Beruflich Dokumente
Kultur Dokumente
SharePoint Server
SharePoint Updates
Accessibility guidelines
What's new
SharePoint Server 2019
New and improved features in SharePoint Server 2019
What's deprecated or removed from SharePoint Server 2019
SharePoint Server 2016
New and improved features in SharePoint Server 2016
New features in Feature Pack 1
New feature in Feature Pack 2
What's deprecated or removed from SharePoint Server 2016
Getting started
Security for SharePoint Server
Plan for administrative and service accounts
Automatic password change planning
Authentication overview
Plan user authentication
Plan server-to-server authentication
Server-to-server authentication and user profiles
Kerberos authentication planning
Plan for app authentication in SharePoint Server
Create claims-based web applications in SharePoint Server
Create web applications that use classic mode authentication in SharePoint Server
Implement SAML based authentication in SharePoint Server
Migration of Windows claims authentication to SAML based claims authentication
in SharePoint Server
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol support in
SharePoint Server
Enable TLS and SSL support in SharePoint 2013
Enable TLS 1.1 and TLS 1.2 support in SharePoint Server 2016
Enable TLS 1.1 and TLS 1.2 support in SharePoint Server 2019
Security hardening
Plan for least-privileged administration
Configure SQL Server security for SharePoint environments
Federal Information Processing Standard security standards
Install
Install for SharePoint Server 2019
System requirements for SharePoint Servers 2016 and 2019
Hardware and software requirements
Browser support planning
Install SharePoint Servers 2016 or 2019 on one server
Install SharePoint Servers 2016 or 2019 across multiple servers
Install or uninstall language packs
Add a server to a SharePoint Server 2016 or SharePoint 2019 farm
Install for SharePoint Server 2016
System requirements for SharePoint Servers 2016 and 2019
Hardware and software requirements
Browser support planning
Software boundaries and limits
Prerequisites
Initial deployment administrative and service accounts in SharePoint Server
Account permissions and security settings in SharePoint Servers 2016 and 2019
Install prerequisites from network share
Overview of MinRole Server Roles in SharePoint Server
Planning for a MinRole server deployment in SharePoint Server
Install SharePoint Servers 2016 or 2019 on one server
Install SharePoint Servers 2016 or 2019 across multiple servers
Install or uninstall language packs
Add a server to a SharePoint Server farm
Install for SharePoint 2013
System requirements for SharePoint 2013
Hardware and software requirements
Browser support planning
IP support
Software boundaries and limits
Capacity management and sizing overview
Prerequisites
Account permissions and security settings in SharePoint 2013
Installation and configuration overview
Single server with a built-in database
Single server with SQL Server
Multiple servers for a three-tier farm
Install or uninstall language packs
Add web or application server to the farm
Add a database server to an existing farm
Best Practices for SharePoint Server installation
Deploying on virtual machines
Configure
Configure client certificate authentication
Configure syncing with the new OneDrive sync client
User Profile service overview
Create a User Profile service application
My Sites overview
My Sites planning
Configure My Sites
Upgrade and Update
Upgrade from SharePoint 2013 to SharePoint Server 2019
Upgrade to SharePoint Server 2019
Get started with upgrade
Overview of the upgrade process
Overview of the services upgrade process
Upgrade databases
Create the SharePoint Server 2019 farm for a database attach upgrade
Copy databases to the new farm for upgrade to SharePoint Server 2019
Upgrade service applications to SharePoint Server 2019
Upgrade content databases
Verify upgrade for databases
Upgrade a site collection
Upgrade My Sites
Upgrade to SharePoint Server 2016
Get started with upgrade
Overview of the upgrade process
Overview of the services upgrade process
Best practices for upgrade
Upgrade databases
Create the SharePoint Server 2016 farm for a database attach upgrade
Copy databases to the new farm for upgrade to SharePoint Server 2016
Upgrade service applications to SharePoint Server 2016
Upgrade content databases
Verify upgrade for databases
Upgrade site collections
Upgrade a site collection
Upgrade My Sites
Video: Cleanup of databases after upgrade procedure
Deploy updates for SharePoint Server 2016
Software updates overview
Install a software update
Video demo of Zero Downtime Patching in SharePoint Server 2016
SharePoint Server 2016 zero downtime patching steps
Video: How to enable Remote Windows PowerShell to use with SharePoint Server
Upgrade from SharePoint 2010 to SharePoint 2013
Get started with upgrade
What's new in SharePoint 2013 upgrade
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Upgrade overview videos for SharePoint 2013
Services upgrade overview from SharePoint 2010 to SharePoint Server 2013
Upgrade farms that share services (parent and child farms) to SharePoint 2013
Best practices for upgrading from SharePoint 2010 to SharePoint 2013
Review supported editions and products for upgrading to SharePoint 2013
Plan for upgrade
Determine strategy for upgrade to SharePoint 2013
Create a plan for current customizations during upgrade to SharePoint 2013
Plan for site collection upgrades in SharePoint 2013
Create a communication plan for the upgrade to SharePoint 2013
Clean up an environment before an upgrade to SharePoint 2013
Test and troubleshoot an upgrade
Use a trial upgrade to SharePoint 2013 to find potential issues
Troubleshoot database upgrade issues in SharePoint 2013
Troubleshoot site collection upgrade issues in SharePoint 2013
Branding issues that may occur when upgrading to SharePoint 2013
Restart a database-attach upgrade or a site collection upgrade to SharePoint
2013
Upgrade databases
Checklist for database-attach upgrade (SharePoint 2013)
Create the SharePoint 2013 farm for a database attach upgrade
Copy databases to the new farm for upgrade to SharePoint 2013
Upgrade service applications to SharePoint 2013
Upgrade content databases from SharePoint 2010 to SharePoint 2013
Verify upgrade
Migrate from classic-mode to claims-based authentication in SharePoint 2013
Upgrade site collections
Run site collection health checks in SharePoint 2013
Upgrade a site collection to SharePoint 2013
Review site collections upgraded to SharePoint 2013
Manage site collection upgrades to SharePoint 2013
Upgrade My Sites to SharePoint Server 2013
Advanced upgrade scenarios
Search-first migration from FAST Search Server for SharePoint 2010 to
SharePoint Server 2013
How to upgrade an environment that uses content type syndication (SharePoint
Server 2013)
Deploy custom features to upgraded site collections in SharePoint Server 2013
Deploy software updates for SharePoint 2013
Software updates overview
Prepare to deploy software updates
Install a software update
Update Workflow in SharePoint Server 2013
Test and troubleshoot an upgrade
Troubleshoot site collection upgrade issues
Sites
Plan sites and site collections
Sites and site collections overview
Plan self-service site creation
Configure self-service site creation in SharePoint Server 2019
Enable SharePoint home page in SharePoint Server 2019 farms
Site policy overview
Site navigation overview
Plan for multilingual sites
Plan for the multilingual user interface
Themes overview
Plan site maintenance and management
Manage site collections
Create a site collection
Delete and restore site collections
Manage the lock status for site collections
View all site collections
Manage a connection to a document center or a records center
Change site collection administrators
Create, edit, and delete quota templates
Manage unused site collections
Manage web parts
Configure and deploy web parts
Edit existing web parts in SharePoint
Permissions planning for sites and content
User permissions and permission levels
Overview of the Contribute permission level in SharePoint Server
Best practices for using fine-grained permissions in SharePoint Server
Overview of security groups in SharePoint Server
Determine permission levels and groups in SharePoint Server
Choose administrators and owners for the administration hierarchy in SharePoint
Server
Plan site permissions in SharePoint Server
Overview of site permissions in SharePoint Server
Managing digital assets overview
Plan digital asset libraries
OneDrive for Business overview
OneDrive for Business planning
Set up OneDrive for Business
Configure the OneDrive for Business modern user experience
Search
Search planning
Search architecture overview
Plan enterprise search architecture
Scale enterprise search
Redesign topology for more content and users
Redesign for specific performance requirements
Scale search for Internet sites
Best practices for organizing content for search
Plan crawling and federation
Search schema overview
Understanding result sources for search
Plan to transform queries and order results
Best practices of disaster recovery for search
Overview of search result ranking
Overview of analytics processing
Configure search
Create and configure a Search service application
Create a Search Center site
Deploy people search
Search administration
Classic and modern search differences
Manage the Search Center
Configure properties of the Search Box Web Part
Configure properties of the Search Results Web Part
Configure properties of the Refinement Web Part
Configure properties of the Search Navigation Web Part
Manage the index
Manage the search schema
Add or remove a file type from the search index
Delete items from the search index or from search results
Reset the search index
Manage crawling
Add, edit, or delete a content source
Change the default account for crawling
Start, pause, resume, or stop a crawl
Manage continuous crawls
Manage crawl rules
Configure and use the Exchange connector
Configure and use the Documentum connector
Configure and use the Lotus Notes connector
Manage farm-level crawl settings
Configure time-out values for crawler connections
Configure the crawler in case of SSL certificate warnings
Configure proxy server settings for Search
Best practices for crawling
Manage relevance
Manage query spelling correction
Manage query suggestions
Create and deploy a thesaurus
Configure authoritative pages
Manage query rules
Configure result sources for search
Create and deploy custom entity extractors
Manage company name extraction
Customize search result types
Create custom ranking model
Configure trust for search between two SharePoint Server farms
Manage the search topology
Change the default search topology
Manage search components
Manage the index component
Manage a paused Search service application
View search diagnostics
Enable search alerts
Enable query logging
Export and import customized search configuration settings
Search center scenarios
Set up a Search Center
How to create a Search Center Site Collection and enable crawling of your
content
How to configure the Search Results Web Part to use a new result source
Plan to use refiners on a search results page
How to add refiners to your search results page
How to add a custom search vertical to your search results page
How to change the way search results are displayed
Understanding how search results are displayed
Understanding how item display templates and hit highlighting work
How to create a new result type
How to display values from custom managed properties in search results - option
1
How to display values from custom managed properties in search results –
option 2
How to display values from custom managed properties in the hover panel
How to add a custom action to the hover panel
How to change the text that is displayed in the Search Box Web Part
How to change the order in which search results are displayed
Create and import a thesaurus
Create and import query suggestions
Changing the ranking of search results
Hybrid
Explore SharePoint Server hybrid
The building blocks of Office 365 hybrid
Minimum public update levels for SharePoint hybrid features
SharePoint hybrid sites and search
Hybrid search in SharePoint
Learn about cloud hybrid search for SharePoint
Learn about hybrid federated search for SharePoint
Hybrid picker in the SharePoint Online admin center
Plan SharePoint Server hybrid
Plan hybrid SharePoint taxonomy and hybrid content types
Plan hybrid OneDrive for Business
Plan cloud hybrid search for SharePoint
Plan hybrid profiles
The extensible hybrid app launcher
Hybrid site following
Plan server-to-server authentication
Plan hybrid federated search
Plan connectivity from Office 365 to SharePoint Server
Install and configure SharePoint Server hybrid
Hardware and software requirements for SharePoint hybrid
Accounts needed for hybrid configuration and testing
Configuration roadmaps
Configure hybrid OneDrive for Business - roadmap
Configure hybrid sites features - roadmap
Configure cloud hybrid search - roadmap
Cloud hybrid search FAQ
Configure hybrid federated search (SharePoint Server) - roadmap
Configure hybrid federated search (SharePoint Online) - roadmap
Configure hybrid Business Connectivity Services - roadmap
Configure the hybrid infrastructure
Configure Office 365 for SharePoint hybrid
Set up SharePoint services for hybrid environments
Configure server-to-server authentication
Run Hybrid Picker
Configure inbound connectivity
Configure a reverse proxy device for SharePoint Server hybrid
Configure Web Application Proxy for a hybrid environment
Configure Forefront TMG for a hybrid environment
Configure a hybrid solution
Configure hybrid OneDrive for Business
Show results from Office 365 in on-premises SharePoint with cloud hybrid search
Enable previews of on-premises search results in cloud hybrid search
Display hybrid federated search results in SharePoint Server
Display hybrid federated search results in SharePoint Online
Configure hybrid SharePoint taxonomy and hybrid content types
Hybrid self-service site creation
Set up Search of OneDrive for Business in Office 365 from SharePoint Server
Deploy a Business Connectivity Services hybrid solution
Prepare your environment
Validate the hybrid scenario
Governance
What is governance in SharePoint?
IT governance in SharePoint
Application management and governance in SharePoint
Information management and governance in SharePoint
Managed metadata planning
Configure the Managed Metadata service
How to use the Managed Solutions Gallery
Searching and using keywords in the eDiscovery Center
Export content and create reports in the eDiscovery Center
Create and run queries in the eDiscovery Center
Add content to a case and place sources on hold in the eDiscovery Center
eDiscovery and in-place holds in SharePoint Server
Plan for eDiscovery
Configure eDiscovery
Plan and manage cases in the eDiscovery Center
Records management in SharePoint Server
Create a file plan to manage records
Plan how records are collected
Use a records archive or manage records in place
Document management in SharePoint Server
Identify users and analyze document usage
Document library planning
Content type and workflow planning
Document set planning
Information management policy planning
Versioning, content approval, and check-out planning
Co-authoring overview
Configure versioning for co-authoring
Configure the co-authoring versioning period
Configure the maximum number of co-authoring authors
Disable co-authoring
Workflow in SharePoint Server
Getting started with SharePoint Server workflow
Install and configure workflow for SharePoint Server
Install Workflow Manager certificates in SharePoint Server
Video series: Install and configure Workflow in SharePoint Server 2013
Update Workflow in SharePoint Server
Administration
Server Management
Configure Request Manager in SharePoint Server
Global deployment of multiple farms
Global architectures for SharePoint Server
WAN performance and testing
SQL Server and storage
Overview of SQL Server in SharePoint Server 2016 and 2019 environments
Deploy Azure SQL Managed Instance with SharePoint Server 2016 and 2019
Overview of SQL Server in a SharePoint Server 2013 environment
Storage and SQL Server capacity planning and configuration
Database management
Add a content database
Attach or detach content databases
Move site collections between databases
Move content databases
Move all databases
Move or rename service application databases
Run a farm that uses read-only databases
Manage RBS
Best practices for SQL Server in a SharePoint Server farm
Configure log shipping
Backup and recovery overview
Backup and recovery planning
Prepare to back up and restore
Configure permissions for backup and restore
Backup
Back up a farm
Back up a farm configuration
Back up a web application
Back up a service application
Back up a User Profile Service application
Back up a Search service application
Back up the Secure Store Service
Back up a content database
Back up databases to snapshots
Back up customizations
Back up site collections
Back up apps for SharePoint
Export a site, list, or document library
Restore
Restore a farm
Restore a farm configuration
Document farm configuration settings
Copy configuration settings between farms
Restore a web application
Restore a service application
Restore a User Profile Service application
Restore a Search service application
Restore a Secure Store Service application
Restore a content database
Attach and restore a read-only content database
Restore content from an unattached content database
Restore customizations
Restore site collections
Restore apps for SharePoint
Import a list or document library
Best practices for backup and restore
High availability and disaster recovery concepts
Plan for disaster recovery
Plan for SQL Server Always On and Microsoft Azure disaster recovery
Supported high availability and disaster recovery options for SharePoint
databases
Plan for high availability
Disaster Recovery best practices for SharePoint Server and Access Services
Configure an AlwaysOn Availability Group
Performance planning in SharePoint Server 2013
Capacity management and sizing for SharePoint Server 2013
Capacity planning
Performance testing
Monitoring and maintaining
Optimize performance
Performance and capacity test results and recommendations for SharePoint 2013
Enterprise intranet collaboration performance and capacity
Web Content Management capacity and performance
Managed Metadata Service capacity and performance
Video content management capacity and performance
Compliance and eDiscovery capacity and performance
Social performance and capacity
Divisional collaboration performance and capacity
Managing a MinRole Server Farm in SharePoint Server 2016
Role conversion using MinRole in SharePoint Server 2016
Description of MinRole and associated services in SharePoint Server 2016
Remove a server from a farm in SharePoint Servers 2016 or 2019
Remove a server from a farm in SharePoint 2013
Uninstall SharePoint 2013
Uninstall SharePoint Servers 2016 or 2019
Custom Tiles in SharePoint Server 2016
Configure server-to-server authentication
Replace the STS certificate
Turn on automated document translation
Manage the Distributed Cache service
Plan for feeds and the Distributed Cache service
General guidance for hosters in SharePoint Server 2013
Understanding multi-tenancy in SharePoint Server 2013
Plan service deployment in SharePoint Server
SharePoint Server design samples: Corporate portal and extranet sites
Host-named site collection architecture and deployment in SharePoint Server
Update a web application URL and IIS bindings for SharePoint Server
Plan alternate access mappings for SharePoint Server
Configure alternate access mappings for SharePoint Server
Install and manage apps for SharePoint Server
Plan for apps for SharePoint
Configure an environment for apps for SharePoint
Manage the App Catalog
Add apps for SharePoint to a SharePoint site
Remove app for SharePoint instances from a SharePoint site
Monitor apps for SharePoint
Monitor and manage app licenses
Email integration planning
Incoming email planning
Outgoing email planning
Configure Exchange Autodiscover with a My Site Host URL
Configure email integration
Incoming email configuration
Outgoing email configuration
Configure Exchange task synchronization
Configure site mailboxes in SharePoint
Service application management
Start or stop a service
Assign or remove administrators of service applications
Configure automatic password change
Delete a service application
Share service applications across farms
Exchange trust certificates between farms
Publish a service application
Set permission to a published service application
Connect to a service application on a remote farm
Add or remove a service application connection to a Web application
Restrict or enable access to a service application
Monitoring overview
Using Administrative Actions logging in SharePoint Server 2016
Configure SharePoint Hybrid Auditing (Preview)
Configure monitoring
Configure diagnostic logging
Configure SharePoint Health Analyzer timer jobs
Configure usage and health data collection
Configure SharePoint Health Analyzer rules
Overview of scripted monitoring configuration
Profile schema reference
Run scripted monitoring configuration
View reports and logs
View health reports
View diagnostic logs
View timer job status
Monitor cache performance
View data in the logging database
Monitoring planning
Overview of Access Services in SharePoint Server 2013
Set up and configure Access Services for Access apps
Set up and configure Access Services 2010 for web databases in SharePoint 2013
Web applications management
Manage permissions for a web application
Manage permission policies for a web application
Manage anonymous access for a web application
Extend a claims-based web application
Define managed paths
Cache settings operations
Cache settings configuration for a web application
Configure object cache user accounts
Flush the BLOB cache
Web content management
Overview of publishing to Internet, intranet, and extranet sites
Plan for Internet, intranet, and extranet publishing sites
Plan for cross-site publishing
Overview of cross-site publishing
Plan the logical architecture for cross-site publishing
Plan SharePoint authoring sites for cross-site publishing
Plan SharePoint publishing sites for cross-site publishing
Plan search for SharePoint cross-site publishing sites
Plan variations for multilingual cross-site publishing site
Overview of managed navigation
Plan navigation term sets
Variations overview
Plan for variations
Caching and performance planning
View usage reports
How to set up a product-centric website
An introduction to cross-site publishing
Stage 1: Create site collections for cross-site publishing
Stage 2: Import list content into the Product Catalog Site Collection
Stage 3: How to enable a list as a catalog
Stage 4: Set up search and enable the crawling of your catalog content
From site column to managed property - What's up with that?
Stage 5: Connect your publishing site to a catalog
Stage 6: Upload and apply a new master page to a publishing site
Stage 7: Upload page layouts and create new pages in a publishing site
Stage 8: Assign a category page and a catalog item page to a term
Stage 9: Configure the query in a Content Search Web Part on a category page
Stage 10: Configure the query in a Content Search Web Part on a catalog item
page
Stage 11: Upload and apply display templates to the Content Search Web Part
Stage 12: Plan to use refiners for faceted navigation in - Part I
Stage 13: Plan to use refiners for faceted navigation - Part II
Stage 14: Configure refiners for faceted navigation
Stage 15: Add refiners for faceted navigation to a publishing site
Stage 16: Add a Taxonomy Refinement Panel Web Part to a publishing site
How to display recommendations and popular items in SharePoint Server
An introduction to recommendations and popular items
Change the Content Search Web Part display template and use Windows
PowerShell to start Usage analytics
Add and configure the Recommended Items and Popular Items Web Part
Use recommendations and popular items on websites with anonymous users
View and configure usage analytics reports
Search Engine Optimization (SEO)
Integrating social media with public-facing websites
Configure web content management solutions
Configure cross-site publishing
Connect a publishing site to a catalog
Assign a category page and a catalog item page to a term
Configure Search Web Parts
Configure refiners and faceted navigation
Configure result sources for web content management
Create query rules for web content management
Configure recommendations and usage event types
Business intelligence
Software requirements for business intelligence
Excel Services overview
Configure Excel Services
BI capabilities in Excel and Excel Services
Data authentication for Excel Services
Data sources supported in Excel Services (SharePoint Server 2013)
Plan Excel Services Global Settings
Manage Excel Services global settings
Plan Trusted File Locations
Manage Excel Services trusted file locations
Plan Trusted Data Connection Libraries
Manage Excel Services trusted data connection libraries
Plan Excel Services Data Model settings
Manage Excel Services data model settings
Manage Excel Services trusted data providers
Manage Excel Services user defined function assemblies
Share data connections by using Excel and Excel Services (SharePoint Server
2013)
Share a SQL Server Analysis Services data connection using Excel Services
(SharePoint Server 2013)
Share a SQL Server data connection using Excel Services (SharePoint Server
2013)
Share an OLE DB or ODBC connection using Excel Services (SharePoint Server
2013)
Share workbooks by using Excel Services (SharePoint Server 2013)
Create an Excel Services dashboard using an OData data feed
Create an Excel Services dashboard using SQL Server Analysis Services data
Create an Excel Services dashboard using a Data Model (SharePoint Server
2013)
Configure PerformancePoint Services
PerformancePoint Services in SharePoint Server 2016 overview
Enable trusted locations for PerformancePoint Services
PerformancePoint Services application settings
Overview of Visio Services in SharePoint Server
Configure Visio Services
Plan Visio Services security in SharePoint Server
Plan Visio Services deployment in SharePoint Server
Data authentication for Visio Services in SharePoint Server
Use Visio Services with external lists in SharePoint Server
Use Visio Services with SharePoint lists
Configure the Secure Store Service
Plan the Secure Store Service in SharePoint Server
Secure Store for Business Intelligence service applications
Use Excel Services with Secure Store
Use PerformancePoint Services with Secure Store
Use Visio Services with Secure Store
Use Secure Store with SQL Server Authentication
Configure Power Pivot for SharePoint 2013
Data refresh using Secure Store
Data refresh using a specified account
Data refresh using the unattended data refresh account
Use Analysis Services EffectiveUserName in SharePoint Server
Use EffectiveUserName with Excel Services (SharePoint Server 2013)
Use EffectiveUserName in PerformancePoint Services
Configure AdventureWorks
User profiles and identities
Plan user profiles
Overview of profile synchronization in SharePoint Server 2013
Profile synchronization in SharePoint Server 2016
Plan profile synchronization for SharePoint Server 2013
Microsoft Identity Manager in SharePoint Servers 2016 and 2019
Install Microsoft Identity Manager for User Profiles in SharePoint Servers 2016
and 2019
Use a sample MIM solution in SharePoint Servers 2016 and 2019
Overview of Microsoft Identity Manager Synchronization Service in SharePoint
Servers 2016 and 2019
Deployment considerations for implementing Microsoft Identity Manager with
SharePoint Servers 2016 and 2019
People Picker and claims providers overview
Plan for People Picker
Plan for custom claims providers for People Picker
User Profile service administration
Add, edit, or delete custom properties for a user profile
Manage profile synchronization
Configure profile synchronization
Configure profile synchronization by using SharePoint Active Directory Import
Start profile synchronization manually
Schedule profile synchronization
Maintain profile synchronization
Create an audience for SharePoint Server
Create a web application in SharePoint Server
Configure basic authentication for a claims-based web application in SharePoint
Server
Configure digest authentication for a claims-based web application in SharePoint
Server
Edit general settings on a web application in SharePoint Server
Mobile devices overview
Plan for mobile views
Supported mobile device browsers
Mobile security and authentication
Authentication for mobile devices
Supporting the SharePoint mobile apps online and on-premises
Business Connectivity Services overview
Configure a Business Data Connectivity service application
Security tasks overview
Plan a Business Connectivity Services solution
Configure Business Connectivity Services solutions
Deploy an on-premises solution
Create Test and Developer Environments
Test lab guides
Configure SharePoint Server 2013 in a three-tier farm
Configure intranet and team sites
Demonstrate forms-based claims authentication
Demonstrate profile synchronization
Demonstrate SAML-based claims authentication
Demonstrate social features
Configure eDiscovery
Configure a highly available SharePoint Server 2013 Search topology
SharePoint 2013 dev/test environments in Azure
SharePoint Server 2016 in Microsoft Azure
SharePoint Server 2016 dev/test environment in Azure
Intranet SharePoint Server 2016 in Azure dev/test environment
Designing a SharePoint Server 2016 farm in Azure
Deploying SharePoint Server 2016 with SQL Server AlwaysOn Availability
Groups in Azure
SharePoint Intranet Farm in Azure Phase 1: Configure Azure
SharePoint Intranet Farm in Azure Phase 2: Configure domain controllers
SharePoint Intranet Farm in Azure Phase 3: Configure SQL Server
Infrastructure
SharePoint Intranet Farm in Azure Phase 4: Configure SharePoint servers
SharePoint Intranet Farm in Azure Phase 5: Create the availability group and
add the SharePoint databases
Integrate Yammer with on-premises SharePoint Server
Yammer networks, groups, and users overview
Social scenarios with Yammer and SharePoint Server
Integrate a new Yammer network into SharePoint Server
Integrate a single Yammer network into SharePoint Server
Integrate multiple Yammer networks into SharePoint Server
Integrate a Yammer network into SharePoint Server with social features
Integrate a Yammer network into SharePoint Server and Office 365
Add Yammer to the SharePoint Server navigation
Hide SharePoint Server default social features
Add the Yammer Embed widget to a SharePoint page
Troubleshoot
Claims authentication does not validate user
Troubleshoot common fine-grained permissions issues
SharePoint site inaccessible
Upgrade SharePoint 2013 to SharePoint 2016 through Workflow Manager
Upgrade SharePoint 2016 to SharePoint 2019 through Workflow Manager
After installing .NET security patches to address CVE-2018-8421, SharePoint
crawler may fail
Technical reference
System Center Operations Manager knowledge articles
Access Services in SharePoint Server
Machine Translation service in SharePoint Server
Search in SharePoint Server
Visio Services in SharePoint Server
Project Server 2013 knowledge articles
Database types and descriptions
SharePoint Health Analyzer rules reference
A State Service Application has no database defined
Accounts used by application pools or service identities are in the local machine
Administrators group
All State Service databases are paused for a State Service Application
Application pools recycle when memory limits are exceeded
Business Data Connectivity connectors are currently enabled in a partitioned
environment
Cached objects have been evicted
Content databases contain orphaned Apps
Critical state of this rule indicates that the Word Automation Services is not running
when it should be running
Databases exist on servers running SharePoint Foundation
Databases require upgrade or not supported
Databases running in compatibility range, upgrade recommended
Databases within this farm are set to read only and will fail to upgrade unless it is
set to a read-write state
Databases used by SharePoint have outdated index statistics
Dedicated crawl target configuration has one or more invalid servers
Distributed cache service is not configured on server(s)
Distributed cache service is not enabled in this deployment
Distributed cache service is unexpectedly configured on server(s)
Drives used for SQL databases are running out of free space
Expired sessions are not being deleted from the ASP.NET Session State database
Firewall client settings on the cache host are incorrect
Immediate translations for the Machine Translation service are disabled
InfoPath form library forms cannot be filled out in a Web browser
InfoPath Forms Services forms cannot be filled out in a Web browser because no
State Service connection is configured
More cache hosts are running in this deployment than are registered with
SharePoint
One of the cache hosts in the cluster is down
One or more servers is not responding
One or more servers can't retrieve People Picker credentials
One or more servers can't retrieve the outgoing email credentials
One or more web applications are configured to use Windows Classic
authentication
Product / patch installation or server upgrade required
Some content databases are growing too large
The Application Discovery and Load Balancer Service is not running in this farm
The InfoPath Forms Services Maintenance Timer Job not enabled
The Machine Translation Service is not running when it should be running
The number of Distributed Cache hosts in the farm exceeds the recommended
value.
The Security Token Service is not available
The settings for the Machine Translation Service are not within the recommended
limits
The settings for Word Automation Services are not within the recommended limits
The State Service Delete Expired Sessions timer job is not enabled
The timer service failed to recycle
The unattended Service Account Application ID is not specified or has an invalid
value
The Visio Graphics Service has a maximum cache age setting that will adversely
impact performance
The Visio Graphics Service has a maximum cache size setting that may adversely
impact performance
The Visio Graphics Service has a maximum recalc duration setting that will
adversely impact user perceived performance
The Visio Graphics Service has a maximum Web Drawing Size setting that will
adversely impact performance
The Visio Graphics Service has a minimum cache age setting that may cause a
security issue
The Visio Graphics Service has a minimum cache age setting that will adversely
impact performance
This Distributed Cache host may cause cache reliability problems
Verify each User Profile service application has a My Site host configured
Verify each User Profile Service Application has an associated Managed Metadata
Service Connection
Verify each User Profile Service Application has an associated Search Service
Connection
Verify that OAuth is configured correctly for the Machine Translation Service
application
Verify that OAuth is configured correctly for the Machine Translation Service
application proxy
Verify that the Activity Feed Timer Job is enabled
Verify that the critical User Profile Application and User Profile Proxy Application
timer jobs are available and have not been mistakenly deleted
Web Applications using Claims authentication require an update
Web.config file has incorrect settings for the requestFiltering element
Web.config files are not identical on all machines in the farm
XLIFF translations for the Machine Translation Service is disabled
The server farm account should not be used for other services
Databases used by SharePoint have fragmented indices
The paging file size should exceed the amount of physical RAM in the system
Automatic Update setting inconsistent across farm servers
Built-in accounts are used as application pool or service identities
Missing server side dependencies
One or more categories are configured with Verbose trace logging
Outbound e-mail has not been configured
Server role configuration isn't correct
One or more app domains for web applications aren't configured correctly
Drives are running out of free space
Drives are at risk of running out of free space
Content databases contain orphaned items
The Net.Pipe Listener Adapter isn't available
One or more services have started or stopped unexpectedly
The current server is running low on memory
Timer job reference for SharePoint Server
Default timer jobs in SharePoint Server 2019
Default timer jobs in SharePoint Server 2016
Default timer jobs in SharePoint 2013
Search technical reference
Default crawled file name extensions and parsed file types
Default connectors
Linguistic search features
Crawled and managed properties overview
Query variables
Result types and display templates that are used to display search results
Supported and unsupported Documentum object types and properties
Publishing technical reference
Automatically created managed properties in SharePoint
Stsadm to Microsoft PowerShell mapping
Display template reference in SharePoint Server
Technical diagrams
SharePoint PowerShell
Product Servicing Policy
Updated Product Servicing Policy for SharePoint Server 2019
Updated Product Servicing Policy for SharePoint Server 2016
Updated Product Servicing Policy for SharePoint 2013
This guide helps IT Pros plan, deploy, and manage SharePoint Server 2016 and 2013 in their enterprise environments.
Get started
Migration
Hybrid
Community
Product feedback
Install
SharePoint Server 2016 and 2019
Large scale farms
Small scale farms
SharePoint Server 2013
Large scale farms
Small scale farms
Legacy content
SharePoint Server 2007 end of support roadmap
Upgrading from Server 2010 and end of support
SharePoint Server 2010
SharePoint Server 2007
Accessibility guidelines in SharePoint Server 2016
6/7/2019 • 2 minutes to read • Edit Online
See also
Other Resources
Microsoft accessibility
Accessibility features in SharePoint Online
Accessibility support for enterprise
What's new
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
New and improved features in SharePoint Server 2019 Learn about the new features and updates to existing features
in SharePoint Server 2019.
What's deprecated or removed from SharePoint Server 2019 Learn about the features and functionality that are deprecated
or removed in SharePoint Server 2019.
New and improved features in SharePoint Server 2016 Learn about the new features and updates to existing features
in SharePoint Server 2016.
New features in November 2016 PU for SharePoint Server Learn about the new features that are included in the
2016 (Feature Pack 1) November 2016 Public Update for SharePoint Server 2016
(Feature Pack 1).
New features in September 2017 PU for SharePoint Server Learn about the new features that are included in the
2016 (Feature Pack 2) September 2017 Public Update for SharePoint Server
2016(Feature Pack 2).
What's deprecated or removed from SharePoint Server 2016 Learn about the features and functionality that are deprecated
or removed in SharePoint Server 2016.
See also
Other Resources
What is SharePoint
About SharePoint
New and improved features in SharePoint Server 2019
6/7/2019 • 13 minutes to read • Edit Online
Related Topics
What is SharePoint?
New development capabilities for SharePoint 2019
What's deprecated or removed from SharePoint
Server 2019
6/7/2019 • 8 minutes to read • Edit Online
Definitions
Different customers may have different interpretations of terms such as “deprecated.” To ensure that customers
fully understand what we mean by the terminology in this document, we’re including this brief definition of each
term.
Deprecated
A deprecated feature is no longer being invested in by Microsoft and we discourage customers from taking a
dependency on it if they haven’t used it before. Deprecated features are still supported by Microsoft in
SharePoint Server 2019 for customers who are already using this feature in previous releases and need the
feature for backward compatibility. Deprecated features may be removed in future major releases of
SharePoint Server with no additional notice. Customers should begin to explore their options for migrating
away from these features.
Removed
A removed feature is no longer supported by Microsoft in SharePoint Server 2019. In many cases the
feature is actually removed from the product, but in some cases it may still be present. A feature labeled as
“removed” is unsupported even if the feature is still present in the product.
Summary of features
The following table provides a summary of the new features that you can try out in this SharePoint Server 2016
release.
Access Services New Access features are available when For more information, see Access
you deploy Access Services in Services plus Access client and server.
SharePoint Server 2016 .
Compliance features New compliance features for SharePoint For more information, see Compliance
Server 2016 include the document features.
deletion and in-place hold policies.
Document Library accessibility SharePoint Server 2016 includes new For more information, see Document
document library accessibility features. Library accessibility.
Encrypted Connections SharePoint Server 2016 supports TLS For more information, see Encrypted
1.2 connection encryption by default. connections.
Fast Site Collection Creation The Fast Site Collection Creation feature For more information, see Fast Site
is a rapid method to create site Collection Creation.
collections and sites in SharePoint.
Filenames - expanded support for SharePoint Server 2016 now supports For more information, see File names -
special characters using some special characters in file expanded support for special
names that were blocked in previous characters.
versions.
FEATURE DESCRIPTION MORE INFORMATION
Hybrid in SharePoint 2016 Hybrid in SharePoint Server 2016 For more information, see Hybrid in
enables you to integrate your on- SharePoint Server 2016.
premises farm with Office 365
productivity experiences, allowing you
to adopt the cloud at your own pace.
Identify and search for sensitive SharePoint Server 2016 now provides For more information, see Identify and
content the same data loss prevention search for sensitive content in both
capabilities as Office 365. SharePoint Server 2016 and OneDrive
documents.
Image and video previews You can now preview images and For more information, see Image and
videos in SharePoint Server 2016 video previews.
document libraries.
Information Rights Management SharePoint Server 2016 provides For more information, see Information
Information Rights Management (IRM) Rights Management.
capabilities to secure information by
encrypting and securing information on
SharePoint libraries with OneDrive for
Business.
Large file support SharePoint Server 2016 now supports For more information, see Large file
uploading and downloading files larger support.
than 2,047 MB.
MinRole MinRole is a new feature in SharePoint For more information, see MinRole farm
Server 2016 that allows a SharePoint topology.
farm administrator to define each
server's role in a farm topology.
Mobile experience SharePoint Server 2016 offers an For more information, see Mobile
improved mobile navigation experience. experience.
New features in November 2016 PU The November 2016 Public Update for For more information, see New features
for SharePoint Server 2016 (Feature SharePoint Server 2016 (Feature Pack in November 2016 PU for SharePoint
Pack 1) 1) offers seven new features for Server 2016 (Feature Pack 1).
SharePoint Server 2016.
New controls for working with SharePoint Server 2016 provides For more information, see New controls
OneDrive for Business controls at the top of your personal for working with OneDrive for Business.
document folders that make common
tasks in OneDrive for Business more
accessible.
New Recycle Bin in OneDrive and SharePoint Server 2016 adds a link for NA
Team sites the Recycle Bin in the left navigation
area of the OneDrive and Team sites.
Open Document Format (ODF) SharePoint Server 2016 adds support For more information, see Open
for Open Document Format (ODF) files Document Format (ODF) available for
to use in document library templates. document libraries.
Project Server New Project Server features are For more information, see Project
available in SharePoint Server 2016. Server 2016 .
FEATURE DESCRIPTION MORE INFORMATION
ReFS file system support SharePoint Server 2016 now supports For more information about the ReFS
drives that are formatted with the ReFS file system, see Resilient File System
file system. Overview and Resilient file system.
SharePoint business intelligence SharePoint Server 2016 now supports For more information about SharePoint
SQL Server 2016 CTP 3.1 and the business intelligence, see Power Pivot
Power Pivot add-in and Power View. add-in and Power View are now
available to use with SharePoint Server
2016.
SharePoint Search SharePoint Search Server Application For more information, see SharePoint
has significant changes to its Search Service application.
deployment.
Sharing improvements SharePoint Server 2016 has many new For more information, see Sharing.
sharing improvements available.
Site Folders view SharePoint Server 2016 provides a new For more information, see Site folders
Site Folders view that lets you access view.
the document libraries in sites that
you're following.
Sites page pinning This new feature helps you see and For more information, see Sites page
follow sites. pinning.
SMTP Connection Encryption SharePoint Server 2016 supports For more information, see SMTP
sending email to SMTP servers that use connection encryption.
STARTTLS connection encryption.
SMTP ports (non-default) SharePoint Server 2016 adds support For more information, see Use SMTP
for SMTP servers that use TCP ports ports other than the default (25).
other than the default port (25).
Web Application Open Platform You can now rename files, create new NA
Interface Protocol (WOPI) files, and share files from within the
WOPI iframe on the browser page.
NOTE
The state of Central Administration does not affect whether a server is considered compliant with MinRole. The MinRole
health rule will not attempt to provision or unprovision Central Administration.
Compliance features
The document deletion policy allows you to delete documents in users' OneDrive for Business sites after specific
periods of time. The In-Place Hold policy allows administrators to preserve documents, email, and other files.
For more information, see Overview of document deletion policies.
Document Library accessibility
The following features are now available for working in SharePoint Server 2016 document libraries:
Landmarks to a page make it easier to navigate, and there are alt text improvements for all major
navigation links.
Keyboard shortcuts are provided for the following document tasks:
Alt + N - N ew
Alt + E - E dit
Alt + U - U pload
Alt + M - M anage
Alt + S - S hare
Alt + Y - S y nchronization
Focus improvements, such as keeping focus on prior elements and focus trapping.
Announcements for upload progress.
Announcements for file name and file types when browsing folder and file lists.
Improved callout reading.
Fixed use of color issues for views switcher.
Updates to the Help documentation.
Encrypted connections
When you set up an SSL binding in Internet Information Services (IIS ) Manager to host your web application,
SharePoint uses TLS 1.2 connection encryption if your client application supports it. SharePoint also supports TLS
1.2 connection encryption when connecting to other systems, for example when crawling websites.
NOTE
A security vulnerability was identified in the SSL 3.0 protocol that can allow an attacker to decrypt data. For enhanced
security, some SharePoint features now disable SSL 3.0 connection encryption by default, as well as certain encryption
algorithms (for example RC4) with known weaknesses. SharePoint disables SSL 3.0 connection encryption by default for
some, but not all features. To ensure that SSL 3.0 is disabled for all features, you should disable it in Windows by editing the
Windows Registry. For more information, see the "Disable SSL 3.0 in Windows For Server Software", and "For Client
Software", workarounds in Microsoft Security Advisory 3009008.
IMPORTANT
Restricted characters such as % and # are still not allowed in file names. Page file names, such as wiki pages, may not contain
the following characters: " # % * : < > ? \ / | nor can they begin with a leading dot (period) character.
Front-end with Distributed Cache Shared role that combines the Front-end and Distributed
Cache roles on the same server.
Note:
This shared role was introduced in the November Public
Update for SharePoint Server 2016 (Feature Pack 1).
SERVER ROLE DESCRIPTION
Application with Search Shared role that combines the Application and Search roles on
the same server.
Note:
This shared role was introduced in the November Public
Update for SharePoint Server 2016 (Feature Pack 1).
For more information about the MinRole feature, see Overview of MinRole Server Roles in SharePoint Server
2016 and Planning for a MinRole server deployment in SharePoint Server 2016.
Mobile experience
When you use a mobile device to access the home page for a SharePoint Server 2016 team site, you can tap tiles
or links on the screen to navigate the site. You can also switch from the mobile view to PC view, which displays site
pages as they are seen on a client computer. This view is also touch enabled.
New controls for working with OneDrive for Business
You can click a control to create new Office documents, upload files, synchronize your files for offline use, and
share your files. For more information, see "Simple controls" on The OneDrive Blog.
Open Document Format (ODF ) available for document libraries
The Open Document Format (ODF ) enables you to create new files in a document library and save as ODF files
so that users can edit the new file with a program they choose. For more information, see Set Open Document
Format (ODF ) as the default file template for a library.
Project Server 2016
Project Server 2016 for SharePoint Server 2016 has many new capabilities and features, including:
Resource Engagements: Now project managers can request needed resources from resource managers
to complete their projects. Also, resource managers can use the new heat map functionality to see where
resources are spending their time.
Multiple Timelines: Project and Portfolio managers can now create richer timelines that display multiple
timelines in a single view.
Simpler administration: Project Server now has multi-tenant storage capabilities and has combined data
storage with SharePoint. This greatly reduces IT overhead by eliminating the dedicated Project Server
database and improves backup and restore capabilities.
Cloud grade performance and scale: Many performance and scalability improvements that have been
added to Project Online have also been added to Project Server 2016.
For more information, see What's new for IT pros in Project Server 2016 Preview.
IMPORTANT
Project Server 2016 is installed with SharePoint Server 2016 Enterprise, though is licensed separately. For more information
about Project Server licensing, see Licensing Project.
Power Pivot add-in and Power View are now available to use with SharePoint Server 2016
SQL Server 2016 CTP 3.1 is now available. You can now download SQL Server 2016 CTP 3.1 to use the Power
Pivot for SharePoint add-in. You can also use Power View by installing SQL Server Reporting Services (SSRS ) in
SharePoint-integrated mode and the SSRS front-end add-in from the SQL Server installation media.
Download SQL Server 2016 CTP 3.1 from Microsoft Download Center.
The following SharePoint Server 2016 business intelligence features are available when you upgrade to SQL
Server 2016 CTP 3.1:
Power Pivot Gallery
Scheduled Data Refresh
Workbooks as a Data Source
Power Pivot Management Dashboard
Power View reports
Power View Subscriptions
Report Alerting
For more information, download the new Deploying SQL Server 2016 PowerPivot and Power View in SharePoint
2016 white paper. For details about configuring and deploying business intelligence in a multiple server
SharePoint Server 2016 farm, download Deploying SQL Server 2016 PowerPivot and Power View in a Multi-Tier
SharePoint 2016 Farm.
Request Manager service improvements
SharePoint Request Manager now provisions on the server roles shown in the following list, to support both
throttling and routing scenarios:
Application
Distributed Cache
Front-End
Additionally, the Request Manager service will no longer prevent sites from rendering when the service is enabled
while you have no routing rules defined.
Sharing
The following list shows the sharing improvements that are available for SharePoint Server 2016:
Create and Share folder
Sharing Hint
See who the folder is shared with when viewing a folder
Members can share
Improved invitation mail
One-click email to approve or deny a request for access
Recently Shared Items cache, see Enable the Recently Shared Items (RSI) cache to quickly populate the
Shared with Me view.
SharePoint Search Service application
SharePoint Search supports indexing of up to 500 million items per Search Server application. For more
information, see Overview of search architecture in SharePoint Server. For information about SharePoint cloud
hybrid search, see Learn about cloud hybrid search for SharePoint.
Simplified SSL configuration for Central Administration site
We've simplified the process for configuring Central Administration to use SSL bindings. The following command
parameters are now available to use:
New-SPCentralAdministration -Port <number> -SecureSocketsLayer
You must assign a server certificate to the Central Administration IIS web site by using the IIS administration
tools. The Central Administration web application won't be accessible until you do this.
If you specify port 443, it will automatically create an SSL binding instead of an HTTP binding even if you don't
include the SecureSocketsLayer or SSL parameters.
The Central Administration public AAM URL will be automatically updated to use the appropriate protocol
scheme, server name, and port number.
Site collection upgrades
There are three options available for upgrading site collections. For more information, see Upgrade a site
collection to SharePoint Server 2016.
SMTP connection encryption
The following list shows the SharePoint 2016 requirements that are needed to negotiate connection encryption
with an SMTP server:
1. STARTTLS must be enabled on the SMTP server.
2. The SMTP server must support the TLS 1.0, TLS 1.1, or TLS 1.2 protocol.
IMPORTANT
SSL 2.0 and SSL 3.0 protocols are not supported.
To configure SharePoint to never use SMTP connection encryption in SharePoint Central Administration, browse
to System Settings > Configure outgoing email settings and set the Use TLS connection encryption drop-
down menu to No. To configure SharePoint to never use SMTP connection encryption in PowerShell, use the
Set-SPWebApplication cmdlet with the DisableSMTPEncryption parameter. For example:
$WebApp = Get-SPWebApplication -IncludeCentralAdministration | ? { $_.IsAdministrationWebApplication -eq $true
}
Set-SPWebApplication -Identity $WebApp -SMTPServer smtp.internal.contoso.com -DisableSMTPEncryption -
OutgoingEmailAddress sharepoint@contoso.com -ReplyToEmailAddress
sharepoint@contoso.com
NOTE
If SharePoint is configured to use SMTP connection encryption, it will only send email messages if it successfully negotiates
connection encryption with the SMTP server. It will not fall back and send email messages unencrypted if connection
encryption negotiation fails. If SharePoint is not configured to use SMTP connection encryption, it will always send email
messages unencrypted, even if the SMTP server supports connection encryption. > Using SMTP connection encryption
does not enable SMTP authentication. SMTP requests are always sent anonymously.
Related Topics
What is SharePoint?
New features in November 2016 PU for SharePoint
Server 2016 (Feature Pack 1)
6/7/2019 • 2 minutes to read • Edit Online
Summary of features
The following table provides a summary of the new features and enhancements that are included in the
November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) release.
MinRole enhancements The MinRole feature in SharePoint For more information, see "Minrole
Server 2016 now includes two new enhancements" in Overview of MinRole
server roles and enhanced support for Server Roles in SharePoint Server 2016.
small farms.
SharePoint Custom Tiles SharePoint administrators can now add For more information, see Custom Tiles
SharePoint and Office 365 workloads as in SharePoint Server 2016.
custom tiles in SharePoint app launcher.
Hybrid Taxonomy Hybrid Taxonomy is a new solution that For more information, see SharePoint
you can use to create and maintain a Hybrid Taxonomy.
shared taxonomy between your
SharePoint Server 2016 farm and your
SharePoint Online tenant.
Administrative Actions Logging The Administrative Actions Logging For more information, see Using
feature provides logging around Administrative Actions logging in
common SharePoint administrative SharePoint Server 2016 topic.
actions to aid SharePoint administrators
in troubleshooting changes to their
farm.
OneDrive API for SharePoint on- The OneDrive API provides a support For more information, see OneDrive
premises and Office 365 for access to files located in SharePoint API.
Server 2016 and in Office 365. Use it to
work with data stored in OneDrive and
across SharePoint sites.
SharePoint Hybrid Auditing This new feature for SharePoint Server For more information, see SharePoint
2016 lets administrators view user Hybrid Auditing (Preview).
activity logs in the Microsoft 365 admin
center.
FEATURE DESCRIPTION MORE INFORMATION
OneDrive for Business modern OneDrive for Business end user For more information, see Configure
experience experience has been updated with new the OneDrive for Business modern user
functionalities from O365. experience.
The OneDrive for Business modern user
experience requires an active Software
Assurance contract at the time it is
enabled.
See also
Concepts
SharePoint Server
New and improved features in SharePoint Server 2016
Other Resources
What's new in SharePoint Server 2016
New features in September 2017 PU for SharePoint
Server 2016 (Feature Pack 2)
6/7/2019 • 2 minutes to read • Edit Online
IMPORTANT
Feature Pack 2 contains all of the new features that shipped with Feature Pack 1. You don't need to separately install Feature
Pack 1 and then install Feature Pack 2. Feature Pack 2 is included in all future Public Updates for SharePoint Server 2016,
beginning with the September 2017 Public Update.
