.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

stsadm Import command + include user security

Posted By:      Posted Date: August 26, 2010    Points: 0   Category :SharePoint


When I move sites from test to staging to production, I am using the stsadm –o export command with the –includeusersecurity option in the staging environment.  In production environment, I then use the stsadm –o import command with the –includeusersecurity option.  I was assuming that this option was bringing over the security on the exported site only.  This does not seem to be the case.

Last night I exported one sub site to produtction.  Today, I was notified that the security groups on other sub sites have been altered.  


So why is it when using the –includeusersecurity option effect all sub sites and not just the one sub site being moved from staging to production

View Complete Post

More Related Resource Links

Newbie User Import Question re: One way external trust & Security



There is a business initiative to install a Dev Sharepoint 2007 server in our Trusting Domain. My internal corp network will be Corp.COM. The 3rd party network will be 3rd.COM.  Currently 3rd.COM has a Oneway External Trust pointing inward to Corp.com.  Corp.COM Domain and Forest levels are WIndows 2003. 3rd.com Domain level is Windows 2000 Mixed and the Forest is Windows 2000.

The Dev sharepoint server is located in 3rd.Com domain and the consultant is trying to import Corp.com users by pointing the user profile connection to Corp.com active directory. Needless to say this will fail because there is a one way trust in place so 3rd.com users are allowed to read Corp.Com active directory. Not to mention there are no firewall ports open for this anyway. My questions are...

How can we securely allow this sharepoint server to import in 3rd.com to import users from Corp.com?

Ideally we would like to use a service account from Corp.com to import the accounts. We would also like to either

(A) encrypt the sharepoint servers communication to our Corp.com active directory. because there are Two firewalls between the trust ports would be specifically opened from Sharepoint server <-> Corp.com DC

(b) some how use the existing trust to facilitate this procedures. no additional ports opened on the firewalls.

Any ass

stsadm Import with includeusersecurity Messed Up Security in Collection


I used STSADM to export a site then imported it to the same collection but a different URL. I used includeusersecurity for both. The export and import worked.

But this destroyed security for some unrelated higher level sites. One Active Directory group completely disappeared from all of the broken sites and putting it back only helped in some cases.

Trying to fix some sites has not worked at all. Changes made to their security has absolutely no effect. I had to add users into a different already used Active Directory group to get them into the broken sites and this AD group is not even listed within the broken sites security!

It's seems to be related to sites using Active Directory groups only. My sites with purely SharePoint groups seem fine.

I even created a new site at the same site collection level and security still doesn't work!


One recommendation, NEVER EVER USE INCLUDEUSERSECURITY. I have been burned twice now. IT BREAKS SHAREPOINT.

SharePoint Server 2007


Ken C

how to include a user defined table type as input for stored procedure

Hi ,  I have a user defined table type which i need to pass as input parameter to the stored procedure .How can i do that?

stsadm export / import custom view / personal view views

Hi, i have to export and import a website with a sharepoint list including all personal views. The personal views are used by the endusers in excel data connections binded to the list.  Loss of personal views during import is not mentioned in the technet discription of export / import command ( http://technet.microsoft.com/en-us/library/cc766807(office.12).aspx  ) I am actually testing the export / import between two site collections, but always losing the personal views (MOSS 2007 with CU April 2010). This discussion had the same topic http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/4e299838-72c2-4f56-8dc3-05ba2a2999d9  but with no definite answer. Please tell me if this is by design or what could cause this behavior. Thanks in advance. Boris Boris Schlotthauer

User Profiles Service Application and Import of SharePoint 2007 SSP data

I have setup a test SharePoint 2010 Farm. I will be using this as a test upgrade of a current live SharePoint 2007 Farm. The database attach method will be used. I have replicated the web application and AAM settings of the SharePoint 2007 Farm to the SharePoint 2010 Farm and have made the 2010 Farm a DC in a new Forest. I don't want to join this to the current domain at the moment. It also has SQL server 2005 with SP3 and cumulative update 3 installed. I have just setup the User Profiles Serice Application and when I go to Manage it, I get this. Error An unexpected error has occurred.   Troubleshoot issues with Microsoft SharePoint Foundation. Correlation ID: a1760e87-372f-4711-afac-3ceba34bc599 Date and Time: 8/31/2010 4:22:56 PM I have verified and configured the following. Created the Managed Metadata Service. The status is started via Service Applications and Services on Server. Created the User Profiles Service Application and ensured status is started via Service Applications. I started the User Profile Service and User Profile Synchronisation Service via Manage Services on Server.      

BDC Import for user profile picture

I am attempting to populate the user profile property 'Picture' with data from a BDC connection. My column from the BDC contains urls but SharePoint will not allow me to map Picture to the column. I"m guessing this is because the property is expecting a strongly typed Url type. That doesn't help me though. So, has anyone successfully mapped the Picture property to a field from a BDC connection. (-SN: I know the field can be mapped to AD but I need it mapped to a BDC) Thanks in advance.

What is the STSADM command to set a quota limit on a site collection?

