Math]::Round($($contentdb.DiskSizeRequired/1MB),2)) + "`t" + $($contentdb.CurrentSiteCount) + "`t" + $($contentdb.MaximumSiteCount) >> $cdboutfile
}
}
Run the result out into Excel and apply some conditional formatting and it looks like this.
The managed paths are very readable and it is very obvious which Web Application is not using claims.
I work with a lot of different types of people at the various companies that I support. Not all of them are “SharePoint literate” so sometimes I need a different approach to reporting that goes beyond Excel workbooks. I LOVE Visio. So when I stumbled upon the Visio PowerShell module (https://github.com/saveenr) I was blown away. His demo video is older than the module, so there is a bit of a learning curve, but his dreamy voice makes up for that! What I did was turn my audit script into a SharePoint documentation module that creates shapes for the hierarchy from Farm to Web Application to Site Collections. Along the way I look at specific parameters like “2010 Mode Sites” and deeply nested webs. I store the data in the shape, a feature I love in Visio, and then demonstrate how to flag them as issues by changing the pattern and color of the shape. The results are pretty cool.
I can’t wait for you to see my course on Pluralsight.com! It really was a labor of love (though I did have my moments of doubt)! If you don’t have a subscription to Pluralsight, drop me a line and I’ll hook you up with a 30-day free pass. That’ll give you more than enough time to watch both of my courses plus whatever else you are interested in. If you just want to have a look at the scripts and feel free to help me improve them (there is a lot of room for improvement!) All of the scripts are available on GitHub at http://github.com/MatthewMcD/SPUpgrade.
Ready to start your next project with us? That’s great! Give us a call or send us an email and we will get back to you as soon as possible!
+1.512.539.0322