Related Topics
SharePoint Server
New and improved features in SharePoint Server 2016
New features in November 2016 PU for SharePoint Server 2016 (Feature Pack 1)
What's new in SharePoint Server 2016
See also
Other Resources
Deploy SharePoint Framework web parts to SharePoint Server 2016 with Feature Pack 2
What's deprecated or removed from SharePoint
Server 2016
6/19/2019 • 4 minutes to read • Edit Online
SharePoint BI capabilities
If you want to use Microsoft SQL Server Power Pivot for SharePoint or Microsoft Power View for SharePoint for
BI solutions with SharePoint Server 2016 you must install the Power Pivot or Power View add-ins for SQL Server
2016 RTM. The SQL Server 2014 (SP1) Power Pivot for SharePoint and Power View for SharePoint add-ins
cannot be deployed or used with SharePoint Server 2016. To deploy these add-ins you need to upgrade to SQL
Server 2016 RTM. For more information, see New and improved features in SharePoint Server 2016. The
following business intelligence features are available with SharePoint Server 2016 when you download SQL
Server 2016 RTM:
Power Pivot Gallery
Scheduled Data Refresh
Using another workbook's Data Model as a data source
Power View reports (standalone or embedded in Excel workbooks)
Power View Subscriptions and Report Alerting
Power Pivot Management Dashboard
BISM Link support
Where :
<http://site.contoso.com> is the URL to an existing SharePoint root site where you want to export the tags
and notes from.
<tagsandnotes.zip> is the name you give to the .zip file that you want to export.
Stsadm.exe
We recommend that you use Microsoft PowerShell when you perform command-line administrative tasks. The
Stsadm command-line tool has been deprecated, but it is included to support compatibility with previous product
versions.
Getting started
6/7/2019 • 2 minutes to read • Edit Online
What is SharePoint?
SharePoint is a powerful collaboration platform that lets you share and manage content, knowledge, and
applications to empower teamwork.
SharePoint Server can be used on-premises or with an Office 365 enterprise subscription to take advantage of all
the latest features. Share common resources and applications on sites. Use search to discover information and
expertise across your organization. And stay in the know with personalized news in SharePoint home and the
SharePoint mobile apps.
To learn more, go to Learn about SharePoint.
Where do I start?
If you are new to SharePoint Server, make a plan as to what you want to do and where you are going. If you have
never deployed SharePoint, consider how large an installation you need. Do you have a large enterprise
environment with hundreds or more licenses? Or do you have smaller deployment in mind? Your hardware
requirements and budget may also be a factor in your deployment.
Depending on your version, system requirements and prerequisites could vary.
2019 Prerequisites
2016 Prerequisites
2013 Prerequisites
A large enterprise and want to install SharePoint Server 2016? Install SharePoint Server 2016 on the farm servers
A smaller division or smaller company that will deploy a small Install SharePoint Server 2016 on one server
SharePoint 2016 farm?
I have SharePoint Server 2013 installed and want to upgrade Upgrade to SharePoint Server 2019
to SharePoint 2019
I have SharePoint Server 2013 installed and want to upgrade Upgrade to SharePoint Server 2016
to SharePoint 2016
I have SharePoint Server 2010 installed and want to upgrade Upgrade from SharePoint 2010 to SharePoint 2013
to SharePoint 2013
How do I apply updates to SharePoint Server 2013? Deploy software updates for SharePoint 2013
How do I apply updates to SharePoint Server 2016? Deploy software updates for SharePoint Server 2016
Decide which hybrid solution you should use for your Explore SharePoint Server hybrid
business?
Find out how you can move your data from on-premises to Migrate to SharePoint Online
SharePoint Online?
Security for SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Secure Sockets Layer (SSL) and Describes the versions of the Secure
Transport Layer Security (TLS) protocol Sockets Layer (SSL) and Transport Layer
support in SharePoint Server Security (TLS) protocols that SharePoint
Server 2016 supports.
Enable TLS 1.1 and TLS 1.2 support in Describes how to enable Transport
SharePoint Server 2016 Layer Security (TLS) protocol versions
1.1 and 1.2 in a SharePoint Server 2016
environment. SharePoint Server 2016
fully supports TLS 1.1 and TLS 1.2.
IMPORTANT
Do not use service account names that contain the symbol $ with the exception of using a Group Managed Service Account
for SQL Server.
Use this article along with Initial deployment administrative and service accounts in SharePoint Server.
The initial deployment administrative and service accounts article describes the specific account and permissions
that you need to grant prior to running Setup.
This article does not describe the account requirements for using Secure Store service in SharePoint Server. For
more information, see Plan the Secure Store Service in SharePoint Server.
SQL Server service account The SQL Server service account is used Use either a domain user account or
to run SQL Server. It is the service preferably, a Group Managed Service
account for the following SQL Server Account.
services: If you plan to back up to or restore
MSSQLSERVER from an external resource, permissions
SQLSERVERAGENT to the external resource must be
If you do not use the default SQL Server granted to the appropriate account. If
instance, in the Windows Services you use a domain user account or
console, these services will be shown as Group Managed Service Account for the
the following: SQL Server service account, grant
MSSQL<InstanceName> permissions to that domain user
SQLAgent<InstanceName> account. However, if you use the
Network Service or the Local System
account, grant permissions to the
external resource to the machine
account (<domain_name>\
<SQL_hostname>).
The instance name is arbitrary and was
created when SQL Server was installed.
Farm administrator user account The farm administrator user account is a Domain user account.
uniquely identifiable account assigned Member of the Administrators group
to a SharePoint administrator. It is used on each SharePoint server in the farm.
to run the following: Member of the following SQL Server
Setup role (optional): sysadmin fixed server
SharePoint Products Configuration role.
Wizard If you run Windows PowerShell cmdlets
that affect a database, this account
must be a member of the db_owner
fixed database role for the database or a
member of the sysadmin fixed server
role on SQL.
Farm service account The farm service account is used to Domain user account.
perform the following tasks: Additional permissions are automatically
Act as the application pool identity for granted for the server farm account on
the SharePoint Central Administration Web servers and application servers
website. that are joined to a server farm.
Run the Microsoft SharePoint The server farm account is automatically
Foundation Workflow Timer Service. added as a SQL Server login on the
computer that runs SQL Server. The
account is added to the following SQL
Server security roles:
* dbcreator fixed server role
* securityadmin fixed server role
* db_owner fixed database role for all
SharePoint databases in the server farm
This account should not be used
interactively by an administrator.
Access Services X
Excel Services X
PerformancePoint Service X
Search Service X
NOTE
This account is used as the identity for the service application endpoint application pool. Unless there are specific isolation
requirements, the application pool can be used to host multiple service application endpoints. For Excel Services, Managed
Metadata service, PerformancePoint service, and Search service you must be a domain user account. Also Excel Services is
only available in SharePoint Server 2013.
Excel Services X
PerformancePoint Service X
NOTE
Excel Services used with workbooks to refresh data. It is required when workbook connections specify "None" for
authentication, or when any credentials that are notWindows credentials are used to refresh data. PerformancePoint service
is used for authenticating with data sources. Visio service is used with documents to refresh data. It is required when
connecting to data sources that are external to SharePoint Server, such as SQL Server.
Default Content Access Search Crawl content Read access to the content
being crawled
NOTE
The default account for crawling content. A Search service application administrator can create crawl rules to specify other
accounts to crawl specific content. Must have Read Access to the content being crawled. Full Read permissions must be
granted explicitly to content that is outside the local farm. Full Read permissions are automatically configured for content
databases in the local farm. Requires Manage auditing and security log right in the Local User Policy on Windows file
servers it is configured to crawl.
Search Service Search Run the Windows Search Be a domain user account
services
SERVICE NAME IN SHAREPOINT SERVER IN SHAREPOINT FOUNDATION
Farm administrator User Profile Synchronization Runs the Forefront Identity Farm administrator account;
Service Manager services Local administrator where
the User Profile
Synchronization Service is
started
Synchronization Connection User Profile Service Connect to user identity Replicate directory changes
stores (Active Directory), read
access (other directories)
NOTE
Replicating Directory Changes permissions on the configuration partition of the domains being synchronized if the NetBIOS
and fully qualified domain name (FQDN) names do not match.
App management X X
PowerPoint Conversion PowerPoint Conversion Convert PowerPoint files to Farm administrator role
Service Services other file formats (SharePoint Server 2013
only)
Machine Translation service Machine Translation service Perform automated machine N/A
translations
Access Services 2013 Access Services Interact with Access 2013 N/A
databases in a browser
Work management X
Distributed Cache X X
NOTE
Some of the features that use the Distributed Cache service include:Newsfeeds, Authentication, OneNote client access,
Security Trimming, and improves Page load performance. At least one Distributed Cache server is required in the farm.
ACCOUNT PURPOSE
ACCOUNT PURPOSE
Application pool identity The user account that the worker processes that service the
application pool use as their process identity. This account is
used to access content databases that are associated with the
web applications that reside in the application pool.
IMPORTANT
We do not recommend this configuration in a production environment.
Farm administrator user account Member of the Administrators group on the local computer.
IMPORTANT
Accounts in this table apply only to SharePoint Server.
ACCOUNT REQUIREMENTS
SharePoint Server Search Service By default, this account runs as the Local System account. If
you want to crawl remote content by changing the default
content access account or by using crawl rules, change this to
a domain user account. If you do not change this account to a
domain user account, you cannot change the default content
access account to a domain user account or add crawl rules to
crawl this content. This restriction is designed to prevent
elevation of privilege for any other process running as the
Local System account.
ACCOUNT REQUIREMENTS
SQL Server service account The SQL Server service account is used Use either a domain user account or
to run SQL Server. It is the service preferably, a Group Managed Service
account for the following SQL Server Account.
services: If you plan to back up to or restore
MSSQLSERVER from an external resource, permissions
SQLSERVERAGENT to the external resource must be
If you do not use the default SQL Server granted to the appropriate account. If
instance, in the Windows Services you use a domain user account or
console, these services will be shown as Group Managed Service Account for the
the following: SQL Server service account, grant
MSSQL<InstanceName> permissions to that domain user
SQLAgent<InstanceName> account. However, if you use the
Network Service or the Local System
account, grant permissions to the
external resource to the machine
account (<domain_name>\
<SQL_hostname>).
The instance name is arbitrary and was
created when SQL Server was installed.
Farm administrator user account The farm administrator user account is a Domain user account.
uniquely identifiable account assigned Member of the Administrators group
to a SharePoint administrator. It is used on each SharePoint server in the farm.
to run the following: Member of the following SQL Server
Setup role (optional): sysadmin fixed server
SharePoint Products Configuration role.
Wizard If you run Windows PowerShell cmdlets
that affect a database, this account
must be a member of the db_owner
fixed database role for the database or a
member of the sysadmin fixed server
role on SQL.
Farm service account The farm service account is used to Domain user account.
perform the following tasks: Additional permissions are automatically
Act as the application pool identity for granted for the server farm account on
the SharePoint Central Administration Web servers and application servers
website. that are joined to a server farm.
Run the Microsoft SharePoint The server farm account is automatically
Foundation Workflow Timer Service. added as a SQL Server login on the
computer that runs SQL Server. The
account is added to the following SQL
Server security roles:
* dbcreator fixed server role
* securityadmin fixed server role
* db_owner fixed database role for all
SharePoint databases in the server farm
This account should not be used
interactively by an administrator.
IMPORTANT
Profile Synchronization account and Excel Services unattended service account only apply to SharePoint Server.
ACCOUNT REQUIREMENTS
SharePoint Server Search service account Must be a domain user account. Must not be a member of the
Farm Administrators group. The following are automatically
configured: Access to read from the configuration database,
administration content database, the search administration
database, crawl databases. Full Control access to the index
partitions on the query servers.
Default content access account Must be a domain user account. Must not be a member of the
Farm Administrators group. Read access to external or secure
content sources that you want to crawl by using this account.
For sites that are not a part of the server farm, this account
must explicitly be granted Full Read permissions on the web
applications that host the sites. The following are automatically
configured: Full Read permissions are automatically granted to
content databases hosted by the server farm.
Content access account Read access to external or secure content sources that this
account is configured to access. For web sites that are not a
part of the server farm, this account must explicitly be granted
Full Read permissions on the web applications that host the
sites.
Profile Synchronization account Read access to the directory service. The account must have
the Replicate Changes permission in Active Directory. Manage
User Profiles personalization services permission. View
permissions on entities used in Business Data Catalog import
connections.
ACCOUNT REQUIREMENTS
See also
Concepts
Configure automatic password change in SharePoint Server
Authentication overview for SharePoint Server
6/7/2019 • 7 minutes to read • Edit Online
NOTE
The information in the videos applies to SharePoint Server 2013 and SharePoint Server 2016.
SAML -based claims authentication in SharePoint Server 2013 and 2016 video
For more information, see Plan for user authentication methods in SharePoint Server.
NOTE
App Catalog apps can use either ACS or a self-signed certificate for their access tokens.
For more information, see Plan for app authentication in SharePoint 2013 Preview.
Introduction
User authentication is the validation of a user's identity against an authentication provider, which is a directory
or database that contains the user's credentials and can confirm the user submitted them correctly. An example
of an authentication provider is Active Directory Domain Services (AD DS ). Other terms for authentication
provider are user directory and attribute store.
An authentication method is a specific exchange of account credentials and other information that assert a user's
identity. The result of the authentication method is proof, typically in the form of a token that contains claims,
that an authentication provider has authenticated a user.
An authentication type is a specific way of validating credentials against one or more authentication providers,
sometimes using an industry standard protocol. An authentication type can use multiple authentication
methods.
After a user's identity is validated, the authorization process determines which sites, content, and other features
the user can access.
Your planning for user authentication types and methods should determine the following:
The user authentication types and methods for each web application and zone
The authentication infrastructure needed to support the determined authentication types and methods
NOTE
Windows classic mode authentication is no longer supported in SharePoint Server 2016.
Claims-based authentication
User identity in AD DS is based on a user account. For successful authentication, the user provides the account
name and proof of knowledge of the password. To determine access to resources, applications might have to
query AD DS for account attributes and other information, such as group membership or role on the network.
While this works well for Windows environments, it does not scale out to third-party authentication providers
and multi-vendor environments that support Internet, partner, or cloud-based computing models.
With claims-based identities, a user obtains a digitally signed security token from a commonly trusted identity
provider. The token contains a set of claims. Each claim represents a specific item of data about a user such as his
or her name, group memberships, and role on the network. Claims-based authentication is user authentication
that uses claims-based identity technologies and infrastructure. Applications that support claims-based
authentication obtain a security token from a user, rather than credentials, and use the information within the
claims to determine access to resources. No separate query to a directory service such as AD DS is needed.
Claims-based authentication in Windows is built on Windows Identity Foundation (WIF ), which is a set of .NET
Framework classes that is used to implement claims-based identity. Claims-based authentication relies on
standards such as WS -Federation, WS -Trust, and protocols such as the Security Assertion Markup Language
(SAML ).
For more information about claims-based authentication, see the following resources:
Claims-based Identity for Windows (white paper)
Windows Identity Foundation home page
Due to the widespread use of claim-based authentication for user authentication, server-to-server
authentication, and app authentication, we recommend claims-based authentication for all web applications and
zones of a SharePoint Server farm. For more information, see Plan for server-to-server authentication in
SharePoint Server. When you use claims-based authentication, all supported authentication methods are
available for your web applications and you can take advantage of new features and scenarios in SharePoint
Server that use server-to-server authentication and app authentication.
For claims-based authentication, SharePoint Server automatically changes all user accounts to claims identities.
This results in a security token (also known as a claims token) for each user. The claims token contains the claims
pertaining to the user. Windows accounts are converted into Windows claims. Forms-based membership users
are transformed into forms-based authentication claims. SharePoint Server can use claims that are included in
SAML -based tokens. Additionally, SharePoint developers and administrators can augment user tokens with
additional claims. For example, Windows user accounts and forms-based accounts can be augmented with
additional claims that are used by SharePoint Server.
You do not have to be a claims architect to use claims-based authentication in SharePoint Server. However,
implementing SAML token-based authentication requires coordination with administrators of your claims-
based environment, as described in Plan for SAML token-based authentication.
Classic mode authentication in SharePoint Server 2013
In SharePoint 2013, when you create a web application in Central Administration, you can only specify
authentication types and methods for claims-based authentication. In previous versions of SharePoint, you could
also configure classic mode authentication for web applications in Central Administration. Classic mode
authentication uses Windows authentication and SharePoint 2013 treats the user accounts as AD DS accounts.
To configure a web application to use classic mode authentication, you must use the New-SPWebApplication
PowerShell cmdlet to create it. SharePoint 2010 Products web applications that are configured for classic mode
authentication retain their authentication settings when you upgrade to SharePoint 2013. However, we
recommend that you migrate your web applications to claims-based authentication before upgrading to
SharePoint 2013.
A SharePoint 2013 farm can include a mix of web applications that use both modes. Some services do not
differentiate between user accounts that are traditional Windows accounts and Windows claims accounts.
For more information about migrating before upgrading, see Migrate from classic-mode to claims-based
authentication.
For more information about migrating after upgrading, see Migrate from classic-mode to claims-based
authentication in SharePoint Server.
For information about how to create web applications that use classic mode authentication in SharePoint 2013,
see Create web applications that use classic mode authentication in SharePoint Server. Note that you cannot
migrate a web application that uses claims-based authentication to use classic mode authentication.
IMPORTANT
Office Online can be used only by SharePoint 2013 web applications that use claims-based authentication. Office Online
rendering and editing will not work on SharePoint 2013 web applications that use classic mode authentication. If you
migrate SharePoint 2010 web applications that use classic mode authentication to SharePoint 2013, you must migrate
them to claims-based authentication to allow them to work with Office Online.
Although not a Windows authentication type, SharePoint Server also supports anonymous authentication.
Users can access SharePoint content without validating their credentials. Anonymous authentication is disabled
by default. You typically use anonymous authentication when you use SharePoint Server to publish content that
does not require security and is available for all users, such as a public Internet website.
Note that in addition to enabling anonymous authentication, you must also configure anonymous access
(permissions) on sites and site resources.
NOTE
Internet Information Services (IIS) websites that are created by SharePoint for serving web applications always have the
Anonymous Authentication and Forms Authentication methods enabled, even when the SharePoint setting for
Anonymous and Forms Authentication are disabled. This is intentional and disabling Anonymous or Forms Authentication
directly in the IIS settings will result in errors in the SharePoint site.
Forms-based authentication
Forms-based authentication is a claims-based identity management system that is based on ASP.NET
membership and role provider authentication. Forms-based authentication can be used against credentials that
are stored in an authentication provider, such as the following:
AD DS
A database such as a SQL Server database
An Lightweight Directory Access Protocol (LDAP ) data store such as Novell eDirectory, Novell Directory
Services (NDS ), or Sun ONE
Forms-based authentication validates users based on credentials that users type in a logon form (typically a web
page). Unauthenticated requests are redirected to a logon page, where a user must provide valid credentials and
submit the form. The system issues a cookie for authenticated requests that contains a key for reestablishing the
identity for subsequent requests.
Watch the forms-based claims authentication in SharePoint 2013 and SharePoint Server 2016 video
NOTE
With forms-based authentication, the user account credentials are sent as plaintext. Therefore, you should not use forms-
based authentication unless you are also using Secure Sockets Layer (SSL) to encrypt the website traffic.
The set of authentication providers for SAML token-based authentication depends on the IP -STS in your claims
environment. If you use AD FS 2.0, authentication providers (known as attribute stores for AD FS 2.0) can
include the following:
Windows Server 2003 Active Directory and AD DS in Windows Server 2008
All editions of SQL Server 2005 and SQL Server 2008
Custom attribute stores
For more information, see Plan for SAML token-based authentication.
Choosing authentication types for LDAP environments
Forms-based authentication or SAML token-based authentication can use LDAP environments. You should use
the authentication type that matches your current LDAP environment. If you do not already have an LDAP
environment, we recommend that you use forms-based authentication because it is less complex. However, if
your authentication environment already supports WS -Federation 1.1 and SAML 1.1, then we recommend
SAML. SharePoint Server has a built-in LDAP provider.
IMPORTANT
You no longer have to set network load balancing to single affinity when you are using claims-based authentication in
SharePoint Server.
NOTE
When a web application is configured to use SAML token-based authentication, the SPTrustedClaimProvider class does
not provide search functionality to the People Picker control. Any text entered in the People Picker control will
automatically be displayed as if it resolves, regardless of whether it is a valid user, group, or claim. If your SharePoint Server
solution uses SAML token-based authentication, plan to create a custom claims provider that implements custom search
and name resolution.
For detailed steps to configure SAML token-based authentication using AD FS, see Configure SAML -based
claims authentication with AD FS in SharePoint Server.
In the diagram, users from different directory stores use the same URL to access the partner web site. The
dashed box that surrounds partner companies shows the relationship between the user directory and the
authentication type that is configured in the default zone.
Planning to crawl content
The crawl component requires NTLM to access content. At least one zone must be configured to use NTLM
authentication. If NTLM authentication is not configured on the default zone, the crawl component can use a
different zone that is configured to use NTLM authentication.
Implement more than one zone
If you plan to implement more than one zone for web applications, use the following guidelines:
Use the default zone to implement your most secure authentication settings. If a request cannot be
associated with a specific zone, the authentication settings and other security policies of the default zone
are applied. The default zone is the zone that is created when you create a web application. Typically, the
most secure authentication settings are designed for end-user access. Consequently, end-users are likely
to access the default zone.
Use the minimum number of zones that are required to provide access to users. Each zone is associated
with a new IIS site and domain for accessing the web application. Only add new access points when they
are required.
Ensure that at least one zone is configured to use NTLM authentication for the crawl component. Do not
create a dedicated zone for the index component unless it is necessary.
The following diagram shows multiple zones that are implemented to accommodate different authentication
types for a partner collaboration site.
One zone per authentication type
In the diagram, the default zone is used for remote employees. Each zone has a different URL associated with it.
Employees use a different zone depending on whether they are working in the office or are working remotely.
Plan for server-to-server authentication in
SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
Introduction
Planning for server-to-server authentication consists of the following tasks:
Identify the set of trust relationships that you have to configure on a server that runs SharePoint Server.
Address User Profile application service considerations. For more information, see Server-to-server
authentication and user profiles in SharePoint Server.
IMPORTANT
The web applications that include server-to-server authentication endpoints (for incoming server-to-server requests) or
that make outgoing server-to-server requests to other servers must be configured to use Secure Sockets Layer (SSL).
NOTE
You only have to plan for server-to-server authentication on a server that runs SharePoint Server if you are configuring one
or more server-to-server scenarios that require its use.
See also
Concepts
Authentication overview for SharePoint Server
Server-to-server authentication and user profiles in SharePoint Server
Server-to-server authentication and user profiles in
SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
For SharePoint Server 2013 only, we recommend a periodic synchronization from identity stores to the User Profile service
application. For more information, see Plan profile synchronization for SharePoint Server 2013.
Furthermore, SharePoint Server expects only one matching entry in the User Profile service application for a
given lookup query that is based on these four attributes. Otherwise, it returns an error condition that multiple
user profiles were found. Therefore, you should delete obsolete user profiles in the User Profile service
application periodically to avoid multiple user profiles that share these four attributes.
If a user profile and the relevant group memberships for the user are not synchronized, SharePoint Server may
incorrectly deny access to a given resource. Therefore, make sure that group memberships are synchronized with
the User Profile service application. For Windows claims, the User Profile service application imports the four key
user attributes previously described and group memberships.
For forms-based and Security Assertion Markup Language (SAML )-based claims authentication, you must do
one of the following:
Create a synchronization connection to a data source that the User Profile service application supports and
associate the connection with a specific forms-based or SAML authentication provider. Additionally, you
have to map attributes from the user store to the four user attributes previously described, or as many of
them as you can obtain from the data source.
Create and deploy a custom component to perform the synchronization manually. This is the most likely
option for users who do not use Windows. Note that the forms-based or SAML authentication provider is
invoked when the user's identity is rehydrated to get their role claims.
See also
Concepts
Plan for server-to-server authentication in SharePoint Server
Authentication overview for SharePoint Server
Plan for Kerberos authentication in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
IMPORTANT
To deploy Kerberos authentication with any of the following service applications, SharePoint Server and all external data
sources must reside in the same Windows domain: > Excel Services > PerformancePoint Services > InfoPath Forms Services >
Visio Services > These service applications are not available in SharePoint Foundation 2013. Excel Services is not available in
SharePoint Server 2016.
To deploy Kerberos authentication with any of the following service applications or products, SharePoint Server
can use either basic Kerberos delegation or Kerberos constrained delegation:
Business Data Connectivity service (this service application is not available in SharePoint Foundation 2013)
Access Services (this service application is not available in SharePoint Foundation 2013)
SQL Server Reporting Services (SSRS ) (a separate product)
Project Server 2016 (a separate product)
Services that are enabled for Kerberos authentication can delegate identity multiple times. As an identity travels
from service to service, the delegation method can change from basic Kerberos to Kerberos constrained. However,
the reverse is not possible. The delegation method cannot change from Kerberos constrained to basic Kerberos.
Therefore, it is important to anticipate and plan for whether a back-end service will require basic Kerberos
delegation. This can affect the planning and design of domain boundaries.
A Kerberos-enabled service can use protocol transition to convert a non-Kerberos identity to a Kerberos identity
that can be delegated to other Kerberos enabled services. This capability can be used, for example, to delegate a
non-Kerberos identity from a front-end service to a Kerberos identity on a back-end service.
IMPORTANT
Protocol transition requires Kerberos constrained delegation. Therefore, protocol transitioned identities cannot cross domain
boundaries.
IMPORTANT
The following service applications in SharePoint Server require the translation of claims-based credentials to Windows
credentials. This process of translation uses the Claims to Windows Token Service (C2WTS): > Excel Services>
PerformancePoint Services> InfoPath Forms Services> Visio Services> > These service applications are not available
in SharePoint Foundation 2013. Excel Services is not available in SharePoint Server 2016.
The service applications that require the C2WTS must use Kerberos constrained delegation because C2WTS
requires protocol transition, which is only supported by Kerberos constrained delegation. For the service
applications in the previous list, the C2WTS translates claims within the farm to Windows credentials for outgoing
authentication. It is important to understand that these service applications can use the C2WTS only if the
incoming authentication method is either Windows claims or Windows classic mode. Service applications that are
accessed through web applications and that use Security Assertion Markup Language (SAML ) claims or forms-
based authentication claims do not use the C2WTS. Therefore, they cannot translate claims to Windows
credentials.
See also
Concepts
Plan for user authentication methods in SharePoint Server
Plan for app authentication in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
Introduction
Planning for app authentication consists of the following tasks:
Identify the set of trust relationships that you have to configure on a farm that runs SharePoint Server that
correspond to the external apps that will be making requests for SharePoint resources.
Provide incoming access from external applications that the Internet hosts.
IMPORTANT
The web applications that include app authentication endpoints (for incoming requests by apps for SharePoint) must be
configured to use Secure Sockets Layer (SSL). You can configure OAuth in SharePoint Server so that it does not require SSL.
However, we recommend this only for evaluation, for ease of configuration or to create an app development environment.
NOTE
You only have to plan for app authentication on a SharePoint farm if you are using one or more external apps for SharePoint
that require its resources.
Security Assertion Markup Language Yes, if the identity provider supports Yes
(SAML) authentication wildcard return uniform resource
locator (URL) registration and honors
the wreply parameter. .
To configure SharePoint Server to use
the wreply parameter, use the
following commands at a Microsoft
PowerShell command prompt:
$p = Get-
SPTrustedIdentityTokenIssuer$p.UseWReplyParameter
= $true$p.Update()
> [!NOTE]> Active Directory Federation
Services (AD FS) 2.0 version does not
support wildcard for return URL
registration.
For more information about user authentication methods in SharePoint Server, see Plan for user authentication
methods in SharePoint Server.
See also
Concepts
Authentication overview for SharePoint Server
Create claims-based web applications in SharePoint
Server
8/13/2019 • 10 minutes to read • Edit Online
IMPORTANT
Secure Sockets Layer (SSL) is a requirement for web applications that are deployed in scenarios that support server-to-server
authentication and app authentication.
You can create a web application by using the SharePoint Central Administration website or PowerShell. You
typically use PowerShell to create a web application. If you want to automate the task of creating a web application,
which is common in enterprises, use PowerShell. After you complete the procedure, you can create one or several
site collections.
NOTE
The default port number for HTTP access is 80, and the default port number for HTTPS access is 443.
Optional: In the IIS Web Site section, in the Host Header box, type the host name (for example,
www.contoso.com) that you want to use to access the web application.
NOTE
You do not need to populate this field unless you want to configure two or more IIS web sites that share the same
port number on the same server, and DNS has been configured to route requests to the same server.
In the Path box, type the path to the IIS web site home directory on the server. If you are creating a new
web site, this field contains a suggested path. If you are using an existing web site, this field contains the
current path of that web site.
7. In the Security Configuration section, choose whether or not to Allow Anonymous access and whether
or not to Use Secure Sockets Layer (SSL ).
IMPORTANT
Secure Sockets Layer (SSL) is a requirement for web applications that are deployed in scenarios that support server-
to-server authentication and app authentication. In general, we strongly recommend using SSL for web applications.
In the Security Configuration section, click Yes or No for the Allow Anonymous options. If you choose
to Yes, visitors can use the computer-specific anonymous access account (that is, IIS_IUSRS ) to access the
web site.
NOTE
If you want users to be able to access any site content anonymously, you must enable anonymous access for the
entire web application zone before you enable anonymous access at the SharePoint Server site level. Later, site
owners can configure anonymous access for their sites. If you do not enable anonymous access at the web
application level, site owners cannot enable anonymous access at the site level.
In the Security Configuration section, click Yes or No for the Use Secure Sockets Layer (SSL ) options.
If you choose Yes, you must request and install an SSL certificate to configure SSL.
8. In the Claims Authentication Types section, select the authentication method that you want to use for the
web application.
To enable Windows authentication, select Enable Windows Authentication and, in the drop-down menu,
select NTLM or Negotiate (Kerberos). We recommend using Negotiate (Kerberos).
If you do not want to use Integrated Windows authentication, clear Integrated Windows authentication.
NOTE
If you do not select Windows Authentication for at least one zone of this web application, crawling for this web
application will be disabled.
If you want users' credentials to be sent over a network in a nonencrypted form, select Basic
authentication (credentials are sent in clear text).
NOTE
You can select basic authentication or integrated Windows authentication, or both. If you select both, SharePoint
Server offers both authentication types to the client web browser. The client web browser then determines which type
of authentication to use. If you only select Basic authentication, ensure that SSL is enabled. Otherwise, a malicious
user can intercept credentials.
To enable forms-based authentication, select Enable Forms Based Authentication (FBA ), and then enter
the ASP.NET Membership provider name and the ASP.NET Role manager name.
NOTE
If you select this option, ensure that SSL is enabled. Otherwise, a malicious user can intercept credentials.
If you have set up Trusted Identity Provider authentication by using PowerShell, the Trusted Identity
provider check box is selected.
9. In the Sign In Page URL section, choose one of the following options to sign into SharePoint Server:
Select Default Sign In Page URL to redirect users to a default sign-in web site for claims-based
authentication.
Select Custom Sign In page URL and then type the sign-in URL to redirect users to a customized sign-in
web site for claims-based authentication.
10. In the Public URL section, type the URL for the domain name for all sites that users will access in this web
application. This URL will be used as the base URL in links that are shown on pages within the web
application. The default URL is the current server name and port, and it is automatically updated to reflect
the current SSL, host header, and port number settings on the page. If you deploy SharePoint Server behind
a load balancer or proxy server, then this URL may need to be different than the SSL, host header, and port
settings on this page.
The Zone value is automatically set to Default for a new web application. You can change the zone when
you extend a web application.
11. In the Application Pool section, do one of the following:
Click Use existing application pool, and then select the application pool that you want to use from the
drop-down menu.
Click Create a new application pool, and then type the name of the new application pool, or keep the
default name.
Click Predefined to use a predefined security account for this application pool, and then select the security
account from the drop-down menu.
Click Configurable to specify a new security account to be used for an existing application pool.
NOTE
To create a new account, click the Register new managed account link.
12. In the Database Name and Authentication section, choose the database server, database name, and
authentication method for your new web application, as described in the following table.
ITEM ACTION
Database Server Type the name of the database server and SQL Server
instance you want to use in the format < SERVERNAME\
instance>. You can also use the default entry.
Database Name Type the name of the database, or use the default entry.
Database Authentication Select the database authentication to use by doing one of the
following:
To use Windows authentication, leave this option selected. We
recommend this option because Windows authentication
automatically encrypts the password when it connects to SQL
Server.
To use SQL authentication, click SQL authentication. In the
Account box, type the name of the account that you want the
web application to use to authenticate to the SQL Server
database, and then type the password in the Password box.
> [!NOTE]> SQL authentication sends the SQL authentication
password to SQL Server in an unencrypted format. We
recommend that you only use SQL authentication if you force
protocol encryption to SQL Server to encrypt your network
traffic by using IPsec.
13. If you use database mirroring, in the Failover Server section, in the Failover Database Server box, type
the name of a specific failover database server that you want to associate with a content database
14. In the Service Application Connections section, select the service application connections that will be
available to the web application. In the drop-down menu, click default or [custom ]. You use the [custom ]
option to choose the service application connections that you want to use for the web application.
15. In the Customer Experience Improvement Program section, click Yes or No.
16. Click OK to create the new web application.
2. To create a claims-based authentication provider, from the PowerShell command prompt, type the following:
$ap = New-SPAuthenticationProvider
3. To create a claims-based web application, from the PowerShell command prompt, type the following:
Where:
<Name> is the name of the new web application that uses claims-based authentication.
<ApplicationPool> is the name of the application pool.
<ApplicationPoolAccount> is the user account that this application pool will run as.
<URL> is the public URL for this web application.
<Port> is the port on which the web application will be created in IIS.
> [!NOTE]
> For more information, see [New-SPWebApplication](/powershell/module/sharepoint-server/New-SPWebApplication?
view=sharepoint-ps).
The following example creates an https claims-based web application, using the current user credentials and
the current machine name:
$ap = New-SPAuthenticationProvider
New-SPWebApplication -Name "Contoso Internet Site" -URL "https://www.contoso.com" -Port 80
-ApplicationPool "ContosoAppPool"
-ApplicationPoolAccount (Get-SPManagedAccount "DOMAIN\jdoe")
-AuthenticationProvider $ap -SecureSocketsLayer
> [!NOTE]
> After you have created the web site, you must configure SSL in IIS for this newly created web site.
Where:
<Name> is the name of the new web application that uses classic-mode authentication.
<ApplicationPool> is the name of the application pool.
<WindowsAuthType> is either "NTLM" or "Kerberos". Kerberos is recommended.
<ApplicationPoolAccount> is the user account that this application pool will run as.
<Port> is the port on which the web application will be created in IIS.
<URL> is the public URL for the web application.
> [!NOTE]
> For more information, see [New-SPWebApplication](/powershell/module/sharepoint-server/New-SPWebApplication?
view=sharepoint-ps).
> [!NOTE]
> After you successfully create the web application, when you open the Central Administration page, you see a
health rule warning that indicates that one or more web applications is enabled with classic authentication
mode. This is a reflection of our recommendation to use claims-based authentication instead of classic mode
authentication.
See also
Concepts
Create a Web application that uses classic mode authentication in SharePoint 2013
Create web applications that use classic mode
authentication in SharePoint Server
8/13/2019 • 3 minutes to read • Edit Online
IMPORTANT
Office Online can be used only by SharePoint Server web applications that use claims-based authentication. Office Online
rendering and editing will not work on SharePoint Server web applications that use classic mode authentication. If you
migrate SharePoint 2010 web applications that use classic mode authentication to SharePoint Server 2016, you must migrate
them to claims-based authentication to allow them to work with Office Online. For more information, see Use Office Web
Apps with SharePoint 2013.
To use Windows claims-based authentication instead (recommended), see Create a web application that uses
Windows-claims authentication. To convert a web application that uses classic mode to use claims-based
authentication, see Migrate from classic-mode to claims-based authentication in SharePoint Server.
IMPORTANT
The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions.
For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<Name> is the name of the new web application.
<ApplicationPool> is the name of the application pool.
< WindowsAuthType > is either "NTLM" or "Kerberos". Kerberos is recommended.
<ApplicationPoolAccount> is the user account that this application pool will run as.
<Port> is the port on which the web application will be created in IIS.
<URL> is the public URL for the web application.
Example
# The local file path, which points to the certificate used to sign token requests (exported from the AD FS
server) $certFilePath = $ScriptDir + "\Certificates\" # Build the certificates. $adfsCertPath = $certFilePath +
$adfsCertName + ".cer" $MACertName = $certFilePath + $MACertName + ".cer" $MIACertPath = $certFilePath +
$MIACertName + ".cer" $RootCertPath = $certFilePath + $BCTRCertName + ".cer"
# Import certificates to the SharePoint Trusted Root Authority. # $adfsCert = $null if($adfsCert -eq $null) {
Write-Host "installing " $adfsCert $adfsCert = New-Object
System.Security.Cryptography.X509Certificates.X509Certificate2($adfsCertPath)
# Install the certificate that was exported from the ADFS server. New-SPTrustedRootAuthority -Name
$adfsCertName -Certificate $adfsCert New-SPTrustedRootAuthority -Name $MACertName -Certificate $MACertName New-
SPTrustedRootAuthority -Name $MIACertName -Certificate $MIACertPath New-SPTrustedRootAuthority -Name
$BCTRCertName -Certificate $RootCertPath }
Note: You can use a different file name, but you must save the file as an ANSI-encoded text file that has the
extension .ps1.
4. On the Start menu, click All Programs > Microsoft SharePoint Products > SharePoint Management
Shell.
5. Change the command prompt to the directory to which you saved the file.
6. At the Windows PowerShell command prompt, type the following command: ./Add-ADFSCerts.ps1.
3. Copy the following code, and paste it into Audiences.ps1 underneath the variable declarations from Step 2.
This script configures SharePoint Server with ADFS certificates and claim type maps and creates a Trusted Identity
Token Issuer that enables SAML claims support in SharePoint web applications.
$adfsCert = $null if($adfsCert -eq $null) { Write-Host "installing " $adfsCert $adfsCert = New-Object
System.Security.Cryptography.X509Certificates.X509Certificate2($adfsCertPath)
# Install the certificate that was exported from the ADFS server.
Note: You can use a different file name, but you must save the file as an ANSI-encoded text file that has the
extension .ps1.
4. On the Start menu, click All Programs > Microsoft SharePoint Products > SharePoint Management
Shell.
5. Change the command prompt to the directory to which you saved the file.
6. At the Windows PowerShell command prompt, type the following command, .Add-ADFSCerts.ps1.
Create the trusted provider by using a Windows PowerShell script
1. Check that you meet the following minimum requirements:
See Add-SPShellAdmin.
Read about_Execution_Policies.
2. Copy the following variable declarations, and paste them into a text editor, such as Notepad. Set input values
specific to your organization. You will use these values in Step 3. Save the file, and name it
TrustedProviderConfiguration-Regular.ps1.
Settings you need to change for your organization before the script is run.
ADFS and root certificate names
$adfsCertName = "< Input ADFS Certificate Name >"
$MACertName = "< Input Machine Authority >"
$MIACertName = "< Input Certificate Authority >"
$RootCertName = "< Input Root name >"
This script configures SharePoint 2013 with ADFS certificates and claim type maps and creates a Trusted Identity
Token Issuer that enables SAML claims support in SharePoint web applications. These providers use the UPN or
EMail claim rule for the identity claim.
**The production ADFS redirect URL**
$signInUrl = https://sts.msft.net/adfs/ls/"
**The claim type schema used as the user identity, which uses the email address as the UPN**
$IdClaimType = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
$adfsCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($adfsCertPath)
**The local file path, which points to the certificate used to sign token requests (exported from the AD FS
server)**
**Remove TrustedIdentityTokenIssuer (usually, to modify the ADFS property maps) if it already exists?**
Read-Host "Identity Token Issuer already exists. Remove and reinstall it? Press CTRL+C to cancel."
Remove-SPTrustedIdentityTokenIssuer -Identity $tokenIdentityProviderName } }
Note: You can use a different file name, but you must save the file as an ANSI-encoded text file that has the
extension .ps1.
4. On the Start menu, click All Programs > Microsoft SharePoint Products > SharePoint Management
Shell.
5. Change the command prompt to the directory to which you saved the file.
6. At the Windows PowerShell command prompt, type the following command, ./TrustedProviderConfiguration-
Regular.ps1.
Enable tracing for SharePoint Server claims
To enable tracing for SharePoint 2013, you can use the following ways:
Enable tracing in Windows Identity Foundation (WIF ). For information about how to enable tracing, see WIF
Tracing.
Configure diagnostic logging in SharePoint Server.
For information about how to configure diagnostic logging, see Configure diagnostic logging in SharePoint Server.
Identity migration
To run the identity migration, follow these steps:
NOTE: These steps apply only to existing web applications.
Generate a skip list- A skip list is comma-separated values file (.csv file) that has records to exclude during the
identity migration. For example, it is necessary to exclude certain service applications or certain domain
accounts
Run the migration against the web application that has one or more content databases.
$skipFile = "FileName.csv"
$wa = Get-SPWebApplication -Identity "Name of web application"
$tp = Get-SPTrustedIdentityTokenIssuer "RegularUsers"
Convert-SPWebApplication -Identity $wa -From CLAIMS-WINDOWS -To CLAIMS-TRUSTED-DEFAULT -TrustedProvider $tp -
SourceSkipList $skipFile
To migrate specific web applications and content databases by using Windows PowerShell.
1. Check that you have the following memberships:
The securityadmin fixed server role on the SQL Server instance.
The db_owner fixed database role on all databases that are to be updated.
The Administrators group on the server on which you are running Windows PowerShell cmdlets.
Read about_Execution_Policies.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint cmdlets.
NOTE: If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about Windows PowerShell permissions, see Permissions and Add-
SPShellAdmin.
2. To migrate specific web applications and content databases, type the following at the Windows PowerShell
command prompt.
$skipFile = "FileName.csv"
$wa = Get-SPWebApplication -Identity "Name of web application"
$database = Get-SPContentDatabase -Identity "DB_Name"
Convert-SPWebApplication -Identity $wa -Database $database -From CLAIMS-WINDOWS -To CLAIMS-TRUSTED-DEFAULT -
SourceSkipList $skipFile
If you want to reverse the migration process, type the following at the Windows PowerShell command prompt.
$skipFile = "FileName.csv"
$wa = Get-SPWebApplication -Identity "Name of web application"
Convert-SPWebApplication -Identity $wa -From CLAIMS-TRUSTED-DEFAULT -To CLAIMS-WINDOWS -SourceSkipList
$skipFile -Database $database
IMPORTANT
We recommend completely disabling the SSL 3.0 protocol due to its security vulnerability. > For additional information on
how to completely disable SSL 3.0, see the "Disabled SSL 3.0 in Windows For Server Software" and "Disabled SSL 3.0 in
Windows For Client Software" sections in Microsoft Security Advisory 3009008
NOTE
At least one of the following TLS protocols must remain enabled: TLS 1.0, TLS 1.1, or TLS 1.2.
Enable TLS and SSL support in SharePoint 2013
6/7/2019 • 32 minutes to read • Edit Online
IMPORTANT
If you do not update each of these locations, you run the risk of systems failing to connect to each other using TLS 1.1 or
TLS 1.2. The systems will instead fall back to an older security protocol; and if the older security protocols are disabled, the
systems may fail to connect entirely. > Example: SharePoint servers may fail to connect to SQL Server databases, or client
computers may fail to connect to your SharePoint sites.
For example, you can enable TLS 1.0, TLS 1.1, and TLS 1.2 by default by adding the values 0x00000080,
0x00000200, and 0x00000800 together to form the value 0x00000A80.
To install the WinHTTP KB update, follow the instructions from the KB article Update to enable TLS 1.1 and TLS
1.2 as a default secure protocols in WinHTTP in Windows
To enable TLS 1.0, TLS 1.1, and TLS 1.2 by default in WinHTTP
1. From Notepad.exe, create a text file named winhttp-tls10-tls12-enable.reg.
2. Copy, and then paste the following text.
1.3 - Enable TLS 1.1 and TLS 1.2 support in Internet Explorer
Internet Explorer versions earlier than Internet Explorer 11 did not enable TLS 1.1 or TLS 1.2 support by default.
Support for TLS 1.1 and TLS 1.2 is enabled by default starting with Internet Explorer 11.
To enable TLS 1.1 and TLS 1.2 support in Internet Explorer
1. From Internet Explorer, click Tools > Internet Options > Advanced or click > Internet Options >
Advanced.
2. In the Security section, verify that the following check boxes are selected, if not click the following check
boxes:
Use TLS 1.1
Use TLS 1.2
3. Optionally, if you want to disable support for earlier security protocol versions, uncheck the following check
boxes:
Use SSL 2.0
Use SSL 3.0
Use TLS 1.0
NOTE
Disabling TLS 1.0 may cause compatibility issues with sites that don't support newer security protocol versions.
Customers should test this change before performing it in production.
4. Click OK.
1.4 - Install SQL Server 2008 R2 Native Client update for TLS 1.2
support
The SQL Server 2008 R2 Native Client doesn't support TLS 1.1 or TLS 1.2 by default. You must install the SQL
Server 2008 R2 Native Client update for TLS 1.2 support.
To install the SQL Server 2008 R2 Native Client update, see SQL 2008 and 2008 R2 TLS 1.2 SQL Native Client
updates not available in Windows Catalog.
1.7 - Install .NET Framework 3.5 update for TLS 1.1 and TLS 1.2
support
.NET Framework 3.5 doesn't support TLS 1.1 or TLS 1.2 by default. To add support for TLS 1.1 and TLS 1.2, you
must install a KB update, and then manually configure Windows Registry keys.
SharePoint 2013 is built on .NET Framework 4.x and doesn't use .NET Framework 3.5. However, certain
prerequisite components and third party software that integrates with SharePoint 2013 may use .NET Framework
3.5. Microsoft recommends installing and configuring this update to improve compatibility with TLS 1.2.
The SystemDefaultTlsVersions registry value defines which security protocol version defaults will be used by
.NET Framework 3.5. If the value is set to 0, .NET Framework 3.5 will default to SSL 3.0 or TLS 1.0. If the value is
set to 1, .NET Framework 3.5 will inherit its defaults from the Windows Schannel DisabledByDefault registry
values. If the value is undefined, it will behave as if the value is set to 0.
** For Windows Server 2008 R2 **
1. To install the .NET Framework 3.5.1 update for Windows Server 2008 R2, see the KB article Support for
TLS System Default Versions included in the .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008
R2 SP1
2. After the KB update is installed, manually configure the registry keys.
For Windows Server 2012
1. To install the .NET Framework 3.5 update for Windows Server 2012, see the KB article Support for TLS
System Default Versions included in the .NET Framework 3.5 on Windows Server 2012
2. After the KB update is installed, manually configure the registry keys.
For Windows Server 2012 R2
1. To install the .NET Framework 3.5 SP1 update for Windows Server 2012 R2, see the KB article Support for
TLS System Default Versions included in the .NET Framework 3.5 on Windows 8.1 and Windows Server
2012 R2
2. After the KB update is installed, manually configure the registry keys.
To manually configure the registry keys, do the following:
1. From Notepad.exe, create a text file named net35-tls12-enable.reg.
2. Copy, and then paste the following text.
IMPORTANT
Microsoft recommends disabling SSL 2.0 and SSL 3.0 due to serious security vulnerabilities in those protocol versions. >
Customers may also choose to disable TLS 1.0 and TLS 1.1 to ensure that only the newest protocol version is used. However,
this may cause compatibility issues with software that doesn't support the newest TLS protocol version. Customers should
test such a change before performing it in production.
The Enabled registry value defines whether the protocol version can be used. If the value is set to 0, the protocol
version cannot be used, even if it is enabled by default or if the application explicitly requests that protocol version.
If the value is set to 1, the protocol version can be used if enabled by default or if the application explicitly requests
that protocol version. If the value is not defined, it will use a default value determined by the operating system.
The DisabledByDefault registry value defines whether the protocol version is used by default. This setting only
applies when the application doesn't explicitly request the protocol versions to be used. If the value is set to 0, the
protocol version will be used by default. If the value is set to 1, the protocol version will not be used by default. If
the value is not defined, it will use a default value determined by the operating system.