I have a site collection that I need to make larger than the default size of 1GB.  I need to up it to 8GB's.  Can anyone give me the STSADM command that will do that?

current user identity in custom security trimmer

The crux of my problem is that I want to impersonate  a user’s NTLM credentials in the context of a SharePoint custom security trimmer to execute HttpWebRequests to check user access to URLs.  When accessing WindowsIdentity.GetCurent() in the security trimmer, the System.Security.Principal.WindowsIdentity object returns the identity of the application pool running the search query service, NOT the currently logged in user.   When accessing System.Threading.Thread.CurrentPrinciple.Identity in the security trimmer, the Microsoft.IdentityModel.Claims.ClaimsIdentity object of the current logged in user is returned.  However, there is a catch.  …   If I execute the following code in a .NET web application, the cast of the ClaimsIdentity to a WindowsIdentity succeeds because the identity has the authentication type of NTLM.    WindowsIdentity winId = (WindowsIdentity)System.Threading.Thread.CurrentPrincipal.Identity; WindowsImpersonationContext wic = winId.Impersonate(); request.Credentials = CredentialCache.DefaultCredentials; //access means a response comes back when a request is made to the url using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) { returnStatus = true; } wic.Undo(); However, when I execute the same code in the context of the SharePoint security trimmer (the search query service li

Import user profile from another domain active directory

Hi, I have SharePoint 2010 running on DomainB andwe have corporate users on DomainA. i need to import users from both domainA and DomainB. I am able to import users from domainB and not able to import users from DomainA. I made a successful connection to both Domain A Ad and DomainB AD in SharePoint 2010 user profile synchronize connections. I am able to sync users only from DomainB (SharePoint 2010 running on domainB) and not able to synchronize profiles from DomainA (outside domain). Is there any additional configuration I need to do. Please help me on this issue. Thanks, Ratna

change snapshot agent user (Agent security)

Hi, we have replicated dbon sql server 2008 (transaction replication) now we want to change the user used for the snapshot agent, from sql Managment studio go to publication property and then agent security and then snapshot agent (now we are using domain user) here we want to use the other option which is " to be run under sql server agent service account" but I couldnt choose this option because its unactive so how we can activate this option for existing replication without restarting the replication (i can use this option for the new replication wizard) Thanks

How to Provide Security at User level base in asp.net for certain pages

 Hi I have a site We have different Pages under one folder. we have stored these pages information in a database table with pageid. Then we have User access table. there we store userid and pageid , for which pages user has access. Now I need to provide access to that pages only . What to do. Could you please provide answer asap.   Thanks  

Automatic deletion of "missing from import" user profiles ?

Hi everybody!Can someone help me about his subject.When I delete a user in AD, he is marked as "missing from import" in MOSS user profile database after a full import.I read that for SPS2003, after the 3rd full import, if the user is still missing, he is automatically deleted from MOSS user profile database.I tried with MOSS2007, but the automatic deletion does not seem to work.Is there something to configure in order to make it work, or how to make the deletion automatic ?Thanks a lot for your answers.jerome

STSADM userrole problem - 'User cannot be found'

I want to add a domain group to site collection with 'Full Control'. I am using below stsadm command:- stsadm -o userrole -url http://sharepoint/sites/sitecoltn -userlogin "Domain\<domain group>" -role "Full Control" -add http://technet.microsoft.com/en-us/library/cc262083(office.12).aspx (This is the MS article I refered). But i am getting message - 'User cannot be found'. When i try to add same domain group from Central Admin, I am able to add it. Can someone please help me on this?

users are known in user profile, but not in security

Hi all, I am having this weird issue here: SP2010 was working fine, user profile sync and claims-based security on the web app. Now, with no clear reason, it cannot find users anymore on the security part. People search still works, but I cannot add users on SharePoint to log in. Strange thing is: if I type half a username, it still resolves the full name, but it has a red stripe underneath it as a sign that it does not recognize the user. So it can find the name of the user, but it cannot add it to SharePoint.   Once more, the user profile sync is working great and I can find users on people search.   Any thoughts ? 

SSIS User Defined Data Type (Alias Data Types) and OLE DB Command validation

Hello everyone, I've been having an issue with trying to run my SSIS package on a server, and it seems to be failing on the OLE DB Command step.  What we have in our SQL 2005 DB, is a User-Defined Data Type (base type char(7)) and the OLE DB Command is supposed to call a proc that passes in a value of this data type. ie:  CREATE PROCEDURE myProcedure ( @passedInFromSSIS MY_DATATYPE ) AS .... In my SSIS package, I have the type defined as DT_STR with a length of 7.  Now, when I run the package locally (via Visual Studio), the process runs with success.  However, once the package is deployed on a server and run from an application (note: it is run under a different user), the process fails on a validation step with a "Invalid Parameter Number" error. Now, if I change the input parameter in my proc to the base type of the user-defined data type, the process works again. Has anybody run into a similar issue or know what may be causing this issue?  I first suspected perhaps I needed to grant permissions on the user-defined data type (since I was able to run it under my security context, but not under the application's), however noticed that there isn't security tied to the types.  Any other thoughts?  Please let me know if you need further explanation.  Thanks!

Report Manager Security: If a user login to Report Service than he should be able to see only a fold

Report Manager Security: If a user login to Report Service than he should be able to see only a folder for which he has role assing and rest of the folder should be hidden for him. How this security i can achive with c#
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend