Track SharePoint 2010 Installations by Service Connection Point (AD Marker)

Track SharePoint 2010 Installations by Service Connection Point (AD Marker)

  • Comments 17

A new improvement in SharePoint 2010 is the support of Service Connection Point (Active Directory Marker). This can help IT Professionals to track SharePoint 2010 installations in their environment.

To use this new feature, administrator needs to create a container in Active Directory then set the right permission to the container before they implement SharePoint 2010 products in their environment. This can be done through ADSI Edit. Here’re the steps:

1. Start ADSI Edit on your domain controller, or use remote administration tool to connect to it from another machine.

2. Expand System.

snap0076

3. Right click in the white area then choose New, Object…

snap0077

4. Create a container.

snap0078

5. Fill in the container name, by default this should be Microsoft SharePoint Products. You can use other names, but you need to create a group policy for the domain machines to set a string value ContainerDistinguishedName under registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SharePoint. In this way PSConfig can detect the new name and change it accordingly.

snap0079snap0088[3]

6. Click Finish. The container is created.

snap0080 snap0081

7. Right click on the container, choose Properties.

snap0082

8. Click Security.

snap0083snap0084

9. Add the users you want to write to this container, and give them Create serviceConnectionPoint objects permission by clicking Advanced, then edit the object. When users who cannot write to this container install SharePoint 2010, no new entry will be created. A wise idea would be give Authenticated Users the permission so to track all the objects.

snap0085snap0086

10. Install and provision a new SharePoint farm in the environment, and check if the SCP has been created successfully.  If everything works, you can find a new GUID object under Microsoft SharePoint Product Container. Right click it and select Properties, you can find that the server farm’s topology web services is recorded here. In this case it is https://sp2010:32844/Topology/topology.svc

snap0087

I will post a script for listing all the SharePoint 2010 server names in Script Center later.

Update: the script is here: http://gallery.technet.microsoft.com/ScriptCenter/en-us/af31bded-f33f-4c38-a4e8-eaa2fab1c459

 

Jie.

Leave a Comment
  • Please add 1 and 2 and type the answer here:
  • Post
  • Very interesting. Thanks for sharing the details.

    How reliable is this? If I gave All Users access, would I be sure I had all SharePoint 2010 instances on the domain tracked?

  • This is very reliable if the user has WRITE access to the container. And yes, they will be tracked.

    Ignore the above comment, I will dig into this.

  • can you confirm, that "all authenticated users" is needed with write permission, so we can track all SharePoint 2010 installations outside of team?

  • @Didier - please check the revised part : 9. Add the users you want to write to this container, and give them Create serviceConnectionPoint objects permission by clicking Advanced, then edit the object. When users who cannot write to this container install SharePoint 2010, no new entry will be created. A wise idea would be give Authenticated Users the permission so to track all the objects.

  • Very interesting stuff and lead me to investigate further I have added mor information and an ADM/ADMX file to my blog.

    www.qa.com/.../sharepoint-2010-brings-new-governance-controls-to-it-pro&

  • Hello,

    is there a way to disable the installation tracking? It is causing problems and the "improvement" is not really needed in most environments. Thank you.

  • @Sam

    This is disabled by default - as long as you don't have a container created in your AD it is not tracked. No idea on why you have the question though.

  • Interestingly enough though, if you don't have the container in AD, while you're installing you will see an error message stating that you're not able ot create the Service Connection.

  • @Dan

    It's not actually and error its a warning. I have an example in my blog. See posting above for link

  • While it may be "optional" I found that running any updates (I just installed the Februrary CU on my farms) causes an exception in the error logs saying it can't find this node and the SharePoint Products Configuration Wizard will show as failed after the upgrade (although in CA it'll show it's fine). So until Microsoft makes the check for this token optional and not fail an upgrade, I suggest this be a mandatory step. Too bad things are mismatched here, an optional feature that is disabled by default yet another part of the system depends on it being done.

  • I got this error when running the upgrade wizard after applying the April 2011 CU.

    Why does it error-out the upgrade?

  • Could you provide the solution to override this "ServiceConnectionPointNotCreatedEventLog is Unable to create a Service Connection Point in the current Active Directory domain." error when running configuration wizard after applying CU updates?

  • I am in the same boat, I just installed SP2010 and then installed SP1 and get the same error when trying to upgrade from either powershell "psconfig -cmd upgrade -inplace b2b -force" or Products Configu Wizard. I am in a Domain enviroment where enabling this feature is not an option. If anyone knows how to disable it or whatever work around is needed to get around this so the upgrade will complete I would appreciate it.

  • I answered my own question, I re-ran the SP1 upgrade command (psconfig -cmd upgrade -inplace b2b -force) a couple times it completed.

  • For training on Microsoft sharepoint 2010 Please visit our site www.coursemonster.com/.../search or for any other IT training courses.

Page 1 of 2 (17 items) 12