To disable SSL 2.0 support in Windows Schannel
1. From Notepad.exe, create a text file named ssl20-disable.reg.
2. Copy, and then paste the following text.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
STEPS FOR YOUR SQL SERVERS WINDOWS SERVER 2008 R2 WINDOWS SERVER 2012 WINDOWS SERVER 2012 R2
2.2 - Enable TLS 1.1 and TLS 1.2 support in Microsoft SQL Server
SQL Server versions earlier than SQL Server 2016 don't support TLS 1.1 or TLS 1.2 by default. To add support for
TLS 1.1 and TLS 1.2, you must install updates for SQL Server.
To enable TLS 1.1 and TLS 1.2 support in SQL Server, follow the instructions from the KB article TLS 1.2 support
for Microsoft SQL Server
IMPORTANT
Microsoft recommends disabling SSL 2.0 and SSL 3.0 due to serious security vulnerabilities in those protocol versions. >
Customers may also choose to disable TLS 1.0 and TLS 1.1 to ensure that only the newest protocol version is used. However,
this may cause compatibility issues with software that doesn't support the newest TLS protocol version. Customers should
test such a change before performing it in production.
The Enabled registry value defines whether the protocol version can be used. If the value is set to 0, the protocol
version cannot be used, even if it is enabled by default or if the application explicitly requests that protocol version.
If the value is set to 1, the protocol version can be used if enabled by default or if the application explicitly requests
that protocol version. If the value is not defined, it will use a default value determined by the operating system.
The DisabledByDefault registry value defines whether the protocol version is used by default. This setting only
applies when the application doesn't explicitly request the protocol versions to be used. If the value is set to 0, the
protocol version will be used by default. If the value is set to 1, the protocol version will not be used by default. If
the value is not defined, it will use a default value determined by the operating system.
To disable SSL 2.0 support in Windows Schannel
1. From Notepad.exe, create a text file named ssl20-disable.reg.
2. Copy, and then paste the following text.
For example, you can enable TLS 1.0, TLS 1.1, and TLS 1.2 by default by adding the values 0x00000080,
0x00000200, and 0x00000800 together to form the value 0x00000A80.
To install the WinHTTP KB update, follow the instructions from the KB article Update to enable TLS 1.1 and TLS
1.2 as a default secure protocols in WinHTTP in Windows
To enable TLS 1.0, TLS 1.1, and TLS 1.2 by default in WinHTTP
1. From Notepad.exe, create a text file named winhttp-tls10-tls12-enable.reg.
2. Copy, and then paste the following text.
For 64-bit operating system
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000A80
3.3 - Enable TLS 1.1 and TLS 1.2 support in Internet Explorer
Internet Explorer versions earlier than Internet Explorer 11 did not enable TLS 1.1 or TLS 1.2 support by default.
Support for TLS 1.1 and TLS 1.2 is enabled by default starting with Internet Explorer 11.
To enable TLS 1.1 and TLS 1.2 support in Internet Explorer
1. From Internet Explorer, click Tools > Internet Options > Advanced or click > Internet Options >
Advanced.
2. In the Security section, verify that the following check boxes are selected. If not, click the following check
boxes:
Use TLS 1.1
Use TLS 1.2
3. Optionally, if you want to disable support for earlier security protocol versions, uncheck the following check
boxes:
Use SSL 2.0
Use SSL 3.0
Use TLS 1.0
NOTE
Disabling TLS 1.0 may cause compatibility issues with sites that don't support newer security protocol versions.
Customers should test this change before performing it in production.
4. Click OK.
3.5 - Install .NET Framework 3.5 update for TLS 1.1 and TLS 1.2
support
.NET Framework 3.5 doesn't support TLS 1.1 or TLS 1.2 by default. To add support for TLS 1.1 and TLS 1.2, you
must install a KB update, and then manually configure Windows Registry keys for each of the operating systems
listed in this section.
The SystemDefaultTlsVersions registry value defines which security protocol version defaults will be used by
.NET Framework 3.5. If the value is set to 0, .NET Framework 3.5 will default to SSL 3.0 or TLS 1.0. If the value is
set to 1, .NET Framework 3.5 will inherit its defaults from the Windows Schannel DisabledByDefault registry
values. If the value is undefined, it will behave as if the value is set to 0.
To enable .NET Framework 3.5 to inherit its encryption protocol defaults from Windows
Windows 7 and Windows Server 2008 R2
1. To install the .NET Framework 3.5.1 update for Windows 7 and Windows Server 2008 R2, see the KB article
Support for TLS System Default Versions included in the .NET Framework 3.5.1 on Windows 7 SP1 and
Server 2008 R2 SP1 .
2. After the KB update is installed, manually configure the registry keys.
For Windows Server 2012
1. To install the .NET Framework 3.5 update for Windows Server 2012, see the KB article Support for TLS
System Default Versions included in the .NET Framework 3.5 on Windows Server 2012
2. After the KB update is installed, manually configure the registry keys.
Windows 8.1 and Windows Server 2012 R2
1. To install the .NET Framework 3.5 SP1 update for Windows 8.1 and Windows Server 2012 R2, see the KB
article Support for TLS System Default Versions included in the .NET Framework 3.5 on Windows 8.1 and
Windows Server 2012 R2
2. After the KB update is installed, manually configure the registry keys.
Windows 10 (Version 1507)
This functionality is not available in Windows 10 Version 1507. You must upgrade to Windows 10 Version
1511, and then install the Cumulative Update for Windows 10 Version 1511 and Windows Server 2016
Technical Preview 4: May 10, 2016, or upgrade to Windows 10 Version 1607 or higher.
Windows 10 (Version 1511)
1. To install the Cumulative Update for Windows 10 Version 1511 and Windows Server 2016 Technical
Preview 4: May 10, 2016, see Cumulative Update for Windows 10 Version 1511 and Windows Server 2016
Technical Preview 4: May 10, 2016.
2. After the KB update is installed, manually configure the registry keys.
Windows 10 (Version 1607) and Windows Server 2016
No update needs to be installed. Configure the Windows Registry keys as described below.
To manually configure the registry keys, do the following:
1. From Notepad.exe, create a text file named net35-tls12-enable.reg.
2. Copy, and then paste the following text.
For 64-bit operating system
The Enabled registry value defines whether the protocol version can be used. If the value is set to 0, the protocol
version cannot be used, even if it is enabled by default or if the application explicitly requests that protocol version.
If the value is set to 1, the protocol version can be used if enabled by default or if the application explicitly requests
that protocol version. If the value is not defined, it will use a default value determined by the operating system.
The DisabledByDefault registry value defines whether the protocol version is used by default. This setting only
applies when the application doesn't explicitly request the protocol versions to be used. If the value is set to 0, the
protocol version will be used by default. If the value is set to 1, the protocol version will not be used by default. If
the value is not defined, it will use a default value determined by the operating system.
To disable SSL 2.0 support in Windows Schannel
1. From Notepad.exe, create a text file named ssl20-disable.reg.
2. Copy, and then paste the following text.
IMPORTANT
If you do not update each of these locations, you run the risk of systems failing to connect to each other using TLS 1.1 or
TLS 1.2. The systems will instead fall back to an older security protocol; and if the older security protocols are disabled, the
systems may fail to connect entirely. > Example: SharePoint servers may fail to connect to SQL Server databases, or client
computers may fail to connect to your SharePoint sites.
STEPS FOR SHAREPOINT SERVER WINDOWS SERVER 2012 R2 WINDOWS SERVER 2016
1.1 - Install ODBC Driver 11 for SQL Server update for TLS 1.2 support
ODBC Driver 11 for SQL Server doesn't support TLS 1.1 or TLS 1.2 by default. You must install the ODBC Driver
11 for SQL Server update for TLS 1.2 support.
To install ODBC Driver 11 for SQL Server update for TLS 1.2 support, see Microsoft® ODBC Driver 11 for
SQL Server® - Windows.
1.2 - Install SQL Server 2012 Native Client update for TLS 1.2 support
SQL Server 2012 Native Client doesn't support TLS 1.1 or TLS 1.2 by default. You must install the SQL Server
2012 Native Client update for TLS 1.2 support.
To install the SQL Server 2012 Native Client update, see Microsoft® SQL Server® 2012 Native Client - QFE.
1.3 - Install .NET Framework 3.5 update for TLS 1.1 and TLS 1.2 support
.NET Framework 3.5 doesn't support TLS 1.1 or TLS 1.2 by default.
IMPORTANT
To add support for TLS 1.1 and TLS 1.2 in Windows Server 2012 R2, you must install a KB update, and then manually
configure Windows Registry keys. > For Windows Server 2016, you only configure the registry keys.
SharePoint Server 2016 is built on .NET Framework 4.x and doesn't use .NET Framework 3.5. However, certain
prerequisite components and third party software that integrates with SharePoint Server 2016 may use .NET
Framework 3.5. Microsoft recommends installing and configuring this update to improve compatibility with TLS
1.2.
The SystemDefaultTlsVersions registry value defines which security protocol version defaults will be used by
.NET Framework 3.5. If the value is set to 0, .NET Framework 3.5 will default SSL 3.0 or TLS 1.0. If the value is set
to 1, .NET Framework 3.5 will inherit its defaults from the Windows Schannel DisabledByDefault registry
values. If the value is undefined, it will behave as if the value is set to 0.
To enable .NET Framework 3.5 to inherit its security protocol defaults from Windows Schannel
For Windows Server 2012 R2
1. To install the .NET Framework 3.5 SP1 update for Windows Server 2012 R2, see the KB article Support for
TLS System Default Versions included in the .NET Framework 3.5 on Windows 8.1 and Windows Server
2012 R2.
2. After the KB update is installed, manually configure the registry keys.
For Windows Server 2016
For Windows Server 2016, manually configure the registry keys.
To manually configure the registry keys, do the following:
1. From Notepad.exe, create a text file named net35-tls12-enable.reg.
2. Copy, and then paste the following text.
IMPORTANT
Microsoft recommends disabling SSL 2.0 and SSL 3.0 due to serious security vulnerabilities in those protocol versions. >
Customers may also choose to disable TLS 1.0 and TLS 1.1 to ensure that only the newest protocol version is used. However,
this may cause compatibility issues with software that doesn't support the newest TLS protocol version. Customers should
test such a change before performing it in production.
The Enabled registry value defines whether the protocol version can be used. If the value is set to 0, the protocol
version cannot be used, even if it is enabled by default or if the application explicitly requests that protocol version.
If the value is set to 1, the protocol version can be used if enabled by default or if the application explicitly requests
that protocol version. If the value is not defined, it will use a default value determined by the operating system.
The DisabledByDefault registry value defines whether the protocol version is used by default. This setting only
applies when the application doesn't explicitly request the protocol versions to be used. If the value is set to 0, the
protocol version will be used by default. If the value is set to 1, the protocol version will not be used by default. If
the value is not defined, it will use a default value determined by the operating system.
To disable SSL 2.0 support in Windows Schannel
1. From Notepad.exe, create a text file named ssl20-disable.reg.
2. Copy, and then paste the following text.
STEPS FOR YOUR SQL SERVERS WINDOWS SERVER 2012 R2 WINDOWS SERVER 2016
2.1 - Enable TLS 1.1 and TLS 1.2 support in Microsoft SQL Server
SQL Server versions earlier than SQL Server 2016 don't support TLS 1.1 or TLS 1.2 by default. To add support for
TLS 1.1 and TLS 1.2, you must install updates for SQL Server.
To enable TLS 1.1 and TLS 1.2 support in SQL Server, follow the instructions from the KB article TLS 1.2
support for Microsoft SQL Server
2.2 - Disable earlier versions of SSL and TLS in Windows Schannel
SSL and TLS support are enabled or disabled in Windows Schannel by editing the Windows Registry. Each SSL
and TLS protocol version can be enabled or disabled independently. You don't need to enable or disable one
protocol version to enable or disable another protocol version.
IMPORTANT
Microsoft recommends disabling SSL 2.0 and SSL 3.0 due to serious security vulnerabilities in those protocol versions. >
Customers may also choose to disable TLS 1.0 and 1.1 to ensure that only the newest protocol version is used. However, this
may cause compatibility issues with software that doesn't support the newest TLS protocol version. Customers should test
such a change before performing it in production.
The Enabled registry value defines whether the protocol version can be used. If the value is set to 0, the protocol
version cannot be used, even if it is enabled by default or if the application explicitly requests that protocol version.
If the value is set to 1, the protocol version can be used if enabled by default or if the application explicitly requests
that protocol version. If the value is not defined, it will use a default value determined by the operating system.
The DisabledByDefault registry value defines whether the protocol version is used by default. This setting only
applies when the application doesn't explicitly request the protocol versions to be used. If the value is set to 0, the
protocol version will be used by default. If the value is set to 1, the protocol version will not be used by default. If
the value is not defined, it will use a default value determined by the operating system.
To disable SSL 2.0 support in Windows Schannel
1. From Notepad.exe, create a text file named ssl20-disable.reg.
2. Copy, and then paste the following text.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
For example, you can enable TLS 1.0, TLS 1.1, and TLS 1.2 by default by adding the values 0x00000080,
0x00000200, and 0x00000800 together to form the value 0x00000A80.
To install the WinHTTP KB update, follow the instructions from the KB article Update to enable TLS 1.1 and TLS
1.2 as a default secure protocols in WinHTTP in Windows
To enable TLS 1.0, TLS 1.1, and TLS 1.2 by default in WinHTTP
1. From Notepad.exe, create a text file named winhttp-tls10-tls12-enable.reg.
2. Copy, and then paste the following text.
For 64-bit operating system
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000A80
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000A80
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000A80
NOTE
Disabling TLS 1.0 may cause compatibility issues with sites that don't support newer security protocol versions.
Customers should test this change before performing it in production.
4. Click OK.
3.4 - Enable strong cryptography in .NET Framework 4.5 or higher
.NET Framework 4.5 and higher doesn't inherit its SSL and TLS security protocol version defaults from the
Windows Schannel DisabledByDefault registry value. Instead, it uses its own SSL and TLS security protocol
version defaults. To override the defaults, you must configure Windows Registry keys.
The SchUseStrongCrypto registry value changes the .NET Framework 4.5 and higher security protocol version
default from SSL 3.0 or TLS 1.0 to TLS 1.0 or TLS 1.1 or TLS 1.2. In addition, it restricts the use of encryption
algorithms with TLS that are considered weak such as RC4.
Applications compiled for .NET Framework 4.6 or higher will behave as if the SchUseStrongCrypto registry
value is set to 1, even if it isn't. To ensure all .NET Framework applications will use strong cryptography, you must
configure this Windows Registry value.
Microsoft has released an optional security update for .NET Framework 4.5, 4.5.1, and 4.5.2 that will automatically
configure the Windows Registry keys for you. No updates are available for .NET Framework 4.6 or higher. You
must manually configure the Windows Registry keys on .NET Framework 4.6 or higher.
For Windows 7 and Windows Server 2008 R2
To enable strong cryptography in .NET Framework 4.5 and 4.5.1 on Windows 7 and Windows Server 2008
R2, see the KB article Description of the security update for the .NET Framework 4.5 and the .NET
Framework 4.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13,
2014.
To enable strong cryptography in .NET Framework 4.5.2 on Windows 7 and Windows Server 2008 R2, see
the KB article Description of the security update for the .NET Framework 4.5.2 on Windows 7 Service Pack
1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014.
For Windows Server 2012
To enable strong cryptography in .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows Server 2012, see the KB
article Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET
Framework 4.5.2 on Windows 8, Windows RT, and Windows Server 2012: May 13, 2014.
For Windows 8.1 and Windows Server 2012 R2
To enable strong cryptography in .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012
R2, see the KB article Description of the security update for the .NET Framework 4.5.1 and the .NET
Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 13, 2014.
To enable strong cryptography in .NET Framework 4.6 or higher
1. From Notepad.exe, create a text file named net46-strong-crypto-enable.reg.
2. Copy, and then paste the following text.
For 64-bit operating system
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SchUseStrongCrypto"=dword:00000001
IMPORTANT
Microsoft recommends disabling SSL 2.0 and SSL 3.0 due to serious security vulnerabilities in those protocol versions. >
Customers may also choose to disable TLS 1.0 and TLS 1.1 to ensure that only the newest protocol version is used. However,
this may cause compatibility issues with software that doesn't support the newest TLS protocol version. Customers should
test such a change before performing it in production.
The Enabled registry value defines whether the protocol version can be used. If the value is set to 0, the protocol
version cannot be used, even if it is enabled by default or if the application explicitly requests that protocol version.
If the value is set to 1, the protocol version can be used if enabled by default or if the application explicitly requests
that protocol version. If the value is not defined, it will use a default value determined by the operating system.
The DisabledByDefault registry value defines whether the protocol version is used by default. This setting only
applies when the application doesn't explicitly request the protocol versions to be used. If the value is set to 0, the
protocol version will be used by default. If the value is set to 1, the protocol version will not be used by default. If
the value is not defined, it will use a default value determined by the operating system.
To disable SSL 2.0 support in Windows Schannel
1. From Notepad.exe, create a text file named ssl20-disable.reg.
2. Copy, and then paste the following text.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
IMPORTANT
If you do not update each of these locations, you run the risk of systems failing to connect to each other using TLS 1.1 or TLS
1.2. The systems will instead fall back to an older security protocol; and if the older security protocols are disabled, the
systems may fail to connect entirely.
Example: Client computers may fail to connect to your SharePoint sites.
STEPS FOR SHAREPOINT SERVER WINDOWS SERVER 2016 WINDOWS SERVER 2019
IMPORTANT
SSL 2.0 and SSL 3.0 are disabled by default in Windows Server 2016 and Windows Server 2019 due to serious security
vulnerabilities in those protocol versions.
Customers may also choose to disable TLS 1.0 and TLS 1.1 to ensure that only the newest protocol version is used. However,
this may cause compatibility issues with software that doesn't support the newest TLS protocol version. Customers should
test such a change before performing it in production.
The Enabled registry value defines whether the protocol version can be used. If the value is set to 0, the protocol
version cannot be used, even if it is enabled by default or if the application explicitly requests that protocol version.
If the value is set to 1, the protocol version can be used if enabled by default or if the application explicitly requests
that protocol version. If the value is not defined, it will use a default value determined by the operating system.
The DisabledByDefault registry value defines whether the protocol version is used by default. This setting only
applies when the application doesn't explicitly request the protocol versions to be used. If the value is set to 0, the
protocol version will be used by default. If the value is set to 1, the protocol version will not be used by default. If
the value is not defined, it will use a default value determined by the operating system.
To disable TLS 1.0 support in Windows Schannel
1. From Notepad.exe, create a text file named tls10-disable.reg.
2. Copy, and then paste the following text.
STEPS FOR YOUR SQL SERVERS WINDOWS SERVER 2016 WINDOWS SERVER 2019
IMPORTANT
SSL 2.0 and SSL 3.0 are disabled by default in Windows Server 2016 and Windows Server 2019 due to serious security
vulnerabilities in those protocol versions.
Customers may also choose to disable TLS 1.0 and TLS 1.1 to ensure that only the newest protocol version is used. However,
this may cause compatibility issues with software that doesn't support the newest TLS protocol version. Customers should
test such a change before performing it in production.
The Enabled registry value defines whether the protocol version can be used. If the value is set to 0, the protocol
version cannot be used, even if it is enabled by default or if the application explicitly requests that protocol version.
If the value is set to 1, the protocol version can be used if enabled by default or if the application explicitly requests
that protocol version. If the value is not defined, it will use a default value determined by the operating system.
The DisabledByDefault registry value defines whether the protocol version is used by default. This setting only
applies when the application doesn't explicitly request the protocol versions to be used. If the value is set to 0, the
protocol version will be used by default. If the value is set to 1, the protocol version will not be used by default. If
the value is not defined, it will use a default value determined by the operating system.
To disable TLS 1.0 support in Windows Schannel
1. From Notepad.exe, create a text file named tls10-disable.reg.
2. Copy, and then paste the following text.
For example, you can enable TLS 1.0, TLS 1.1, and TLS 1.2 by default by adding the values 0x00000080,
0x00000200, and 0x00000800 together to form the value 0x00000A80.
To install the WinHTTP KB update, follow the instructions from the KB article Update to enable TLS 1.1 and TLS
1.2 as a default secure protocols in WinHTTP in Windows
To enable TLS 1.0, TLS 1.1, and TLS 1.2 by default in WinHTTP
1. From Notepad.exe, create a text file named winhttp-tls10-tls12-enable.reg.
2. Copy, and then paste the following text.
For 64-bit operating system
NOTE
Disabling TLS 1.0 may cause compatibility issues with sites that don't support newer security protocol versions.
Customers should test this change before performing it in production.
4. Click OK.
3.4 - Enable strong cryptography in .NET Framework 4.5 or higher
.NET Framework 4.5 and higher doesn't inherit its SSL and TLS security protocol version defaults from the
Windows Schannel DisabledByDefault registry value. Instead, it uses its own SSL and TLS security protocol
version defaults. To override the defaults, you must configure Windows Registry keys.
The SchUseStrongCrypto registry value changes the .NET Framework 4.5 and higher security protocol version
default from SSL 3.0 or TLS 1.0 to TLS 1.0 or TLS 1.1 or TLS 1.2. In addition, it restricts the use of encryption
algorithms with TLS that are considered weak such as RC4.
Applications compiled for .NET Framework 4.6 or higher will behave as if the SchUseStrongCrypto registry value
is set to 1, even if it isn't. To ensure all .NET Framework applications will use strong cryptography, you must
configure this Windows Registry value.
Microsoft has released an optional security update for .NET Framework 4.5, 4.5.1, and 4.5.2 that will automatically
configure the Windows Registry keys for you. No updates are available for .NET Framework 4.6 or higher. You
must manually configure the Windows Registry keys on .NET Framework 4.6 or higher.
For Windows 7 and Windows Server 2008 R2
To enable strong cryptography in .NET Framework 4.5 and 4.5.1 on Windows 7 and Windows Server 2008
R2, see the KB article Description of the security update for the .NET Framework 4.5 and the .NET
Framework 4.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014.
To enable strong cryptography in .NET Framework 4.5.2 on Windows 7 and Windows Server 2008 R2, see
the KB article Description of the security update for the .NET Framework 4.5.2 on Windows 7 Service Pack 1
and Windows Server 2008 R2 Service Pack 1: May 13, 2014.
For Windows Server 2012
To enable strong cryptography in .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows Server 2012, see the KB
article Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET
Framework 4.5.2 on Windows 8, Windows RT, and Windows Server 2012: May 13, 2014.
For Windows 8.1 and Windows Server 2012 R2
To enable strong cryptography in .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012
R2, see the KB article Description of the security update for the .NET Framework 4.5.1 and the .NET Framework
4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 13, 2014.
To enable strong cryptography in .NET Framework 4.6 or higher
1. From Notepad.exe, create a text file named net46-strong-crypto-enable.reg.
2. Copy, and then paste the following text.
For 64-bit operating system
IMPORTANT
Microsoft recommends disabling SSL 2.0 and SSL 3.0 due to serious security vulnerabilities in those protocol versions.
Customers may also choose to disable TLS 1.0 and TLS 1.1 to ensure that only the newest protocol version is used. However,
this may cause compatibility issues with software that doesn't support the newest TLS protocol version. Customers should
test such a change before performing it in production.
The Enabled registry value defines whether the protocol version can be used. If the value is set to 0, the protocol
version cannot be used, even if it is enabled by default or if the application explicitly requests that protocol version.
If the value is set to 1, the protocol version can be used if enabled by default or if the application explicitly requests
that protocol version. If the value is not defined, it will use a default value determined by the operating system.
The DisabledByDefault registry value defines whether the protocol version is used by default. This setting only
applies when the application doesn't explicitly request the protocol versions to be used. If the value is set to 0, the
protocol version will be used by default. If the value is set to 1, the protocol version will not be used by default. If
the value is not defined, it will use a default value determined by the operating system.
To disable SSL 2.0 support in Windows Schannel
1. From Notepad.exe, create a text file named ssl20-disable.reg.
2. Copy, and then paste the following text.
CATEGORY CHARACTERISTIC
Services listed in the Services MMC snap-in Enable the following services:
ASP.NET State service (if you are using InfoPath Forms
Services or Project Server 2016)
View State service (if you are using InfoPath Forms Services)
World Wide Web Publishing Service
Ensure that these services are not disabled:
Claims to Windows Token Service
SharePoint Administration
SharePoint Timer Service
SharePoint Tracing Service
SharePoint VSS Writer
Ensure that these services are not disabled on the servers that
host the corresponding roles:
AppFabric Caching Service
SharePoint User Code Host
SharePoint Search Host Controller
SharePoint Server Search
Ports and protocols
CATEGORY CHARACTERISTIC
Auditing and logging If log files are relocated, ensure that the log file locations are
updated to match. Update directory access control lists (ACLs)
also.
CATEGORY CHARACTERISTIC
NOTE
With the addition to the MinRole feature in SharePoint Server 2016, the concept of roles has changed. For information about
roles, see Planning for a MinRole server deployment in SharePoint Server 2016.
The primary recommendation for SharePoint Server is to secure inter-farm communication by blocking the
default ports used for SQL Server communication and establishing custom ports for this communication instead.
For more information about how to configure ports for SQL Server communication, see Blocking the standard
SQL Server ports, later in this article.
CATEGORY CHARACTERISTIC
This article does not describe how to secure SQL Server. For more information about how to secure SQL Server,
see Securing SQL Server (http://go.microsoft.com/fwlink/p/?LinkId=186828).
NOTE
We recommend to use the standard SQL ports, but ensure the firewall is configured to only allow communication with the
servers that need access to the SQL Server. Servers that don't need access to the SQL Server should be blocked from
connecting to the SQL Server over TCP port 1433 and UDP port 1444.
There are several methods you can use to block ports. You can block these ports by using a firewall. However,
unless you can be sure that there are no other routes into the network segment and that there are no malicious
users that have access to the network segment, the recommendation is to block these ports directly on the server
that hosts SQL Server. This can be accomplished by using Windows Firewall in Control Panel.
Configuring SQL Server database instances to listen on a nonstandard port
SQL Server provides the ability to reassign the ports that are used by the default instance and any named
instances. In SQL Server, you reassign ports by using SQL Server Configuration Manager.
Configuring SQL Server client aliases
In a server farm, all front-end Web servers and application servers are SQL Server client computers. If you block
UDP 1434 on the SQL Server computer, or you change the default port for the default instance, you must
configure a SQL Server client alias on all servers that connect to the SQL Server computer. In this scenario, the
SQL Server client alias specifies the TCP port that the named instance is listening on.
To connect to an instance of SQL Server, you install SQL Server client components on the target computer and
then configure the SQL Server client alias by using SQL Server Configuration Manager. To install SQL Server
client components, run Setup and select only the following client components to install:
Connectivity Components
Management Tools (includes SQL Server Configuration Manager)
For specific hardening steps for blocking the standard SQL Server ports, see Configure SQL Server security for
SharePoint Server.
Service application communication
By default, communication between SharePoint servers and service applications within a farm takes place by using
HTTP with a binding to TCP 32843. When you publish a service application, you can select either HTTP or HTTPS
with the following bindings:
HTTP binding: TCP 32843
HTTPS binding: TCP 32844
Additionally, third parties that develop service applications can implement a third choice:
net.tcp binding: TCP 32845
You can change the protocol and port binding for each service application. On the Service Applications page in
Central Administration, select the service application, and then click Publish.
The HTTP/HTTPS/net.tcp bindings can also be viewed and changed by using the Get-SPServiceHostConfig and
Set-SPServiceHostConfig Microsoft PowerShell cmdlets.
Communication between service applications and SQL Server takes place over the standard SQL Server ports or
the ports that you configure for SQL Server communication.
Connections to external servers
Several features of SharePoint Server can be configured to access data that resides on server computers outside of
the server farm. If you configure access to data that is located on external server computers, ensure that you
enable communication between the appropriate computers. In most cases, the ports, protocols, and services that
are used depend on the external resource. For example:
Connections to file shares use the File and Printer Sharing service.
Connections to external SQL Server databases use the default or customized ports for SQL Server
communication.
Connections to Oracle databases typically use OLE DB.
Connections to Web services use both HTTP and HTTPS.
The following table lists features that can be configured to access data that resides on server computers outside
the server farm.
FEATURE DESCRIPTION
Content crawling You can configure crawl rules to crawl data that resides on
external resources, including Web sites, file shares, Exchange
public folders, and business data applications. When crawling
external data sources, the crawl role communicates directly
with these external resources.
For more information, see Manage crawling in SharePoint
Server.
Business Data Connectivity connections Web servers and application servers communicate directly
with computers that are configured for Business Data
Connectivity connections.
SharePoint Server includes an internal service, the Microsoft SharePoint Directory Management Service, for
creating e-mail distribution groups. When you configure e-mail integration, you have the option to enable the
Directory Management Service feature, which lets users create distribution lists. When users create a SharePoint
group and they select the option to create a distribution list, the Microsoft SharePoint Directory Management
Service creates the corresponding Active Directory distribution list in the Active Directory environment.
In security-hardened environments, the recommendation is to restrict access to the Microsoft SharePoint Directory
Management Service by securing the file associated with this service, which is SharePointEmailws.asmx. For
example, you might allow access to this file by the server farm account only.
Additionally, this service requires permissions in the Active Directory environment to create Active Directory
distribution list objects. The recommendation is to set up a separate organizational unit (OU ) in Active Directory
for SharePoint Server objects. Only this OU should allow write access to the account that is used by the Microsoft
SharePoint Directory Management Service.
Service requirements for session state
Both Project Server 2016 and InfoPath Forms Services maintain session state. If you are deploying these features
or products within your server farm, do not disable the ASP.NET State service. Additionally, if you are deploying
InfoPath Forms Services, do not disable the View State service.
SharePoint Server Products services
Do not disable services that are installed by SharePoint Server (listed in the snapshot previously).
If your environment disallows services that run as a local system, you can consider disabling the SharePoint
Administration service only if you are aware of the consequences and can work around them. This service is a
Win32 service that runs as a local system.
This service is used by the SharePoint Timer service to perform actions that require administrative permissions on
the server, such as creating Internet Information Services (IIS ) Web sites, deploying code, and stopping and
starting services. If you disable this service, you cannot complete deployment-related tasks from the Central
Administration site. You must use Microsoft PowerShell to run the Start-SPAdminJob cmdlet (or use the
Stsadm.exe command-line tool to run the execadmsvcjobs operation) to complete multiple-server deployments
for SharePoint Server and to run other deployment-related tasks.
Web.config file
The .NET Framework, and ASP.NET in particular, use XML -formatted configuration files to configure applications.
The .NET Framework relies on configuration files to define configuration options. The configuration files are text-
based XML files. Multiple configuration files can, and typically do, exist on a single system.
System-wide configuration settings for the .NET Framework are defined in the Machine.config file. The
Machine.config file is located in the %SystemRoot%\Microsoft.NET\Framework%VersionNumber%\CONFIG\
folder. The default settings that are contained in the Machine.config file can be modified to affect the behavior of
applications that use the .NET Framework on the whole system.
You can change the ASP.NET configuration settings for a single application if you create a Web.config file in the
root folder of the application. When you do this, the settings in the Web.config file override the settings in the
Machine.config file.
When you extend a Web application by using Central Administration, SharePoint Server automatically creates a
Web.config file for the Web application.
The Web server and application server snapshot presented earlier in this article lists recommendations for
configuring Web.config files. These recommendations are intended to be applied to each Web.config file that is
created, including the Web.config file for the Central Administration site.
For more information about ASP.NET configuration files and editing a Web.config file, see ASP.NET Configuration
(http://go.microsoft.com/fwlink/p/?LinkID=73257).
See also
Concepts
Security for SharePoint Server
Plan for least-privileged administration in SharePoint
Server
6/7/2019 • 8 minutes to read • Edit Online
Introduction
Organizations implement least-privileged administration to achieve better security than would be typically
recommended. Only a small percentage of organizations require this heightened level of security because of the
resource costs of maintaining least-privileged administration. Some deployments that might require this
heightened level of security include governmental agencies, security organizations, and organizations in the
financial services industry. The implementation of a least-privileged environment should not be confused with best
practices. In a least-privileged environment, administrators implement best practices together with additional
heightened levels of security.
[!SECURITY NOTE ] The ability to grant access to the database engine and to configure user
permissions allows the securityadmin to assign most server permissions. You should treat the
securityadmin role as equal to the sysadmin role.
For additional information about SQL Server server-level roles, see Server Level Roles.
If you remove one or more of these SQL Server roles, you might receive "Unexpected" error messages in the
Central Administration web site. In addition, you may receive the following message in the Unified Logging
Service (ULS ) log file:
System.Data.SqlClient.SqlException… <operation type> permission denied in database <database>.
Table <table>
Along with an error message that may be displayed, you may be unable to perform any of the following tasks:
Restore a backup of a farm because you can't write to a database
Provision a service instance or web application
Configure managed accounts
Change managed accounts for web applications
Perform any action on any database, managed account, or service that requires the Central Administration
web site
In certain situations, database administrators (DBAs) may want to operate independently from SharePoint Server
administrators and create and manage all the databases. This is typical in IT environments where security
requirements and company policies require a separation of administrator roles. The farm administrator provides
SharePoint Server database requirements to the DBA, who then creates the necessary databases and sets up the
logins that are required for the farm.
By default, the DBA has complete access to the SQL Server instance but requires additional permissions to access
SharePoint Server. DBAs typically use Windows PowerShell 3.0 when they add, create, move, or rename
SharePoint databases, so they must be a member of the following accounts:
Securityadmin fixed server role on the SQL Server instance.
Db_owner fixed database role on all databases in the SharePoint farm.
Administrators group on the computer on which they run the PowerShell cmdlets.
Additionally, the DBA may have to be a member of the SharePoint_Shell_Access role to access the SharePoint
content database. In some conditions, the DBA may want to add the Setup user account to the db_owner role.
SharePoint Server roles and services
In general, you should remove the ability to create new databases from SharePoint Server service accounts. Other
than the account under which the timer service runs (typically the farm account), no SharePoint Server service
account should have the sysadmin role on the SQL Server instance and no SharePoint Server service account
should be a local Administrator on the server that runs SQL Server.
For more information about SharePoint Server accounts, see Account permissions and security settings in
SharePoint Server 2016.
For account information in SharePoint Server 2013, see Account permissions and security settings in SharePoint
2013.
The following list provides information about locking down other SharePoint Server roles and services:
SharePoint_Shell_Access role
When you remove this SQL Server role, you remove the ability to write entries to the configuration and
content database and the ability to perform any tasks by using Microsoft PowerShell. For additional
information about this role, see Add-SPShellAdmin.
SharePoint Timer service (SPTimerV4)
We recommend that you do not limit the default permissions granted to the account under which this
service runs and that you never disable this account. Instead, use a secure user account, for which the
password is not widely known, and leave the service running. By default, this service is installed when you
install SharePoint Server and maintains configuration cache information. If you set the service type to
disabled you may experience the following behavior:
Timer jobs won't run
Health analyzer rules won't run
Maintenance and farm configuration will be out of date
SharePoint Administration service (SPAdminV4)
This service performs automated changes that require local administrator permission on the server. When
the service is not running, you must manually process server-level administrative changes. We recommend
that you do not limit the default permissions granted to the account under which this service runs and that
you never disable this account. Instead, use a secure user account, for which the password is not widely
known, and leave the service running. If you set the service type to disabled, you may experience the
following behavior:
Administrative timer jobs won't run
Web configuration files won't be updated
Security and local groups won't be updated
Registry values and keys won't be written
Services may be unable to be started or restarted
Provisioning of services may be unable to be completed
SPUserCodeV4 Service
This service lets a site collection administrator upload sandboxed solutions to the Solutions gallery. If you
are not using sandboxed solutions, you can disable this service.
Claims To Windows Token service (C2WTS )
By default, this service is disabled. The C2WTS service may be required for a deployment with Excel
Services, PerformancePoint Servers, or SharePoint shared services that must translate between SharePoint
security tokens and Windows-based identities. For example, you use this service when you configure
Kerberos-constrained delegation for accessing external data sources. For more information about C2WTS,
see Plan for Kerberos authentication in SharePoint Server.
The following features may experience additional symptoms under certain circumstances:
Backup and restore
The ability to perform a restore from a backup may fail if you have removed database permissions.
Upgrade
The upgrade process starts correctly, but then fails if you do not have suitable permissions to databases. If
your organization is already in a least-privileged environment, the workaround is to move to a best practices
environment to complete the upgrade, and then move back to a least-privileged environment.
Update
The ability to apply a software update to a farm will succeed for the schema of the configuration database,
but fail on the content database and services.
Additional things to consider for a least-privileged environment
In addition to the previous considerations, you might have to consider more operations. The following list is
incomplete. Selectively use the items at your own discretion:
Setup user account - This account is used to set up each server in a farm. The account must be a member
of the Administrators group on each server in the SharePoint Server farm. For additional information about
this account, see Initial deployment administrative and service accounts in SharePoint Server.
Synchronization account - For SharePoint Server Server, this account is used to connect to the directory
service. We recommend that you do not limit the default permissions granted to the account under which
this service runs and that you never disable this account. Instead, use a secure user account, for which the
password is not widely known, and leave the service running. This account also requires Replicate Directory
Changes permission on AD DS which enables the account to read AD DS objects and to discover AD DS
objects that were changed in the domain. The Grant Replicate Directory Changes permission does not
enable an account to create, change or delete AD DS objects.
My Site host application pool account - This is the account under which the My Site application pool
runs. To configure this account, you must be a member of the Farm Administrators group. You can limit
privileges to this account.
Built-in user group - Removing the built-in user security group or changing the permissions may have
unanticipated consequences. We recommend that you do not limit privileges to any built-in accounts or
groups.
Group permissions - By default the WSS_ADMIN_WPG SharePoint group has read and write access to
local resources. The following WSS_ADMIN_WPG file system locations,
%WINDIR%\System32\drivers\etc\Hosts and %WINDIR%\Tasks are needed for SharePoint Server to work
correctly. If other services or applications are running on a server, you might consider how they access the
Tasks or Hosts folder locations. For additional information about account settings for SharePoint Server, see
Account permissions and security settings in SharePoint Server 2016.
For account information in SharePoint Server 2013, see Account permissions and security settings in
SharePoint 2013.
Change permission of a service - A change of a permission of a service may have unanticipated
consequences. For example, if the following registry key,
HKLM\System\CurrentControlSet\Services\PerfProc\Performance\Disable Performance Counters, has the
value of 0, the User Code Host service would be disabled which would cause sandboxed solutions to stop
working.
See also
Other Resources
Least Privilege Configuration for Workflow Manager with SharePoint 2013
Configure SQL Server security for SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
IMPORTANT
The security steps in this topic are fully tested by the SharePoint team. There are other ways to help secure SQL Server in a
SharePoint Server farm. For more information, see Securing SQL Server.
NOTE
You can configure the Internet Protocol security (IPsec) to help secure communication to and from your computer
that is running SQL Server by configuring the Windows firewall. You do this by selecting Connection Security
Rules in the navigation pane of the Windows Firewall with Advanced Security dialog box.
See also
Other Resources
SQL Server Security Blog
SQL Vulnerability Assessment
Securing SharePoint: Harden SQL Server in SharePoint Environments
Configure a Windows Firewall for Database Engine Access
Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager)
Federal Information Processing Standard security
standards and SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
Because SharePoint Server uses these algorithms, it does not support the Windows security policy setting that
requires FIPS compliant algorithms for encryption and hashing. This Windows security policy is managed through
the FIPSAlgorithmPolicy registry key in Windows, which is described in the "Configure FIPS policy for a mixed
environment" section of the following topic:
Additional System Countermeasures
FIPS 140-2 defines security standards that the United States and Canadian governments use to validate security
levels for products that implement cryptography. For more information about FIPS 140-2, see the following
references:
FIPS 140 Evaluation
FIPS Publications
The goal of FIPS is to provide a standardized way to ensure the security and privacy of sensitive information in
computer systems of the United States and Canadian governments. Using a FIPS compliant algorithm for
encryption of data over an open network is a key requirement for FISMA certification. The Windows
FIPSAlgorithmPolicy registry key is neither necessary nor sufficient for FISMA certification, it is a useful
enforcement tool for many solutions, but not SharePoint Server.
The FIPS contribution to FISMA certification is the strength of encryption used for security purposes. Security-
related encryption within SharePoint Server is performed by using FIPS -compliant cipher suites.
For additional information about FISMA see,Federal Information Security Management Act (FISMA)
Implementation Project
Install SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
Install SharePoint Server 2016 Learn how to install SharePoint Server 2016 in various
topologies.
Install SharePoint Server 2019 Learn how to install SharePoint Server 2019 in various
topologies.
Prerequisites for SharePoint Server Learn about permissions, accounts, security settings, and
what you have to do to prepare your environment for
SharePoint Servers 2016 and 2019.
Configure SharePoint Server Learn how to configure settings like services, authentication,
and specific features after you install SharePoint Server.
Install and manage apps for SharePoint Server Learn about apps for SharePoint, the SharePoint Store, and
the App Catalog and how to install, manage, and monitor
apps in your SharePoint Server 2016 environment.
Upgrade to SharePoint Server 2016 Learn how to plan, prepare, and perform an upgrade to
SharePoint Server 2016.
Upgrade to SharePoint Server 2019 Learn how to plan, prepare, and perform an upgrade to
SharePoint Server 2019.
Deploy software updates for SharePoint Server 2016 Learn how to prepare for, download, install, and configure
software updates and patches for SharePoint Server 2016.
Test and troubleshoot an upgrade to SharePoint Server 2016 Learn how to test and troubleshoot an upgrade from
SharePoint Server 2013 with Service Pack 1 (SP1) to
SharePoint Server 2016.
Configure SQL Server security for SharePoint Server Learn how to improve the security of SQL Server for
SharePoint Server 2016 environments.
SharePoint Server 2016 in Microsoft Azure Learn about why Microsoft Azure is the best place to host
your SharePoint Server 2016 farms in the cloud.
CONTENT DESCRIPTION
Microsoft Identity Manager in SharePoint Servers 2016 and Learn about the Microsoft Identity Manager (MIM) in
2019 SharePoint Servers 2016 and 2019 and the features it
provides to you as an external identity manager.
Install for SharePoint 2013 Learn how to install SharePoint Server 2013 in various
topologies.
Prerequisites for SharePoint Server Learn about permissions, accounts, security settings, and
what you have to do to prepare your environment for
SharePoint Server 2013.
Configure SharePoint Server Learn how to configure settings like services, authentication,
and specific features after you install SharePoint Server 2013.
Install and manage apps for SharePoint Server Learn about apps for SharePoint, the SharePoint Store, and
the App Catalog and how to install, manage, and monitor
apps in your SharePoint Server 2013 environment.
Upgrade from SharePoint 2010 to SharePoint 2013 Learn how to plan, prepare, and perform an upgrade to
SharePoint Server 2013.
Upgrade from SharePoint 2013 to SharePoint Server 2019 Learn the high level steps to perform an upgrade to
SharePoint Server 2019.
Deploy software updates for SharePoint 2013 Learn how to prepare for, download, install, and configure
software updates and patches for SharePoint Server 2013.
Test and troubleshoot an upgrade to SharePoint 2013 Learn how to test and troubleshoot an upgrade from
SharePoint Server 2010 to SharePoint Server 2013.
Configure SQL Server security for SharePoint Server Learn how to improve the security of SQL Server for
SharePoint Server 2013 environments.
SharePoint 2013 dev/test environments in Azure Learn about why Microsoft Azure is the best place to host
your SharePoint Server 2013 farms in the cloud.
See also
Other Resources
What is SharePoint
About SharePoint
Install SharePoint Server 2019
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Hardware and software system requirements Describes the system requirements to install SharePoint Server
2019.
Install SharePoint Server on one server Describes how to install SharePoint Server on a single server.
Install SharePoint Server across multiple servers Describes how to install SharePoint Server on multiple servers.
Install or uninstall language packs for SharePoint Server Describes language packs and how to download, install, and
uninstall them.
Add a server to a SharePoint Server farm Explains how to add a server to a farm.
Remove a server from a farm in SharePoint Server Describes how to remove a server from a SharePoint Server
farm.
Uninstall SharePoint Server Describes how to remove SharePoint Server from a computer.
System requirements for SharePoint Servers 2016 and
2019
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
IMPORTANT
If you contact Microsoft Customer Support Services about a production system that does not meet the minimum
hardware specifications described in this document, support will be limited until the system is upgraded to the minimum
requirements.
NOTE
The intra-farm latency of <1 ms one way, 99,9% of the time over a period of ten minutes is also required for SharePoint
environments with servers that are located in the same datacenter. The bandwidth speed should also be in this case at
least 1 gigabit per second.
IMPORTANT
SharePoint Server 2019 requires a minimum of an Active Directory 2003 native forest and domain functional level.
IMPORTANT
SharePoint Server 2019 does not support single label domain names. For more information, see Information about
configuring Windows for domains with single-label DNS names.
The Microsoft SharePoint Products Preparation Tool can assist you in the installation of the software
prerequisites for SharePoint Server 2019. Ensure that you have an Internet connection because some
prerequisites are installed from the Internet.
Minimum software requirements for SharePoint Server 2019
This section provides minimum software requirements for each server in the farm.
Minimum requirements for a database server in a farm
One of the following:
Microsoft SQL Server 2016 RTM Standard or Enterprise Editions
Microsoft SQL Server 2017 RTM Standard or Enterprise Editions for Windows
Microsoft Azure SQL Managed Instance (MI) - For more information, see Deploy Azure SQL Managed
Instance with SharePoint Servers 2016 and 2019.
NOTE
SQL Server products and all future public updates are supported through the SQL Server product lifecycle.
NOTE
SQL Server Express is not supported. Azure SQL Database (the DBaaS service) is also not supported for any SharePoint
databases
NOTE
We don't support installing the Office 2019 client and SharePoint Server 2019 on the same computer.
NOTE
The minimum supported version is Office 2010 client.
IMPORTANT
The Microsoft SharePoint Products Preparation Tool might not be able to install Microsoft .NET Framework version 3.5
automatically. In this case you need to manually install the .NET Framework 3.5 Feature Windows Feature as a
prerequisite using the Windows Server install media.
The Microsoft SharePoint Products Preparation Tool installs the following prerequisites on SharePoint servers in
a farm:
Web Server (IIS ) role
Windows Process Activation Service feature
Microsoft .NET Framework version 3.5
Microsoft .NET Framework version 4.7.2
Microsoft SQL Server 2012 Service Pack 4 Native Client
Microsoft WCF Data Services 5.6
Microsoft Identity Extensions
Microsoft Information Protection and Control Client 2.1 (MSIPC )
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Windows Server AppFabric 1.1
Cumulative Update Package 7 for Microsoft AppFabric 1.1 for Windows Server (KB 3092423)
Visual C++ Redistributable Package for Visual Studio 2012
Visual C++ Redistributable Package for Visual Studio 2017
NOTE
The required software above will be supported when used by SharePoint via the SharePoint Product Lifecycle.
NOTE
Some Windows features being installed are “Features On Demand (FOD)”, which are downloaded from Windows Update. If
the computer doesn’t have access to Windows Update, you can specify local installation files by adding the Source
parameter and pointing to the \sources\sxs folder on the Windows Server installation media.
For example: -Source D:\sources\sxs
Single server farm, front-end web servers, and application .NET Framework Data Provider for SQL Server (part of
servers in a farm Microsoft .NET Framework)
.NET Framework Data Provider for OLE DB (part of Microsoft
.NET Framework)
SharePoint Workflow Manager
You can install SharePoint Workflow Manager on a dedicated
computer.
Microsoft SQL Server 2008 R2 Reporting Services Add-in for
Microsoft SharePoint Technologies
This add-in is used by Access Services for SharePoint Server
2019.
Microsoft SQL Server 2012 Data-Tier Application (DAC)
Framework 64-bit edition
Microsoft SQL Server 2012 Transact-SQL ScriptDom 64-bit
edition
Microsoft System CLR Types for Microsoft SQL Server 2012
64-bit edition
Microsoft SQL Server 2012 with SP1 LocalDB 64-bit edition
Microsoft Data Services for the .NET Framework 4 and
Silverlight 4 (formerly ADO.NET Data Services)
Exchange Web Services Managed API, version 1.2
SharePoint Servers 2016 and 2019 supports several commonly used web browsers, such as Internet Explorer,
Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge. However, certain web browsers can
cause some SharePoint Servers 2016 or 2019 functionality to be downgraded, limited, or available only through
alternative steps.
As you plan your deployment of SharePoint Servers 2016 or 2019, we recommend that you review the browsers
used in your organization to guarantee optimal performance with SharePoint Servers 2016 and 2019.
Microsoft Edge X
Internet Explorer 11 X
Internet Explorer 10 X
Internet Explorer 9 X
Internet Explorer 8 X
Internet Explorer 7 X
Internet Explorer 6 X
Microsoft Edge X
Internet Explorer 11 X
Internet Explorer 10 X
Internet Explorer 9 X
Internet Explorer 8 X
Internet Explorer 7 X
Internet Explorer 6 X
Browser details
Review the details of the web browser that you have or plan to use in your organization to make sure that the web
browser works with SharePoint Server 2016 and according to your business needs.
Internet Explorer and older functionality
NOTE
Some older SharePoint functionality that relies on NPAPI or ActiveX will not work on browsers other than Internet Explorer.
You can work around each of these issues by using Internet Explorer to perform these tasks.
Some functionality in SharePoint Server requires ActiveX controls. This produces limitations on browsers which do
not support ActiveX. Currently only 32-bit versions of Internet Explorer support this functionality. In SharePoint
Server 2016, all other supported browsers, including Microsoft Edge and the Immersive mode of Internet Explorer
10 have the following limitations.
For SharePoint Server 2016 and 2019, browsers other than Internet Explorer 11 have the following limitations.
Other functionality, such as Form settings in List settings only function with Internet Explorer.
NOTE
In previous versions of SharePoint, a single server installation automatically installed SQL Server Express. In SharePoint Servers
2016 and 2019, a single server installation contains only SharePoint. SQL Server can be installed on the same server or on a
separate server; both scenarios are supported. For better performance we recommend installing SQL Server on a separate
server.
Overview
After you have completed setup and the SharePoint Products Configuration Wizard, you will have installed
binaries, configured security permissions, configured registry settings, configured the configuration database,
configured the content database, and installed the SharePoint Central Administration web site. Next, you can
choose to run the Farm Configuration Wizard to configure the farm, select the services that you want to use in the
farm, and create the first site collection, or you can manually perform the farm configuration at your own pace.
IMPORTANT
To complete the following procedures, the account that you use must be a member of the Administrators group on the
computer on which you are installing SharePoint Server. For information about user accounts, see Initial deployment
administrative and service accounts in SharePoint Server.
NOTE
If you intend to use this computer as a search server, we recommend that you store the search index files on a
separate storage volume or partition. Any other search data that needs to be stored is stored in the same location as
the search index files. You can only set this location at installation time.
NOTE
If Setup fails, check log files in the Temp folder of the user account you used to run Setup. Ensure that you are logged in using
the same user account and then type %temp% in the location bar in Windows Explorer. If the path in Windows Explorer
resolves to a location that ends in a "1" or "2", you have to navigate up one level to view the log files. The log file name is
SharePoint Server Setup (< time stamp>).
NOTE
For a single server farm, we recommend choosing the Single Server Farm role, although you can select a Custom
role if you want to individually manage the services instances that run on the server. You can change the role of a
server later if you change your mind or want to expand your farm by adding additional servers.
10. On the Configure SharePoint Central Administration Web Application page, do the following:
Either select the Specify port number check box and type the port number that you want the SharePoint
Central Administration web application to use, or leave the Specify port number check box cleared if you
want to use the default port number.
Click either NTLM or Negotiate (Kerberos).
11. Click Next.
12. On the Completing the SharePoint Products Configuration Wizard page, review your configuration
settings to verify that they are correct, and then click Next.
NOTE
The Advanced Settings option is not available in SharePoint Servers 2016 and 2019.
13. On the Configuration Successful page, click Finish. When the wizard closes, setup opens the web browser
and connects to Central Administration.
If the SharePoint Products Configuration Wizard fails, check the PSCDiagnostics log files, which are located
on the drive on which SharePoint Servers 2016 and 2019 are installed, in the
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\16\LOGS folder.
If you are prompted for your user name and password, you might have to add the SharePoint Central
Administration web site to the list of trusted sites and configure user authentication settings in Internet
Explorer. You might also want to disable the Internet Explorer Enhanced Security settings. If you see a proxy
server error message, you might have to configure proxy server settings so that local addresses bypass the
proxy server. Instructions for configuring proxy server settings are provided in the following section. For
more information about how to configure browser and proxy settings, see Configure browser settings.
Configure browser settings
After you run the SharePoint Products Configuration Wizard, you should confirm that SharePoint Server works
correctly by configuring additional settings in Internet Explorer.
If you are not using Internet Explorer, you might have to configure additional settings for your browser. For
information about supported browsers, see Plan browser support in SharePoint Servers 2016 and 2019.
To confirm that you have configured browser settings correctly, log on to the server by using an account that has
local administrative credentials. Next, connect to the SharePoint Central Administration web site. If you are
prompted for your user name and password when you connect, perform the following procedures:
Add the SharePoint Central Administration website to the list of trusted sites
Disable Internet Explorer Enhanced Security settings
If you receive a proxy server error message, perform the following procedure:
Configure proxy server settings to bypass the proxy server for local addresses
To add the SharePoint Central Administration website to the list of trusted sites
1. Verify that the user account that completes this procedure has the following credentials:
The user account is a member of the Administrators group on the computer on which you are performing the
procedure.
2. In Internet Explorer, on the Tools menu, click Internet Options.
3. On the Security tab, in the Select a zone to view or change security settings area, click Trusted Sites,
and then click Sites.
4. Clear the Require server verification (https:) for all sites in this zone check box.
5. In the Add this web site to the zone box, type the URL to your site, and then click Add.
6. Click Close to close the Trusted Sites dialog box.
7. Click OK to close the Internet Options dialog box.
To disable Internet Explorer Enhanced Security settings
1. Verify that the user account that completes this procedure has the following credentials:
The user account is a member of the Administrators group on the computer on which you are performing the
procedure.
2. Click Start, point to All Apps, point to Administrative Tools, and then click Server Manager.
3. In Server Manager, select the root of Server Manager.
4. In the Security Information section, click Configure IE ESC.
The Internet Explorer Enhanced Security Configuration dialog box appears.
5. In the Administrators section, click Off to disable the Internet Explorer Enhanced Security settings, and
then click OK.
To configure proxy server settings to bypass the proxy server for local addresses
1. Verify that the user account that completes this procedure has the following credentials:
The user account is a member of the Administrators group on the computer on which you are performing the
procedure.
2. In Internet Explorer, on the Tools menu, click Internet Options.
3. On the Connections tab, in the Local Area Network (LAN ) settings area, click LAN Settings.
4. In the Automatic configuration area, clear the Automatically detect settings check box.
5. In the Proxy Server area, click the Use a proxy server for your LAN check box.
6. Type the address of the proxy server in the Address box.
7. Type the port number of the proxy server in the Port box.
8. Select the Bypass proxy server for local addresses check box.
9. Click OK to close the Local Area Network (LAN ) Settings dialog box.
10. Click OK to close the Internet Options dialog box.
Run the Farm Configuration Wizard
You have now completed setup and the initial configuration of SharePoint Server. You have created the SharePoint
Central Administration web site. You can now configure your farm and sites, and you can select services by using
the Farm Configuration Wizard.
To run the Farm Configuration Wizard
1. Verify that the user account that is performing this procedure is the Setup user account. For information
about the Setup user account, see Initial deployment administrative and service accounts in SharePoint
Server.
2. On the SharePoint Central Administration home page, on the Quick Launch, click Configuration Wizards,
and then click Launch the Farm Configuration Wizard.
3. On the Help Make SharePoint Better page, click one of the following options, and then click OK:
Yes, I am willing to participate (Recommended.)
No, I don't want to participate.
4. On the Configure your SharePoint farm page, next to Yes, walk me through the configuration of my
farm using this wizard, click Start the Wizard.
5. On the Service Applications and Services page, in the Service Account section, click the service account
option that you want to use to configure your services.
Security note: For security reasons, we recommend that you use a different account from the farm
administrator account to configure services in the farm.
If you decide to use an existing managed account — that is, an account of which SharePoint Server 2016 is
aware — make sure that you click that option before you continue.
6. In the Services section, review the services that you want to use in the farm, and then click Next.
7. On the Create Site Collection page, do the following:
8. In the Title and Description section, in the Title box, type the name of your new site.
9. Optional: In the Description box, type a description of what the site contains.
10. In the Web Site Address section, select a URL path for the site.
11. In the Template Selection section, in the Select a template list, select the template that you want to use
for the top-level site in the site collection.
NOTE
To view a template or a description of a template, click any template in the Select a template list.
Post-installation steps
After you install and configure SharePoint Server, your browser window opens to the Central Administration web
site of your new SharePoint site. Although you can start adding content to the site or customizing the site, we
recommend that you first perform the following administrative tasks.
Configure usage and health data collection You can configure usage and health data collection in your
server farm. The system writes usage and health data to the logging folder and to the logging database.
Configure diagnostic logging You can configure diagnostic logging that might be required after initial
installation or upgrade. The default settings are sufficient for most situations. Depending upon the business
needs and life-cycle of the farm, you might want to change these settings.
Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and archive
incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-mail
discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In
addition, you can configure the SharePoint Directory Management Service to provide support for e-mail
distribution list creation and administration.
Configure outgoing email You can configure outgoing email so that your Simple Mail Transfer Protocol
(SMTP ) server sends email alerts to site users and notifications to site administrators. You can configure
both the "From" email address and the "Reply" email address that appear in outgoing alerts.
Configure Search settings You can configure Search settings to crawl the content in SharePoint Server.
Install SharePoint Servers 2016 or 2019 across multiple
servers
6/7/2019 • 11 minutes to read • Edit Online
Overview
The basic steps in this deployment are as follows:
Ensure that you have done all the planning and preparatory work, such as verifying hardware and software
requirements.
Install the required software updates on all servers that will be part of the farm.
Install the SharePoint Server prerequisites on SharePoint servers.
Install SharePoint Server on the SharePoint servers.
Create and configure the SharePoint farm.
Provision services.
Complete post-deployment tasks as required.
Topology overview
SharePoint Servers 2016 and 2019 support a new farm topology design called MinRole. This article will describe a
simple multi-server farm topology with one server assigned to each MinRole server role. However, to take
advantage of zero downtime patching, your farm topology must support high availability (HA) by having multiple
servers assigned to each MinRole server role.
For additional information about MinRole, see Overview of MinRole Server Roles in SharePoint Servers 2016 and
2019.
Before you install SharePoint Server on multiple servers
Before you begin to install and configure SharePoint Servers 2016 or 2019, do the following:
Ensure that you are familiar with the operating-system guidelines described in Performance Tuning
Guidelines for Windows Server 2012 R2.
Ensure that you have met all hardware and software requirements. For more information about these
requirements, such as specific updates that you must install, see Hardware and software requirements for
SharePoint Server 2016. For SharePoint Server 2019, see Hardware and software requirements for
SharePoint Server 2019.
Ensure that you perform a clean installation of SharePoint Server.
Ensure that you are prepared to set up the required accounts by using appropriate permissions. For detailed
information, see Initial deployment administrative and service accounts in SharePoint Server.
Using the Microsoft SharePoint Products Preparation Tool
The Microsoft SharePoint Products Preparation Tool checks for the presence of prerequisites, and installs and
configures all required programs. The Microsoft SharePoint Products Preparation Tool requires an Internet
connection to download and configure SharePoint Server prerequisites.
Database server
Ensure that SQL Server is updated to the required level and the TCP/IP protocol is enabled for the network
configuration.
Organizations whose database administrators operate independently from SharePoint administrators will have to
make sure that the correct version of SQL Server is available and updated to the required level. In addition, you will
have to request a DBA-created database.
For additional information about DBA databases, see Database types and descriptions in SharePoint Server,
Storage and SQL Server capacity planning and configuration (SharePoint Server).
Ensure the Max degree of parallelism is set to 1. For additional information about max degree of parallelism see,
Configure the max degree of parallelism Server Configuration Option.
Public updates and hotfix packages
Ensure that public updates and the required hotfix packages are installed for the operating system, SQL Server, and
SharePoint Server.
TIP
If you decide to install prerequisites manually, you can still run the Microsoft SharePoint Products Preparation Tool to verify
which prerequisites are required on each server.
Use the following procedure to install prerequisites on each server in the farm.
To run the Microsoft SharePoint Products Preparation Tool
1. Verify that the user account that is performing this procedure is the Setup user account. For information
about the Setup user account, see Initial deployment administrative and service accounts in SharePoint
Server.
2. In the SharePoint Server installation disc image, mount the ISO file, and then click the splash.hta file. The
SharePoint Server 2016 splash screen is displayed..
3. Click Install software prerequisites.
4. On the Welcome to the SharePoint 2016 Products Preparation Tool page, click Next.
NOTE
The preparation tool may have to restart the local server to complete the installation of some prerequisites. The
installer will continue to run after the server is restarted without manual intervention. However, you will have to log
on to the server again.
5. On the License Terms for software products page, review the terms, select the I accept the terms of the
License Agreement(s) check box, and then click Next.
6. If you see the Your system needs to restart to continue page, click Finish to restart the computer, and
then repeat steps 2-4.
NOTE
As a best practice, we recommend that you install SharePoint Server on a non-system drive. > If you intend to use
this computer as a search server, we recommend that you store the search index files on a separate storage volume or
partition. Any other search data that needs to be stored, is stored in the same location as the search index files. You
can only set this location at installation time.
NOTE
For consistency of approach, we recommend that you do not run the configuration wizard until you have installed
SharePoint Server 2016 on all SharePoint servers that will participate in the server farm.
IMPORTANT
The server farm account is used to access your configuration database. It also acts as the application pool identity
account for the SharePoint Central Administration application pool, and it is the account under which the SharePoint
Timer service runs. The SharePoint Products Configuration Wizard adds this account to the SQL Server Login
accounts, the SQL Server dbcreator server role, and the SQL Server securityadmin server role. The user account
that you specify as the server farm account has to be a domain user account. However, it does not have to be a
member of any specific security group on your SharePoint servers or your database servers. We recommend that you
follow the principle of least-privilege, and specify a user account that is not a member of the Administrators group on
your SharePoint servers or your database servers.
NOTE
If the SharePoint Products Configuration Wizard fails, check the log files on the drive on which SharePoint Server 2016
is installed, which are located in the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\16\LOGS
folder.
15. The Central Administration website will open in a new browser window.
On the Help Make SharePoint Better page, click one of the following options and then click OK.
16. Yes, I am willing to participate (Recommended).
17. No, I don't wish to participate.
18. On the Initial Farm Configuration Wizard page, you have the option to use a wizard to configure services
or you can decide to configure services manually. For the purpose of this article, we use the manual option.
Click Cancel.
We recommend waiting until your SharePoint farm has at least one of each type of server role joined to it
before you run the Farm Configuration Wizard.
IMPORTANT
The Farm Configuration Wizard can't be used with DBA-created databases because the Farm Configuration Wizard will
try to create its own databases. If you're using DBA-created databases, you must create each service application and
web application manually so that you can specify the DBA-created database it should connect to.
For additional information about how to add servers to a farm, see Add a server to a SharePoint Server 2016 or
SharePoint Server 2019 farm. This article also provides detailed information for the steps in the following
procedure.
Post-installation steps
After you install and configure SharePoint Server, your browser window opens to the Central Administration web
site of your new SharePoint site. Although you can start adding content to the site or customizing the site, we
recommend that you first perform the following administrative tasks.
Configure usage and health data collection You can configure usage and health data collection in your
server farm. The system writes usage and health data to the logging folder and to the logging database.
Configure diagnostic logging You can configure diagnostic logging that might be required after initial
installation or upgrade. The default settings are sufficient for most situations. Depending upon the business
needs and life-cycle of the farm, you might want to change these settings.
Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and archive
incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-mail
discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In
addition, you can configure the SharePoint Directory Management Service to provide support for e-mail
distribution list creation and administration.
Configure outgoing email You can configure outgoing email so that your Simple Mail Transfer Protocol
(SMTP ) server sends email alerts to site users and notifications to site administrators. You can configure
both the "From" email address and the "Reply" email address that appear in outgoing alerts.
Configure Search settings You can configure Search settings to crawl the content in SharePoint Servers
2016 or 2019.
Install or uninstall language packs for SharePoint
Servers 2016 and 2019
8/6/2019 • 9 minutes to read • Edit Online
IMPORTANT
If you are uninstalling SharePoint Server, you must uninstall all language packs before you uninstall SharePoint Server.
Although a site owner specifies a language ID for a site, some user interface elements such as error messages,
notifications, and dialog boxes do not display in the language that was specified. This is because SharePoint Server
relies on several supporting technologies — for example, the Microsoft .NET Framework, Microsoft Windows
Workflow Foundation, Microsoft ASP.NET, and SQL Server — some of which are localized into only a limited
number of languages. If a user interface element is generated by any of the supporting technologies that are not
localized into the language that the site owner specified for the site, the user interface element appears in English.
For example, if a site owner creates a site in Hebrew, and the .NET Framework component displays a notification
message, the notification message will not display in Hebrew because the .NET Framework is not localized into
Hebrew. This situation can occur when sites are created in any language except the following: Chinese, French,
German, Italian, Japanese, Korean, and Spanish.
Each language pack that you install creates a folder at %COMMONPROGRAMFILES%\Microsoft Shared\Web
Server Extensions\16\TEMPLATE\LAYOUTS\Locale_ID that contains language-specific data. In each locale_ID
folder, you must have only one HTML error file that contains the error information that is used when a file cannot
be found. Anytime a file cannot be found for any site in that language, this file will be used. You can specify the file
to use by setting the FileNotFoundPage() for each web application.
In some cases, some text might originate from the original installation language, which can create a mixed-
language experience. This kind of mixed-language experience is typically seen only by content creators or site
owners and is not seen by site users.
IMPORTANT
By default, the Microsoft PowerShell Help files are installed in English (en-us). To view these files in the same language as the
operating system, install the language pack for the same language in which the operating system was installed.
You can download language packs from the Microsoft Download Center for SharePoint Server 2016 and
SharePoint Server 2019.
List of Languages
Each folder name has a language tag appended to it, in the form ll-cc. That tag identifies the language and culture.
For example, U.S. English language folders are identified by the folder name extension en-us.
Folders for the language-specific components are identified by the language tag that is shown in the table. The
Windows operating system uses locale identifiers (LCIDs) to identify languages in the Windows registry.
SharePoint Servers 2016 and 2019 support the following languages:
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For
additional information about PowerShell permissions, see Add-SPShellAdmin.
Document the location of the SharePoint Server binary and log files on the existing farm servers. We
recommend that the location of these files on the new server map to the locations used on the other servers in
the farm.
IMPORTANT
If you change the location of the trace log to a non-system drive, change the location on all the servers in the farm. Existing
or new servers cannot log data if the location does not exist. In addition, you will be unable to add new servers unless the
path that you specify exists on the new server. You cannot use a network share for logging purposes.
TIP
After you obtain a copy of the required software, we recommend that you create an installation point that you can use to
store the images. You can use this installation point to install future software updates.
For detailed instructions about how to install the prerequisites, see Prepare the farm servers in the article, Install
SharePoint Servers 2016 or 2019 across multiple servers.
TIP
If you decide to install prerequisites manually, you can still run the Microsoft SharePoint Products Preparation Tool to verify
which prerequisites are required on each server.
TIP
As a best practice, we recommend that you install SharePoint Server on a drive that does not contain the operating system.
NOTE
The concept of server roles has changed staring with SharePoint Server 2016. You can't add a server to a farm if the farm
currently contains a server assigned to the "Single Server Farm" role. > For additional information about MinRole, see
Overview of MinRole Server Roles in SharePoint Servers 2016 and 2019.
9. On the Completing the SharePoint Products Configuration Wizard page, click Next.
10. On the server that hosts Central Administration, click Manage servers in this farm to verify that the new
server is part of the farm.
NOTE
You can also verify a successful server addition or troubleshoot a failed addition by examining the log files. These files are
located on the drive on which SharePoint Server is installed, in the %COMMONPROGRAMFILES%\Microsoft Shared\Web
Server Extensions\16\LOGS folder.
11. On the Servers in Farm page, click the name of the new server. Use the list of available services on the
Services on Server page to start the services that you want to run on the new server.
NOTE
This step should only apply if the Custom role is used.
To add a new SharePoint Server server to the farm by using the PSConfig.exe command-line tool
1. To create a farm by using the PSConfig.exe command-line tool, use the following syntax:
Where <ServerRole> can be any of the following values: WebFrontEnd, Application, DistributedCache, Search, or
Custom.
NOTE
The SingleServerFarm cannot be used unless the SharePoint farm has zero servers in it.
NOTE
If SharePoint Server 2016 Feature Pack 2 has been applied, additional <ServerRole> options are available:
ApplicationWithSearch, WebFrontEndWithDistributedCache. These options are also available in SharePoint Server 2019.
NOTE
The PSConfig.exe -cmd Services -Provision syntax is deprecated, but not removed yet. Do not use the Provision
parameter when you create or join a farm. Using this parameter will lead to failures.
To add a new SharePoint Server 2016 or SharePoint Server 2019 server to the farm by using PowerShell
Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
2016 cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For
additional information about PowerShell permissions, see [Add-SPShellAdmin](/powershell/module/sharepoint-server/Add-
SPShellAdmin?view=sharepoint-ps
Where:
<$DatabaseServer> is the name of the server that hosts the configuration database
<DatabaseName> is the name of the configuration database
<$Passphrase> is the passphrase for the farm
<ServerRole> is the server role type
Where \<ServerRole\> can be any of the following values: WebFrontEnd, Application, DistributedCache, Search, or
Custom.
NOTE
If SharePoint Server 2016 Feature Pack 2 has been applied, additional <ServerRole> options are available:
ApplicationWithSearch, WebFrontEndWithDistributedCache. These options are also available in SharePoint Server 2019.
NOTE
The concept of server roles has changed starting with SharePoint Server 2016. You can't add a server to a farm if the farm
currently contains a server assigned to the "Single Server Farm" role. > For additional information about MinRole, see
Overview of MinRole Server Roles in SharePoint Servers 2016 and 2019.
3. At the PowerShell command prompt, type the following command to install the Help File Collections:
Install-SPHelpCollection -All
4. At the PowerShell command prompt, type the following command to install the Security Resource for
SharePoint Server:
Initialize-SPResourceSecurity
5. At the PowerShell command prompt, type the following command to install the basic services:
Install-SPService
6. At the PowerShell command prompt, type the following command to install all the features:
Install-SPFeature -AllExistingFeatures
7. At the PowerShell command prompt, type the following command to set the port number of the SharePoint
Central Administration website:
NOTE
If the SharePoint Central Administration website is already provisioned on an existing server in the farm, you can skip this
step.
8. At the PowerShell command prompt, type the following command to install application content:
Install-SPApplicationContent
9. At the PowerShell command prompt, type the following command to start the Timer service:
Start-Service SPTimerV4
10. At the PowerShell command prompt, type the following command to get a list of servers in the farm.
Get-SPServer
NOTE
You can also verify a successful server addition or troubleshoot a failed addition by examining the log files. These files are
located on the drive on which SharePoint Servers 2016 or 2019 is installed, in the %COMMONPROGRAMFILES%\Microsoft
Shared\Web Server Extensions\16\LOGS folder.
Install SharePoint Server 2016
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Install SharePoint Server 2016 on one server Describes how to install SharePoint Server 2016 on a single
server.
Install SharePoint Server 2016 across multiple servers Describes how to install SharePoint Server 2016 on multiple
servers.
Install or uninstall language packs for SharePoint Server 2016 Describes language packs and how to download, install, and
uninstall them.
Add a server to a SharePoint Server 2016 farm Explains how to add a server to a farm.
Remove a server from a farm in SharePoint Server 2016 Describes how to remove a server from a SharePoint Server
2016 farm.
Uninstall SharePoint Server 2016 Describes how to remove SharePoint Server 2016 from a
computer.
System requirements for SharePoint Servers 2016 and
2019
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
IMPORTANT
If you contact Microsoft Customer Support Services about a production system that does not meet the minimum
hardware specifications described in this document, support will be limited until the system is upgraded to the
minimum requirements.
NOTE
Before you run the SharePoint prerequisite installer on Windows Server 2012 R2, you need to install Windows RT 8.1,
Windows 8.1, and Windows Server 2012 R2 update: April 2014. The SharePoint prerequisite installer does not install
this update for you.
NOTE
SharePoint Server 2016 supports drives that are formatted with the Resilient File System (ReFS). For additional
information about ReFs, see Resilient File System Overview and Resilient File System
IMPORTANT
SharePoint Server 2016 does not support single label domain names. For more information, see Information about
configuring Windows for domains with single-label DNS names.
The Microsoft SharePoint Products Preparation Tool can assist you in the installation of the software
prerequisites for SharePoint Server 2016. Ensure that you have an Internet connection because some
prerequisites are installed from the Internet.
Minimum software requirements for SharePoint Server 2016
This section provides minimum software requirements for each server in the farm.
Minimum requirements for a database server in a farm
One of the following:
The 64-bit edition of Microsoft SQL Server 2014 Service Pack 1 (SP1)
Microsoft SQL Server 2016 RTM
Microsoft SQL Server 2017 RTM for Windows
Microsoft Azure SQL Managed Instance (MI) - For more information, see Deploy Azure SQL Managed
Instance with SharePoint Servers 2016 and 2019.
NOTE
SQL Server products and all future public updates are supported through the SQL Server product lifecycle.
NOTE
To take advantage of any BI scenarios, you must have the latest Powerview and PowerPivot add-ins for Microsoft SQL
Server 2016 RTM. To download the PowerPivot add-ins see, Microsoft® SQL Server® 2016 PowerPivot® for Microsoft
SharePoint® 2016
NOTE
SQL Server Express is not supported. SQL Azure (the SaaS service) is also not supported for any SharePoint databases.
One of the following server operating systems:
Windows Server 2012 R2 Standard or Datacenter
Windows Server 2016 Standard or Datacenter
Windows Server 2019 Standard or Datacenter
Minimum requirements for SharePoint servers in a farm
One of the following server operating systems:
Windows Server 2012 R2 Standard or Datacenter
Windows Server 2016 Standard or Datacenter
Windows Server 2019 Standard or Datacenter
NOTE
Installing the Office 2016 client and SharePoint Server 2016 on the same computer is not supported.
NOTE
SharePoint Server 2016 only supports the "Server with Desktop Experience" installation option of Windows Server 2016
and Windows Server 2019. For additional information about Windows Server offerings, see Windows Server Semi-
annual Channel Overview
NOTE
SharePoint Server 2016 supports Windows Server 2019 starting with the Security Update for Microsoft SharePoint
Enterprise Server 2016 (KB4011244), also known as the November 2017 Public Update for SharePoint Server 2016. This
update (or a newer Public Update for SharePoint Server 2016) must be installed before you can create a new SharePoint
farm or join a server to an existing SharePoint farm using Windows Server 2019.
The Microsoft SharePoint Products Preparation Tool installs the following prerequisites on SharePoint servers
in a farm:
Web Server (IIS ) role
Application Server role
Microsoft .NET Framework version 3.5
Microsoft .NET Framework version 4.6
Microsoft SQL Server 2012 Service Pack 1 Native Client
Microsoft WCF Data Services 5.6
Microsoft Identity Extensions
Microsoft Information Protection and Control Client (MSIPC )
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Windows Server AppFabric 1.1
Cumulative Update Package 7 for Microsoft AppFabric 1.1 for Windows Server (KB 3092423)
Microsoft ODBC Driver 11 for SQL Server
Visual C++ Redistributable Package for Visual Studio 2012
Visual C++ Redistributable Package for Visual Studio 2015
NOTE
The required software above will be supported when used by SharePoint via the SharePoint Product Lifecycle.
Single server farm, front-end web servers, and application .NET Framework Data Provider for SQL Server (part of
servers in a farm Microsoft .NET Framework)
.NET Framework Data Provider for OLE DB (part of
Microsoft .NET Framework)
Workflow Manager
You can install Workflow Manager on a dedicated computer.
Microsoft SQL Server 2008 R2 Reporting Services Add-in
for Microsoft SharePoint Technologies
This add-in is used by Access Services for SharePoint Server
2016.
Microsoft SQL Server 2012 Data-Tier Application (DAC)
Framework 64-bit edition
Microsoft SQL Server 2012 Transact-SQL ScriptDom 64-bit
edition
Microsoft System CLR Types for Microsoft SQL Server 2012
64-bit edition
Microsoft SQL Server 2012 with SP1 LocalDB 64-bit edition
Microsoft Data Services for the .NET Framework 4 and
Silverlight 4 (formerly ADO.NET Data Services)
Exchange Web Services Managed API, version 1.2
Microsoft SQL Server 2008 R2 Remote Blob Store which is
part of the Microsoft SQL Server 2008 R2 Feature Pack
SQL Server 2008 R2 Analysis Services ADOMD.NET
SharePoint Servers 2016 and 2019 supports several commonly used web browsers, such as Internet
Explorer, Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge. However, certain web
browsers can cause some SharePoint Servers 2016 or 2019 functionality to be downgraded, limited, or available
only through alternative steps.
As you plan your deployment of SharePoint Servers 2016 or 2019, we recommend that you review the browsers
used in your organization to guarantee optimal performance with SharePoint Servers 2016 and 2019.
Microsoft Edge X
Internet Explorer 11 X
Internet Explorer 10 X
Internet Explorer 9 X
Internet Explorer 8 X
Internet Explorer 7 X
Internet Explorer 6 X
Microsoft Edge X
Internet Explorer 11 X
Internet Explorer 10 X
Internet Explorer 9 X
Internet Explorer 8 X
Internet Explorer 7 X
Internet Explorer 6 X
Browser details
Review the details of the web browser that you have or plan to use in your organization to make sure that the
web browser works with SharePoint Server 2016 and according to your business needs.
Internet Explorer and older functionality
NOTE
Some older SharePoint functionality that relies on NPAPI or ActiveX will not work on browsers other than Internet Explorer.
You can work around each of these issues by using Internet Explorer to perform these tasks.
Some functionality in SharePoint Server requires ActiveX controls. This produces limitations on browsers which
do not support ActiveX. Currently only 32-bit versions of Internet Explorer support this functionality. In
SharePoint Server 2016, all other supported browsers, including Microsoft Edge and the Immersive mode of
Internet Explorer 10 have the following limitations.
For SharePoint Server 2016 and 2019, browsers other than Internet Explorer 11 have the following limitations.
Plugin name DLL file name What it does Known limitations
Other functionality, such as Form settings in List settings only function with Internet Explorer.
NOTE
The capacity planning information in this document provides guidelines for you to use in your planning. It is based on
testing performed at Microsoft, on live properties. However, your results are likely to vary based on the equipment you use
and the features and functionality that you implement for your sites.
NOTE
We do not describe the hardware that was used to validate the limits in this document, because the limits were collected
from multiple farms and environments.
The following table lists the recommended guidelines for web applications.
Managed path for host- 20 per farm Supported Managed paths for host-
named site collections named site collections apply
at the farm level. Each
managed path that is
created can be applied in
any Web application.
Managed path for path- 20 per web application Supported Managed paths are cached
based site collections on the web server, and CPU
resources are used to
process incoming requests
against the managed path
list.
Managed paths for path-
based site collections apply
at the Web application level.
You can create a different
set of managed paths for
each Web application.
Exceeding 20 managed
paths per web application
adds more load to the web
server for each request.
If you plan to exceed twenty
managed paths in a given
web application, we
recommend that you test
for acceptable system
performance.
Solution cache size 300 MB per web application Threshold The solution cache allows
the InfoPath Forms service
to hold solutions in cache in
order to speed up retrieval
of the solutions. If the cache
size is exceeded, solutions
are retrieved from disk,
which may slow down
response times. To configure
the size of the solution
cache, see Set-
SPInfoPathFormsService.
The following table lists the recommended guidelines for web servers on the farm.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
The following table lists the recommended guidelines for content databases.
Content database size (all 4 TB per content database Supported Content databases of up to
usage scenarios) 4 TB are supported when
the following requirements
are met:
Disk sub-system
performance of 0.25 IOPS
per GB. 2 IOPS per GB is
recommended for optimal
performance.
You must have developed
plans for high availability,
disaster recovery, future
capacity, and performance
testing.
You should also carefully
consider the following
factors:
Requirements for backup
and restore may not be met
by the native SharePoint
Server 2016 backup for
content databases larger
than 200 GB. It is
recommended to evaluate
and test SharePoint Server
2016 backup and alternative
backup solutions to
determine the best solution
for your specific
environment.
It is strongly recommended
to have proactive skilled
administrator management
of the SharePoint Server
2016 and SQL Server
installations.
The complexity of
customizations and
configurations on
SharePoint Server 2016 may
necessitate refactoring (or
splitting) of data into
multiple content databases.
Seek advice from a skilled
professional architect and
perform testing to
determine the optimum
content database size for
your implementation.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Examples of complexity may
include custom code
deployments, use of more
than 20 columns in property
promotion, or features listed
as not to be used in the
over 4 TB section below.
Refactoring of site
collections allows for scale
out of a SharePoint Server
2016 implementation across
multiple content databases.
This permits SharePoint
Server 2016
implementations to scale
indefinitely. This refactoring
will be easier and faster
when content databases are
less than 200 GB.
It is suggested that for ease
of backup and restore that
individual site collections
within a content database
be limited to 100 GB. For
more information, see Site
collection limits.
> [!IMPORTANT]> We do
not recommend the use of
content databases that
exceed 4 Terabyte (TB),
except in document archive
scenarios (described in the
next row in this table). If, in
the future, you need to
upgrade your SharePoint
Server 2016 installation,
upgrading the site
collections within the
content databases can be
very difficult and time
consuming. > It is strongly
recommended that you
scale out across multiple
content databases, rather
than exceed 4 TB of data in
a single content database.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Content database size No explicit content database Supported Content databases with no
(document archive scenario) limit explicit size limit for use in
document archive scenarios
are supported when the
following requirements are
met:
You must meet all
requirements from the
"Content database size (all
usage scenarios)" limit earlier
in this table, and you should
ensure that you have
carefully considered all the
factors discussed in the
Notes field of that limit.
SharePoint Server 2016 sites
must be based on
Document Center or
Records Center site
templates.
Less than 5% of the content
in the content database is
accessed each month on
average, and less than 1% of
content is modified or
written each month on
average.
Do not use alerts,
workflows, link fix-ups, or
item level security on any
SharePoint Server 2016
objects in the content
database.
> [!NOTE]> Document
archive content databases
can be configured to accept
documents from Content
Routing workflows.
Content database items 60 million items including Supported The largest number of items
documents and list items per content database that
has been tested on
SharePoint Server 2016 is
60 million items, including
documents and list items. If
you plan to store more than
60 million items in
SharePoint Server 2016, you
must deploy multiple
content databases.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Site collections per content 10,000 maximum (2,500 Supported We strongly recommended
database non-Personal site collections limiting the number of site
and 7,500 Personal Sites, or collections in a content
10,000 Personal Sites alone) database to 5,000. However,
up to 10,000 site collections
in a database are supported.
Note that in a content
database with up to 10,000
total site collections, a
maximum of 2,500 of these
can be non-Personal site
collections. It is possible to
support 10,000 Personal
site collections if they are
the only site collections
within the content database.
These limits relate to speed
of upgrade. The larger the
number of site collections in
a database, the slower the
upgrade with respect to
both database upgrade and
site collection upgrades.
The limit on the number of
site collections in a database
is subordinate to the limit
on the size of a content
database that has more
than one site collection.
Therefore, as the number of
site collections in a database
increases, the average size of
the site collections it
contains must decrease.
Exceeding the 5,000 site
collection limit puts you at
risk of longer downtimes
during upgrades. If you plan
to exceed 5,000 site
collections, we recommend
that you have a clear
upgrade strategy to address
outage length and
operations impact, and
obtain additional hardware
to speed up the software
updates and upgrades that
affect databases.
To set the warning and
maximum levels for the
number of sites in a content
database, use the
PowerShell cmdlet Set-
SPContentDatabase with the
WarningSiteCount
parameter. For more
information, see Set-
SPContentDatabase.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Remote BLOB Storage (RBS) Time to first byte of any Boundary When SharePoint Server
storage subsystem on response from the NAS 2016 is configured to use
Network Attached Storage should remain within 40 RBS, and the BLOBs reside
(NAS) milliseconds 95% of the on NAS storage, consider
time. the following supported
limit.
From the time that
SharePoint Server 2016
requests a BLOB, until it
receives the first byte from
the NAS, 95% of the time no
more than 40 milliseconds
can pass.
The following table lists the recommended guidelines for site collections.
Site collections per farm 250,000 per site collection / Supported The maximum
500,000 Personal Sites/ recommended number of
250,000 other sites per site collections per farm is
farm. 500,000 Personal Sites plus
250,000 for all other site
templates. The Sites can all
reside on one web
application, or can be
distributed across multiple
web applications.
Note that this limit is
affected by other factors
that might reduce the
effective number of site
collections that can be
supported by a given
content database. Care must
be exercised to avoid
exceeding supported limits
when a container object,
such as a content database,
contains a large number of
other objects. For example, if
a farm contains a smaller
total number of content
databases, each of which
contains a large number of
site collections, farm
performance might be
adversely affected long
before the supported limit
for the number of site
collections is reached.
For example, Farm A
contains a web application
that has 200 content
databases, a supported
configuration. If each of
these content databases
contains 1,000 site
collections, the total number
of site collections in the web
of site collections in the web
LIMIT MAXIMUM VALUE LIMIT TYPE application
NOTES will be 200,000,
which falls within supported
limits. However, if each
content database contains
10,000 site collections, even
though this number is
supported for a content
database, the total number
of site collections in the farm
will be 2,000,000, which
exceeds the limit for the
number of site collections
per web application.
Memory usage on the web
servers should be
monitored, as memory
usage is dependent on
usage patterns and how
many sites are being
accessed in given timeframe.
Similarly, the crawl targets
might also exhibit memory
pressure, and if so the
application pool should be
configured to recycle before
available memory on any
web server drops to less
than 2 GB.
Site collection size Maximum size of the Supported A site collection can be as
content database large as the content
database size limit for the
applicable usage scenario.
For more information about
the different content
database size limits for
specific usage scenarios, see
the Content database limits
table in this article.
In general, we strongly
recommend limiting the size
of site collections to 100 GB
for the following reasons:
Certain site collection
actions, such as site
collection backup/restore or
the PowerShell cmdlet
Move-SPSite, cause large
SQL Server operations which
can affect performance or
fail if other site collections
are active in the same
database. For more
information, see Move-
SPSite.
SharePoint site collection
backup and restore is only
supported for a maximum
site collection size of 100
GB. For larger site
collections, the complete
content database must be
backed up. If multiple site
collections larger than 100
GB are contained in a single
content database, backup
and restore operations can
take a long time and are at
risk of failure.
The following table lists the recommended guidelines for lists and libraries. For more information, see Designing
large Lists and maximizing list performance (SharePoint Server 2010).
List row size 8,000 bytes per row Boundary Each list or library item can
only occupy 8,000 bytes in
total in the database. 300
bytes are reserved, leaving
7700 bytes for end-user
columns. For details on how
much space each kind of
field consumes, see Column
limits.
Documents 30,000,000 per library Supported You can create very large
document libraries by
nesting folders, or using
standard views and site
hierarchy. This value may
vary depending on how
documents and folders are
organized, and by the type
and size of documents
stored.
Items 30,000,000 per list Supported You can create very large
lists using standard views,
site hierarchies, and
metadata navigation. This
value may vary depending
on the number of columns
in the list and the usage of
the list.
Bulk operations 100 items per bulk Boundary The user interface allows a
operation maximum of 100 items to
be selected for bulk
operations.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
List view lookup threshold 12 join operations per query Threshold Specifies the maximum
number of joins allowed per
query, such as those based
on lookup, person/group, or
workflow status columns. If
the query uses more than
eight joins, the operation is
blocked. This does not apply
to single item operations.
When using the maximal
view via the object model
(by not specifying any view
fields), SharePoint will return
up to the first 12 lookups.
List view threshold greater than 5,000 Threshold Specifies the maximum
number of list or library
items that a database
operation, such as a query,
can process at the same
time outside the daily time
window set by the
administrator during which
queries are unrestricted.
When adding or removing a
column index, the threshold
is 20,000 by default.
When deleting a list or
folder, the threshold is
100,000 by default.
When renaming a folder
within the same library, the
threshold is 100,000 by
default.
Security scope (ACL) 500 child objects with Threshold The maximum number of
propagation unique scopes child objects with unique
security scopes that can be
updated during ACL
propagation cannot exceed
500.
Scope updates can be set to
update child objects using
ACL propagation, which will
update uniquely scoped
items and items that inherit
permissions. During a parent
scope update that includes
ACL propagation to children,
if the maximum number of
child objects with unique
scopes is greater than 500,
propagation will fail with
only some of the children
with unique scopes
potentially being updated.
Whenever the maximum
number of child objects with
unique scopes is larger than
500 ACL propagation
should not be used.
Column limits
SharePoint Server 2016 data is stored in SQL Server tables. Each column type has a size value listed in bytes. The
sum of all columns in a SharePoint list cannot exceed 8,000 bytes.
Managed metadata 190 Threshold 60 bytes for the first, The first Managed
40 bytes for each Metadata field added
subsequent to a list is allocated
four columns:
A lookup field for the
actual tag
A hidden text field for
the string value
A lookup field for the
catch all
A lookup field for
spillover of the catch
all
Each subsequent
Managed Metadata
field added to a list
adds two more
columns:
A lookup field for the
actual tag
A hidden text field for
the string value
The maximum
number of columns of
Managed Metadata is
calculated as (14 +
(16 * (n-1))) where n
is the row mapping
value (default of 6).
External Data columns have the concept of a primary column and secondary columns. When you add an external
data column, you can select some secondary fields of the external content type that you want to be added to the
list. For example, given an External Content Type "Customer" which has fields like "ID", "Name", "Country", and
"Description", when you add an External Data column of type "Customer" to a list, you can add secondary fields to
show the "ID", "Name" and "Description" of the Customer. Overall these are the columns that get added:
Primary column: A text field.
Hidden Id column: A multi-line text field.
Secondary columns: Each secondary column is a text/number/Boolean/multi-line text that is based on the
data type of the secondary column as defined in the Business Data Catalog model. For example, ID might
be mapped to a Number column; Name might be mapped to a Single line of text column ; Description
might be mapped to a Multiple lines of text column.
Page limits
Web parts 25 per wiki or Web Part Threshold This figure is an estimate
page based on simple Web Parts.
The complexity of the Web
Parts dictates how many
Web Parts can be used on a
page before performance is
affected.
Security limits
Users in a site collection 2 million per site collection Supported You can add millions of
people to your web site by
using Microsoft Windows
security groups to manage
security instead of using
individual users.
This limit is based on
manageability and ease of
navigation in the user
interface.
When you have many
entries (security groups of
users) in the site collection
(more than one thousand),
you should use PowerShell
to manage users instead of
the UI. This will provide a
better management
experience.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Active Directory 5,000 per SharePoint group Supported SharePoint Server 2016
Principles/Users in a enables you to add users or
SharePoint group Active Directory groups to a
SharePoint group.
Having up to 5,000 users (or
Active Directory groups or
users) in a SharePoint group
provides acceptable
performance.
The activities most affected
by this limit are as follows:
Fetching users to validate
permissions. This operation
takes incrementally longer
with growth in number of
users in a group.
Rendering the membership
of the view. This operation
will always require time.
SharePoint groups 10,000 per site collection Supported Above 10,000 groups, the
time to execute operations is
increased significantly. This is
especially true of adding a
user to an existing group,
creating a new group, and
rendering group views.
Security principal: size of the 5,000 per Access Control Supported The size of the scope affects
Security Scope List (ACL) the data that is used for a
security check calculation.
This calculation occurs every
time that the scope changes.
There is no hard limit, but
the bigger the scope, the
longer the calculation takes.
Limits by feature
This section lists limits sorted by feature.
Search limits
The recommended guidelines for search are organized according to the aspects of search that they impact: the
topology, the size of items, dictionaries, crawling, schema, queries and results, ranking, and the index.
Search: topology limits
The topology limits ensure efficient communication between search components. Exceeding these limits slows
down the communication between search components, which can result in longer query latencies and ultimately
outage of search.
Analytics reporting 4 per Search service Threshold You can exceed this limit to
databases application accommodate specific
requirements. When scaling,
add an analytics reporting
database when the size of
any of the deployed
analytics databases reaches
250 GB total size, or 20 M
total rows. This way
repartitioning is as balanced
as possible.
Link databases 4 per Search service Supported The highest tested number
application of items a link database can
contain is 100 million.
Index replicas 3 per index partition Supported Each index partition can
have a set of replica. If you
increase the number of
index replicas, this has a
positive effect on the query
performance and it provides
better fault tolerance. But, if
you add too many replicas
to your index partition, this
can adversely affect
indexing.
For Internet sites scenarios,
which typically have a high
query rate but low content
volume (less than 4 million
items per partition), the
supported limit is 6 index
replicas per partition.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Search components 64 per Search service Supported This limit does not include
application crawl components. The sum
of all the other search
components must stay
within this limit.
Content sources 500 per Search service Boundary There is overhead associated
application with each content source, so
we recommend that you
create the smallest number
of content sources that
satisfy your other
operational requirements,
for example differences in
crawl priority and
scheduling.
Document size crawl 64 MB (3 MB for Excel Threshold Search downloads meta data
component can download documents) and content from a
document until it reaches
the maximum document
size. The rest of the content
is not downloaded. Search
always downloads a
document's meta data.
You can change the default
limit for the maximum
document size. Do this by
using Microsoft PowerShell
cmdlets to change the
Search service application
property
MaxDownLoadSize or
MaxDownloadSizeExcel.
MaxDownLoadSize doesn't
impact the maximum size for
Excel documents. Enter the
value in megabytes. The
maximum value for the
maximum document size is
1024 MB, also for Excel
documents.
If you increase the limit for
the maximum document
size, search indexes more
content and needs more
disk space.
Parsed content size 2 million characters Boundary Search stops parsing an item
after it has parsed up to 2
million characters of content
from it, including the item's
attachments. The actual
amount of parsed characters
can be lower than this limit
because search uses
maximum 30 seconds on
parsing a single item and its
attachments. When search
stops parsing an item, the
item is marked as partially
processed. Any unparsed
content isn't processed and
therefore isn't indexed.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Indexed managed property 512 KB per Threshold This is the default value for
size searchable/queryable the maximum size of a
managed property managed property that is
set to either "searchable" or
"queryable". You can
configure this limit by using
PowerShell cmdlets and the
schema object model to set
the
MP.MaxCharactersInProp
ertyStoreIndex attribute.
Enter the value in bytes. The
maximum value for this
maximum size is 2097152
bytes.
If you increase this limit you
enable indexing of more
data per managed property.
Indexing more data per
managed property uses
more disk space and
increases the overall load on
the search system.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Retrievable managed 16 KB per managed Threshold This is the default value for
property size property the maximum size of a
retrievable managed
property. If you increase this
limit you enable indexing of
more data per managed
property. Increasing this
limit also enables search to
retrieve more data per
managed property for
search results. Indexing and
retrieving more data per
managed property increases
the overall load on the
system and uses more disk
space.
You can configure this limit
per managed property by
using PowerShell cmdlets
and the schema object
model to set the
P.MaxCharactersInPropert
yStoreForRetrievalattribut
e. Enter the value in bytes.
The maximum value for this
maximum size is 2097152
bytes.
If you increase this limit you
enable indexing of more
data per managed property.
Increasing this limit also
enables search to retrieve
more data per managed
property for search results.
Indexing and retrieving
more data per managed
property
Sortable and refinable 16 KB per managed Boundary This is the maximum size of
managed property size property a sortable and refinable
managed property.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Number of entries in a 5,000 terms per tenant Boundary This limits the number of
custom search dictionary terms allowed for inclusions
and exclusions dictionaries
for query spelling correction
and company extraction.
You can store more terms
than this limit in the
Termstore, but search only
uses 5000 terms per tenant.
Search: schema limits
The schema limits safeguard memory resources and keep the management operation overhead at an acceptable
level.
Crawled properties 500,000 per Search service Supported The contents and metadata
application of the items that you crawl
are represented as crawled
properties. You can map
these crawled properties to
managed properties. If the
number of crawled
properties exceeds this
supported limit, this reduces
indexing speed.
Managed properties 50,000 per Search service Supported Search uses managed
application propertied in queries.
Crawled properties are
mapped to managed
properties. Exceeding the
supported limit for managed
properties reduces indexing
speed.
Managed property 100 per managed property Supported Crawled properties can be
mappings mapped to managed
properties. Exceeding this
limit might decrease crawl
speed and query
performance.
Metadata properties 100,000 per crawled item Supported This is the maximum
recognized number of metadata
properties that the crawl
component can determine
when crawling an item.
These metadata properties
can be mapped or used for
queries. Approaching this
number of crawled
properties might result in a
low crawl rate.
Text length for queries using 4 KB (4,096 characters) Supported This is the tested and default
Keyword Query Language value for the maximum text
length for a query built by
using Keyword Query
Language, except for
Discovery queries. For
Discovery queries 16 KB
(16,384 characters) is the
default maximum value.
The default value for the
maximum text length can be
increased up to the
boundary of 20 KB (20,480)
for all query types.
Text length for queries on 16 KB (16,384 characters) Supported This limit applies to
the SharePoint home page SharePoint Server 2019
Public Preview only. This is
the tested and default value
for the maximum text length
for a query used on the
SharePoint home page. The
default value for the
maximum text length can be
increased up to the
boundary of 20 KB (20,480).
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Number of rows in a result 500 rows Supported This is the tested and default
set value for the maximum
number of rows in a result
set, except for a Discovery
query. For Discovery queries
10,000 rows is the default
value. To display the entire
result set, issue more paging
queries.
You can change the value
for the maximum number of
rows in a result set by using
PowerShell cmdlets to
change the Search service
application property
MaxRowLimit.
MaxRowLimit defines the
maximum value of the query
property RowLimit and the
Discovery query property
RowLimit. RowLimit
defines the number of rows
each page contains in a
result set. You can increase
MaxRowLimit up to 10,000
rows, this is the supported
boundary.
Search alert quota 100,000 alerts per Search Supported End-users can set search
service application alerts for the result set of a
query. When the results are
changed or updated, search
notifies the end-user. This is
the tested limit for a Search
service application that has
a mix of end-user queries
(75%) and alert queries
(25%). The limit for a Search
service application that has
only alert queries is 400,000
alerts. These limits are based
on a system with five
queries per second (QPS).
Ranking models 1,000 per tenant Boundary Approaching this limit can
adversely affect the overall
system performance.
Unique contexts used for 15 unique contexts per rank Boundary This is the maximum
ranking model number of unique contexts
per rank model.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Authoritative pages 1 top level and minimal Supported Use as few second- and
second and third level pages third-level pages as possible
per Search service while still achieving the
application desired relevance.
The boundary is 200
authoritative pages per
relevance level per Search
service application. If you
add more pages, you may
not achieve the desired
relevance. Add the key site
to the first relevance level.
Add more key sites at either
second or third relevance
levels, one at a time.
Evaluate relevance after each
addition to make sure that
you have achieved the
desired relevance effect.
Unique terms in the index 2^31 (>2 billion terms) Boundary This is the maximum
number of unique terms
that can exist in the index of
a Search service application.
Indexed items 20 million per index Supported Each index partition contains
partition a subset of the whole search
index. If the number of
indexed items is high in
relation to how much
memory the server has, this
affects the query response
time negatively.
The following table lists the recommended guidelines for User Profile Service.
Social tags, notes and 500,000,000 per social Supported Up to 500 million total social
ratings database tags, notes and ratings are
supported in a social
database without significant
decreases in performance.
However, database
maintenance operations
such as backup and restore
may show decreased
performance at that point.
The following table lists the recommended guidelines for content deployment.
Blog limits
The following table lists the recommended guidelines for blogs.
The following table lists the recommended guidelines for Business Connectivity Services.
ECT (in-memory) 5,000 per web server (per Boundary Total number of external
tenant) content type (ECT)
definitions loaded in
memory at a given point in
time on a web server.
External system connections 500 per web server Boundary Number of active/open
external system connections
at a given point in time. The
default maximum value is
200; the boundary is 500.
This limit is enforced at the
web server scope, regardless
of the kind of external
system (for example,
database, .NET assembly,
and so on) The default
maximum is used to restrict
the number of connections.
An application can specify a
larger limit via execution
context; the boundary
enforces the maximum even
for applications that do not
respect the default.
Database items returned per 2,000 per database Threshold Number of items per
request connector request the database
connector can return.
The default maximum of
2,000 is used by the
database connector to
restrict the number of result
that can be returned per
page. The application can
specify a larger limit via
execution context; the
Absolute Max enforces the
maximum even for
applications that do not
respect the default. The
boundary for this limit is
1,000,000.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Service response size 150,000,000 bytes Threshold The upper volume of data
per request the external
data connector can return.
The default value is
3,000,000 bytes, but
applications can be
configured to specify a
larger value up to the
maximum of 150,000,000
bytes.
Filter Descriptor (in-store) 200 per ECT method Boundary The maximum number of
Filter Descriptors per ECT
method is 200.
Workflow limits
Workflow timer batch size 100 Threshold The number of events that
each run of the workflow
timer job will collect and
deliver to workflows. It is
configurable by using
PowerShell. To allow for
additional events, you can
run additional instances of
the SharePoint Foundation
Workflow Timer Service.
Workflow associations 100 per list Supported Exceeding this limit will
degrade browser
performance due to the
large volume of data that is
loaded for more than 100
associations and their status
columns.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
List items or documents 5,000 items Supported Testing has verified that all
that can be bulk created or workflow activation events
uploaded to start workflow are processed for an on-
instances item-creation workflow
association when up to
5,000 items are created in a
single bulk upload.
Exceeding this limit could
cause workflow initiation to
time out.
Published workflow 1,000 per web site Supported The maximum supported
definitions per web site number of published
workflow definitions per web
site is 1,000.
Total workflow associations 1,799 per site Boundary The Service Bus supports a
per site maximum of 1,799
subscriptions per scope. This
maximum value includes the
sum of both published and
unpublished associations.
Rest calls from SharePoint 60 per second Supported Testing has confirmed that a
workflow per second per SharePoint web server can
web server effectively process up to 60
rest calls per second from
SharePoint workflow. If this
level of volume will be
exceeded, we recommend
that an additional load-
balanced web server be
added to the SharePoint
farm.In testing, 120 rest calls
per second against a single
web server resulted in
sustained 90-100% CPU
utilization. Adding a second
web server reduced CPU
utilization to 30-40% on
both servers. Adding a third
web server enabled
processing of 180 calls per
second, with 30-40% CPU
utilization on all three
servers, and so on. The
servers used for this test
were Hyper-V virtual
machines with 16 core
processor and 24 GBs RAM
each.
Maximum list size for 5,000 items per list view Threshold This limit is a result of the
workflow lookups to non- maximum view size limit.
indexed fields When this limit is exceeded,
workflow lookups to non-
indexed fields will fail for
non-administrative users. At
this threshold, an index
must be created for the field,
in order for workflows to be
able to successfully perform
lookups against the field.
Maximum list size for auto- 10 million items per list Supported Testing has confirmed that
start workflow associations the performance of auto-
start workflow associations
is not affected when list size
grows to 1 million
items.Because response time
doesn't change as list size
scales, the effective limit is
the same as the maximum
number of items in a non-
workflow list.
Managed Metadata term store (database) limits
The following table lists the recommended guidelines for managed metadata term stores.
Number of Variation Labels 209 per term store Supported The maximum number of
Variation Labels per term
store is 209.
The following table lists the recommended guidelines for instances of Visio Services in SharePoint Server 2016.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Visio Services minimum Minimum cache age: 0 to Threshold Minimum cache age applies
cache age (data connected 24hrs to data connected diagrams.
diagrams) It determines the earliest
point at which the current
diagram can be removed
from cache.
Setting Min Cache Age to a
very low value will reduce
throughput and increase
latency, because invalidating
the cache too often forces
Visio to recalculate often
and reduces CPU and
memory availability.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Visio Services maximum Maximum cache age: 0 to Threshold Maximum cache age applies
cache age (non-data 24hrs to non-data connected
connected diagrams) diagrams. This value
determines how long to
keep the current diagram in
memory.
Increasing Max Cache Age
decreases latency for
commonly requested
drawings.
However, setting Max Cache
Age to a very high value
increases latency and slows
throughput for items that
are not cached, because the
items already in cache
consume and reduce
available memory.
The following table lists the recommended guidelines for PerformancePoint Services in SharePoint Server 2016.
Columns and rows 15 columns by 60,000 rows Threshold The maximum number of
columns and rows when
rendering any
PerformancePoint
dashboard object that uses
a Excel workbook as a data
source. The number of rows
could change based on the
number of columns.
Query on a SharePoint list 15 columns by 5,000 rows Supported The maximum number of
columns and row when
rendering any
PerformancePoint
dashboard object that uses
a SharePoint list as a data
source. The number of rows
could change based on the
number of columns.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Query on a SQL Server data 15 columns by 20,000 rows Supported The maximum number of
source columns and row when
rendering any
PerformancePoint
dashboard object that uses
a SQL Server table data
source. The number of rows
could change based on the
number of columns.
The following table lists the recommended guidelines for Word Automation Services.
Input file Size 512 MB Boundary Maximum file size that can
be processed by Word
Automation Services.
Frequency with which to 1 minute (recommended) Threshold This setting determines how
start conversions (minutes) 15 minutes (default) often the Word Automation
59 minutes (boundary) Services timer job executes.
A lower number leads to the
timer job running faster. Our
testing shows that it is most
useful to run this timer job
once per minute.
Conversion job size 100,000 conversion items Supported A conversion job includes
one or more conversion
items, each of which
represents a single
conversion to be performed
on a single input file in
SharePoint. When a
conversion job is started
(using the
ConversionJob.Start
method), the conversion job
and all conversion items are
transmitted over to an
application server which
then stores the job in the
Word Automation Services
database. A large number of
conversion items will
increase both the execution
time of the Start method
and the number of bytes
transmitted to the
application server.
Total active conversion N-1, where N is the number Threshold An active conversion process
processes of cores on each application can consume a single
server processing core. Therefore,
customers should not run
more conversion processes
than they have processing
cores in their application
servers. The conversion
timer job and other
SharePoint activities also
require occasional use of a
processing core.
We recommend that you
always leave 1 core free for
use by the conversion timer
job and SharePoint.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Word Automation Services 2 million conversion items Supported Word Automation Services
database size maintains a persistent queue
of conversion items in its
database. Each conversion
request generates one or
more records.
Word Automation Services
does not delete records
from the database
automatically, so the
database can grow
indefinitely without
maintenance. Administrators
can manually remove
conversion job history by
using the PowerShell cmdlet
Remove-
SPWordConversionServiceJo
bHistory. For more
information, see Remove-
SPWordConversionServiceJo
bHistory.
The following table lists the recommended guidelines for the Machine Translation Service.
Input file size for binary files 524,288 KB per file Threshold Files larger than the limit
take too long to transfer
and process, decreasing the
throughput of the service.
Input file size for text files 15,360 KB per file Threshold Files larger than the limit
have too much text to
translate, decreasing the
throughput of the service.
Maximum character count 10,000,000 per document Threshold Documents with more
for Microsoft Word characters than the limit
Documents have too much text to
translate, decreasing the
throughput of the service.
Number of translations per 1,000 per process Threshold Starting more translations
translation process than the limit causes
translations to fail due to
timing out because they
cannot be processed before
the timeout period.
Files per translation job 100,000 files Supported Submitting jobs with a
number of files that exceeds
the limit causes job
submittal time and
processing time to be too
long.
The following table lists the recommended guidelines for Office Online. Office client application limits also apply
when an application is running as a web app.
The following table lists the recommended guidelines for Project Server. For more information about how to plan
for Project Server, see Planning and architecture for Project Server 2010.
End of project time Date: 12/31/2149 Boundary Project plans cannot extend
past the date 12/31/2149.
Deliverables per project plan 1,500 deliverables Boundary Project plans cannot contain
more than 1,500
deliverables.
The following table lists the recommended guidelines for apps for SharePoint.
Number of apps in the 500 Boundary When more than 500 apps
corporate catalog viewable from the corporate catalog
by a single user are available to a single user,
that user will no longer see
any apps in the default Add
an App view. Instead, a
message guiding you to
search the app catalog or
the SharePoint Store will
appear.
The following table lists the recommended guidelines for the distributed cache service.
Miscellaneous limits
The following table lists limits and recommended guidelines for services and features not covered in other
sections.
Maximum size of EDiscovery 16K characters or 500 Boundary The size of an EDiscovery
Query keywords query is limited to 500
keywords or 16,000
characters, whichever is
reached first.
Related Topics
Hardware and software requirements for SharePoint Server 2016
Performance planning in SharePoint Server 2013
SharePoint Server 2010 capacity management: Software boundaries and limits
Prerequisites for SharePoint Servers 2016 and 2019
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Initial deployment administrative and service accounts in Provides information about the administrative and service
SharePoint Server accounts that are required for an initial SharePoint Server
installation.
Account permissions and security settings in SharePoint Describes SharePoint Server administrative and services
Server 2016 account permissions. This article discusses the following areas:
Microsoft SQL Server, the file system, file shares, and registry
entries.
Install prerequisites for SharePoint Server from a network Describes how to install SharePoint Server prerequisites from
share an offline shared network location using the prerequisite
installer (PrerequisiteInstaller.exe) tool.
Initial deployment administrative and service
accounts in SharePoint Server
6/11/2019 • 2 minutes to read • Edit Online
NOTE
For a complete list of permissions for SharePoint Servers 2016 and 2019, see Account permissions and security
settings in SharePoint Servers 2016 and 2019. > For a complete list of permissions for SharePoint Server 2013,
see Account permissions and security settings in SharePoint 2013.
IMPORTANT
Do not use service account names that contain the symbol $ with the exception of using a Group Managed
Service Account for SQL Server.
SQL Server service account The SQL Server service account is Use either a domain user account or
used to run SQL Server. It is the preferably, a Group Managed
service account for the following Service Account.
SQL Server services: If you plan to back up to or restore
MSSQLSERVER from an external resource,
SQLSERVERAGENT permissions to the external resource
If you do not use the default SQL must be granted to the appropriate
Server instance, in the Windows account. If you use a domain user
Services console, these services will account or Group Managed Service
be shown as the following: Account for the SQL Server service
MSSQL<InstanceName> account, grant permissions to that
SQLAgent<InstanceName> domain user account. However, if
you use the Network Service or the
Local System account, grant
permissions to the external resource
to the machine account
(<domain_name>\
<SQL_hostname>).
The instance name is arbitrary and
was created when SQL Server was
installed.
ACCOUNT PURPOSE REQUIREMENTS
Farm administrator user account The farm administrator user account Domain user account.
is a uniquely identifiable account Member of the Administrators
assigned to a SharePoint group on each SharePoint server in
administrator. It is used to run the the farm.
following: Member of the following SQL Server
Setup role (optional): sysadmin fixed
SharePoint Products Configuration server role.
Wizard If you run Windows PowerShell
cmdlets that affect a database, this
account must be a member of the
db_owner fixed database role for
the database or a member of the
sysadmin fixed server role on SQL.
Farm service account The farm service account is used to Domain user account.
perform the following tasks: Additional permissions are
Act as the application pool identity automatically granted for the server
for the SharePoint Central farm account on Web servers and
Administration website. application servers that are joined
Run the Microsoft SharePoint to a server farm.
Foundation Workflow Timer Service. The server farm account is
automatically added as a SQL Server
login on the computer that runs
SQL Server. The account is added to
the following SQL Server security
roles:
* dbcreator fixed server role
* securityadmin fixed server role
* db_owner fixed database role for
all SharePoint databases in the
server farm
This account should not be used
interactively by an administrator.
NOTE
We recommend that you install SharePoint Server by using least-privilege administration.
Account permissions and security settings in
SharePoint Servers 2016 and 2019
6/7/2019 • 23 minutes to read • Edit Online
IMPORTANT
Do not use service account names that contain the symbol $.
SharePoint Farm Service Account Timer Service, Insights, IIS App for CA, 1
SP Web Services System, Security
Token Service App Pool
Default content access account search crawling internal and external 1-n
sources SP2016
User Profile Service Application Used for Active Directory Import 1-n
Synchronization
NOTE
The securityadmin and dbcreator SQL Server security roles might be required for this account during a complete version-
to-version upgrade because new databases might have to be created and secured for services.
After you run the configuration wizards, machine-level permissions for the SharePoint Farm Administrator
account include:
Membership in the WSS_ADMIN_WPG Windows security group.
After you run the configuration wizards, database permissions include:
db_owner on the SharePoint server farm configuration database.
db_owner on the SharePoint Central Administration content database.
Cau t i on
If the account that you use to run the configuration wizards does not have the appropriate special SQL Server
role membership or access as db_owner on the databases, the configuration wizards will not run correctly.
SharePoint Farm Service account
The SharePoint Farm service account, which is also referred to as the database access account, is used as the
application pool identity for Central Administration and as the process account for the SharePoint Timer Service.
The server farm account requires the following permissions:
It must have domain user account permissions.
Additional permissions are automatically granted to the SharePoint Farm Service account on SharePoint servers
that are joined to a server farm.
After you run Setup, machine-level permissions include:
Membership in the WSS_ADMIN_WPG Windows security group for the SharePoint Timer Service.
Membership in WSS_RESTRICTED_WPG for the Central Administration and Timer service application
pools.
Membership in WSS_WPG for the Central Administration application pool.
After you run the configuration wizards, SQL Server and database permissions include:
Dbcreator fixed server role.
Securityadmin fixed server role.
db_owner for all SharePoint databases.
Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint server farm
configuration database.
Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint_Admin content
database.
IMPORTANT
Information in this section applies to SharePoint Server 2016 only.
The default content access account is used within a specific service application to crawl content, unless a different
authentication method is specified by a crawl rule for a URL or URL pattern. This account requires the following
permission configuration settings:
The default content access account must be a domain user account that has read access to external or
secure content sources that you want to crawl by using this account.
For SharePoint Server sites that are not part of the server farm, you have to explicitly grant this account
full read permissions to the web applications that host the sites.
This account must not be a member of the Farm Administrators group.
Content access accounts
IMPORTANT
Information in this section applies to SharePoint Servers 2016 and 2019 only.
Content access accounts are configured to access content by using the Search administration crawl rules feature.
This type of account is optional, and you can configure it when you create a new crawl rule. For example, external
content (such as a file share) might require this separate content access account. This account requires the
following permission configuration settings:
The content access account must have read access to external or secure content sources that this account
is configured to access.
For SharePoint Server sites that are not part of the server farm, you have to explicitly grant this account
full read permissions to the web applications that host the sites.
Web Application Pool account
The Web Application Pool account must be a domain user account. This account must not be a member of the
Farm Administrators group.
This account should b used for all web applications without Central Administration.
The following machine-level permission is configured automatically: This account is a member of WSS_WPG.
The following SQL Server and database permissions are configured automatically:
This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the
farm configuration database.
This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the
SharePoint Admin content database.
The application pool accounts for web applications are assigned to the SPDataAccess role for the content
databases
SharePoint Service Application Pool account
The SharePoint Service Application Pool account must be a domain user account. This account must not be a
member of the Administrators group on any computer in the server farm.
The following machine-level permission is configured automatically: This account is a member of WSS_WPG.
The following SQL Server and database permissions are configured automatically:
This account is assigned to the SPDataAccess role for the content databases.
This account is assigned to the SPDataAccess role for search database that is associated with the web
application.
This account must have read and write access to the associated service application database.
This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the
farm configuration database.
This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the
SharePoint_Admin content database.
NOTE
The sp_dboption stored procedure is not available in SQL Server 2012. For more information about sp_dboption, see
sp_dboption (Transact-SQL).
NOTE
The SPDataAccess role replaced the db_owner role in SharePoint Server 2016.
WSS_WPG
WSS_WPG has read access to local resources. All application pool and services accounts are in WSS_WPG. The
following table shows WSS_WPG registry entry permissions.
Local service
The following table shows the local service registry entry permission:
The following table shows the local service file system permission:
Local system
The following table shows the local system registry entry permissions:
Network service
The following table shows the network service registry entry permission:
KEY NAME PERMISSIONS INHERIT DESCRIPTION
Administrators
The following table shows the administrators registry entry permissions:
WSS_RESTRICTED_WPG
WSS_RESTRICTED_WPG can read the encrypted farm administration credential registry entry.
WSS_RESTRICTED_WPG is only used for encryption and decryption of passwords that are stored in the
configuration database. The following table shows the WSS_RESTRICTED_WPG registry entry permission:
KEY NAME PERMISSIONS INHERIT DESCRIPTION
Users group
The following table shows the users group file system permissions:
See also
Concepts
Install SharePoint Server
Install prerequisites for SharePoint Server from a
network share
6/7/2019 • 6 minutes to read • Edit Online
NOTE
The Microsoft SharePoint Products Preparation Tool is a user interface built on PrerequisiteInstaller.exe. The Microsoft
SharePoint Products Preparation Tool accepts no user input.
TIP
To copy the contents of the active About window to the Clipboard, press Ctrl+C.
4. Verify that you have an accurate list of the required software. Compare the output from the prerequisite
installer to the list of prerequisites in step 1.
5. Download the prerequisites to a computer that has Internet access.
Next, follow these steps to create a central location that you can use for installing SharePoint Server prerequisites
on all the farm servers.
To combine prerequisites
1. Create a shared folder on a computer that can be accessed by the servers on which the prerequisites will
be installed.
2. Copy the files that you downloaded from the Internet to the shared folder.
After you finish creating an available network location for the prerequisites, use the procedure in the following
section to install SharePoint Server prerequisites on a server.
NOTE
To install more than one prerequisite, type each switch and argument pair. Be sure to separate each pair by a space,
for example: > PrerequisiteInstaller.exe /IDFX:"\< path>\Windows6.1-KB974405-x64.msu" /sqlncli:"\<
path>\sqlncli.msi" /Sync:"\< path>\Synchronization.msi"
NOTE
If you specify an argument, PrerequisiteInstaller.exe ignores the arguments file and processes only the command-
line argument.
2. PrerequisiteInstaller.exe scans the local system to determine whether any of the prerequisites are already
installed.
3. PrerequisiteInstaller.exe installs the programs in the argument file and returns one of the following exit
codes:
0 - Success
1 - Another instance of this application is already running
2 - Invalid command line parameter
1001 - A pending restart blocks installation
3010 - A restart is needed
4. If a prerequisite requires a restart, a 3010 code is generated and you are prompted to click Finish to restart
the system. The behavior of the installer after a 3010 code varies depending on which of the following
conditions are true on the computer:
If the component that requires a restart is already installed on the system, the 3010 code is generated, and
the remaining prerequisites are installed. After the last prerequisite is installed, you are prompted to restart
the system.
If the component that requires a restart is installed on the system by PrerequisiteInstaller.exe, the installer
generates the 3010 code, and the installation of the remaining prerequisites is skipped. You are prompted
to restart the system.
After the system restarts, PrerequisiteInstaller.exe starts to run again because the startup file that is created
before the restart contains a /continue flag.
Multiple components might require you to restart. So PrerequisiteInstaller.exe might have to be restarted
several times. After you restart, PrerequisiteInstaller.exe ignores the arguments file and attempts to
download and install the remaining prerequisites from the Internet. For more information, see Known
issues.
Use the following procedure to create an arguments file.
To create an arguments file
1. Using a text editor, create a new text document named PrerequisiteInstaller.Arguments.txt. Save this file to
the same location as PrerequisiteInstaller.exe. This file will contain the switches and arguments that are
used when you run the Microsoft SharePoint Products Preparation Tool.
2. Using a text editor, edit PrerequisiteInstaller.Arguments.txt and provide file paths to the installation source
for each prerequisite switch by using the following syntax:
/switch: <path>
Where /switch is a valid switch and <path> is a path of the installation source.
3. After you finish editing PrerequisiteInstaller.Arguments.txt, save your edits, and verify that this file is in the
same directory as PrerequisiteInstaller.exe.
Use the following procedure to install the prerequisites.
To install the prerequisites using an arguments file
1. Run PrerequisiteInstaller.exe at the command prompt to install the prerequisites.
Cau t i on
If you are prompted to click Finish to restart the system, do not do so. Instead, click Cancel. For more
information, see Known issues before you continue with the next step.
2. Manually restart the system.
3. At the command prompt, type the following command, and then press Enter:
PrerequisiteInstaller.exe
Known issues
There are two known issues that affect the use of an arguments file:
Using line breaks in the arguments file
If you create an arguments file and use line breaks to put each switch and argument on a separate line, the
prerequisite installer fails. The workaround is to enter all the switch and argument pairs on a single line.
After a computer restart, the arguments file is not used
After you restart, PrerequisiteInstaller.exe runs the startup command file, which contains a /continue flag.
The /continue flag forces the installer to ignore the arguments file.
You must prevent a restart by deleting the startup task in this command file by using one of the following
options:
Option 1
1. Run PrerequisiteInstaller.exe by double-clicking it. The program will display the first screen with the list of
prerequisites.
2. Click Cancel. PrerequisiteInstaller.exe deletes the startup task.
Option 2
3. From the Start menu, choose Run, and then type regedit to open the registry.
4. Open the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders.
5. Check the value for "Common Startup". This shows the directory where the startup tasks are listed.
6. Close the registry editor without making any changes.
7. Navigate to the startup directory, which is usually <systemdir>\ProgramData\Microsoft\Windows\Start
Menu\Programs\Startup.
8. Delete the startup task by deleting "SharePointServerPreparationToolStartup_0FF1CE14-0000-0000-
0000-000000000000.cmd".
Overview of MinRole Server Roles in SharePoint
Servers 2016 and 2019
6/7/2019 • 6 minutes to read • Edit Online
What is MinRole?
MinRole is a new farm topology based on a set of predefined server roles introduced in SharePoint Server
2016. When configuring your SharePoint farm, you now select the role of a server when you create a new farm
or join a server to an existing farm. SharePoint will automatically configure the services on each server based
on the server's role. SharePoint Server 2016 and 2019 has been optimized for the MinRole farm topology.
The following video gives a general overview what MinRole is and can do for your organization.
MinRole enhancements
Starting with the November 2016 Public Update for SharePoint Server 2016, Microsoft has introduced the
following enhancements to MinRole:
Better support for small and medium-sized farm topologies via new shared roles. Now you can deploy a
MinRole farm with just 2 servers, or a high availability (HA) MinRole farm with just 4 servers. For more
information about these new roles and recommended MinRole farm topologies, see Planning for a
MinRole server deployment in SharePoint Servers 2016 and 2019.
An improved server role conversion experience via role conversion pre-validation. Now MinRole will
check to ensure your server is ready for role conversion before starting the conversion. If it detects that
the server isn't ready, it will block the conversion and present a message explaining why the role
conversion was blocked, as well as instructions to resolve the issue. For more information about role
conversion pre-validation, see Role conversion using MinRole in SharePoint Servers 2016 and 2019.
Updated service instance assignments for each server role to ensure your farm is operating at optimal
performance. For more information about the new service instance assignments, see Description of
MinRole and associated services in SharePoint Servers 2016 and 2019.
Microsoft recommends installing the November 2016 Public Update (or newer) for SharePoint Server 2016 to
take full advantage of these MinRole enhancements.
See also
Concepts
Technical diagrams for SharePoint Server
Description of MinRole and associated services in SharePoint Servers 2016 and 2019
Other Resources
Planning for a MinRole server deployment in SharePoint Servers 2016 and 2019
Managing a MinRole Server Farm in SharePoint Servers 2016 and 2019
Planning for a MinRole server deployment in
SharePoint Servers 2016 and 2019
6/7/2019 • 9 minutes to read • Edit Online
Front-end Service applications, services, and The Application server and the Front-
components that serve user requests end server roles host a similar set of
belong on a Front-end server. These services. However, each role serves a
servers are optimized for high different purpose. The Front-end role is
performance. performance-sensitive and optimized
for serving user traffic by running
service instances appropriate for user
requests on the local server. It's normal
for the Front-end server role to run
service instances that would have been
hosted on the Application server role
in previous versions.
Application Service applications, services, and The use of the term "Application
components that serve back-end server" in SharePoint Server 2016 has
requests, such as search crawl a different meaning from the common
requests, belong on an Application use of the term in previous versions. In
server. These servers are optimized for previous versions of SharePoint, the
high throughput. Application server typically hosted
service application endpoints that
Front-end servers would call while
serving user requests. In SharePoint
Servers 2016 and 2019, the
Application server role runs
background tasks such as Timer jobs,
and can be the target for search crawl
requests.
Distributed Cache Service applications, services, and Distributed Cache doesn't support
components that are required for a High Availability the way that other
distributed cache belong on a services do. While you can have
Distributed Cache server. multiple Distributed Cache servers in
your SharePoint farm to help distribute
the load, the data cached on each
Distributed Cache server is not
replicated to the other Distributed
Cache servers. If a Distributed Cache
server unexpectedly goes down, the
data cached in that server will be lost.
Search Service applications, services, and Once a server is assigned to the Search
components that are required for role, it must then be configured in
search belong on a Search server. Search topology management. For
more information about Search
topology, see Manage the search
topology in SharePoint Server .
Shared Roles: Shared roles are optimized for fewer servers in a farm by combining dedicated roles together.
They can also be used in medium scale farms with dedicated roles. Shared roles may require higher available
system resources because they are running more services.
Front-end with Distributed Cache Shared role that combines the Front- This shared role was introduced in the
end and Distributed Cache roles on the November Public Update for
same server. Make sure the server SharePoint Server 2016 (Feature Pack
meets the system requirements for 1).
hosting a shared server role.
Application with Search Shared role that combines the This shared role was introduced in
Application and Search roles on the November Public Update for
same server. Make sure the server SharePoint Server 2016 (Feature Pack
meets the system requirements for 1).
hosting a shared server role.
Special Roles: For special case scenarios, testing, development, and services that are not integrated with
MinRole.
Custom Service applications, services, and This server role is typically used to run
components that you want to manage, services that do not integrate with
instead of using MinRole to manage MinRole. The farm administrator has
them, belong on a Custom server. full control over which service instances
can run on servers assigned to the
Custom server role. MinRole will not
attempt to manage servers assigned to
this role.
NOTE
You must have the November Public Update for SharePoint Server 2016 (Feature Pack 1) installed to use shared roles in
your farm topology. >
MinRole Topologies
There are three different types of SharePoint farms:
Content Farms: These farms host sites and service applications, and can optionally consume service
applications from other farms.
Services Farms: These farms host service applications that are consumed by other farms. Example service
applications include: Managed Metadata, Search, and User Profile.
Search Farms: These farms are dedicated to hosting Search service applications that are consumed by
other farms.
Each type of SharePoint farm requires different MinRole server roles to function properly. Refer to the table
below for the list of server roles required for each type of farm.
Server Role Required for Content Required for Services Required for Search
Farm? Farm? Farm?
Front-end Yes No No
NOTE
Shared roles can be substituted for their equivalent dedicated roles to reduce the number of servers in a farm. For
example, the "Front-end with Distributed Cache" role can be used in place of the separate "Front-end" and "Distributed
Cache" roles to meet the requirements of a content farm. > Dedicated roles, shared roles, and the Custom server role can
be used together in the same farm. If you substitute the Custom server role for one or more MinRole-managed server
roles, you must ensure that servers assigned to the Custom role are configured properly with the service instances needed
in that type of farm. > SQL Server can be running on the same server or a different server as SharePoint, but for better
performance we recommend running SQL Server on a separate server.
Refer to the table below for the list of recommended MinRole content farm topologies.
Small Non-High Availability MinRole 2 Two servers with two shared roles:
farm One Front-end with Distributed Cache
server
One Application with Search server
Small High Availability (HA) MinRole 4 Four servers with two shared roles:
farm Two Front-end with Distributed Cache
servers
Two Application with Search servers
Medium Non-High Availability MinRole 4 Four servers with four dedicated roles:
farm One Front-end server
One Distributed Cache server
One Application server
One Search server
Medium High Availability (HA) MinRole 6 Six servers with both dedicated and
farm (Search optimized) shared roles:
Two Front-end with Distributed Cache
servers
Two Application servers
Two Search servers
Medium High Availability (HA) MinRole 6 Six servers with both dedicated and
farm (user optimized) shared roles:
Two Front-end servers
Two Distributed Cache servers
Two Application with Search servers
Large High Availability (HA) MinRole 8 Eight servers with four dedicated roles:
farm Two Front-end servers
Two Distributed Cache servers
Two Application servers
Two Search servers
See also
Concepts
SharePoint Server 2016 zero downtime patching steps
Overview of MinRole Server Roles in SharePoint Servers 2016 and 2019
Description of MinRole and associated services in SharePoint Servers 2016 and 2019
Other Resources
Managing a MinRole Server Farm in SharePoint Servers 2016 and 2019
Install SharePoint Servers 2016 or 2019 on one server
6/7/2019 • 15 minutes to read • Edit Online
NOTE
In previous versions of SharePoint, a single server installation automatically installed SQL Server Express. In SharePoint
Servers 2016 and 2019, a single server installation contains only SharePoint. SQL Server can be installed on the same
server or on a separate server; both scenarios are supported. For better performance we recommend installing SQL Server
on a separate server.
Overview
After you have completed setup and the SharePoint Products Configuration Wizard, you will have installed
binaries, configured security permissions, configured registry settings, configured the configuration database,
configured the content database, and installed the SharePoint Central Administration web site. Next, you can
choose to run the Farm Configuration Wizard to configure the farm, select the services that you want to use in
the farm, and create the first site collection, or you can manually perform the farm configuration at your own
pace.
IMPORTANT
To complete the following procedures, the account that you use must be a member of the Administrators group on the
computer on which you are installing SharePoint Server. For information about user accounts, see Initial deployment
administrative and service accounts in SharePoint Server.
NOTE
If you intend to use this computer as a search server, we recommend that you store the search index files on a
separate storage volume or partition. Any other search data that needs to be stored is stored in the same location
as the search index files. You can only set this location at installation time.
NOTE
If Setup fails, check log files in the Temp folder of the user account you used to run Setup. Ensure that you are logged in
using the same user account and then type %temp% in the location bar in Windows Explorer. If the path in Windows
Explorer resolves to a location that ends in a "1" or "2", you have to navigate up one level to view the log files. The log file
name is SharePoint Server Setup (< time stamp>).
NOTE
For a single server farm, we recommend choosing the Single Server Farm role, although you can select a Custom
role if you want to individually manage the services instances that run on the server. You can change the role of a
server later if you change your mind or want to expand your farm by adding additional servers.
10. On the Configure SharePoint Central Administration Web Application page, do the following:
Either select the Specify port number check box and type the port number that you want the SharePoint
Central Administration web application to use, or leave the Specify port number check box cleared if you
want to use the default port number.
Click either NTLM or Negotiate (Kerberos).
11. Click Next.
12. On the Completing the SharePoint Products Configuration Wizard page, review your configuration
settings to verify that they are correct, and then click Next.
NOTE
The Advanced Settings option is not available in SharePoint Servers 2016 and 2019.
13. On the Configuration Successful page, click Finish. When the wizard closes, setup opens the web
browser and connects to Central Administration.
If the SharePoint Products Configuration Wizard fails, check the PSCDiagnostics log files, which are
located on the drive on which SharePoint Servers 2016 and 2019 are installed, in the
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\16\LOGS folder.
If you are prompted for your user name and password, you might have to add the SharePoint Central
Administration web site to the list of trusted sites and configure user authentication settings in Internet
Explorer. You might also want to disable the Internet Explorer Enhanced Security settings. If you see a
proxy server error message, you might have to configure proxy server settings so that local addresses
bypass the proxy server. Instructions for configuring proxy server settings are provided in the following
section. For more information about how to configure browser and proxy settings, see Configure browser
settings.
Configure browser settings
After you run the SharePoint Products Configuration Wizard, you should confirm that SharePoint Server works
correctly by configuring additional settings in Internet Explorer.
If you are not using Internet Explorer, you might have to configure additional settings for your browser. For
information about supported browsers, see Plan browser support in SharePoint Servers 2016 and 2019.
To confirm that you have configured browser settings correctly, log on to the server by using an account that has
local administrative credentials. Next, connect to the SharePoint Central Administration web site. If you are
prompted for your user name and password when you connect, perform the following procedures:
Add the SharePoint Central Administration website to the list of trusted sites
Disable Internet Explorer Enhanced Security settings
If you receive a proxy server error message, perform the following procedure:
Configure proxy server settings to bypass the proxy server for local addresses
To add the SharePoint Central Administration website to the list of trusted sites
1. Verify that the user account that completes this procedure has the following credentials:
The user account is a member of the Administrators group on the computer on which you are performing the
procedure.
2. In Internet Explorer, on the Tools menu, click Internet Options.
3. On the Security tab, in the Select a zone to view or change security settings area, click Trusted Sites,
and then click Sites.
4. Clear the Require server verification (https:) for all sites in this zone check box.
5. In the Add this web site to the zone box, type the URL to your site, and then click Add.
6. Click Close to close the Trusted Sites dialog box.
7. Click OK to close the Internet Options dialog box.
To disable Internet Explorer Enhanced Security settings
1. Verify that the user account that completes this procedure has the following credentials:
The user account is a member of the Administrators group on the computer on which you are performing the
procedure.
2. Click Start, point to All Apps, point to Administrative Tools, and then click Server Manager.
3. In Server Manager, select the root of Server Manager.
4. In the Security Information section, click Configure IE ESC.
The Internet Explorer Enhanced Security Configuration dialog box appears.
5. In the Administrators section, click Off to disable the Internet Explorer Enhanced Security settings, and
then click OK.
To configure proxy server settings to bypass the proxy server for local addresses
1. Verify that the user account that completes this procedure has the following credentials:
The user account is a member of the Administrators group on the computer on which you are performing the
procedure.
2. In Internet Explorer, on the Tools menu, click Internet Options.
3. On the Connections tab, in the Local Area Network (LAN ) settings area, click LAN Settings.
4. In the Automatic configuration area, clear the Automatically detect settings check box.
5. In the Proxy Server area, click the Use a proxy server for your LAN check box.
6. Type the address of the proxy server in the Address box.
7. Type the port number of the proxy server in the Port box.
8. Select the Bypass proxy server for local addresses check box.
9. Click OK to close the Local Area Network (LAN ) Settings dialog box.
10. Click OK to close the Internet Options dialog box.
Run the Farm Configuration Wizard
You have now completed setup and the initial configuration of SharePoint Server. You have created the
SharePoint Central Administration web site. You can now configure your farm and sites, and you can select
services by using the Farm Configuration Wizard.
To run the Farm Configuration Wizard
1. Verify that the user account that is performing this procedure is the Setup user account. For information
about the Setup user account, see Initial deployment administrative and service accounts in SharePoint
Server.
2. On the SharePoint Central Administration home page, on the Quick Launch, click Configuration
Wizards, and then click Launch the Farm Configuration Wizard.
3. On the Help Make SharePoint Better page, click one of the following options, and then click OK:
Yes, I am willing to participate (Recommended.)
No, I don't want to participate.
4. On the Configure your SharePoint farm page, next to Yes, walk me through the configuration of
my farm using this wizard, click Start the Wizard.
5. On the Service Applications and Services page, in the Service Account section, click the service
account option that you want to use to configure your services.
Security note: For security reasons, we recommend that you use a different account from the farm
administrator account to configure services in the farm.
If you decide to use an existing managed account — that is, an account of which SharePoint Server 2016 is
aware — make sure that you click that option before you continue.
6. In the Services section, review the services that you want to use in the farm, and then click Next.
7. On the Create Site Collection page, do the following:
8. In the Title and Description section, in the Title box, type the name of your new site.
9. Optional: In the Description box, type a description of what the site contains.
10. In the Web Site Address section, select a URL path for the site.
11. In the Template Selection section, in the Select a template list, select the template that you want to use
for the top-level site in the site collection.
NOTE
To view a template or a description of a template, click any template in the Select a template list.
Post-installation steps
After you install and configure SharePoint Server, your browser window opens to the Central Administration
web site of your new SharePoint site. Although you can start adding content to the site or customizing the site,
we recommend that you first perform the following administrative tasks.
Configure usage and health data collection You can configure usage and health data collection in your
server farm. The system writes usage and health data to the logging folder and to the logging database.
Configure diagnostic logging You can configure diagnostic logging that might be required after initial
installation or upgrade. The default settings are sufficient for most situations. Depending upon the
business needs and life-cycle of the farm, you might want to change these settings.
Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and
archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-
mail discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In
addition, you can configure the SharePoint Directory Management Service to provide support for e-mail
distribution list creation and administration.
Configure outgoing email You can configure outgoing email so that your Simple Mail Transfer Protocol
(SMTP ) server sends email alerts to site users and notifications to site administrators. You can configure
both the "From" email address and the "Reply" email address that appear in outgoing alerts.
Configure Search settings You can configure Search settings to crawl the content in SharePoint Server.
Install SharePoint Servers 2016 or 2019 across
multiple servers
6/7/2019 • 11 minutes to read • Edit Online
Overview
The basic steps in this deployment are as follows:
Ensure that you have done all the planning and preparatory work, such as verifying hardware and
software requirements.
Install the required software updates on all servers that will be part of the farm.
Install the SharePoint Server prerequisites on SharePoint servers.
Install SharePoint Server on the SharePoint servers.
Create and configure the SharePoint farm.
Provision services.
Complete post-deployment tasks as required.
Topology overview
SharePoint Servers 2016 and 2019 support a new farm topology design called MinRole. This article will describe
a simple multi-server farm topology with one server assigned to each MinRole server role. However, to take
advantage of zero downtime patching, your farm topology must support high availability (HA) by having multiple
servers assigned to each MinRole server role.
For additional information about MinRole, see Overview of MinRole Server Roles in SharePoint Servers 2016
and 2019.
Before you install SharePoint Server on multiple servers
Before you begin to install and configure SharePoint Servers 2016 or 2019, do the following:
Ensure that you are familiar with the operating-system guidelines described in Performance Tuning
Guidelines for Windows Server 2012 R2.
Ensure that you have met all hardware and software requirements. For more information about these
requirements, such as specific updates that you must install, see Hardware and software requirements for
SharePoint Server 2016. For SharePoint Server 2019, see Hardware and software requirements for
SharePoint Server 2019.
Ensure that you perform a clean installation of SharePoint Server.
Ensure that you are prepared to set up the required accounts by using appropriate permissions. For
detailed information, see Initial deployment administrative and service accounts in SharePoint Server.
Using the Microsoft SharePoint Products Preparation Tool
The Microsoft SharePoint Products Preparation Tool checks for the presence of prerequisites, and installs and
configures all required programs. The Microsoft SharePoint Products Preparation Tool requires an Internet
connection to download and configure SharePoint Server prerequisites.
Database server
Ensure that SQL Server is updated to the required level and the TCP/IP protocol is enabled for the network
configuration.
Organizations whose database administrators operate independently from SharePoint administrators will have to
make sure that the correct version of SQL Server is available and updated to the required level. In addition, you
will have to request a DBA-created database.
For additional information about DBA databases, see Database types and descriptions in SharePoint Server,
Storage and SQL Server capacity planning and configuration (SharePoint Server).
Ensure the Max degree of parallelism is set to 1. For additional information about max degree of parallelism see,
Configure the max degree of parallelism Server Configuration Option.
Public updates and hotfix packages
Ensure that public updates and the required hotfix packages are installed for the operating system, SQL Server,
and SharePoint Server.
TIP
If you decide to install prerequisites manually, you can still run the Microsoft SharePoint Products Preparation Tool to verify
which prerequisites are required on each server.
Use the following procedure to install prerequisites on each server in the farm.
To run the Microsoft SharePoint Products Preparation Tool
1. Verify that the user account that is performing this procedure is the Setup user account. For information
about the Setup user account, see Initial deployment administrative and service accounts in SharePoint
Server.
2. In the SharePoint Server installation disc image, mount the ISO file, and then click the splash.hta file. The
SharePoint Server 2016 splash screen is displayed..
3. Click Install software prerequisites.
4. On the Welcome to the SharePoint 2016 Products Preparation Tool page, click Next.
NOTE
The preparation tool may have to restart the local server to complete the installation of some prerequisites. The
installer will continue to run after the server is restarted without manual intervention. However, you will have to log
on to the server again.
5. On the License Terms for software products page, review the terms, select the I accept the terms of
the License Agreement(s) check box, and then click Next.
6. If you see the Your system needs to restart to continue page, click Finish to restart the computer, and
then repeat steps 2-4.
NOTE
As a best practice, we recommend that you install SharePoint Server on a non-system drive. > If you intend to use
this computer as a search server, we recommend that you store the search index files on a separate storage volume
or partition. Any other search data that needs to be stored, is stored in the same location as the search index files.
You can only set this location at installation time.
NOTE
For consistency of approach, we recommend that you do not run the configuration wizard until you have installed
SharePoint Server 2016 on all SharePoint servers that will participate in the server farm.
IMPORTANT
The server farm account is used to access your configuration database. It also acts as the application pool identity
account for the SharePoint Central Administration application pool, and it is the account under which the
SharePoint Timer service runs. The SharePoint Products Configuration Wizard adds this account to the SQL Server
Login accounts, the SQL Server dbcreator server role, and the SQL Server securityadmin server role. The user
account that you specify as the server farm account has to be a domain user account. However, it does not have to
be a member of any specific security group on your SharePoint servers or your database servers. We recommend
that you follow the principle of least-privilege, and specify a user account that is not a member of the
Administrators group on your SharePoint servers or your database servers.
NOTE
If the SharePoint Products Configuration Wizard fails, check the log files on the drive on which SharePoint Server
2016 is installed, which are located in the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server
Extensions\16\LOGS folder.
15. The Central Administration website will open in a new browser window.
On the Help Make SharePoint Better page, click one of the following options and then click OK.
16. Yes, I am willing to participate (Recommended).
17. No, I don't wish to participate.
18. On the Initial Farm Configuration Wizard page, you have the option to use a wizard to configure
services or you can decide to configure services manually. For the purpose of this article, we use the
manual option. Click Cancel.
We recommend waiting until your SharePoint farm has at least one of each type of server role joined to it
before you run the Farm Configuration Wizard.
IMPORTANT
The Farm Configuration Wizard can't be used with DBA-created databases because the Farm Configuration Wizard
will try to create its own databases. If you're using DBA-created databases, you must create each service application
and web application manually so that you can specify the DBA-created database it should connect to.
For additional information about how to add servers to a farm, see Add a server to a SharePoint Server 2016 or
SharePoint Server 2019 farm. This article also provides detailed information for the steps in the following
procedure.
Post-installation steps
After you install and configure SharePoint Server, your browser window opens to the Central Administration
web site of your new SharePoint site. Although you can start adding content to the site or customizing the site,
we recommend that you first perform the following administrative tasks.
Configure usage and health data collection You can configure usage and health data collection in your
server farm. The system writes usage and health data to the logging folder and to the logging database.
Configure diagnostic logging You can configure diagnostic logging that might be required after initial
installation or upgrade. The default settings are sufficient for most situations. Depending upon the
business needs and life-cycle of the farm, you might want to change these settings.
Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and
archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-
mail discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In
addition, you can configure the SharePoint Directory Management Service to provide support for e-mail
distribution list creation and administration.
Configure outgoing email You can configure outgoing email so that your Simple Mail Transfer Protocol
(SMTP ) server sends email alerts to site users and notifications to site administrators. You can configure
both the "From" email address and the "Reply" email address that appear in outgoing alerts.
Configure Search settings You can configure Search settings to crawl the content in SharePoint Servers
2016 or 2019.
Install or uninstall language packs for SharePoint
Servers 2016 and 2019
8/6/2019 • 9 minutes to read • Edit Online
IMPORTANT
If you are uninstalling SharePoint Server, you must uninstall all language packs before you uninstall SharePoint Server.
Although a site owner specifies a language ID for a site, some user interface elements such as error messages,
notifications, and dialog boxes do not display in the language that was specified. This is because SharePoint
Server relies on several supporting technologies — for example, the Microsoft .NET Framework, Microsoft
Windows Workflow Foundation, Microsoft ASP.NET, and SQL Server — some of which are localized into only a
limited number of languages. If a user interface element is generated by any of the supporting technologies that
are not localized into the language that the site owner specified for the site, the user interface element appears in
English. For example, if a site owner creates a site in Hebrew, and the .NET Framework component displays a
notification message, the notification message will not display in Hebrew because the .NET Framework is not
localized into Hebrew. This situation can occur when sites are created in any language except the following:
Chinese, French, German, Italian, Japanese, Korean, and Spanish.
Each language pack that you install creates a folder at %COMMONPROGRAMFILES%\Microsoft Shared\Web
Server Extensions\16\TEMPLATE\LAYOUTS\Locale_ID that contains language-specific data. In each locale_ID
folder, you must have only one HTML error file that contains the error information that is used when a file
cannot be found. Anytime a file cannot be found for any site in that language, this file will be used. You can
specify the file to use by setting the FileNotFoundPage() for each web application.
In some cases, some text might originate from the original installation language, which can create a mixed-
language experience. This kind of mixed-language experience is typically seen only by content creators or site
owners and is not seen by site users.
IMPORTANT
By default, the Microsoft PowerShell Help files are installed in English (en-us). To view these files in the same language as
the operating system, install the language pack for the same language in which the operating system was installed.
You can download language packs from the Microsoft Download Center for SharePoint Server 2016 and
SharePoint Server 2019.
List of Languages
Each folder name has a language tag appended to it, in the form ll-cc. That tag identifies the language and
culture. For example, U.S. English language folders are identified by the folder name extension en-us.
Folders for the language-specific components are identified by the language tag that is shown in the table. The
Windows operating system uses locale identifiers (LCIDs) to identify languages in the Windows registry.
SharePoint Servers 2016 and 2019 support the following languages:
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For
additional information about PowerShell permissions, see Add-SPShellAdmin.
Document the location of the SharePoint Server binary and log files on the existing farm servers. We
recommend that the location of these files on the new server map to the locations used on the other servers
in the farm.
IMPORTANT
If you change the location of the trace log to a non-system drive, change the location on all the servers in the farm.
Existing or new servers cannot log data if the location does not exist. In addition, you will be unable to add new servers
unless the path that you specify exists on the new server. You cannot use a network share for logging purposes.
TIP
After you obtain a copy of the required software, we recommend that you create an installation point that you can use to
store the images. You can use this installation point to install future software updates.
For detailed instructions about how to install the prerequisites, see Prepare the farm servers in the article, Install
SharePoint Servers 2016 or 2019 across multiple servers.
TIP
If you decide to install prerequisites manually, you can still run the Microsoft SharePoint Products Preparation Tool to verify
which prerequisites are required on each server.
TIP
As a best practice, we recommend that you install SharePoint Server on a drive that does not contain the operating
system.
NOTE
The concept of server roles has changed staring with SharePoint Server 2016. You can't add a server to a farm if the farm
currently contains a server assigned to the "Single Server Farm" role. > For additional information about MinRole, see
Overview of MinRole Server Roles in SharePoint Servers 2016 and 2019.
9. On the Completing the SharePoint Products Configuration Wizard page, click Next.
10. On the server that hosts Central Administration, click Manage servers in this farm to verify that the
new server is part of the farm.
NOTE
You can also verify a successful server addition or troubleshoot a failed addition by examining the log files. These files are
located on the drive on which SharePoint Server is installed, in the %COMMONPROGRAMFILES%\Microsoft Shared\Web
Server Extensions\16\LOGS folder.
11. On the Servers in Farm page, click the name of the new server. Use the list of available services on the
Services on Server page to start the services that you want to run on the new server.
NOTE
This step should only apply if the Custom role is used.
To add a new SharePoint Server server to the farm by using the PSConfig.exe command-line tool
1. To create a farm by using the PSConfig.exe command-line tool, use the following syntax:
Where <ServerRole> can be any of the following values: WebFrontEnd, Application, DistributedCache, Search,
or Custom.
NOTE
The SingleServerFarm cannot be used unless the SharePoint farm has zero servers in it.
NOTE
If SharePoint Server 2016 Feature Pack 2 has been applied, additional <ServerRole> options are available:
ApplicationWithSearch, WebFrontEndWithDistributedCache. These options are also available in SharePoint Server 2019.
NOTE
The PSConfig.exe -cmd Services -Provision syntax is deprecated, but not removed yet. Do not use the Provision
parameter when you create or join a farm. Using this parameter will lead to failures.
To add a new SharePoint Server 2016 or SharePoint Server 2019 server to the farm by using
PowerShell
Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
2016 cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For
additional information about PowerShell permissions, see [Add-SPShellAdmin](/powershell/module/sharepoint-server/Add-
SPShellAdmin?view=sharepoint-ps
Where:
<$DatabaseServer> is the name of the server that hosts the configuration database
<DatabaseName> is the name of the configuration database
<$Passphrase> is the passphrase for the farm
<ServerRole> is the server role type
Where \<ServerRole\> can be any of the following values: WebFrontEnd, Application, DistributedCache, Search,
or Custom.
NOTE
If SharePoint Server 2016 Feature Pack 2 has been applied, additional <ServerRole> options are available:
ApplicationWithSearch, WebFrontEndWithDistributedCache. These options are also available in SharePoint Server 2019.
NOTE
The concept of server roles has changed starting with SharePoint Server 2016. You can't add a server to a farm if the farm
currently contains a server assigned to the "Single Server Farm" role. > For additional information about MinRole, see
Overview of MinRole Server Roles in SharePoint Servers 2016 and 2019.
3. At the PowerShell command prompt, type the following command to install the Help File Collections:
Install-SPHelpCollection -All
4. At the PowerShell command prompt, type the following command to install the Security Resource for
SharePoint Server:
Initialize-SPResourceSecurity
5. At the PowerShell command prompt, type the following command to install the basic services:
Install-SPService
6. At the PowerShell command prompt, type the following command to install all the features:
Install-SPFeature -AllExistingFeatures
7. At the PowerShell command prompt, type the following command to set the port number of the SharePoint
Central Administration website:
NOTE
If the SharePoint Central Administration website is already provisioned on an existing server in the farm, you can skip this
step.
8. At the PowerShell command prompt, type the following command to install application content:
Install-SPApplicationContent
9. At the PowerShell command prompt, type the following command to start the Timer service:
Start-Service SPTimerV4
10. At the PowerShell command prompt, type the following command to get a list of servers in the farm.
Get-SPServer
NOTE
You can also verify a successful server addition or troubleshoot a failed addition by examining the log files. These files are
located on the drive on which SharePoint Servers 2016 or 2019 is installed, in the
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\16\LOGS folder.
Install for SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Install SharePoint 2013 on a single server with a built-in Explains how to install SharePoint 2013 on a single server.
database This deployment uses SQL Server Express and is typically used
for evaluating SharePoint 2013.
Install SharePoint 2013 on a single server with SQL Server Describes how to install SharePoint 2013 on a single server.
This deployment uses SQL Server and can easily be scaled out
to create two- and three-tier farm topologies.
Install SharePoint 2013 across multiple servers for a three-tier Describes how to install SharePoint 2013 on multiple servers.
farm This deployment uses SQL Server and the resulting three-tier
topology provides the foundation for implementing any
solution.
Install and configure a virtual environment for SharePoint This article describes how to use PowerShell to install
2013 SharePoint 2013 in a Hyper-V environment.
Install or uninstall language packs for SharePoint 2013 Describes language packs and how to download, install, and
uninstall them.
Add web or application servers to farms in SharePoint 2013 Explains how to add a web or application server to a farm. The
procedures in this article apply to a SharePoint 2013 farm
that consists of at least two tiers. They should not be used for
converting a single server deployment to a multiple server
farm.
Add a database server to an existing farm in SharePoint 2013 Provides information about how to add a new database
server to an existing SharePoint 2013 farm.
Remove a server from a farm in SharePoint 2013 Describes how to remove a web server, application server, or
a database server from a SharePoint 2013 farm.
Uninstall SharePoint 2013 Describes how to remove SharePoint 2013 from a computer.
SharePoint 2013 dev/test environments in Azure Learn how to use Azure Resource Manager (ARM) templates
to create a basic or high-availability SharePoint 2013 dev/test
farm in Microsoft Azure infrastructure services.
System requirements for SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Software boundaries and limits for This article provides a starting point for
SharePoint 2013 planning the performance and capacity
of your SharePoint 2013 farm, and
includes performance and capacity
testing results and guidelines for
acceptable performance.
Capacity management and sizing This article walks you through the
overview for SharePoint Server 2013 concepts involved in capacity
management and sizing SharePoint
2013 farms, and provides an overview
of the planning process.
Hardware and software requirements for SharePoint
2013
6/7/2019 • 15 minutes to read • Edit Online
IMPORTANT
If you contact Microsoft Customer Support Services about a production system that does not meet the minimum
hardware specifications described in this document, support will be limited until the system is upgraded to the minimum
requirements.
IMPORTANT
Some of the hardware requirement values in this article are based on test results from SharePoint 2010 Products and still
apply to SharePoint 2013. This article will be updated with appropriate values and republished when new data becomes
available. Hardware requirement values obtained from SharePoint 2010 Products that are listed in this article do not
apply to search in SharePoint 2013. > This article links to SharePoint 2010 Products guidance where that guidance is still
valid. The SharePoint 2010 Products guidance is not applicable for search in SharePoint 2013 because the search
architecture has changed significantly. > The hardware and software requirements in this article refer to physical and
virtual servers in a SharePoint farm.
Overview
SharePoint 2013 provides for several installation scenarios. Currently, these installations include single server
with built-in database installations, single-server farm installations, and multiple-server farm installations. This
article describes the hardware and software requirements for SharePoint 2013 in each of these scenarios.
NOTE
The requirements listed in this section also apply to SQL Server 2014.
Software requirements
The requirements in the following section apply to the following installations:
Single server with built-in database
Server farm with a single server in the farm
Server farm with multiple servers in the farm
IMPORTANT
SharePoint 2013 does not support single label domain names. For more information, see Information about configuring
Windows for domains with single-label DNS names.
The Microsoft SharePoint Products Preparation Tool can assist you in the installation of the software
prerequisites for SharePoint 2013. Ensure that you have an Internet connection, because some prerequisites are
installed from the Internet. For more information about how to use the Microsoft SharePoint Products
Preparation Tool, see Install SharePoint 2013 across multiple servers for a three-tier farm and Install
SharePoint 2013 across multiple servers for a three-tier farm.
NOTE
SQL Server 2014 requires the May 2014 Cumulative Update to be installed. To install the May 2014 Cumulative Update
see Updates to SharePoint 2013.
NOTE
At this time, SQL Server 2016 RTM is not supported.
NOTE
SQL Server products and all future public updates and service packs are supported through the SQL Server product
lifecycle.
NOTE
At this time, Windows Server 2016 RTM is not supported.
The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter
or the 64-bit edition of Windows Server 2012 R2 Standard or Datacenter
NOTE
Windows Server 2012 R2 is only supported on a SharePoint Server 2013 Service Pack 1 environment. For
additional information about Windows Server 2012 R2 support, see SharePoint 2013 SP1 support in Windows
Server 2012 R2.
The SharePoint parsing process crashes in Windows Server 2008 R2 (KB 2554876)
FIX: IIS 7.5 configurations are not updated when you use the ServerManager class to commit
configuration changes (KB 2708075)
Hotfix: ASP.NET (SharePoint) race condition in .NET 4.5 RTM:
Windows Server 2008 R2 SP1 (KB 2759112)
Windows Server 2012 (KB 2765317)
The Setup program installs the following prerequisite for a single server with built-in database:
Microsoft SQL Server 2008 R2 SP1 - Express Edition
The Microsoft SharePoint Products Preparation Tool installs the following prerequisites for a single
server with built-in database:
Web Server (IIS ) role
Application Server role
Microsoft .NET Framework version 4.5
SQL Server 2008 R2 SP1 Native Client
Microsoft WCF Data Services 5.0
Microsoft Information Protection and Control Client (MSIPC )
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Windows Management Framework 3.0 which includes Microsoft PowerShell 3.0
Windows Identity Foundation (WIF ) 1.0 and Microsoft Identity Extensions (previously named WIF
1.1)
Windows Server AppFabric
Cumulative Update Package 1 for Microsoft AppFabric 1.1 for Windows Server (KB 2671763)
NOTE
The required software above will be supported when used by SharePoint via the SharePoint Product
Lifecycle.
Minimum requirements for front-end web servers and application servers in a farm:
NOTE
At this time, Windows Server 2016 RTM is not supported.
The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter
or the 64-bit edition of Windows Server 2012 R2 Standard or Datacenter.
NOTE
Windows Server 2012 R2 is only supported on a SharePoint Server 2013 Service Pack 1 environment. For
additional information about Windows Server 2012 R2 support, see SharePoint 2013 SP1 support in Windows
Server 2012 R2.
The SharePoint parsing process crashes in Windows Server 2008 R2 (KB 2554876)
FIX: IIS 7.5 configurations are not updated when you use the ServerManager class to commit
configuration changes (KB 2708075)
Hotfix: ASP.NET (SharePoint) race condition in .NET 4.5 RTM:
Windows Server 2008 R2 SP1 (KB 2759112)
Windows Server 2012 (KB 2765317)
The Microsoft SharePoint Products Preparation Tool installs the following prerequisites for front-end
web servers and application servers in a farm:
Web Server (IIS ) role
Application Server role
Microsoft .NET Framework version 4.5
SQL Server 2008 R2 SP1 Native Client
Microsoft WCF Data Services 5.0
Microsoft Information Protection and Control Client (MSIPC )
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Windows Management Framework 3.0 which includes Microsoft PowerShell 3.0
Windows Identity Foundation (WIF ) 1.0 and Microsoft Identity Extensions (previously named WIF
1.1)
Windows Server AppFabric
Cumulative Update Package 1 for Microsoft AppFabric 1.1 for Windows Server (KB 2671763)
Minimum requirements for client computers
A supported browser. For more information, see Plan browser support in SharePoint 2013. For information
on browsers supported on mobile devices, see Mobile device browsers supported in SharePoint 2013.
Minimum recommended services for development environments
The following are the minimum SharePoint 2013 services and service applications that are recommended for
development environments:
App Management service application
Central Administration web site
Claims to Windows Token service (C2WTS )
Distributed cache service
Microsoft SharePoint Foundation 2013 Site and Subscription Settings service
Secure Store Service
User Profile service application (SharePoint Server 2013 only)
Optional software
The optional software in this section is supported but is not required to install or use SharePoint 2013. This
software might be required by capabilities such as business intelligence. For more information about system
requirements for other capabilities, see Hardware and software requirements for other SharePoint 2013
capabilities.
Single server with built-in database, front-end web servers, .NET Framework Data Provider for SQL Server (part of
and application servers in a farm Microsoft .NET Framework)
.NET Framework Data Provider for OLE DB (part of Microsoft
.NET Framework)
Workflow Manager
You can install Workflow Manager on a dedicated computer.
Microsoft SQL Server 2008 R2 Reporting Services Add-in for
Microsoft SharePoint Technologies
This add-in is used by Access Services for SharePoint Server
2016.
Microsoft SQL Server 2012 Data-Tier Application (DAC)
Framework 64-bit edition
Microsoft SQL Server 2012 Transact-SQL ScriptDom 64-bit
edition
Microsoft System CLR Types for Microsoft SQL Server 2012
64-bit edition
Microsoft SQL Server 2012 with Service Pack 1 (SP1)
LocalDB 64-bit edition
Microsoft Data Services for the .NET Framework 4 and
Silverlight 4 (formerly ADO.NET Data Services)
Exchange Web Services Managed API, version 1.2
Microsoft SQL Server 2008 R2 Remote Blob Store which is
part of the Microsoft SQL Server 2008 R2 Feature Pack
SQL Server 2008 R2 Analysis Services ADOMD.NET
KB 2472264
If you are running a geo-distributed deployment and your
servers are running Windows Server 2008 R2, then installing
KB 2472264 can optimize network latency in a dedicated
datacenter network. For more information, and to download
the software, see You cannot customize some TCP
configurations by using the netsh command in Windows
Server 2008 R2.
SharePoint 2013 supports several commonly used web browsers, such as Internet Explorer, Google
Chrome, Mozilla Firefox, and Apple Safari. However, certain web browsers could cause some SharePoint
2013 functionality to be downgraded, limited, or available only through alternative steps.
As you plan your deployment of SharePoint 2013, we recommend that you review the browsers used in your
organization to guarantee optimal performance with SharePoint 2013.
Microsoft Edge X
Internet Explorer 11 X
Internet Explorer 10 X
Internet Explorer 9 X
Internet Explorer 8 X
Internet Explorer 7 X
Internet Explorer 6 X
Browser details
Review the details of the web browser that you have or plan to use in your organization to make sure that the web
browser works with SharePoint 2013 and according to your business needs.
Supported Internet Explorer versions
The product group makes every effort to validate that SharePoint functionality works correctly with released
versions of Internet Explorer. Customers who want a more deeply validated browser interaction experience should
strongly consider Internet Explorer.
Microsoft Edge, Internet Explorer 11, Internet Explorer 10, Internet Explorer 9, Internet Explorer 8
NOTE
Internet Explorer 11 edge mode is not supported. Add sites to the Compatibility View list to make some features work.
NOTE
Microsoft Edge is supported with the SharePoint Server 2013 December 2015 CU. For additional information about the
December 2015 CU, see December 8, 2015, update for SharePoint Foundation 2013 (KB3114352)
Some functionality in SharePoint 2013 requires ActiveX controls. This produces limitations on browsers which do
not support ActiveX. Currently only 32-bit versions of Internet Explorer support this functionality. All other
browsers have the following limitations.
NOTE
Internet Explorer 10 does not support Active X controls when in immersive mode. The functionality for the controls listed
below should only be expected to work in desktop mode.
Plugin name DLL Filename What it does Supported browser Known limitations
version
Digital Signature Dsigctrl.dll, dsigres.dll Digital signing takes Internet Explorer An inability to verify a
place in both the versions 8, 9 and 10 form produces an
InfoPath client and on error that states that
the InfoPath Forms the form cannot be
Services server. Make signed.
sure that the
following conditions
exist:
Forms that are signed
on the client can be
verified on the server.
Forms that are signed
on the server can be
verified on the client.
NameCtrl Name.dll Enables a web page Supported in Internet
to display a contact Explorer versions 8, 9,
card and presence and 10.
status for people. Firefox, Google
Integrates through Chrome are also
client-side APIs with supported by using a
Office 2016. plug-in.
Internet Explorer
version 10 immersive
mode is not
supported.
ExportDatabase Owssupp.dll Enables a user to use Internet Explorer To export a list, the
an application such as versions 8, 9, and 10 client computer must
Access to create or have a SharePoint
open a database that compatible
contains SharePoint application.
list data.
OpenDocuments Owssupp.dll Starts Office client All except Internet If a compatible Office
applications so that a Explorer version 10 in application or browser
user can create a immersive mode. is not installed on a
document or edit a client, an error
document. Enables message states that
users to create the feature requires a
documents that are SharePoint
based on a specified compatible
template, open application and web
documents as read- browser.
only, or open
documents as
read/write.
UploadCtl Stsupld.dll Enables drag-and- Internet Explorer
drop in SharePoint versions 8 and 9.
2013 visual mode
"upload multiple files"
dialog box.
See also
Other Resources
Plan for SharePoint Server
IP support in SharePoint 2013
6/7/2019 • 3 minutes to read • Edit Online
See also
Other Resources
IPv6 Survival Guide in the TechNet Wiki
Software boundaries and limits for SharePoint 2013
6/19/2019 • 62 minutes to read • Edit Online
IMPORTANT
Some values in this article are based on test results from SharePoint 2010 Products and may not represent the final values
for SharePoint Server 2013. This article will be updated with appropriate values as SharePoint Server 2013 test data
becomes available. > For information about current hardware and software requirements, see Hardware and software
requirements for SharePoint 2013.
NOTE
The capacity planning information in this document provides guidelines for you to use in your planning. It is based on
testing performed at Microsoft, on live properties. However, your results are likely to vary based on the equipment you use
and the features and functionality that you implement for your sites.
The following table lists the recommended guidelines for web applications.
Managed path for host- 20 per farm Supported Managed paths for host-
named site collections named site collections apply
at the farm level. Each
managed path that is
created can be applied in
any Web application.
Managed path for path- 20 per web application Supported Managed paths are cached
based site collections on the web server, and CPU
resources are used to
process incoming requests
against the managed path
list.
Managed paths for path-
based site collections apply
at the Web application level.
You can create a different
set of managed paths for
each Web application.
Exceeding 20 managed
paths per web application
adds more load to the web
server for each request.
If you plan to exceed twenty
managed paths in a given
web application, we
recommend that you test
for acceptable system
performance.
Solution cache size 300 MB per web application Threshold The solution cache allows
the InfoPath Forms service
to hold solutions in cache in
order to speed up retrieval
of the solutions. If the cache
size is exceeded, solutions
are retrieved from disk,
which may slow down
response times. You can
configure the size of the
solution cache by using the
PowerShell cmdlet Set-
SPInfoPathFormsService. For
more information, see Set-
SPInfoPathFormsService.
Web server and application server limits
The following table lists the recommended guidelines for web servers on the farm.
The following table lists the recommended guidelines for content databases.
Content database size (all 4 TB per content database Supported Content databases of up to
usage scenarios) 4 TB are supported when
the following requirements
are met:
Disk sub-system
performance of 0.25 IOPS
per GB, 2 IOPS per GB is
recommended for optimal
performance.
You must have developed
plans for high availability,
disaster recovery, future
capacity, and performance
testing.
You should also carefully
consider the following
factors:
Requirements for backup
and restore may not be met
by the native SharePoint
Server 2013 backup for
content databases larger
than 200 GB. It is
recommended to evaluate
and test SharePoint Server
2013 backup and alternative
backup solutions to
determine the best solution
for your specific
environment.
It is strongly recommended
to have proactive skilled
administrator management
of the SharePoint Server
2013 and SQL Server
installations.
The complexity of
customizations and
configurations on
SharePoint Server 2013 may
necessitate refactoring (or
splitting) of data into
multiple content databases.
Seek advice from a skilled
professional architect and
perform testing to
determine the optimum
content database size for
your implementation.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Examples of complexity may
include custom code
deployments, use of more
than 20 columns in
property promotion, or
features listed as not to be
used in the over 4 TB
section below.
Refactoring of site
collections allows for scale
out of a SharePoint Server
2013 implementation across
multiple content databases.
This permits SharePoint
Server 2013
implementations to scale
indefinitely. This refactoring
will be easier and faster
when content databases are
less than 200 GB.
It is suggested that for ease
of backup and restore that
individual site collections
within a content database
be limited to 100 GB. For
more information, see Site
collection limits.
IMPORTANT: We do not
recommend the use of
content databases that
exceed 4 TB, except in
document archive scenarios
(described in the next row in
this table). If, in the future,
you need to upgrade your
SharePoint Server 2013
installation, upgrading the
site collections within the
content databases can be
very difficult and time
consuming. > It is strongly
recommended that you
scale out across multiple
content databases, rather
than exceed 4 TB of data in
a single content database.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Content database size No explicit content database Supported Content databases with no
(document archive scenario) limit explicit size limit for use in
document archive scenarios
are supported when the
following requirements are
met:
You must meet all
requirements from the
"Content database size (all
usage scenarios)" limit
earlier in this table, and you
should ensure that you have
carefully considered all the
factors discussed in the
Notes field of that limit.
SharePoint Server 2013 sites
must be based on
Document Center or
Records Center site
templates.
Less than 5% of the content
in the content database is
accessed each month on
average, and less than 1% of
content is modified or
written each month on
average.
Do not use alerts,
workflows, link fix-ups, or
item level security on any
SharePoint Server 2013
objects in the content
database.
Note: Document archive
content databases can be
configured to accept
documents from Content
Routing workflows.
For more information about
large-scale document
repositories, see Estimate
performance and capacity
requirements for large scale
document repositories in
SharePoint Server 2010, and
the Typical large-scale
content management
scenarios section of the
article Enterprise content
storage planning
(SharePoint Server 2010).
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Content database items 60 million items including Supported The largest number of items
documents and list items per content database that
has been tested on
SharePoint Server 2013 is
60 million items, including
documents and list items. If
you plan to store more than
60 million items in
SharePoint Server 2013, you
must deploy multiple
content databases.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Site collections per content 10,000 maximum (2,500 Supported We strongly recommended
database non-Personal site collections limiting the number of site
and 7,500 Personal Sites, or collections in a content
10,000 Personal Sites alone) database to 5,000. However,
up to 10,000 site collections
in a database are supported.
Note that in a content
database with up to 10,000
total site collections, a
maximum of 2,500 of these
can be non-Personal site
collections. It is possible to
support 10,000 Personal
site collections if they are
the only site collections
within the content database.
These limits relate to speed
of upgrade. The larger the
number of site collections in
a database, the slower the
upgrade with respect to
both database upgrade and
site collection upgrades.
The limit on the number of
site collections in a database
is subordinate to the limit
on the size of a content
database that has more
than one site collection.
Therefore, as the number of
site collections in a database
increases, the average size
of the site collections it
contains must decrease.
Exceeding the 5,000 site
collection limit puts you at
risk of longer downtimes
during upgrades. If you plan
to exceed 5,000 site
collections, we recommend
that you have a clear
upgrade strategy to address
outage length and
operations impact, and
obtain additional hardware
to speed up the software
updates and upgrades that
affect databases.
To set the warning and
maximum levels for the
number of sites in a content
database, use the
PowerShell cmdlet Set-
SPContentDatabase with
the -WarningSiteCount
parameter. For more
information, see [Set-
SPContentDatabase]/powers
hell/module/sharepoint-
server/Set-
SPContentDatabase?
view=sharepoint-ps).
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Remote BLOB Storage (RBS) Time to first byte of any Boundary When SharePoint Server
storage subsystem on response from the NAS 2013 is configured to use
Network Attached Storage should remain within 40 RBS, and the BLOBs reside
(NAS) milliseconds 95% of the on NAS storage, consider
time. the following supported
limit.
From the time that
SharePoint Server 2013
requests a BLOB, until it
receives the first byte from
the NAS, 95% of the time no
more than 40 milliseconds
can pass.
The following table lists the recommended guidelines for site collections.
Site collections per farm 750,000 per farm (500,000 Supported The maximum
rooted with the Personal recommended number of
Sites template and 250,000 site per farm is 500,000 site
rooted with other sites collections containing only
types) one Personal Sites plus
250,000 site collections
containing any other for all
other site templates. The
Sites can all reside on one
web application, or can be
distributed across multiple
web applications.
Note that this limit is
affected by other factors
that might reduce the
effective number of site
collections that can be
supported by a given
content database. Care
must be exercised to avoid
exceeding supported limits
when a container object,
such as a content database,
contains a large number of
other objects. For example, if
a farm contains a smaller
total number of content
databases, each of which
contains a large number of
site collections, farm
performance might be
adversely affected long
before the supported limit
for the number of site
collections is reached.
For example, Farm A
contains a web application
that has 200 content
databases, a supported
configuration. If each of
these content databases
contains 1,000 site
collections, the total number
of site collections in the web
of site collections in the web
LIMIT MAXIMUM VALUE LIMIT TYPE application
NOTES will be 200,000,
which falls within supported
limits. However, if each
content database contains
10,000 site collections, even
though this number is
supported for a content
database, the total number
of site collections in the farm
will be 2,000,000, which
exceeds the limit for the
number of site collections
per web application and per
farm.
Memory usage on the web
servers should be
monitored, as memory
usage is dependent on
usage patterns and how
many sites are being
accessed in given timeframe.
Similarly, the crawl targets
might also exhibit memory
pressure, and if so the
application pool should be
configured to recycle before
available memory on any
web server drops to less
than 2 GB.
Site collection size Maximum size of the Supported A site collection can be as
content database large as the content
database size limit for the
applicable usage scenario.
For more information about
the different content
database size limits for
specific usage scenarios, see
the Content database limits
table in this article.
In general, we strongly
recommend limiting the size
of site collections to 100 GB
for the following reasons:
Certain site collection
actions, such as site
collection backup/restore or
the PowerShell cmdlet
Move-SPSite, cause large
SQL Server operations which
can affect performance or
fail if other site collections
are active in the same
database. For more
information, see Move-
SPSite.
SharePoint site collection
backup and restore is only
supported for a maximum
site collection size of 100
GB. For larger site
collections, the complete
content database must be
backed up. If multiple site
collections larger than 100
GB are contained in a single
content database, backup
and restore operations can
take a long time and are at
risk of failure.
The following table lists the recommended guidelines for lists and libraries. For more information, see Designing
large Lists and maximizing list performance (SharePoint Server 2010).
List row size 8,000 bytes per row Boundary Each list or library item can
only occupy 8,000 bytes in
total in the database. 300
bytes are reserved, leaving
7700 bytes for end-user
columns. For details on how
much space each kind of
field consumes, see Column
limits.
Documents 30,000,000 per library Supported You can create very large
document libraries by
nesting folders, or using
standard views and site
hierarchy. This value may
vary depending on how
documents and folders are
organized, and by the type
and size of documents
stored.
Items 30,000,000 per list Supported You can create very large
lists using standard views,
site hierarchies, and
metadata navigation. This
value may vary depending
on the number of columns
in the list and the usage of
the list.
Bulk operations 100 items per bulk Boundary The user interface allows a
operation maximum of 100 items to
be selected for bulk
operations.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
List view lookup threshold 12 join operations per query Threshold Specifies the maximum
number of joins allowed per
query, such as those based
on lookup, person/group, or
workflow status columns. If
the query uses more than
eight joins, the operation is
blocked. This does not apply
to single item operations.
When using the maximal
view via the object model
(by not specifying any view
fields), SharePoint will return
up to the first 12 lookups.
Note: After applying the
SharePoint Server 2013
cumulative update package
released on August 13,
2013
(https://support.microsoft.co
m/en-us/kb/2817616), the
default value is increased
from 8 to 12.
Column limits
SharePoint Server 2013 data is stored in SQL Server tables. Each column type has a size value listed in bytes. The
sum of all columns in a SharePoint list cannot exceed 8,000 bytes.
Managed metadata 190 Threshold 60 bytes for the first, The first Managed
40 bytes for each Metadata field added
subsequent to a list is allocated
four columns:
A lookup field for the
actual tag
A hidden text field for
the string value
A lookup field for the
catch all
A lookup field for
spillover of the catch
all
Each subsequent
Managed Metadata
field added to a list
adds two more
columns:
A lookup field for the
actual tag
A hidden text field for
the string value
External Data columns have the concept of a primary column and secondary columns. When you add an external
data column, you can select some secondary fields of the external content type that you want to be added to the
list. For example, given an External Content Type "Customer" which has fields like "ID", "Name", "Country", and
"Description", when you add an External Data column of type "Customer" to a list, you can add secondary fields
to show the "ID", "Name" and "Description" of the Customer. Overall these are the columns that get added:
Primary column: A text field.
Hidden Id column: A multi-line text field.
Secondary columns: Each secondary column is a text/number/Boolean/multi-line text that is based on the
data type of the secondary column as defined in the Business Data Catalog model. For example, ID might
be mapped to a Number column; Name might be mapped to a Single line of text column ; Description
might be mapped to a Multiple lines of text column.
Page limits
Web parts 25 per wiki or Web Part Threshold This figure is an estimate
page based on simple Web Parts.
The complexity of the Web
Parts dictates how many
Web Parts can be used on a
page before performance is
affected.
Security limits
Users in a site collection 2 million per site collection Supported You can add millions of
people to your web site by
using Microsoft Windows
security groups to manage
security instead of using
individual users.
This limit is based on
manageability and ease of
navigation in the user
interface.
When you have many
entries (security groups of
users) in the site collection
(more than one thousand),
you should use PowerShell
to manage users instead of
the UI. This will provide a
better management
experience.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Active Directory 5,000 per SharePoint group Supported SharePoint Server 2013
Principles/Users in a enables you to add users or
SharePoint group Active Directory groups to a
SharePoint group.
Having up to 5,000 users
(or Active Directory groups
or users) in a SharePoint
group provides acceptable
performance.
The activities most affected
by this limit are as follows:
Fetching users to validate
permissions. This operation
takes incrementally longer
with growth in number of
users in a group.
Rendering the membership
of the view. This operation
will always require time.
SharePoint groups 10,000 per site collection Supported Above 10,000 groups, the
time to execute operations
is increased significantly. This
is especially true of adding a
user to an existing group,
creating a new group, and
rendering group views.
Security principal: size of the 5,000 per Access Control Supported The size of the scope affects
Security Scope List (ACL) the data that is used for a
security check calculation.
This calculation occurs every
time that the scope
changes. There is no hard
limit, but the bigger the
scope, the longer the
calculation takes.
Limits by feature
This section lists limits sorted by feature.
Search limits
The recommended guidelines for search are organized according to the aspects of search that they impact: the
topology, the size of items, dictionaries, crawling, schema, queries and results, ranking, and the index.
NOTE
Limits for Search have changed significantly as the feature has been updated. For more information, see Plan search in
SharePoint Server.
Analytics reporting 4 per Search service Threshold You can exceed this limit to
databases application accommodate specific
requirements. When scaling,
add an analytics reporting
database when the size of
any of the deployed
analytics databases reaches
250 GB total size, or 20 M
total rows. This way
repartitioning is as balanced
as possible.
Link databases 4 per Search service Supported The highest tested number
application of items a link database can
contain is 100 million.
Index replicas 3 per index partition Supported Each index partition can
have a set of replica. If you
increase the number of
index replicas, this has a
positive effect on the query
performance and it provides
better fault tolerance. But, if
you add too many replicas
to your index partition, this
can adversely affect
indexing.
For Internet sites scenarios,
which typically have a high
query rate but low content
volume (less than 4 million
items per partition), the
supported limit is 6 index
replicas per partition.
For SharePoint Foundation
2013, the maximum number
of index components per
Search service application is
one, so the maximum
number of index partitions
per Search service
application is limited to one.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Search components 64 per Search service Supported This limit does not include
application crawl components. The sum
of all the other search
components must stay
within this limit.
Content sources 500 per Search service Boundary There is overhead associated
application with each content source, so
we recommend that you
create the smallest number
of content sources that
satisfy your other
operational requirements,
for example differences in
crawl priority and
scheduling.
Indexed managed property 512 KB per Threshold This is the default value for
size searchable/queryable the maximum size of a
managed property managed property that is
set to either "searchable" or
"queryable". You can
configure this limit by using
PowerShell cmdlets and the
schema object model to set
the
MP.MaxCharactersInProp
ertyStoreIndex attribute.
Enter the value in bytes. The
maximum value for this
maximum size is 2,097,152
bytes.
If you increase this limit you
enable indexing of more
data per managed property.
Indexing more data per
managed property uses
more disk space and
increases the overall load on
the search system.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Retrievable managed 16 KB per managed Threshold This is the default value for
property size property the maximum size of a
retrievable managed
property. You can configure
this limit per managed
property by using
PowerShell cmdlets and the
schema object model to set
the
P.MaxCharactersInPropert
yStoreForRetrievalattribut
e. Enter the value in bytes.
The maximum value for this
maximum size is 2,097,152
bytes.
If you increase this limit you
enable indexing of more
data per managed property.
Indexing and retrieving
more data per managed
property increases the
overall load on the system
and uses more disk space.
Sortable and refinable 16 KB per managed Boundary This is the maximum size of
managed property size property a sortable and refinable
managed property.
Number of entries in a 5,000 terms per tenant Boundary This limits the number of
custom search dictionary terms allowed for inclusions
and exclusions dictionaries
for query spelling correction
and company extraction.
You can store more terms
than this limit in the
Termstore, but search only
uses 5000 terms per tenant.
Crawled properties 500,000 per Search service Supported The contents and metadata
application of the items that you crawl
are represented as crawled
properties. You can map
these crawled properties to
managed properties. If the
number of crawled
properties exceeds this
supported limit, this reduces
indexing speed.
Managed properties 50,000 per Search service Supported Search uses managed
application propertied in queries.
Crawled properties are
mapped to managed
properties. Exceeding the
supported limit for
managed properties reduces
indexing speed.
Managed property 100 per managed property Supported Crawled properties can be
mappings mapped to managed
properties. Exceeding this
limit might decrease crawl
speed and query
performance.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Metadata properties 100,000 per crawled item Supported This is the maximum
recognized number of metadata
properties that the crawl
component can determine
when crawling an item.
These metadata properties
can be mapped or used for
queries. Approaching this
number of crawled
properties might result in a
low crawl rate.
Text length for queries using 4 KB (4,096 characters) Supported This is the tested and
Keyword Query Language default value for the
maximum text length for a
query built by using
Keyword Query Language,
except for Discovery queries.
For Discovery queries 16 KB
(16,384 characters) is the
default maximum value.
The default value for the
maximum text length can be
increased up to the
boundary of 20 KB (20,480)
for all query types.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Number of rows in a result 500 rows Supported This is the tested and
set default value for the
maximum number of rows
in a result set, except for a
Discovery query. For
Discovery queries 10,000
rows is the default value. To
display the entire result set,
issue more paging queries.
You can change the value
for the maximum number of
rows in a result set by using
PowerShell cmdlets to
change the Search service
application property
MaxRowLimit.
MaxRowLimit defines the
maximum value of the
query property RowLimit
and the Discovery query
property RowLimit.
RowLimit defines the
number of rows each page
contains in a result set. You
can increase MaxRowLimit
up to 10,000 rows, this is
the supported boundary.
Search alert quota 100,000 alerts per Search Supported End-users can set search
service application alerts for the result set of a
query. When the results are
changed or updated, search
notifies the end-user. This is
the tested limit for a Search
service application that has
a mix of end-user queries
(75%) and alert queries
(25%). The limit for a Search
service application that has
only alert queries is 400,000
alerts. These limits are based
on a system with five
queries per second (QPS).
Ranking models 1,000 per tenant Boundary Approaching this limit can
adversely affect the overall
system performance.
Unique contexts used for 15 unique contexts per rank Boundary This is the maximum
ranking model number of unique contexts
per rank model.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Authoritative pages 1 top level and minimal Supported Use as few second- and
second and third level pages third-level pages as possible
per Search service while still achieving the
application desired relevance.
The boundary is 200
authoritative pages per
relevance level per Search
service application. If you
add more pages, you may
not achieve the desired
relevance. Add the key site
to the first relevance level.
Add more key sites at either
second or third relevance
levels, one at a time.
Evaluate relevance after
each addition to make sure
that that you have achieved
the desired relevance effect.
Unique terms in the index 2^31 (>2 billion terms) Boundary This is the maximum
number of unique terms
that can exist in the index of
a Search service application.
The following table lists the recommended guidelines for User Profile Service.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Social tags, notes and 500,000,000 per social Supported Up to 500 million total
ratings database social tags, notes and
ratings are supported in a
social database without
significant decreases in
performance. However,
database maintenance
operations such as backup
and restore may show
decreased performance at
that point.
The following table lists the recommended guidelines for content deployment.
Blog limits
The following table lists the recommended guidelines for blogs.
The following table lists the recommended guidelines for Business Connectivity Services.
ECT (in-memory) 5,000 per web server (per Boundary Total number of external
tenant) content type (ECT)
definitions loaded in
memory at a given point in
time on a web server.
External system connections 500 per web server Boundary Number of active/open
external system connections
at a given point in time. The
default maximum value is
200; the boundary is 500.
This limit is enforced at the
web server scope, regardless
of the kind of external
system (for example,
database, .NET assembly,
and so on) The default
maximum is used to restrict
the number of connections.
An application can specify a
larger limit via execution
context; the boundary
enforces the maximum even
for applications that do not
respect the default.
Database items returned 2,000 per database Threshold Number of items per
per request connector request the database
connector can return.
The default maximum of
2,000 is used by the
database connector to
restrict the number of result
that can be returned per
page. The application can
specify a larger limit via
execution context; the
Absolute Max enforces the
maximum even for
applications that do not
respect the default. The
boundary for this limit is
1,000,000.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Service response size 150,000,000 bytes Threshold The upper volume of data
per request the external
data connector can return.
The default value is
3,000,000 bytes, but
applications can be
configured to specify a
larger value up to the
maximum of 150,000,000
bytes.
Filter Descriptor (in-store) 200 per ECT method Boundary The maximum number of
Filter Descriptors per ECT
method is 200.
Workflow limits
Workflow timer batch size 100 Threshold The number of events that
each run of the workflow
timer job will collect and
deliver to workflows. It is
configurable by using
PowerShell. To allow for
additional events, you can
run additional instances of
the SharePoint Foundation
Workflow Timer Service.
Workflow associations 100 per list Supported Exceeding this limit will
degrade browser
performance due to the
large volume of data that is
loaded for more than 100
associations and their status
columns.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
List items or documents 5,000 items Supported Testing has verified that all
that can be bulk created or workflow activation events
uploaded to start workflow are processed for an on-
instances item-creation workflow
association when up to
5,000 items are created in a
single bulk upload.
Exceeding this limit could
cause workflow initiation to
time out.
Published workflow 1,000 per web site Supported The maximum supported
definitions per web site number of published
workflow definitions per web
site is 1,000.
Total workflow associations 1,799 per site Boundary The Service Bus supports a
per site maximum of 1,799
subscriptions per scope. This
maximum value includes the
sum of both published and
unpublished associations.
Rest calls from SharePoint 60 per second Supported Testing has confirmed that a
workflow per second per SharePoint web server can
web server effectively process up to 60
rest calls per second from
SharePoint workflow. If this
level of volume will be
exceeded, we recommend
that an additional load-
balanced web server be
added to the SharePoint
farm. In testing, 120 rest
calls per second against a
single web server resulted in
sustained 90-100% CPU
utilization. Adding a second
web server reduced CPU
utilization to 30-40% on
both servers. Adding a third
web server enabled
processing of 180 calls per
second, with 30-40% CPU
utilization on all three
servers, and so on. The
servers used for this test
were Hyper-V virtual
machines with 16 core
processor and 24 GBs RAM
each.
Maximum list size for 5,000 items per list view Threshold This limit is a result of the
workflow lookups to non- maximum view size limit.
indexed fields When this limit is exceeded,
workflow lookups to non-
indexed fields will fail for
non-administrative users. At
this threshold, an index
must be created for the
field, in order for workflows
to be able to successfully
perform lookups against the
field.
Maximum list size for auto- 10 million items per list Supported Testing has confirmed that
start workflow associations the performance of auto-
start workflow associations
is not affected when list size
grows to 1 million items.
Because response time
doesn't change as list size
scales, the effective limit is
the same as the maximum
number of items in a non-
workflow list.
Managed Metadata limits
The following table lists the recommended guidelines for managed metadata configuration.
Number of folders with 1,000 folders per site, or Boundary Location-based default
location-based defaults data file size of 256 Mb metadata allows you to set
default values for list
columns per folder. You can
only apply location-based
default values on up to
1,000 folders per site, or up
to the point at which the
data file in which location-
based default metadata is
stored for the site
(client_LocationBasedDefault
s.html) reaches 265 Mb.
When the number of folders
in the data file exceeds
1,000, or the data file size
exceeds 256 Mb, default
values added for additional
folders will be ignored.
Number of links in or file 1,000 links or file size of 256 Boundary When a document
size of a document that are Mb per document containing links is added to
updated when the target a folder, SharePoint
location changes Foundation 2013 will
update links automatically
when the link target is
moved to a new location. In
a document with more than
1,000 links, or a document
with a file size that exceeds
256 Mb, the document is
treated as though it
contains no links, and
updates to link targets are
ignored for the entire
document.
The following table lists the recommended guidelines for managed metadata term stores.
See also Overview of Managed Metadata service in SharePoint 2013 and The impact of having multiple
Managed Metadata services per farm
Visio Services limits
The following table lists the recommended guidelines for instances of Visio Services in SharePoint.
Visio Services minimum Minimum cache age: 0 to Threshold Minimum cache age applies
cache age (data connected 24hrs to data connected diagrams.
diagrams) It determines the earliest
point at which the current
diagram can be removed
from cache.
Setting Min Cache Age to a
very low value will reduce
throughput and increase
latency, because invalidating
the cache too often forces
Visio to recalculate often
and reduces CPU and
memory availability.
Visio Services maximum Maximum cache age: 0 to Threshold Maximum cache age applies
cache age (non-data 24hrs to non-data connected
connected diagrams) diagrams. This value
determines how long to
keep the current diagram in
memory.
Increasing Max Cache Age
decreases latency for
commonly requested
drawings.
However, setting Max Cache
Age to a very high value
increases latency and slows
throughput for items that
are not cached, because the
items already in cache
consume and reduce
available memory.
The SharePoint Web Analytics service has been deprecated in SharePoint Server 2013.
PerformancePoint Services limits
The following table lists the recommended guidelines for PerformancePoint Services in SharePoint.
Columns and rows 15 columns by 60,000 rows Threshold The maximum number of
columns and rows when
rendering any
PerformancePoint
dashboard object that uses
a Excel workbook as a data
source. The number of rows
could change based on the
number of columns.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Query on a SharePoint list 15 columns by 5,000 rows Supported The maximum number of
columns and row when
rendering any
PerformancePoint
dashboard object that uses
a SharePoint list as a data
source. The number of rows
could change based on the
number of columns.
Query on a SQL Server data 15 columns by 20,000 rows Supported The maximum number of
source columns and row when
rendering any
PerformancePoint
dashboard object that uses
a SQL Server table data
source. The number of rows
could change based on the
number of columns.
The following table lists the recommended guidelines for Word Automation Services.
Input file Size 512 MB Boundary Maximum file size that can
be processed by Word
Automation Services.
Frequency with which to 1 minute (recommended) Threshold This setting determines how
start conversions (minutes) 15 minutes (default) often the Word Automation
59 minutes (boundary) Services timer job executes.
A lower number leads to the
timer job running faster. Our
testing shows that it is most
useful to run this timer job
once per minute.
Conversion job size 100,000 conversion items Supported A conversion job includes
one or more conversion
items, each of which
represents a single
conversion to be performed
on a single input file in
SharePoint. When a
conversion job is started
(using the
ConversionJob.Start
method), the conversion job
and all conversion items are
transmitted over to an
application server which
then stores the job in the
Word Automation Services
database. A large number of
conversion items will
increase both the execution
time of the Start method
and the number of bytes
transmitted to the
application server.
Total active conversion N-1, where N is the number Threshold An active conversion
processes of cores on each application process can consume a
server single processing core.
Therefore, customers should
not run more conversion
processes than they have
processing cores in their
application servers. The
conversion timer job and
other SharePoint activities
also require occasional use
of a processing core.
We recommend that you
always leave 1 core free for
use by the conversion timer
job and SharePoint.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Word Automation Services 2 million conversion items Supported Word Automation Services
database size maintains a persistent
queue of conversion items
in its database. Each
conversion request
generates one or more
records.
Word Automation Services
does not delete records
from the database
automatically, so the
database can grow
indefinitely without
maintenance. Administrators
can manually remove
conversion job history by
using the PowerShell cmdlet
Remove-
SPWordConversionServiceJo
bHistory. For more
information, see Remove-
SPWordConversionServiceJo
bHistory.
The following table lists the recommended guidelines for Excel Services in SharePoint.
The following table lists the recommended guidelines for the Machine Translation Service.
Input file size for binary files 524,288 KB per file Threshold Files larger than the limit
take too long to transfer
and process, decreasing the
throughput of the service.
Input file size for text files 15,360 KB per file Threshold Files larger than the limit
have too much text to
translate, decreasing the
throughput of the service.
Maximum character count 10,000,000 per document Threshold Documents with more
for Microsoft Word characters than the limit
Documents have too much text to
translate, decreasing the
throughput of the service.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Number of translations per 1,000 per process Threshold Starting more translations
translation process than the limit causes
translations to fail due to
timing out because they
cannot be processed before
the timeout period.
Files per translation job 100,000 files Supported Submitting jobs with a
number of files that exceeds
the limit causes job
submittal time and
processing time to be too
long.
The following table lists the recommended guidelines for Office Online. Office client application limits also apply
when an application is running as a web app.
The following table lists the recommended guidelines for Project Server. For more information about how to plan
for Project Server, see Planning and architecture for Project Server 2010.
End of project time Date: 12/31/2149 Boundary Project plans cannot extend
past the date 12/31/2149.
Deliverables per project plan 1,500 deliverables Boundary Project plans cannot contain
more than 1,500
deliverables.
The following table lists the recommended guidelines for apps for SharePoint.
LIMIT MAXIMUM VALUE LIMIT TYPE NOTES
Number of apps in the 500 Boundary When more than 500 apps
corporate catalog viewable from the corporate catalog
by a single user are available to a single user,
that user will no longer see
any apps in the default Add
an App view. Instead, a
message guiding you to
search the app catalog or
the SharePoint Store will
appear.
The following table lists the recommended guidelines for the distributed cache service.
Miscellaneous limits
The following table lists limits and recommended guidelines for services and features not covered in other
sections.
Maximum size of EDiscovery 16K characters or 500 Boundary The size of an EDiscovery
Query keywords query is limited to 500
keywords or 16,000
characters, whichever is
reached first.
Related topics
Hardware and software requirements for SharePoint 2013
Performance planning in SharePoint Server 2013
Capacity management and sizing overview for
SharePoint Server 2013
7/17/2019 • 31 minutes to read • Edit Online
IMPORTANT
Some values in this article are based on test results and other information related to SharePoint 2010 Products and may not
represent the final values for SharePoint Server 2013. This article will be updated with appropriate values, links to related
content and other information and republished when data related to SharePoint Server 2013 becomes available.
Capacity management is an ongoing process, because no implementation remains static with regard to content
and usage. You need to plan for growth and change, so that your SharePoint Server 2013-based environment can
continue to deliver an effective business solution.
Capacity Planning is only one part of the capacity management cycle. It is the initial set of activities that brings the
design architect to the point where there is an initial architecture that the architect believes will best serve the
SharePoint Server 2013 deployment. The capacity management model includes additional steps to help you
validate and tune the initial architecture, and provides a feedback loop for re-planning and optimizing the
production environment until it can support design goals with optimal choices of hardware, topology, and
configuration.
Glossary
The following specialized terms are used in SharePoint Server 2013 capacity management documentation.
RPS Requests per second. The number of requests received by a farm or server in one second. This is a
common measurement of server and farm load. The number of requests processed by a farm is greater than
the number of page loads and end-user interactions. This is because each page contains several
components, each of which creates one or more requests when the page is loaded. Some requests are
lighter than other requests with regard to transaction costs. In our lab tests and case study documents, we
remove 401 requests and responses (authentication handshakes) from the requests that were used to
calculate RPS because they have insignificant impact on farm resources.
Peak hours The time or times during the day when load on the farm is at its maximum.
Peak load The average maximum daily load on the farm, measured in RPS.
Load spike Transient load peaks that fall outside usual peak hours. These can be caused by unplanned
increases in user traffic, decreased farm throughput because of administrative operations, or combinations
of such factors.
Scale up To scale up means to add resources such as processors or memory to a server.
Scale out To scale out means to add more servers to a farm.
Who should read capacity management articles?
Consider the following questions to determine whether you should read this content.
Evaluating SharePoint Server 2013
IMPORTANT
Some links in this section might refer to SharePoint Server 2010 and other previous product versions, and will be updated
when SharePoint Server 2013 versions of this content become available.
I am an IT pro or business decision maker, and I am looking for a solution to specific business problems. SharePoint
Server 2013 is an option for my deployment. Can it provide features and scalability that meet my specific
requirements?
For information about how SharePoint Server 2013 scales to meet the demands of specific solutions and how to
determine the hardware that will be required to support your requirements, see the following sections later in this
article:
Hardware and software requirements for SharePoint 2013
For information about how to evaluate SharePoint Server 2013 for your specific business requirements, see the
following articles:
What's new
Hardware and software requirements for SharePoint 2013
Upgrading from Office SharePoint Server 2010
I am currently using SharePoint Server 2010. What has changed in SharePoint Server 2013, and what do I have to
consider if I upgrade? What effect will the upgrade have on my topology's performance and scale?
For information about more general upgrade considerations and guidance on how to plan and execute an upgrade
from Office SharePoint Server 2007, see the following article:
Upgrade from SharePoint 2010 to SharePoint 2013
Tuning and optimizing a live SharePoint-based environment
I have deployed SharePoint Server 2013, and I want to make sure I have the appropriate hardware and topology
in place. How do I validate my architecture and maintain it correctly?
For information about monitoring and performance counters for SharePoint Server 2013 farms, see the following
article:
Monitoring and maintaining SharePoint Server 2013
For information about how to use the health monitoring tools built into the Central Administration interface, see
the following article:
Monitoring and Reporting in SharePoint Server
I have deployed SharePoint Server 2013, and I am experiencing performance issues. How do I troubleshoot and
optimize my environment?
For information about monitoring and performance counters for SharePoint Server 2013 farms, see the following
articles:
Monitoring and maintaining SharePoint Server 2013
Plan for monitoring in SharePoint Server
For information about tools and techniques for optimizing SharePoint Server 2013 farms, see the following article:
Optimize performance for SharePoint Server 2013
For information about troubleshooting by using the health monitoring tools built into the Central Administration
interface, see the following article:
Solving problems and troubleshooting in SharePoint Server
For a list of capacity management articles that are available for specific SharePoint Server 2010 services and
features (more articles will be added as they become available), see the following article:
Performance and capacity test results and recommendations (SharePoint Server 2013)
For information about database sizing and performance, see the following article:
Storage and SQL Server capacity planning and configuration (SharePoint Server)
For information about Remote BLOB Storage (RBS ), see the following article:
Deciding to use RBS in SharePoint Server
Beginning to end
I want to know everything about SharePoint Server 2013 capacity management. Where do I start?
For information about the general concepts behind capacity management and links to additional documentation
and resources, see the following article:
Performance planning in SharePoint Server 2013
For additional information about capacity management, see the following companion articles to this overview
article:
Capacity planning for SharePoint Server 2013
Performance testing for SharePoint Server 2013
Monitoring and maintaining SharePoint Server 2013
Optimize performance for SharePoint Server 2013
You should now have a good understanding of the concepts. For information the limits and boundaries of
SharePoint Server 2013, see the following article:
Software boundaries and limits for SharePoint 2013
When you are ready to identify a starting point topology for your SharePoint Server 2013-based environment, you
can look through the library of available technical case studies to find the one that most closely matches your
requirements. For a list of SharePoint Server 2010 case studies (SharePoint Server 2013 case studies will be
published as they become available), see the following article:
Performance and capacity technical case studies (SharePoint Server 2010)
For information about health monitoring and troubleshooting by using the health monitoring tools built into the
Central Administration interface, see the following articles:
Plan for monitoring in SharePoint Server
Solving problems and troubleshooting in SharePoint Server
For more information about how to virtualize SharePoint Server 2013-based servers, see the following article:
Plan for on-premises or hosted virtualization in SharePoint 2013
For more information about high availability and disaster recovery, see the following article:
Plan for high availability and disaster recovery for SharePoint Server
Step 1: Model Modeling is the process by which you decide the key solutions that you want your
environment to support, and establish all important metrics and parameters. The output of the modeling
exercise should be a list of all the key data that you must have to design your environment.
Understand your expected workload and dataset.
Set farm performance and reliability targets.
Analyze the SharePoint Server 2013 IIS logs.
Step 2: Design Once you have collected the data from Step 1, you can design your farm. Outputs are
detailed data architecture and physical and logical topologies.
Determine your starting point architecture.
Select your hardware.
Step 3: Pilot, Test, and Optimize If you have designed a new deployment, you must deploy a pilot
environment for testing against your workload and expected usage characteristics. For an existing farm,
testing is advised when major changes are being made to the infrastructure, but regular optimization based
on monitoring results might be necessary to maintain performance targets. The output from this phase is
analysis of test results against targets, and an optimized architecture able to sustain established performance
and capacity targets.
Pilot Deploy a pilot environment.
Test Test against latency and throughput targets.
Optimize Gather test results and make any required changes to the farm resources and topology.
Step 4: Deploy This step describes implementing the farm, or deploying changes to an existing farm.
Output for a new design is a completed deployment to live production, including all content and user
migrations. Output for an existing farm is revised farm maps and updates to maintenance plans.
Step 5: Monitor and maintain This step describes how to set up monitoring, and how to predict and
identify bottlenecks and perform regular maintenance and bottleneck mitigation activities.
Reference architectures
SharePoint Server 2013 is a complex and powerful product, and there is no one-size-fits-all architecture solution.
Each SharePoint Server 2013 deployment is unique, and is defined by its usage and data characteristics. Every
organization needs to perform a thorough capacity management process and effectively take advantage of the
flexibility that the SharePoint Server 2013 system offers to customize a correctly sized solution that best satisfies
the organizational needs.
The concept of reference architectures is meant to describe and illustrate the different major categories of
SharePoint Server 2013 deployments, and not to provide a recipe for architects to use to design their solutions.
This section focuses on describing the vectors on which SharePoint Server 2013 deployments usually scale.
The architectures listed here are provided as a useful way to understand the general differentiators between these
generic categories, and to distinguish them by general cost factors and scale of effort.
Single server deployment
The single server deployment architecture consists of one server that is running SharePoint Server 2013 and a
supported version of SQL Server. This architecture might be appropriate for evaluation purposes, developers or
for an isolated non-mission-critical departmental implementation with only a few users. However, we do not
recommend its use for a production environment.
CONTENT DESCRIPTION
Initial deployment administrative and service accounts in Provides information about the administrative and service
SharePoint Server accounts that are required for an initial SharePoint Server
installation.
Account permissions and security settings in SharePoint 2013 Describes SharePoint Server 2013 administrative and services
account permissions. This article discusses the following areas:
Microsoft SQL Server, the file system, file shares, and registry
entries.
Install prerequisites for SharePoint Server from a network Describes how to install SharePoint Server prerequisites from
share an offline shared network location using the prerequisite
installer (PrerequisiteInstaller.exe) tool.
Account permissions and security settings in
SharePoint 2013
6/19/2019 • 22 minutes to read • Edit Online
IMPORTANT
Do not use service account names that contain the symbol $ with the exception of using a Group Managed Service Account
for SQL Server.
After you run the configuration wizards, machine-level permissions for the setup user administrator account
include:
Membership in the WSS_ADMIN_WPG Windows security group.
Membership in the IIS_WPG role.
After you run the configuration wizards, database permissions include:
db_owner on the SharePoint server farm configuration database.
db_owner on the SharePoint Central Administration content database.
Cau t i on
If the account that you use to run the configuration wizards does not have the appropriate special SQL Server
role membership or access as db_owner on the databases, the configuration wizards will not run correctly.
SharePoint farm service account
The server farm account, which is also referred to as the database access account, is used as the application pool
identity for Central Administration and as the process account for the SharePoint Foundation 2013 Timer service.
The server farm account must be a domain user account.
Permissions are automatically granted to the server farm account on web servers and application servers that are
joined to a server farm.
After you run the configuration wizards, SQL Server and database permissions include:
Membership in the WSS_ADMIN_WPG Windows security group for the SharePoint Foundation 2013
Timer service.
Membership in WSS_RESTRICTED_WPG for the Central Administration and Timer service application
pools.
Membership in WSS_WPG for the Central Administration application pool.
Dbcreator fixed server role.
Securityadmin fixed server role.
db_owner for all SharePoint databases.
Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint server farm
configuration database.
Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint_Admin content
database.
IMPORTANT
Information in this section applies to SharePoint Server 2016 only.
The default content access account is used within a specific service application to crawl content, unless a different
authentication method is specified by a crawl rule for a URL or URL pattern. This account requires the following
permission configuration settings:
The default content access account must be a domain user account that has read access to external or
secure content sources that you want to crawl by using this account.
For SharePoint Server sites that are not part of the server farm, you have to explicitly grant this account
full read permissions to the web applications that host the sites.
This account must not be a member of the Farm Administrators group.
Content access accounts
IMPORTANT
Information in this section applies to SharePoint Server 2016 only.
Content access accounts are configured to access content by using the Search administration crawl rules feature.
This type of account is optional and you can configure it when you create a new crawl rule. For example, external
content (such as a file share) might require this separate content access account. This account requires the
following permission configuration settings:
The content access account must have read access to external or secure content sources that this account is
configured to access.
The content access account must hold the Manage auditing and security log right in the Local User
Policy on Windows file servers it is configured to crawl.
For SharePoint Server sites that are not part of the server farm, you have to explicitly grant this account
full read permissions to the web applications that host the sites.
Excel Services unattended service account
IMPORTANT
Information in this section applies to SharePoint Server 2016 only.
Excel Services uses the Excel Services unattended service account to connect to external data sources that require
a user name and password that are based on operating systems other than Windows for authentication. If this
account is not configured, Excel Services will not attempt to connect to these types of data sources. Although
account credentials are used to connect to data sources of operating systems other than Windows, if the account
is not a member of the domain, Excel Services cannot access them. This account must be a domain user account.
My Sites application pool account
IMPORTANT
Information in this section applies to SharePoint Server 2016 only.
The My Sites application pool account must be a domain user account. This account must not be a member of the
Farm Administrators group.
The following machine-level permission is configured automatically:
This account is a member of WSS_WPG.
The following SQL Server and database permissions are configured automatically:
This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the
farm configuration database.
This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the
SharePoint_Admin content database.
The application pool accounts for web applications are assigned to the SP_DATA_ACCESS role for the
content databases
Other application pool accounts
The other application pool account must be a domain user account. This account must not be a member of the
Administrators group on any computer in the server farm.
The following machine-level permission is configured automatically:
This account is a member of WSS_WPG.
The following SQL Server and database permissions are configured automatically:
This account is assigned to the SP_DATA_ACCESS role for the content databases.
This account is assigned to the SP_DATA_ACCESS role for search database that is associated with the web
application.
This account must have read and write access to the associated service application database.
This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the
farm configuration database.
This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the
SharePoint_Admin content database.
NOTE
We strongly recommend you use a single Web Application Pool account for all Web Applications in the farm, including the
My Sites Web Application. The exception is the Central Administration Web Application which uses the Farm service
account.
SharePoint database roles
This section describes the database roles that installation sets up by default or that you can configure optionally.
WSS_CONTENT_APPLICATION_POOLS database role
The WSS_CONTENT_APPLICATION_POOLS database role applies to the application pool account for each web
application that is registered in a SharePoint farm. This enables web applications to query and update the site
map and have read-only access to other items in the configuration database. Setup assigns the
WSS_CONTENT_APPLICATION_POOLS role to the following databases:
The SharePoint_Config database (the configuration database).
The SharePoint_Admin content database.
Members of the WSS_CONTENT_APPLICATION_POOLS role have the execute permission for a subset of the
stored procedures for the database. In addition, members of this role have the select permission to the Versions
table (dbo.Versions) in the SharePoint_Admin content database. For other databases, the accounts planning tool
indicates that access to read these databases is automatically configured. In some cases, limited access to write to
a database is also automatically configured. To provide this access, permissions for stored procedures are
configured.
WSS_SHELL_ACCESS database role
The secure WSS_SHELL_ACCESS database role on the configuration database replaces the need to add an
administration account as a db_owner on the configuration database. By default, the farm administrator account
which initially ran the Configuration Wizard is assigned to the WSS_SHELL_ACCESS database role. You can use a
PowerShell command to grant or remove memberships to this role. Setup assigns the WSS_SHELL_ACCESS role
to the following databases:
The SharePoint_Config database (the configuration database).
One or more of the SharePoint Content databases. This is configurable by using the PowerShell command
that manages membership and the object that is assigned to this role.
Members of the WSS_SHELL_ACCESS role have the execute permission for all stored procedures for the
database. In addition, members of this role have the read and write permissions on all of the database tables.
SP_READ_ONLY database role
The SP_READ_ONLY role should be used for setting the database to read only mode instead of using
sp_dboption. This role as its name suggests should be used when only read access is required for data such as
usage and telemetry data.
NOTE
The sp_dboption stored procedure is not available in SQL Server 2012. For more information about sp_dboption see
sp_dboption (Transact-SQL).
Group permissions
This section describes permissions of groups that the SharePoint 2013 setup and configuration tools create.
WSS_ADMIN_WPG
WSS_ADMIN_WPG has read and write access to local resources. The application pool accounts for the Central
Administration and Timer services are in WSS_ADMIN_WPG. The following table shows the
WSS_ADMIN_WPG registry entry permissions.
WSS_WPG
WSS_WPG has read access to local resources. All application pool and services accounts are in WSS_WPG. The
following table shows WSS_WPG registry entry permissions.
Local service
The following table shows the local service registry entry permission:
The following table shows the local service file system permission:
Local system
The following table shows the local system registry entry permissions:
Network service
The following table shows the network service registry entry permission:
Administrators
The following table shows the administrators registry entry permissions:
WSS_RESTRICTED_WPG
WSS_RESTRICTED_WPG can read the encrypted farm administration credential registry entry.
WSS_RESTRICTED_WPG is only used for encryption and decryption of passwords that are stored in the
configuration database. The following table shows the WSS_RESTRICTED_WPG registry entry permission:
Users group
The following table shows the users group file system permissions:
See also
Concepts
Install SharePoint Server
Overview of SharePoint 2013 installation and
configuration
6/7/2019 • 13 minutes to read • Edit Online
Concepts
The logical result of SharePoint Server 2013's flexibility and richness can be a high degree of complexity around
installing and configuring SharePoint Server 2013 correctly. A fundamental understanding of the following key
structural elements in a SharePoint Server 2013 environment is required in order to correctly deploy and support
SharePoint Server 2013:
Server farm: The top-level element of a logical architecture design for SharePoint Server 2013.
Web application: An IIS Web site that is created and used by SharePoint Server 2013.
Content database: Provides storage Web application content. You can separate content into multiple content
databases at the site collection level.
Site collection: A set of Web sites that have the same owner and share administration settings.
Site: One or more related Web pages and other items (such as lists, libraries, and documents) that are
hosted inside a site collection.
In addition to understanding the elements of a SharePoint Server 2013 environment and how they have to be
configured for your solution, you must consider the following additional factors: physical architecture, installation
and configuration, and the various stages of deployment.
Physical architecture
The physical architecture, which consists of one or more servers and the network infrastructure, enables you to
implement the logical architecture for a SharePoint Server 2013 solution. The physical architecture is typically
described in two ways: by its size and by its topology. Size, which can be measured in several ways, such as the
number of users or the number of documents, is used to categorize a farm as small, medium, or large. Topology
uses the idea of tiers or server groups to define a logical arrangement of farm servers.
Size
Size uses the number of users and number of content items as a fundamental measure to indicate whether a
server farm is small, medium, and large, as follows:
A small server farm typically consists of at least two Web servers and a database server. One of the Web
servers hosts the Central Administration site and the other handles additional farm-related tasks, such as
serving content to users.
The small farm can be scaled out to three tiers using a dedicated application server in response to the
number of users, the number of content items, and the number of services that are required.
A medium server farm typically consists of two or more Web servers, two application servers, and more
than one database servers. We recommend that you start with the preceding configuration and then scale
out to accommodate the workload placed on the servers.
In scenarios where services are known to use a disproportionate amount of resources, you can scale out the
application tier. Performance data will indicate which services you should consider off-loading to a dedicated
server.
A large server farm can be the logical result of scaling out a medium farm to meet capacity and
performance requirements or by design before a SharePoint Server 2013 solution is implemented. A three-
tier topology environment typically uses dedicated servers on all the tiers. Additionally, these servers are
often grouped according to their role in the farm. For example, all client-related services can be grouped
onto one or two servers and then scaled out by adding servers to this group as needed in response to user
demand for these services.
NOTE
The recommendation for scaling out a farm is to group services or databases with similar performance characteristics
onto dedicated servers and then scale out the servers as a group. In large environments, the specific groups that
evolve for a farm depend on the specific demands for each service in a farm.
For specific numbers related to small, medium, and large farms, see Performance planning in SharePoint Server
2013.
Topology
Topology uses tiers as a model for logically arranging farm servers according to the components that they host or
their roles in a server farm. A SharePoint Server 2013 farm is deployed on one, two, or three tiers, as follows:
In a single-tier deployment, SharePoint Server 2013 and the database server are installed on one computer.
In a two-tier deployment, SharePoint Server 2013 components and the database are installed on separate
servers. This kind of deployment maps to what is called a small farm. The front-end Web servers are on the
first tier and the database server is located on the second tier. In the computer industry, the first tier is
known as the Web tier. The database server is known as the database tier or database back-end.
In a three-tier deployment, the front-end Web servers are on the first tier, the application servers are on the
second tier, which is known as the application tier, and the database server is located on the third tier. A
three-tier deployment is used for medium and large farms.
IMPORTANT
SharePoint Server 2013 does not support installation on to a domain controller in a production environment.
Additionally, SharePoint Server 2013 does not support installation on to a domain controller when using the sandbox
service in developer, test, or demo environments. > A single label domain (SLD) names or single label forests is also
not supported. Because the use of SLD names is not a recommended practice, SharePoint Server 2013 is not tested
in this scenario. Therefore, there may be incompatibility issues when SharePoint Server 2013 are implemented in a
single label domain environment. For more information, see Information about configuring Windows for domains
with single-label DNS names and the DNS Namespace Planning Solution Center.
NOTE
After you add and configure all the front-end Web servers, you can add any additional application servers that are
part of your topology design to the farm.
NOTE
Farm configuration steps are not isolated to a specific tier in the server infrastructure.
Deployment stages
By deploying a SharePoint Server 2013 solution in stages, you gain the benefits that are provided by a systematic
approach, such as collecting performance and usage data that you can use to evaluate your solution. Additional
benefits include verifying your capacity management assumptions and identifying issues before the farm is put
into production.
We recommend that you deploy your farm in the following stages:
Planning
Development
Proof of concept
Pilot
User acceptance test
Production
Planning
Before you can deploy a farm, you must plan the solution that you want to deploy and determine the infrastructure
requirements, such as server resources and farm topology. When you finish the planning stage, you should have
documented the following:
An infrastructure design to support your solution
A detailed description of how you will implement the farm and the solution
A plan for testing and validating the solution
A site and solution architecture
An understanding of the monitoring and sustained engineering requirements to support the solution
A record of how the solution will be governed
An understanding of how the solution will be messaged to the user to drive adoption of the solution
We recommend that you use the planning resources and articles described in Plan for SharePoint Server.
IMPORTANT
Resource and time issues may pressure you to be less rigorous during the planning stage. We recommend that you try to be
as diligent as possible because missed or lightly touched planning elements can resurface as significant issues after you are in
production. These issues can create much additional work, consume unbudgeted resources, and potentially take away from
the success of your SharePoint Server 2013.
After the planning stage, you move through the following deployment stages, updating and revising your plans,
configurations, and topologies as you test.
Development
During the development stage you will deploy SharePoint Server 2013 on a single server or on multiple servers to
develop, test, evaluate, and refine the solution that you intend to implement. This environment is scaled according
to your needs during solution development and can be retained as a scaled down environment for future
development and testing. This is not a stable environment and there are no service-level agreements.
Proof of concept
During the proof of concept stage, the objective is two-fold: to understand SharePoint Server 2013 and to evaluate
SharePoint Server 2013 in the context of how it can address your business needs. The first level of product
evaluation can be done by installing all of the product components on a single server. You do a more extensive
product evaluation by a proof-of-concept deployment.
A proof-of-concept deployment on a single server or on a small farm enables you to expand the scope of your
evaluation. In this deployment, non-IT staff is added to the evaluation team, which provides a broader view of how
SharePoint Server 2013 features might be actually be used in the organization. The benefit of a proof-of-concept
deployment is that you can collect data that can be used to refine your original plan. This data—such as page views,
user behavior patterns, and server resource consumption—also enables you to start to build a benchmark for
sizing your farm. A proof of concept is also good when you evaluate service applications and determining what
feature sets that you will offer your end users.
It is important during the proof-of-concept stage that you understand the unique characteristics and functionality
of these features because this understanding will help you define your overall topology. Be aware that a proof-of-
concept deployment requires additional resources and extends the time required to put SharePoint Server 2013
into production.
TIP
Virtualization provides a good platform for evaluating SharePoint Server 2013 because a virtual environment provides
flexibility, rapid deployment capability, and the ability to roll back virtual machines to previous states.
Pilot
A pilot is used to test your solution on a small scale. There are two approaches to using a pilot deployment. In the
first approach, the focus is on functional testing without using real data. By using the second approach you test for
production characteristics by using real data and have your pilot users test different kinds of tasks. We recommend
the second approach because of the broader scope and real-world data that you can collect and use to refine your
solution design.
A pilot deployment provides many benefits. It enables you to collect data that you can use to validate the following
aspects of your farm design:
Infrastructure design
Capacity management assumptions
Site and solution architecture
Solution usage assumptions
The pilot stage also enables you to determine additional data that should be collected to increase the breadth and
depth of your benchmarks. This is important if you want to assess the potential effect of additional features or
services that you want to add to the farm before the user acceptance test.
At the conclusion of the pilot deployment, you can use the data that you collect to adjust the various components
of the solution and its supporting infrastructure.
User acceptance test (UAT )
A user acceptance test deployment—also known as a pre-production environment—is used by organizations as a
transitional step from the pilot deployment to a production deployment. An organization's business processes
determine the scope, scale, and duration of user accept testing.
The topology of the pre-production environment should be the same as, or very similar to the planned production
topology. During user acceptance testing, the SharePoint Server 2013 solution is tested against a subset or a
complete copy of production data. This deployment stage provides a final opportunity for performance tuning and
validating operational procedures such as backups and restores.
Production
The final stage is rolling your farm into a production environment. At this stage, you will have incorporated the
necessary solution and infrastructure adjustments that were identified during the user acceptance test stage.
Putting the farm into production requires you to complete the following tasks:
Deploy the farm.
Deploy the solution.
Implement the operations plan.
If required, deploy additional environments such as authoring and staging farms, and services farms.
Install SharePoint 2013 on a single server with a built-
in database
6/7/2019 • 11 minutes to read • Edit Online
IMPORTANT
The steps in this article apply to SharePoint Foundation 2013 and SharePoint Server 2013. The procedures in this topic
install Microsoft SQL Server 2008 R2 SP1 Express Edition. However, User Profile synchronization does not work with the
Express Edition. If you intend to use User Profile synchronization withSharePoint Server 2013, you must choose a different
installation scenario.
Overview
When you deploy SharePoint 2013 on a single server that has a built-in database by using the default settings,
Setup installs Microsoft SQL Server 2008 R2 SP1 Express Edition and the SharePoint product. The SharePoint
Products Configuration Wizard creates the configuration database and content database for the SharePoint sites.
Additionally, the SharePoint Products Configuration Wizard installs the SharePoint Central Administration
website and creates your first SharePoint site collection.
NOTE
This article does not describe how to install SharePoint 2013 in a farm environment, or how to upgrade from previous
releases of SharePoint 2013. For more information about how to install SharePoint 2013 on a single-server farm, see Install
SharePoint 2013 on a single server with SQL Server. For more information about how to install SharePoint 2013 on a
multiple server farm, see Install SharePoint 2013 across multiple servers for a three-tier farm. For more information about
upgrade, see Upgrade from SharePoint 2010 to SharePoint 2013.
NOTE
The Distributed Cache service gives you a complete social computing experience. For more information about the Distributed
Cache service, see Overview of microblog features, feeds, and the Distributed Cache service in SharePoint Server, Manage
the Distributed Cache service in SharePoint Server, Plan for feeds and the Distributed Cache service in SharePoint Server, and
What's new in authentication for SharePoint Server 2013
IMPORTANT
To complete the following procedures, you must be a member of the Administrators group on the computer on which you
are installing SharePoint 2013.
NOTE
If Setup fails, check log files in the Temp folder of the user account that you used to run Setup. Ensure that you are
logged in using the same user account, and then type %temp% in the location bar in Windows Explorer. If the path in
Windows Explorer resolves to a location that ends in a "1" or "2", you will have to navigate up one level to view the
log files. The log file name is SharePoint Server Setup (< time stamp>).
NOTE
If the SharePoint Products Configuration Wizard fails, check the PSCDiagnostics log files, which are located on the
drive on which SharePoint 2013 is installed, in the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server
Extensions\15\LOGS folder.
6. On the Template Selection page, select one of the following options, and then click OK:
In the Template Selection section, click a predefined template.
In the Solutions Gallery section, click Solutions Gallery, and customize your own site template.
7. On the Set Up Groups for this Site page, specify who should have access to your site, and then either create a
new group or use an existing group for these users by doing one of the following:
To create a new group, click Create a new group, and then type the name of the group and the members
that you want to be part of this group.
To use an existing group, click Use an existing group, and then select the user group in the Item list.
8. Click OK.
NOTE
If you are prompted for your user name and password, you might have to add the SharePoint Central Administration
website to the list of trusted sites and configure user authentication settings in Internet Explorer. You might also want to
disable the Internet Explorer Enhanced Security settings. If you see a proxy server error message, you might have to
configure proxy server settings so that local addresses bypass the proxy server. For more information about how to
configure browser and proxy settings, see Install SharePoint 2013 on a single server with a built-in database.
Post-installation steps
After you install SharePoint 2013, your browser window opens to the SharePoint Central Administration website
of your new SharePoint site. Although you can start to add content to the site or customize the site, we
recommend that you first perform the following administrative tasks:
Configure usage and health data collection You can configure usage and health data collection in your
server farm. The system writes usage and health data to the logging folder and to the logging database. For
more information, see Configure usage and health data collection in SharePoint Server.
Configure diagnostic logging You can configure diagnostic logging that might be required after initial
deployment or upgrade. The default settings are sufficient for most situations, but depending on the
business needs and life cycle of the farm, you might want to change these settings. For more information,
see Configure diagnostic logging in SharePoint Server.
Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and
archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-mail
discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In
addition, you can configure the SharePoint Directory Management Service to provide support for e-mail
distribution list creation and administration. For more information, see Configure incoming email for a
SharePoint Server farm.
Configure outgoing e-mail You can configure outgoing e-mail so that your Simple Mail Transfer Protocol
(SMTP ) server sends e-mail alerts to site users and notifications to site administrators. You can configure
both the "From" e-mail address and the "Reply" e-mail address that appear in outgoing alerts. For more
information, see Configure outgoing email for a SharePoint Server farm.
Configure search settings You can configure search settings to crawl the content in SharePoint 2013.
Install SharePoint 2013 on a single server with SQL
Server
8/13/2019 • 15 minutes to read • Edit Online
IMPORTANT
The steps in this article apply to SharePoint Foundation 2013 and SharePoint Server 2013.
Overview
When you install SharePoint 2013 on a single server, you can configure SharePoint 2013 to meet your specific
needs. After you have completed setup and the SharePoint Products Configuration Wizard, you will have installed
binaries, configured security permissions, configured registry settings, configured the configuration database,
configured the content database, and installed the SharePoint Central Administration web site. Next, you can
choose to run the Farm Configuration Wizard to configure the farm, select the services that you want to use in the
farm, and create the first site collection, or you can manually perform the farm configuration at your own pace.
NOTE
As a security best practice, we recommend that you install SharePoint 2013 by using least-privilege administration.
IMPORTANT
To complete the following procedures, the account that you use must be a member of the Administrators group on the
computer on which you are installing SharePoint 2013. For information about user accounts, see Initial deployment
administrative and service accounts in SharePoint Server.
NOTE
If you intend to use this computer as a search server, we recommend that you store the search index files on a
separate storage volume or partition. Any other search data that needs to be stored, is stored in the same location
as the search index files. You can only set this location at installation time.
NOTE
If Setup fails, check log files in the Temp folder of the user account you used to run Setup. Ensure that you are logged in
using the same user account and then type %temp% in the location bar in Windows Explorer. If the path in Windows
Explorer resolves to a location that ends in a "1" or "2", you have to navigate up one level to view the log files. The log file
name is SharePoint Server Setup (< time stamp>).
[!SECURITY NOTE ] The server farm account is used to create and access your configuration database.
It also acts as the application pool identity account for the SharePoint Central Administration
application pool, and it is the account under which the Microsoft SharePoint Foundation Workflow
Timer service runs. The SharePoint Products Configuration Wizard adds this account to the SQL
Server Login accounts, the SQL Server dbcreator server role, and the SQL Server securityadmin
server role. The user account that you specify as the service account has to be a domain user account.
However, it does not have to be a member of any specific security group on your front-end web servers
or your database servers. We recommend that you follow the principle of least-privilege and specify a
user account that is not a member of the Administrators group on your front-end web servers or your
database servers.
NOTE
The Advanced Settings option is not available in SharePoint Foundation 2013.
14. On the Configuration Successful page, click Finish. When the wizard closes, setup opens the web
browser and connects to Central Administration.
If the SharePoint Products Configuration Wizard fails, check the PSCDiagnostics log files, which are
located on the drive on which SharePoint 2013 is installed, in the
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS folder.
If you are prompted for your user name and password, you might have to add the SharePoint Central
Administration web site to the list of trusted sites and configure user authentication settings in Internet
Explorer. You might also want to disable the Internet Explorer Enhanced Security settings. If you see a
proxy server error message, you might have to configure proxy server settings so that local addresses
bypass the proxy server. Instructions for configuring proxy server settings are provided in the following
section. For more information about how to configure browser and proxy settings, see Configure browser
settings.
Configure browser settings
After you run the SharePoint Products Configuration Wizard, you should confirm that SharePoint 2013 works
correctly by configuring additional settings in Internet Explorer.
If you are not using Internet Explorer, you might have to configure additional settings for your browser. For
information about supported browsers, see Plan browser support in SharePoint 2013.
To confirm that you have configured browser settings correctly, log on to the server by using an account that has
local administrative credentials. Next, connect to the SharePoint Central Administration web site. If you are
prompted for your user name and password when you connect, perform the following procedures:
Add the SharePoint Central Administration website to the list of trusted sites
Disable Internet Explorer Enhanced Security settings
If you receive a proxy server error message, perform the following procedure:
Configure proxy server settings to bypass the proxy server for local addresses
To add the SharePoint Central Administration website to the list of trusted sites
1. Verify that the user account that completes this procedure has the following credentials:
The user account is a member of the Administrators group on the computer on which you are performing the
procedure.
2. In Internet Explorer, on the Tools menu, click Internet Options.
3. On the Security tab, in the Select a zone to view or change security settings area, click Trusted Sites,
and then click Sites.
4. Clear the Require server verification (https:) for all sites in this zone check box.
5. In the Add this web site to the zone box, type the URL to your site, and then click Add.
6. Click Close to close the Trusted Sites dialog box.
7. Click OK to close the Internet Options dialog box.
To disable Internet Explorer Enhanced Security settings
1. Verify that the user account that completes this procedure has the following credentials:
The user account is a member of the Administrators group on the computer on which you are performing the
procedure.
2. Click Start, point to All Programs, point to Administrative Tools, and then click Server Manager.
3. In Server Manager, select the root of Server Manager.
4. In the Security Information section, click Configure IE ESC.
The Internet Explorer Enhanced Security Configuration dialog box appears.
5. In the Administrators section, click Off to disable the Internet Explorer Enhanced Security settings, and
then click OK.
To configure proxy server settings to bypass the proxy server for local addresses
1. Verify that the user account that completes this procedure has the following credentials:
The user account is a member of the Administrators group on the computer on which you are performing the
procedure.
2. In Internet Explorer, on the Tools menu, click Internet Options.
3. On the Connections tab, in the Local Area Network (LAN ) settings area, click LAN Settings.
4. In the Automatic configuration area, clear the Automatically detect settings check box.
5. In the Proxy Server area, select the Use a proxy server for your LAN check box.
6. Type the address of the proxy server in the Address box.
7. Type the port number of the proxy server in the Port box.
8. Select the Bypass proxy server for local addresses check box.
9. Click OK to close the Local Area Network (LAN ) Settings dialog box.
10. Click OK to close the Internet Options dialog box.
Run the Farm Configuration Wizard
You have now completed setup and the initial configuration of SharePoint 2013. You have created the SharePoint
Central Administration web site. You can now create your farm and sites, and you can select services by using the
Farm Configuration Wizard.
To run the Farm Configuration Wizard
1. Verify that the user account that is performing this procedure is the Setup user account. For information
about the Setup user account, see Initial deployment administrative and service accounts in SharePoint
Server.
2. On the SharePoint Central Administration home page, on the Quick Launch, click Configuration
Wizards, and then click Launch the Farm Configuration Wizard.
3. On the Help Make SharePoint Better page, click one of the following options, and then click OK:
Yes, I am willing to participate (Recommended.)
No, I don't want to participate.
4. On the Configure your SharePoint farm page, next to Yes, walk me through the configuration of my
farm using this wizard, click Start the Wizard.
5. On the Configure your SharePoint farm page, in the Service Account section, click the service account
option that you want to use to configure your services.
[!SECURITY NOTE ] For security reasons, we recommend that you use a different account from the
farm administrator account to configure services in the farm. > If you decide to use an existing
managed account — that is, an account of which SharePoint 2013 is aware — make sure that you click
that option before you continue.
6. In the Services section, review the services that you want to use in the farm, and then click Next.
NOTE
If you are using Office Online, see Office Web Apps (SharePoint 2013).
NOTE
To view a template or a description of a template, click any template in the Select a template list.
Post-installation steps
After you install and configure SharePoint 2013, your browser window opens to the Central Administration web
site of your new SharePoint site. Although you can start adding content to the site or customizing the site, we
recommend that you first perform the following administrative tasks.
Configure usage and health data collection You can configure usage and health data collection in your
server farm. The system writes usage and health data to the logging folder and to the logging database. For
more information, see Configure usage and health data collection in SharePoint Server.
Configure diagnostic logging You can configure diagnostic logging that might be required after initial
installation or upgrade. The default settings are sufficient for most situations. Depending upon the business
needs and life-cycle of the farm, you might want to change these settings. For more information, see
Configure diagnostic logging in SharePoint Server.
Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and
archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-
mail discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In
addition, you can configure the SharePoint Directory Management Service to provide support for e-mail
distribution list creation and administration. For more information, see Configure incoming email for a
SharePoint Server farm.
Configure outgoing email You can configure outgoing email so that your Simple Mail Transfer Protocol
(SMTP ) server sends email alerts to site users and notifications to site administrators. You can configure
both the "From" email address and the "Reply" email address that appear in outgoing alerts. For more
information, see Configure outgoing email for a SharePoint Server farm.
Configure Search settings You can configure Search settings to crawl the content in SharePoint 2013.
Install SharePoint 2013 across multiple servers for a
three-tier farm
7/17/2019 • 13 minutes to read • Edit Online
Overview
The basic steps in this deployment are as follows:
Ensure that you are familiar with the concept of a three-tier topology.
Ensure that you have done all the planning and preparatory work, such as verifying hardware and
software requirements.
Install the required software updates on all servers that will be part of the farm.
Install the SharePoint 2013 prerequisites on servers in the application and web tiers.
Install SharePoint 2013 on the application server and the web servers.
Create and configure the SharePoint farm.
Provision services.
Complete post-deployment tasks as required.
Topology overview
This topology is typically used for the medium and large farms described in Overview of SharePoint 2013
installation and configuration. In terms of performance, capacity, and scalability, a three-tier topology is
recommended over a two-tier topology. A three-tier topology provides the most efficient physical and logical
layout to support scaling out or scaling up, and it provides better distribution of services across the member
servers of the farm. The following illustration shows the three-tier deployment that is described in this article.
Three-tier farm configuration
In the previous illustration, note the following:
You can add web servers to the web tier. These servers can be configured as conventional web servers to
handle user requests, or they can be configured to host dedicated query components or other service
components.
You can add farm servers to the application tier and configure them as dedicated servers that will host the
SharePoint Central Administration website or other services on the farm that require dedicated resources
or isolation from the web tier — for example, crawl components, query components, and profile pages.
You can add database servers to the database tier to implement a stand-alone instance, database
mirroring, or a failover cluster. To configure the farm for high availability, database mirroring or a failover
cluster is required on the database tier.
Before you install SharePoint 2013 on multiple servers for a three -tier farm
Before you begin to install and configure SharePoint 2013, do the following:
Ensure that you are familiar with the operating-system guidelines described in Performance Tuning
Guidelines for Windows Server 2008 and Performance Tuning Guidelines for Windows Server 2008 R2.
Ensure that you have met all hardware and software requirements. You must have a 64-bit version of
Windows Server 2008 R2 SP1. For server farms, you must also have a 64-bit version of SQL Server 2008
R2 SP1. For more information about these requirements, such as specific updates that you must install,
see Hardware and software requirements for SharePoint 2013.
Ensure that you perform a clean installation of SharePoint 2013.
Ensure that you are prepared to set up the required accounts by using appropriate permissions. For
detailed information, see Initial deployment administrative and service accounts in SharePoint Server.
Ensure the Max degree of parallelism is set to 1. For additional information about max degree of
parallelism see, Configure the max degree of parallelism Server Configuration Optionand Degree of
Parallelism.
NOTE
If your computer is in a Workgroup, you cannot install AppFabric for Windows Server.
NOTE
The Distributed Cache service gives you a complete social computing experience. For more information about the
Distributed Cache service, see Overview of microblog features, feeds, and the Distributed Cache service in SharePoint
Server, Manage the Distributed Cache service in SharePoint Server, Plan for feeds and the Distributed Cache service in
SharePoint Server, and What's new in authentication for SharePoint Server 2013
TIP
If you decide to install prerequisites manually, you can still run the Microsoft SharePoint Products Preparation Tool to verify
which prerequisites are required on each server.
Use the following procedure to install prerequisites on each server in the farm.
To run the Microsoft SharePoint Products Preparation Tool
1. Verify that the user account that is performing this procedure is the Setup user account. For information
about the Setup user account, see Initial deployment administrative and service accounts in SharePoint
Server.
2. In the folder where you downloaded the SharePoint 2013 software, locate and then run
prerequisiteinstaller.exe.
3. On the Welcome to the Microsoft SharePoint Products Preparation Tool page, click Next.
NOTE
The preparation tool may have to restart the local server to complete the installation of some prerequisites. The
installer will continue to run after the server is restarted without manual intervention. However, you will have to log
on to the server again.
4. On the License Terms for software products page, review the terms, select the I accept the terms of
the License Agreement(s) check box, and then click Next.
5. On the Installation Complete page, click Finish.
6. After you complete the Microsoft SharePoint Products Preparation Tool, you must also install the
following:
KB 2554876
KB 2708075
KB 2759112
KB 2765317
NOTE
For consistency of approach, we recommend that you do not run the configuration wizard until you have installed
SharePoint 2013 all application and front-end web servers that will participate in the server farm.
NOTE
If you want to access the SharePoint Central Administration website from a remote computer, make sure that you
allow access to the port number that you configure in this step. You do this by configuring the inbound rule for
SharePoint Central Administration v4 in Windows Firewall with Advanced Security.
15. The Central Administration website will open in a new browser window.
On the Help Make SharePoint Better page, click one of the following options and then click OK.
16. Yes, I am willing to participate (Recommended).
17. No, I don't wish to participate.
18. On the Initial Farm Configuration Wizard page, you have the option to use a wizard to configure
services or you can decide to configure services manually. For the purpose of this article, we use the
manual option. Click Cancel.
The choice that you make here is a matter of personal preference. The Farm Configuration Wizard will
configure some services automatically when you run it. However, if you configure services manually, you
have greater flexibility in designing your logical architecture.
If you are using Office Web Apps Server, see Office Web Apps overview (Installed on SharePoint 2013) .
IMPORTANT
If you are using a DBA-created database, you cannot use the Farm Configuration Wizard, you must use SharePoint
Products Configuration Wizard.
Post-installation steps
After you install and configure SharePoint 2013, your browser window opens to the Central Administration web
site of your new SharePoint site. Although you can start adding content to the site or customizing the site, we
recommend that you first perform the following administrative tasks.
Configure usage and health data collection You can configure usage and health data collection in your
server farm. The system writes usage and health data to the logging folder and to the logging database.
For more information, see Configure usage and health data collection in SharePoint Server.
Configure diagnostic logging You can configure diagnostic logging that might be required after initial
installation or upgrade. The default settings are sufficient for most situations. Depending upon the
business needs and life-cycle of the farm, you might want to change these settings. For more information,
see Configure diagnostic logging in SharePoint Server.
Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and
archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-
mail discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In
addition, you can configure the SharePoint Directory Management Service to provide support for e-mail
distribution list creation and administration. For more information, see Configure incoming email for a
SharePoint Server farm.
Configure outgoing email You can configure outgoing email so that your Simple Mail Transfer Protocol
(SMTP ) server sends email alerts to site users and notifications to site administrators. You can configure
both the "From" email address and the "Reply" email address that appear in outgoing alerts. For more
information, see Configure outgoing email for a SharePoint Server farm.
Configure Search settings You can configure Search settings to crawl the content in SharePoint 2013.
Install or uninstall language packs for SharePoint
2013
6/7/2019 • 8 minutes to read • Edit Online
IMPORTANT
If you are uninstalling SharePoint 2013, you must uninstall all language packs before you uninstall SharePoint 2013.
IMPORTANT
You cannot change an existing site, site collection, or web page from one language to another by applying different
language-specific site templates. After you use a language-specific site template for a site or a site collection, the site or site
collection always displays content in the language of the original site template.
Only a limited set of language packs are available for SharePoint 2013.
Although a site owner specifies a language ID for a site, some user interface elements such as error messages,
notifications, and dialog boxes do not display in the language that was specified. This is because SharePoint 2013
relies on several supporting technologies — for example, the Microsoft .NET Framework, Microsoft Windows
Workflow Foundation, Microsoft ASP.NET, and SQL Server — some of which are localized into only a limited
number of languages. If a user interface element is generated by any of the supporting technologies that are not
localized into the language that the site owner specified for the site, the user interface element appears in English.
For example, if a site owner creates a site in Hebrew, and the .NET Framework component displays a notification
message, the notification message will not display in Hebrew because the .NET Framework is not localized into
Hebrew. This situation can occur when sites are created in any language except the following: Chinese, French,
German, Italian, Japanese, Korean, and Spanish.
Each language pack that you install creates a folder at %COMMONPROGRAMFILES%\Microsoft Shared\Web
server extensions\15\LAYOUTS\Locale_ID that contains language-specific data. In each locale_ID folder, you must
have only one HTML error file that contains the error information that is used when a file cannot be found.
Anytime a file cannot be found for any site in that language, this file will be used. You can specify the file to use by
setting the FileNotFoundPage() for each web application.
In some cases, some text might originate from the original installation language, which can create a mixed-
language experience. This kind of mixed-language experience is typically seen only by content creators or site
owners and is not seen by site users.
IMPORTANT
By default, the Microsoft PowerShell Help files are installed in English (en-us). To view these files in the same language as the
operating system, install the language pack for the same language in which the operating system was installed.
You can download language packs from the same location where you downloaded SharePoint 2013.
NOTE
A typical three-tier farm includes front-end web servers, an application server that also hosts Central Administration, and a
database server. The scope of this article is the front-end web server and application server roles.
After you determine the role of the server in your farm topology, you must identify the services and features that
must be configured for the server to meet this role. This information will determine how SharePoint 2013 is
configured to provision the server for its role in either the web tier or the application tier. For more information,
see Manage service applications in SharePoint Server.
The following illustration shows a SharePoint 2013 farm with two front-end web servers (Web-1 and Web-2) that
serve content. The only application server (App-1) hosts Central Administration and the search components for
the farm.
Options for adding a server to a farm
The following sections provide information about the general characteristics of the front-end web server and
application server roles.
Front-end web server role
The fundamental role of a front-end web server is to host web pages, web services, and the Web Parts that are
required to process requests from users. The web server directs these requests to the application server, which
returns the results to the front-end web server.
Application server role
By default, the server that hosts Central Administration in a three-tier farm is an application server. You can add
application servers to host services that can be deployed to a single server and used by all the servers in a farm.
Services with similar usage and performance characteristics can be logically grouped on a server, and if it is
necessary, hosted on multiple servers if a scale out is required to respond to performance or capacity
requirements. For example, client-related farm services such as Word Services and Word Viewer can be combined
into a service group and hosted on a dedicated server. In addition, some services, such as the Managed Metadata
service, can be configured as service application that can be used by other farms.
In the farm illustration, there are two options to add an application server.
In option A an additional server is configured to host an additional instance of all search components. This
will provide fault-tolerance for the search service.
In option B an additional server is configured to host a second index partition. This will enable indexing of
more than 10 million documents.
In a three-tier farm that is running enterprise search, dedicated application servers are typically configured to host
individual search components. For more information, see Manage the search topology in SharePoint Server.
NOTE
Distributing search is not an option for SharePoint 2013, where only a single search instance is permitted for each content
database.
Additional tasks
Before you start to install prerequisite software, you have to complete the following:
Verify that the new server meets the hardware and software requirements described in Hardware and
software requirements for SharePoint 2013.
Verify that you have the minimum level of permissions that are required to install and configure SharePoint
2013 on a new server. You must be a member of the Farm Administrators SharePoint group and the
Administrators group on the local server to complete the procedures in this article. For more information,
see Initial deployment administrative and service accounts in SharePoint Server.
Verify that you know the name of the database server on the farm to which you are connecting, and the
name of the configuration database if you are adding the server by using Microsoft PowerShell commands.
If you intend to use PowerShell commands to add the server, verify that you meet the following minimum
memberships: SharePoint 2013 is installed.
Securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Document the location of the SharePoint 2013 binary and log files on the existing farm servers. We
recommend that the location of these files on the new server map to the locations used on the other
servers in the farm. For more information, see Configure diagnostic logging in SharePoint Server.
IMPORTANT
If you change the location of the trace log to a non-system drive, change the location on all the servers in the farm.
Existing or new servers cannot log data if the location does not exist. In addition, you will be unable to add new
servers unless the path that you specify exists on the new server. You cannot use a network share for logging
purposes.
For detailed instructions about how to install the prerequisites, see Prepare the farm servers in the article, Install
SharePoint 2013 across multiple servers for a three-tier farm.
NOTE
You can choose to install only the components that are required for a front-end web server. However, if you perform
a complete installation, you have more flexibility to re-purpose the server role in the farm in the future.
6. Accept the default file location where SharePoint 2013 will be installed or change the installation path in
order to suit your requirements.
TIP
As a best practice, we recommend that you install SharePoint 2013 on a drive that does not contain the operating
system.
7. When Setup finishes, a dialog box prompts you to run the SharePoint Products Configuration Wizard. You
can start the wizard immediately or from the Windows command prompt later.
NOTE
You can also verify a successful server addition or troubleshoot a failed addition by examining the log files. These files
are located on the drive on which SharePoint 2013 is installed, in the %COMMONPROGRAMFILES%\Microsoft
Shared\Web Server Extensions\15\LOGS folder. For more information, see Monitoring and Reporting in SharePoint
Server.
11. On the Servers in Farm page, click the name of the new server. Use the list of available services on the
Services on Server page to start the services that you want to run on the new server.
12. Configure SharePoint 2013 so that the new server can accommodate the role for which it was intended. For
more information, see Add a server to a SharePoint Server 2016 farm.
To add a new SharePoint 2013 server to the farm by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<$DatabaseServer> is the name of the server that hosts the configuration database
<$RunSettings.ConfigurationDatabaseName> is the name of the configuration database
<$Passphrase> is the passphrase for the farm
4. At the PowerShell command prompt, type the following command to install the Help File Collections:
Install-SPHelpCollection -All
5. At the PowerShell command prompt, type the following command to install the Security Resource for
SharePoint 2013:
Initialize-SPResourceSecurity
6. At the PowerShell command prompt, type the following command to install the basic services:
Install-SPService
7. At the PowerShell command prompt, type the following command to install all the features:
Install-SPFeature -AllExistingFeatures
8. At the PowerShell command prompt, type the following command to install application content:
Install-SPApplicationContent
9. At the PowerShell command prompt, type the following command to get a list of servers in the farm.
NOTE
You can also verify a successful server addition or troubleshoot a failed addition by examining the log files. These files are
located on the drive on which SharePoint 2013 is installed, in the %COMMONPROGRAMFILES%\Microsoft Shared\Web
Server Extensions\15\LOGS folder. For more information, see Monitoring and Reporting in SharePoint Server.
10. Configure SharePoint 2013 so that the new server can accommodate the role for which it was intended. For
more information, see Configure the new server.
NOTE
In the case of high availability, this is typically implemented as part of the initial farm topology design and deployment and is
not included in this article. For more information about high availability for SQL Server 2008 R2 and SQL Server 2012, see
High Availability Solution Overview and High Availability Solutions (SQL Server).
The procedures in this article are intended to show how to configure a new database server for a specific task in
SharePoint 2013.
IMPORTANT
IT policy may require a database administrator (DBA) to complete some or all steps in these procedures.
See also
Other Resources
Deploy Windows Server 2008 R2
Install and Deploy Windows Server 2012
SQL Server Installation (SQL Server 2008 R2)
Install SQL Server 2012
Best practices for installation for SharePoint Servers
2016 and 2019
6/7/2019 • 3 minutes to read • Edit Online
Introduction
Installing a new version gives the opportunity to review what you have done in the past, currently and envision
your goals going forward.
As you prepare for your installation, consider the following:
• Are you staying on Server (on-premises) for the foreseeable future?
• Do you currently have existing pieces of your system in the cloud?
• What customizations or features do you no longer use?
• Are you ready for a modern approach?
• What is working well now, and what isn’t?
PerformancePoint Service
InfoPath
Workflow Manager
Customizations
If you currently have SharePoint Server installed, chances are you have made some customizations to suit your
business needs.
If you already have a portion of your company in the cloud or plan to do so in the future, know that certain
customizations will not transfer to SharePoint Online. Here is a list of few of those:
• Workflows, User Alerts, and custom master pages will not transfer to SharePoint Online. We recommend you use
Microsoft Flow for workflows, reconfigure alerts once migrated, and use the out of the box customization for site
look and feel changes.
• Custom Search schema will not transfer to SharePoint Online. When content is migrated to SharePoint Online,
you may want to re-implement any custom Search schema configuration necessary.
• Use SharePoint Add-ins with the Low Trust model. To learn more, see Creating SharePoint add in that use low
trust authorization.
• Use SharePoint Framework solutions for custom business solutions. To get started, see SharePoint Framework
Overview.
Limitations
SharePoint Server imposes certain restrictions when operating as a virtual machine. These restrictions stem from
the use of the local configuration cache and search index when used in a SharePoint Server farm deployment. As
certain hypervisor operations cannot synchronize actions, the configuration cache and/or search index may
become out of sync with either other SharePoint Servers in the farm or SharePoint databases residing on the SQL
Server.
SharePoint Server does not support the following type of operations while SharePoint Server is online.
Virtual machine online backups - If full virtual machine backups are required, shut down the SharePoint and
SQL Servers in the farm prior to taking virtual machine backups. If a restore is required, restore all servers in
the farm.
Virtual machine snapshots - If a snapshot of SharePoint is required, shut down all SharePoint Servers and SQL
Servers in the farm prior to taking a virtual machine snapshot. If a restore is required, restore all servers in the
farm. Delete the snapshot as soon as possible as it may incur a performance penalty.
Virtual machine replication - Note an exception to this is Azure Site Recovery.
SAN (Storage Area Network) replication of SharePoint Server virtual disks
SharePoint Server also does not support dynamic/ballooning memory and we recommend against using
differencing disks for long periods of time.
See also
Hardware and software requirements for SharePoint Server 2019
Hardware and software requirements for SharePoint Server 2016
Hardware and software requirements for SharePoint 2013
Configure SharePoint Server
8/12/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Configure client certificate authentication for SharePoint Learn how to configure SharePoint Server to support user
Server authentication using a client certificate.
Configure eDiscovery in SharePoint Server Learn the steps to set up and configure eDiscovery in
SharePoint Server, Exchange Server 2016, and Exchange
Server 2013.
Configure enterprise search in SharePoint Server 2016 Learn how to configure the Search service application and set
up a Search Center in SharePoint Server.
Manage the Distributed Cache service in SharePoint Server Learn how to configure and manage the Distributed Cache
service in SharePoint Server.
Configure site mailboxes in SharePoint Server Learn how to configure the Site Mailboxes feature in
SharePoint Server.
Configure Exchange task synchronization in SharePoint Server Learn how to configur Exchange task synchronization in
2013 SharePoint Server 2013.
Custom Tiles in SharePoint Server 2016 Describes Custom Tiles, one of the new features in the
November 2016 Public Update for SharePoint Server 2016
(Feature Pack 1).
Configure email integration for a SharePoint Server farm Learn how to set up incoming and outgoing email in
SharePoint Server.
Turn on automated document translation in SharePoint Learn how to create and configure Machine Translation
Server Service for SharePoint Server.
Configure Business Connectivity Services solutions for Learn how to install and configure SharePoint Server Business
SharePoint Server Connectivity Services (BCS).
Configure User Profile service applications in SharePoint Learn how to create and configure a User Profile service
Server application in SharePoint Server.
Configure My Sites in SharePoint Server Learn how to set up My Sites in SharePoint Server.
Configure client certificate authentication for
SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
NOTE
For more information about SharePoint Server protocol requirements, see SharePoint Front-End Protocols.
Claims-based authentication in SharePoint Server allows you to use different STSs. If you configure AD FS as your
STS, SharePoint Server can support any identity provider or authentication method that AD FS supports, which
includes client certificate authentication.
NOTE
For more information about AD FS, see Active Directory Federation Services Overview and AD FS 2016.
For additional information on an overview of authentication in SharePoint, please see Plan for user authentication
methods in SharePoint Server.
The following figure applies to SharePoint Server 2013 and SharePoint Server 2016, SharePoint Server is
configured as a relying partner for an AD FS -based STS.
AD FS can authenticate user accounts for several different types of authentication methods, such as forms-based
authentication, Active Directory Domain Services (AD DS ), client certificates, and smart cards. When you configure
SharePoint Server as a relying partner of AD FS, SharePoint Server trusts the accounts that AD FS validates and
the authentication methods that AD FS uses to validate those accounts. This is how SharePoint Server supports
client certificate authentication.
NOTE
These steps will be similar for a third-party STS.
See also
Other Resources
Configure SAML -based claims authentication with AD FS in SharePoint Server
Planning and Architecture: AD FS 2.0
AD FS 2.0 Deployment Guide
Using Active Directory Federation Services 2.0 in Identity Solutions
Configure syncing with the new OneDrive sync client
7/3/2019 • 3 minutes to read • Edit Online
Requirements
1. Install SharePoint Server 2019
2. Install the OneDrive sync client version 18.131.0701.0004 or higher (download)
NOTE
For settings that require a tenant ID, you can use OP1 if you sync a single domain. Do not use this if you sync multiple
domains.
The Known Folder Move settings don't work for SharePoint Server.
See also
Concepts
Administer the User Profile service in SharePoint Server
Create a User Profile service applications in
SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
NOTE
Only ASCII characters are allowed for the synchronization database name.
10. In the Failover Server section under Synchronization Database, in the Failover Database Server box,
type the name of the database server to be used together with SQL Server database mirroring.
11. In the Social Tagging Database section, in the Database Server box, type the name of the database
server where the social tagging database will be located. In the Database Name box, type the name of the
database where social tags will be stored.
12. In the Social Tagging Database section, for the Database authentication option, select Windows
Authentication (recommended) to use Integrated Windows authentication to connect to the social
tagging database or select SQL authentication to type the credentials that will be used to connect to the
social tagging database.
13. In the Failover Server section, in the Failover Database Server box, type the name of the database
server that you want to use with SQL Server database mirroring.
14. In the My Site Host URL section, type the URL of the site collection where the My Site Host is
provisioned.
15. In the My Site Managed Path section, type the managed path where you want to create individual My
Sites.
NOTE
Self-service site creation can be enabled for the web application that hosts My Sites. Users must have Create
Personal Site permissions to create their own My Site. By default, this permission is enabled in SharePoint Server for
all authenticated users. Ensure that you want the default setting to apply to the organization. Or, you can use one or
more security groups to grant the Create Personal Site permission to a subset of users in an organization.
16. In the Site Naming Formatsection, select one of the following formats for naming new personal sites:
User name (do not resolve conflicts)
User name (resolve conflicts by using domain_user name)
Domain and user name (will not have conflicts)
17. In the Default Proxy Group section, select whether you want the proxy of this User Profile service
application to be a part of the default proxy group on this farm.
18. In the Yammer Integration section, select whether you want to use Yammer for social collaboration.
19. Click Create.
See also
Concepts
Administer the User Profile service in SharePoint Server
User Profile service overview
Overview of My Sites in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
HEADING DESCRIPTION
Start a conversation A text box in which the user can post to the newsfeed. The
user can either choose to share with everyone, or with the
members of a team site of which he or she is a member.
Following Lists all the conversations, tags, groups, and documents that
the user is following.
Mentions Displays all the mentions other users have made of the user,
tasks assigned to the user, and so on.
Likes Displays all the items that the user has liked.
OneDrive
The OneDrive tab or tile links to the user's OneDrive for Business. OneDrive for Business is the user's personal
file storage and synchronization service for business use.
The user's OneDrive for Business usually includes a private folder and a folder that is shared with everyone, or
with specific people. For more information, see Overview of OneDrive for Business in SharePoint Server.
Sites
The Sites tab lists the sites that the user is following and suggested sites that the user might find interesting. The
user can use this to easily keep track of the sites he or she is most interested in.
About me
The About me is the default page that displays when a user accesses another user's My Site. This page displays
the user's profile page to other people in the organization. The About me is also the default page that displays
when a user accesses another user's My Site by clicking the user's name or profile picture.
SharePoint Server provides user profile policies that specify how profile information is displayed and how it can be
used. Although there are recommended default policies for features and properties exposed in user profiles and
personal sites, you can configure custom policies to meet specific needs of the organization. For example, you can
configure a property to be more or less visible by default, and allow a user to override default settings for
properties that you want to give them control over. You configure these policies for the User Profile service in the
SharePoint Central Administration website. For more information, see Plan user profiles in SharePoint Server.
The About me page includes a title that is typically "About < user's name>" and it displays the user's profile data,
such as the user's picture, title, group and telephone number.
The About me page contains the information shown in the following table.
HEADING DESCRIPTION
edit your profile By clicking edit your profile link, a user can change or
update their display photo and information, and privacy
settings for their individual profile properties that you allow
them to override in the profile policy. The privacy settings are
assigned to one of the following two privacy groups: Only Me
or Everyone. For example, a user might decide to display
more information, such as a personal phone number.
In Common When a user views another user's profile, he or she can see the
lowest level manager that they share.
Org Chart Displays an organization chart. The chart shows the user's
position in the organization among management, peers, and
direct reports. You can select other people from the chart to
view their profiles.
Blog
Blog is a Web Part page that the My Site owner can use to publish a blog. By default, the Blog page displays a left
navigation pane with links to the user's blog categories and archives that can be edited.
The user can also customize the Blog page by editing the page, by adding apps to the page, or by changing the
look of the page.
Apps
Displays the lists, libraries, and other apps for the user.
Tasks
Displays tasks assigned to the user. This is only visible to the owner of the My Site page.
The tasks can be viewed based on importance, status (active), whether they are completed, recently added, or
personal.
See also
Concepts
Configure My Sites in SharePoint Server
Plan for My Sites in SharePoint Server
Plan user profiles in SharePoint Server
Overview of OneDrive for Business in SharePoint Server
Plan for My Sites in SharePoint Server
6/7/2019 • 18 minutes to read • Edit Online
My Sites architecture
The My Sites architecture consists of a web application that hosts My Sites, a My Site host site collection, and
individual site collections for users.
Each user's My Site uses two site collections: the farm's My Site host site collection and the user's individual site
collection. Although you can use an existing web application to host these site collections, we recommend that
you use a dedicated web application to improve performance and manageability.
When you create the My Site host site collection and users create their individual site collections, the data is
maintained in one or more content databases that are associated with the web application that hosts My Sites.
Like other web applications in SharePoint Server, you can add content databases to this web application if you
must have multiple databases for storage. For more information, see Planning for storage requirements later in
this article.
The My Site host site collection and the configuration that enables individual My Sites site collections to be
created are required before users can create My Sites. For more information, see Configure My Sites in
SharePoint Server.
The My Site host site collection and individual site collections are described more fully in the following sections.
My Site host site collection
The My Site host site collection is a special site collection that displays the newsfeed and profile pages of all
users' My Sites. The site collection's site template must be the My Site host site template, available from the
Enterprise tab of the Create Site Collection page. The My Site host site template can be used only once per
User Profile service application, which is discussed later in this article.
My Sites require that a site collection exist at the web application root (which is displayed as / in the user
interface). Without this, you will receive a message that states that there is no site collection at the root when you
try to enable self-service site creation for the web application. Because we recommend that you use a dedicated
web application to host My Sites, you should use the root path for the My Site host collection unless you have a
specific requirement to create the site collection deeper in the uniform resource locator (URL ) path.
Although not recommended, if you create the My Site host deeper in the path, it must be under an explicit
inclusion managed path. Additionally, you must create a separate site collection at the web application root,
although this site collection can be empty and created without a template.
The URL for a My Site host site collection is shared by all users of the same User Profile service application. The
URL for Newsfeed is http:// hostname/default.aspx, and the URL for About Me is http://
hostname/person.aspx, where hostname is the address of the site collection. For example, if you configure your
My Site host site collection at http://contoso.com/my, users access their newsfeeds and profiles at
http://contoso.com/my/default.aspx and http://contoso.com/my/person.aspx, respectively.
Although these URLs are the same for all users of a User Profile service application, the information displayed
for each user is different. SharePoint Server determines the information to display based on the user's logon
account. The information is targeted to that specific user and is provided by the SharePoint service applications
referred to in this article.
When a visitor views another user's My Site, the visitor can see only the user's profile page. This URL is http://
hostname/person.aspx?accountname= account, where hostname is the address of the site collection and
account is the user name (and, if it is configured, the user's domain name). For example,
http://contoso.com/my/person.aspx?accountname=sidney.
Individual site collections
A user's individual site collection hosts the document library of the user's individual My Site. An individual site
collection is created the first time that a user accesses the My Site. This ability to create an individual site
collection requires the following configuration in SharePoint Server:
The web application that hosts My Sites has a wildcard inclusion managed path, such as sites or personal.
This is the path under which the individual site collections will be created when users access their My
Sites for the first time.
The Setup My Sites settings for the User Profile service application are configured to use the URL of the
My Site host site collection and the wildcard inclusion managed path for individual site collections.
The web application is enabled for self-service site creation. This functionality enables the individual site
collections to be created under the specified wildcard inclusion managed path. The self-service site
creation feature has special security considerations for cross-site scripting. This strengthens the
recommendation to host My Sites in a dedicated web application to isolate any scripts running in a My
Site from affecting other sites in your environment.
Users must have Create Personal Site permissions to create a My Site. By default, this permission is
enabled for all authenticated users. For more information, see Plan users and user permissions later in
this article.
The URL to a user's document library section of a My Site is in the format of http:// hostname/ managed_path/
account/documents, where hostname is the address of the My Site host site collection, managed_path is the
managed path for the My Site host, and account is the account of the user logged on. For example, if you
configure your My Site host site collection and managed path at http://contoso.com/my, users access their
documents at http://contoso.com/my/ account/documents.
With the account part of the URL, when you set up My Sites, you have three options to specify how to name an
individual user's site collection, as shown in the following table.
Table: Naming options for an individual user's site collection
OPTION DESCRIPTION
OPTION DESCRIPTION
User name (do not resolve conflicts) By using this option, the My Site name is the user name of
the account. This is not a user's display name. For example, if
a user's friendly name is Sidney Higa and the user's account
is sidney, the site collection is named sidney. Only choose the
first option if you are sure that all user names in your
organization are unique. Otherwise users will encounter
conflicts when they provision their My Sites. If a conflict
occurs, the first user who creates a My Site with a user name
is successful. However, the next user who tries to use the
same user name cannot create a My Site.
User name (resolve conflicts by using By using this option, the first user who has a duplicate user
domain_username) name will have a My Site created by using the user name
only, and a second user who has that same user name will
have a My Site created by using both the domain name and
user name. For example, the first user will have a My Site
created under http://contoso.com/my/sidney/default.aspx
while the second user will have a My Site created under
http://contoso.com/my/CONTOSO_sidney/default.aspx.
Choose this option when it is possible for a user name to
exist multiple times in an organization, such as when you
have multiple domains. Because a user name is guaranteed
to be unique only within its own directory source, this option
prevents two users who have the same user name but
different domains from encountering issues when they create
their My Sites.
Domain and user name (will not have conflicts) By using this option, all My Site names are created by using
both the domain name and user name. For example,
http://contoso.com/my/CONTOSO_sidney/default.aspx.
Choose this option when you want My Sites to be
consistently named with the domain name and user name,
regardless of whether conflicts with user names exist or not.
For users to create My Sites, maintain their profiles, follow people and content, and use tags and notes, there are
user permissions to configure in the User Profile service application. Determine which of the following
permissions to grant to users or groups of users:
1. Create Personal Site This permission enables users to create a personal site to store their documents,
newsfeed, and followed content.
2. Follow People and Edit Profile This permission enables users to follow people from their My Site and
to edit their personal profile.
3. Use Tags and Notes This permission enables users to use the Tags and Notes feature.
By default, all authenticated users are granted all these permissions, but you can configure specific permissions
depending on your needs. For example, you could allow only full-time employees to create My Sites, instead of
all workers in your organization. There are seven different combinations of user permissions available to grant
to users. However, not all of these permission combinations provide the expected results. As a best practice,
simplify administration by granting permissions to security groups instead of specific users.
NOTE
Changing user permissions in the User Profile service application is not recommended. Any changes that you make will
not impact the user experience in a meaningful way. For example, if you remove the Follow People and Edit Profile
permission the user will still be able to edit profiles and other users will still be able to follow people they choose.
Additionally, if you remove the Follow People and Edit Profile permission for a My Site user the Tags and Notes feature
is disabled. We do not recommend removing any social features.
SERVICES JOBS
Microsoft SharePoint Foundation Timer User Profile service application name - User Profile to
SharePoint Full Synchronization
User Profile service application name - User Profile to
SharePoint Quick Synchronization
User Profile Service User Profile service application name - Feed Cache
Repopulation
User Profile service application name - Activity Feed Job
User Profile service application name - Activity Feed
Cleanup Job
User Profile service application name - My Site
Suggestions Email Job
You can enable or disable these jobs, and configure their schedules to meet the needs of your organization.
These jobs are located in the SharePoint Central Administration website, under Monitoring, in the Review job
definitions section. In the View list, select Service and then, from the Service menu, select Change Service
to select different services and view the related timer jobs.
Prerequisites
Because My Sites have dependencies on other service applications and features in SharePoint Server, ensure that
you meet the prerequisites in this section before you perform the procedures in this task.
NOTE
My Sites are hosted by a web application and rely on a User Profile service application. Both are described in this section.
My Sites also requires a managed metadata service application. We recommend that you also have a Search service
application to use with My Sites, but this is not required. Without the Search service application, some My Sites
functionality is affected. For more information, see Plan for My Sites in SharePoint Server.
Web application
Although you can use an existing web application, for optimal performance and security, we recommend that you
create the My Site host site collection in a dedicated web application. For more information, see Create a web
application in SharePoint Server.
IMPORTANT
If a My Site host site collection was created during initial deployment and configuration, we recommend that you do not
use it because it was created in the default web application. Delete this site collection, and create a new web application
that is dedicated to hosting My Sites. Then create a new My Site host site collection in the dedicated web application.
IMPORTANT
Although the Create New User Profile service application dialog box requests information in the My Site Host URL
and Personal Site Location sections, for this task, remove any default values and leave those fields blank when you create
the User Profile service application. Additionally, you can select any of the options in Site Naming Format. These settings
will be configured separately later in this task.
NOTE
This section only applies to SharePoint Server 2013. > Optionally, configure profile synchronization if you want to
synchronize user and group profile information that is stored in the SharePoint Server 2013 profile database with profile
information that is stored in a directory service or business system.
NOTE
This section is not present in SharePoint Server 2019.
11. In the Read Permission Level section, specify the users or groups that can view other users' My Sites
when they are created. By default, this includes all authenticated users. However, you can select a more
specific group or users depending on the needs of your deployment.
12. In the Security Trimming Options section, specify how system generated posts are checked for
permissions before they are displayed in feeds and on the Tags and Notes page.
13. In the Newsfeed section, enable system generated posts to the feed on My Sites by selecting Enable
activities in My Site newsfeeds. This option is selected by default. This is important in hosted
environments where tenants can share the same User Profile service but have different requirements on
whether they can enable newsfeeds for their users.
14. In the E -mail Notifications section, specify an email address to use as the sender email address for My
Site email notifications. This account does not have to be a real monitored email address. If you want to
receive notifications for newsfeed activities, such as replies to your posts or when someone follows you,
select Enable newsfeed email notifications.
IMPORTANT
You must add the IP address of the farm's outbound SMTP server to the safe list in Exchange Server 2013 to
prevent My Site email notifications from being sent to the Junk folder.
15. In the My Site Cleanup section, specify a new owner of a My Site if the existing My Site user is removed
from the profile database. For example, if a user leaves the company and is no longer in the profile
database, the user's My Site will be deleted together with any content. However, before it is deleted, a new
owner can recover any important content. Select Enable access delegation for the My Site cleanup job
to first attempt to assign ownership of the My Site to the user's manager. If no manager is found, the My
Site is assigned to the user specified in Secondary Owner. The new owner has two weeks to retrieve
content from the My Site before it is deleted.
16. In the Privacy Settings section, select Make My Sites Public to make all users' My Sites public. This
option is not selected by default.
NOTE
When a user's My Site is public, the user's list of followers, the user's list of people they are following, and all
activities (including new follow notifications, social tagging and rating of content, birthdays, job title changes,
workplace anniversary, updating Ask Me About, posting on a note board, and new blog posts) will be public. Any
policies set within People and Privacy on the Manage Policies page is overridden.
Next steps
After you configure My Sites by using the procedures in this article, consider whether you require the following
optional procedures:
Configure trusted My Site host locations
Configure links to Office client applications
Promote site links on My Sites
Start related services
Configure trusted My Site host locations
Trusted My Site Host Locations is an optional feature that prevents a user from creating more than one My
Site in an organization with multiple User Profile service applications.
User Profile service application administrators can add links to trusted My Site host locations when they want to
give users access to My Sites on multiple User Profile service applications. In most cases, links to trusted My Site
host locations will be targeted to individual users or groups of users based on an identified business need. The
links can be maintained and changed over time as business and user needs change. User Profile service
application administrators can delete a link to a trusted My Site host locations when the users targeted by the link
no longer require access to My Sites in multiple locations.
To add a trusted My Site host location by using Central Administration
1. Verify that you have the following administrative credentials:
To use Central Administration to add a trusted My Site host location, you must be a member of the Farm
Administrators group or a Service Application Administrator for the User Profile service application.
2. On the Central Administration Web site, under Application Management, click Manage service
applications.
3. On the Manage Service Applications page, select the User Profile service application from the list of
service applications.
4. On the ribbon, click Manage.
5. On the Manage Profile Service page, under My Site Settings, click Configure Trusted Host Locations.
6. On the Trusted My Site Host Locations page, click New Link to add a trusted My Site host location.
7. On the Add Trusted Host Location page, enter the URL of the trusted personal site location in the URL
box.
8. In the Description box, enter a description for the trusted personal site location.
9. Optionally, in the Target Audiences box, either type the user names or group names in the
corresponding box or click Browse to select audiences by browsing, and then click OK.
Configure links to Office client applications
Users' My Sites are convenient locations for users to save files that they work on in Office client applications,
such as Word, Excel, and PowerPoint. After you configure an environment for My Sites, you can add a link to the
Favorite Links section that users see when they save documents in the Save As dialog box in Office client
applications. Users can then select their My Site and save files to the Documents library available on their My
Site.
To add a link to Office client applications
1. Verify that you have the following administrative credentials:
To add a link to Office client applications, you must be a member of the Administrators group on the
computer that is running the SharePoint Central Administration Web site.
2. On the Central Administration Web site, under Application Management, click Manage service
applications.
3. On the Manage Service Applications page, select the User Profile service application from the list of
service applications.
4. On the ribbon, click Manage.
5. On the Manage Profile Service page, under My Site Settings, click Publish Links to Office Client
Applications.
6. On the Published links to Office client applications page, click New Link.
7. On the Add Published Link page, in the URL box, type the URL of the location where users will be able to
publish links.
8. In the Description box, type a brief name for this location.
This is the name that will appear in the Favorite Links section of the Save As dialog box.
9. Select the type of the location that this link represents. For example, if the target location is a SharePoint
document library, select Document Library.
10. In the Target Audiences box, either type the name of the user or group to add or using the address book
to find a user or group to add. Separate multiple user names or group names with a semicolon (;). You
may also type All site users to select all users.
NOTE
To use the address book, click the book icon. In the dialog box that appears, type all or part of a user's name, and
then press ENTER. Scroll through the search results, and double-click the name of the user or users whom you want
to add. Then click OK.
NOTE
If you want to specify target audiences for the site, either type the audience names in the Target Audiences box or
click Browse to use the Select Audiences page. This option requires that you define an audience, set up rules for
this audience, and compile the audience.
Overview
The upgrade scenario has not changed in SharePoint Server 2019. There is no direct upgrade path from 2013 to
2019. To upgrade to SharePoint Server 2019, you must upgrade SharePoint 2013 to SharePoint Server 2016, and
then upgrade to SharePoint Server 2019. Your databases must be at a SharePoint Server 2016 RTM version or
higher when you upgrade to SharePoint Server 2019. Any database with a lower version will be locked and
upgrade will not start.
For a visual look of the high-level steps, see
NOTE
The steps for creating and restoring service applications only applies to these six:
Steps to Upgrade
2013
In SharePoint 2013, if you have any web applications that are in windows authentication mode, you should convert
them to claims authentication. Claims authentication is the default mode in SharePoint Server 2016 and SharePoint
Server 2019.
Next, upgrade all the site collections from 14 mode to 15 mode by using the Upgrade-SPSite cmdlet. Any database
with a 14 version will be locked and prevented from upgrading to SharePoint Server 2016. After the site collections
have been upgraded, create a backup of all content and service application databases from your old farm (for
example, SQL2013). Restore these databases to a new farm’s SQL Server in SharePoint Server 2016 (for example,
SQL2016).
2016
In SharePoint Server 2016, build a new temporary farm that includes service applications. When the service
applications are created use the existing database names that reside on SQL2016. After the new farm is created,
create a new web application with a temporary database. Install any full trust solutions, administrator approved
InfoPath forms, etc. Dismount the temporary content database from the web application.
NOTE
You may need to delete the temporary content database from the SQL Server.
Start the upgrade process to SharePoint Server 2016 by running the Mount-SPContentDatabase cmdlet on the
restored content databases from SQL2016. After the upgrade process is complete, perform any individual
configuration changes that are not part of the service application and content databases, such as
incoming/outgoing email settings, etc.
2019
The steps to upgrade from SharePoint Server 2016 to SharePoint Server 2019 are the same as going from
SharePoint 2013 to SharePoint Server 2016 except for converting web applications to claims authentication and
upgrading database modes to level 15. These are not required.
Create a backup of all content and service application databases from your temporary farm (for example,
SQL2016). Restore these databases to a new farm’s SQL Server in SharePoint Server 2019 (for example,
SQL2019).
In SharePoint Server 2019, build a new farm that includes service applications. When the service applications are
created use the existing database names that reside on SQL2019. After the new farm is created, create a new web
application with a temporary database. Install any full trust solutions, administrator approved InfoPath forms, etc.
Dismount the temporary content database from the web application.
NOTE
You may need to delete the temporary content database from the SQL Server.
Start the upgrade process to SharePoint Server 2019 by running the Mount-SPContentDatabase cmdlet on the
restored content databases from SQL2019. After the upgrade process is complete, perform any individual
configuration changes that are not part of the service application and content databases, such as
incoming/outgoing email settings, etc.
See Also
Overview of the upgrade process to SharePoint Server 2019
Upgrade to SharePoint Server 2019
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Get started with upgrades to Find resources about how to start the
SharePoint Server 2019 upgrade process from SharePoint
Server 2016 to SharePoint Server 2019.
Upgrade databases from SharePoint Find resources to help you perform the
2016 to SharePoint Server 2019 steps to upgrade databases from
SharePoint Server 2016 to SharePoint
Server 2019.
CONTENT DESCRIPTION
NOTE
All databases must be upgraded to version 16.0.4351.1000 or higher, otherwise upgrade to SharePoint Server 2019 will be
blocked.
After you've configured a new SharePoint Server 2019 environment, you can copy the content and service
application databases from the SharePoint Server 2016 to the SharePoint Server 2019 environment. You use a
backup and restore process to copy the database. You can also choose to set the databases to read-only in the
SharePoint Server 2016 environment so that users can continue to access their information, but not change it.
Before you attach and upgrade the content databases, review the following information and take any
recommended actions.
Make sure that the account that you use to attach the databases is a member of the db_owner fixed
database role for the content databases that you want to upgrade.
Make sure that the account that you use to create web applications is a member of the Farm
administrators group in the SharePoint Central Administration website.
Figure: The sequence of upgrade stages
This article helps you to understand the upgrade sequence so that you can plan an upgrade project. To get
detailed steps for an upgrade, see Overview of the upgrade process to SharePoint Server 2019 and Upgrade site
collections to SharePoint Server 2019.
Create the SharePoint Server 2019 farm
The first stage in the upgrade process creates the new SharePoint Server 2019 farm:
1. A server farm administrator installs SharePoint Server 2019 to a new farm. The administrator configures
farm settings and tests the environment.
2. A server farm administrator sets the SharePoint Server 2016 farm to read-only so that users can continue
to access the old farm while upgrade is in progress on the new farm.
Figure: Create new farm, set old farm to read-only
4. A server farm administrator then attaches the content databases to the new farm and upgrades the
content databases for those web applications.
Figure: Upgrade the databases by using Microsoft PowerShell
5. A server farm administrator confirms that the upgrade is successful.
IMPORTANT
This section applies to SharePoint Server 2019 only.
A server farm administrator upgrades the My Site host and then individual users can upgrade their My Sites or
the farm administrator can upgrade them by using PowerShell. The following illustration shows four stages for
the My Site host and My Sites during the upgrade process.
Figure: Stages in upgrading My Sites
1. The My Site host has not been upgraded. My Sites cannot be upgraded yet.
2. A server farm administrator has upgraded the My Site host. No My Sites have been upgraded.
3. Some users have upgraded their My Sites.
4. All My Sites have been upgraded.
NOTE
A server farm administrator can choose to force an upgrade of My Sites without waiting for users to upgrade them. For
details and steps, read Upgrade site collections to SharePoint Server 2019.
NOTE
A server farm administrator can also force specific site collections to be upgraded without waiting for the site owners to
upgrade them. For details and steps, read Upgrade site collections to SharePoint Server 2019.
Services upgrade overview for SharePoint Server
2019
6/7/2019 • 4 minutes to read • Edit Online
NOTE
Word Automation Services and Machine Translation Services can't be upgraded. A new service instance needs to be created.
Attaching and upgrading these databases configures these service applications. Settings for other services will
have to be reconfigured when you upgrade.
Search Search_Service_Application_DB_<GUID>
Search_Service_Application_AnalyticsReportingStoreDB_<GUI
D>
User Profile: Profile and Social databases User Profile Service Application_ProfileDB_<GUID>
User Profile Service Application_SocialDB_<GUID>
User Profile Service Application_SyncDB_<GUID>
The steps to upgrade these service application databases are included in Upgrade service applications to
SharePoint Server 2019.
See also
Concepts
Overview of the upgrade process to SharePoint Server 2019
Upgrade content databases to SharePoint Server 2019
Upgrade databases from SharePoint 2016 to
SharePoint Server 2019
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Create the SharePoint Server 2019 farm for a database attach Create and configure a SharePoint Server 2019 farm so that
upgrade you can upgrade databases from SharePoint Server 2016.
Copy databases to the new farm for upgrade to SharePoint Copy SharePoint Server 2016 content and service databases
Server 2019 to a SharePoint Server 2016 farm so that you can upgrade
the data to SharePoint Server 2019.
Upgrade service applications to SharePoint Server 2019 Upgrade service applications (Business Connectivity Services,
Managed Metadata, Secure Store, User Profiles, Search) to
SharePoint Server 2019.
Upgrade content databases to SharePoint Server 2019 Learn how to upgrade content databases from SharePoint
Server 2016 to SharePoint Server 2019.
Verify database upgrades in SharePoint Server 2019 Verify that the upgrade for your databases has succeeded and
that you are ready to begin to upgrade sites.
Create the SharePoint Server 2019 farm for a
database attach upgrade
6/7/2019 • 5 minutes to read • Edit Online
Before you start to upgrade, you must collect information and settings about your existing environment. You have
to know what is in your SharePoint Server 2016 environment before you can start to build your SharePoint
Server 2019 environment. Gather information such as the following:
Alternate access mappings
Authentication providers and authentication modes that are being used
Quota templates
Managed paths
Self-service site management settings
Incoming and outgoing e-mail settings
Customizations
You also have to turn off or remove services or components in the SharePoint Server 2016 environment that
could cause errors in the upgrade process. The following services or components should be removed or stopped
before you back up your databases:
PowerPoint Broadcast Sites Office Online Server has changed into a separate server product which can
serve multiple SharePoint farms for viewing and editing documents. Because of this change, PowerPoint
Broadcast sites cannot be upgraded to SharePoint Server 2019.
NOTE
For more information about how to install available language packs, see Install or uninstall language packs for
SharePoint Server 2016.
4. Run the SharePoint Products Configuration Wizard to configure your server or servers.
IMPORTANT
Some service applications can be upgraded by using a service application database upgrade. If you want to upgrade
these service applications by upgrading the service application databases, do not use the Farm Configuration Wizard
to configure these service applications when you set up your new farm.
For step-by-step instructions for these tasks, see Install SharePoint Server 2019.
IMPORTANT
If you had disabled the Workflow Auto Cleanup timer job in your SharePoint Server 2016 environment, make sure that you
disable this timer job in your new environment also. If this timer job is enabled in the new environment and disabled in the
SharePoint Server 2016 environment, you might lose workflow associations when you upgrade. .
In a standard installation, the next step would be to create web applications. However, for upgrade, you create web
applications later in the process, after you upgrade the service application databases. For more information, see
Create web applications.
NOTE
Don't set search databases to read-only at this point. It's best not to interrupt the search experience until you're ready to
upgrade the Search service applications. You will handle these databases when you upgrade service applications (the fourth
phase in the process to upgrade SharePoint Server 2016 data and sites to SharePoint Server 2019).
IMPORTANT
Perform this step in the SharePoint Server 2016 environment.
You do not have to back up the configuration or admin content databases, because you recreated these databases
when you set up the SharePoint Server 2019 server farm. Upgrading the configuration or admin content
databases and the Central Administration site collection is not supported.
After you complete this procedure, you will have created backups of the read-only content databases.
IMPORTANT
Perform this step in the SharePoint Server 2016 environment.
IMPORTANT
Be sure to keep a copy of your original backups in reserve, just in case upgrade fails and you have to troubleshoot and try
again. > Perform this step in the SharePoint Server 2016 environment.
TIP
When you type the name for the restored database, you do not have to use the original name. If you want to
change the database name from a name with a long GUID to a shorter, friendlier name, this is an opportunity to
make that change. Be sure to also change the database and log file names in the file system (the MDF and LDF files)
so that they match.
5. In the To a point in time text box, keep the default (Most recent possible).
6. To specify the source and location of the backup sets to restore, click From device, and then use the ellipsis
( ...) to select the backup file.
7. In the Specify Backup dialog box, in the Backup media box, be sure that File is selected.
8. In the Backup location area, click Add.
9. In the Locate Backup File dialog box, select the file that you want to restore, click OK, and then, in the
Specify Backup dialog box, click OK.
10. In the Restore Database dialog box, under Select the backup sets to restore grid, select the Restore
check box next to the most recent full backup.
11. In the Restore Database dialog box, on the Options page, under Restore options, select the Overwrite
the existing database check box.
12. Click OK to start the restore process.
See also
Concepts
Create the SharePoint Server 2019 farm for a database attach upgrade
Upgrade service applications to SharePoint Server 2019
Upgrade content databases to SharePoint Server 2019
Upgrade service applications to SharePoint Server
2019
7/15/2019 • 30 minutes to read • Edit Online
TIP
Throughout this article, variables (such as $applicationPool, $sss, $upa, and so on) are used in the PowerShell cmdlets to
save time and effort. You do not have to use these variables if you would prefer not to. However, if you do not use these
variables, you must use IDs for the service applications and service application proxies when you specify the Identity
parameters. Each procedure has information about the variables used, or the alternate cmdlets to use to look up any IDs
that are required. > Also, many procedures in this article include a step to set the $applicationPool variable. If you are
performing all of these procedures in the same session of PowerShell, and you want to use the same application pool for all
service applications, you do not have to repeat this step in each procedure. Instead, you can set this variable once at the
beginning and use it throughout the procedures in this article.
NOTE
Word Automation Services and Machine Translation Services can't be upgraded. A new service instance will need to be
created.
IMPORTANT
The following steps only apply to the Custom server role type. For more information on server role types, see Planning for
a MinRole server deployment in SharePoint Server 2016 and SharePoint Server 2019
TIP
When using MinRoles, Start may not be available as it is managed by the farm. When the associated Service Application
has been created, it automatically starts the Service Instance.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
$SearchInst = Get-SPEnterpriseSearchServiceInstance
# Stores the identity for the Search service instance on this server as a variable
Start-SPServiceInstance $SearchInst
# Starts the service instance
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications. This is the default service application pool. You can specify a different service application pool.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the Secure Store service application, at the PowerShell command prompt, type the following
command:
$sss = New-SPSecureStoreServiceApplication -Name 'Secure Store' -ApplicationPool $applicationPool -
DatabaseName 'SecureStore_Upgrade_DB' -AuditingEnabled
Where:
SecureStore is the name that you want to give the new Secure Store service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
SecureStore_Upgrade_DB is the name of the service application database that you want to upgrade.
This command sets a variable, $sss, that you use when you create the proxy later.
For more information, see New -SPSecureStoreApplication.
5. Type the following command to create a proxy for the Secure Store service application:
Where:
ProxyName is the proxy name that you want to use.
$sss is the variable that you set earlier to identify the new Secure Store service application.
TIP
If you do not use the variable $sss, then you must use an ID to identify the Secure Store service application instead
of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of all service
application IDs.
DefaultProxyGroup adds the Secure Store service application proxy to the default proxy group for the
local farm.
This command sets a variable, $sssp, for the service application proxy that you use when you restore the
passphrase.
For more information, see New -SPSecureStoreServiceApplicationProxy.
After you create the Secure Store service application and the proxy, you have to refresh the encryption key. For
information about how to refresh the encryption key, see Refresh the Secure Store encryption key.
6. Type the following command to restore the passphrase for the Secure Store service application:
Where:
<Passphrase> is the Passphrase for the Secure Store service application from your previous environment.
$sssp is a variable that you set earlier to identify the new Secure Store service application proxy.
TIP
If you do not use the variable $sssp, then you must use an ID to identify the Secure Store service application proxy
instead of a name. To find the ID, you can run the Get-SPServiceApplicationProxy cmdlet to return a list of all
service application proxy IDs.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the Business Data Connectivity service application, at the Microsoft PowerShell command prompt,
type the following command:
New-SPBusinessDataCatalogServiceApplication -Name 'BDC Service' -ApplicationPool $applicationPool -
DatabaseName 'BDC_Service_DB'
Where:
BDC Service is the name that you want to give the new Business Data Connectivity service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
BDC_Service_DB is name of the service application database that you want to upgrade.
For more information, see New -SPBusinessDataCatalogServiceApplication.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the Managed Metadata service application, at the PowerShell command prompt, type the
following command:
Where:
Managed Metadata Service Application is the name that you want to give the new Managed Metadata
service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
Managed Metadata Service_DB is name of the service application database that you want to upgrade.
This command sets a variable, $mms, that you use when you create the proxy later.
For more information, see New -SPMetadataServiceApplication.
5. At the PowerShell command prompt, type the following command to create a proxy for the Managed
Metadata service application:
Where:
ProxyName is the proxy name that you want to use.
$mms is the variable that you set earlier to identify the new Managed Metadata service application.
TIP
If you do not use the variable $mms, then you must use an ID to identify the Managed Metadata service
application proxy instead of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a
list of all service application IDs.
DefaultProxyGroup adds the Managed Metadata service application proxy to the default proxy group for
the local farm.
For more information, see New -SPMetadataServiceApplicationProxy.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the PerformancePoint Services service application, at the PowerShell command prompt, type the
following command:
Where:
PerformancePoint Service is the name that you want to give the new PerformancePoint Services service
application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
Where:
ProxyName is the proxy name that you want to use.
$pps is the variable that you set earlier to identify the new PerformancePoint Services service application.
TIP
If you do not use the variable $pps, then you must use an ID to identify the PerformancePoint Services service
application instead of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of
all service application IDs.
Default adds the PerformancePoint Services service application proxy to the default proxy group for the
local farm.
For more information, see New -SPPerformancePointServiceApplicationProxy.
IMPORTANT
Perform these steps in the SharePoint Server 2016 environment.
IMPORTANT
Perform the next steps in the SharePoint Server 2019 environment.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new
service applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow.
If you have multiple application pools and have to use a different application pool for a particular service
application, repeat this step in the procedure to create each service application to use the appropriate
application pool.
5. To restore the User Profile service application and upgrade the Profile and Social databases, at the
Microsoft PowerShell command prompt, type the following command:
New-SPProfileServiceApplication -Name '<UserProfileApplicationName>' -ApplicationPool $applicationPool
-ProfileDBName '<ProfileDBName>' -SocialDBName '<SocialDBName>' -ProfileSyncDBName '<SyncDBName>'
Where:
UserProfileApplicationName is the name of the User Profile service application.
$applicationpool is the variable that you set to identify the service application pool to use.
Note: If you do not use the variable $applicationPool, then you must specify the name of an
existing service application pool in the format 'Application Pool Name'. To view a list of service
application pools, you can run the Get-SPServiceApplicationPool cmdlet.
ProfileDBName is the name of the Profile database that you want to upgrade.
SocialDBName is the name of the Social database that you want to upgrade.
SyncDBName is the name of the new Synchronization database.
6. Create the User Profile service application proxy and add it to the default proxy group by completing these
actions:
Type the following command to get the ID for the Search service application and store it as a
variable:
Where:
ProxyName is the proxy name that you want to use.
$sa is the variable that you set earlier to identify the new User Profile service application.
Tip: If you do not use the variable $sa, then you must use an ID to identify the User Profile
service application instead of a name. To find the ID, you can run the Get-
SPServiceApplication cmdlet to return a list of all service application IDs.
For more information, see New -SPProfileServiceApplicationProxy.
Type the following command to get the Search service application proxy ID for the proxy you just
created and set it as the variable $ssap:
Where:
$proxy is the variable that you set earlier to identify the ID for the proxy you just created for
the User Profile service application.
Tip: If you do not use the variable $proxy, then you must use an ID to identify the User
Profile service application proxy instead of a name. To find the ID, you can run the Get-
SPServiceApplicationProxy cmdlet to return a list of all service application proxy IDs.
You use an empty Identity parameter ("") to add it to the default group.
For more information, see Add-SPServiceApplicationProxyGroupMember.
NOTE
During this upgrade, search doesn't crawl content in your SharePoint Server 2016. If freshness of search results is
important, save time by familiarizing yourself with these steps before starting the upgrade.
IMPORTANT
Because the search topology in the SharePoint Server 2019 farm is new, the index is empty. You have to perform a full crawl
of the entire indexed corpus after you have upgraded all content sources (the fourth phase in the process to upgrade
SharePoint Server 2016 data and sites to SharePoint Server 2019).
IMPORTANT
Perform these steps in the SharePoint Server 2016 environment.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to
request permissions. For additional information about PowerShell permissions, see Add-
SPShellAdmin.
Where:
SearchServiceApplicationName is the name of the Search service application you want to pause.
NOTE
While the Search service application is paused, the index in the SharePoint Server 2016 environment isn't
updated. This means that during the upgrade to SharePoint Server 2019, search results might be less fresh.
Set the Search Administration database to read-only. In the second phase of the process to upgrade
SharePoint Server 2016 data and sites to SharePoint Server 2019, you set all the other databases to
read-only. Follow the same instructions now for the Search Administration database.
Copy the search administration database in the SharePoint Server 2016 farm to the SharePoint
Server 2019 farm, follow the procedures in Copy databases to the new farm for upgrade to
SharePoint Server 2019 for the search administration database only.
IMPORTANT
Perform the next steps in the SharePoint Server 2019 environment.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new
service applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow.
If you have multiple application pools and have to use a different application pool for a particular service
application, repeat this step in the procedure to create each service application to use the appropriate
application pool.
5. To restore the Search service application and upgrade the Search Administration database, at the
PowerShell command prompt, type the following command:
Where:
SearchServiceApplicationName is the name of the Search service application.
$applicationpool is the variable that you set to identify the service application pool to use.
Note: If you do not use the variable $applicationPool, then you must specify the name of an
existing service application pool in the format ' Application Pool Name'. To view a list of service
application pools, you can run the Get-SPServiceApplicationPool cmdlet.
SearchServiceApplicationDBName is the name of the search administration database that you want
to upgrade, and that this Search service application shall use.
$searchInst is the variable that you set to identify the new Search Service application instance.
Note: A Search service application upgrade might fail, for example due to network or SQL Server latency.
If an error message appears during the upgrade, do the following:
Delete the Search Administration database that you were trying to upgrade.
Using the backup copy that you made of the Search Administration database, repeat the following
procedures in this article for the Search service application only:
Restore a backup copy of the database
Set the databases to read-write
Type the command to upgrade the Search service application again at the PowerShell command
prompt.
For more information, see Restore-SPEnterpriseSearchServiceApplication.
6. Create the Search service application proxy and add it to the default proxy group by completing these
actions:
Type the following command to get the ID for the Search service application and store it as a
variable:
$ssa = Get-SPEnterpriseSearchServiceApplication
Where:
ProxyName is the proxy name that you want to use.
$ssa is the variable that you set earlier to identify the new Search service application.
Tip: If you do not use the variable $ssa, then you must use an ID to identify the Search
service application instead of a name. To find the ID, you can run the Get-
SPServiceApplication cmdlet to return a list of all service application IDs.
For more information, see New -SPEnterpriseSearchServiceApplicationProxy.
Type the following command to get the Search service application proxy ID for the proxy you just
created and set it as the variable $ssap:
$ssap = Get-SPEnterpriseSearchServiceApplicationProxy
Where:
SearchServiceApplicationName is the name of the Search service application you want to resume.
Verify that all of the new proxies are in the default proxy group
Use the following procedure to verify that the steps to create the proxies and add them to the default proxy group
worked.
To verify that all of the new proxies are in the default proxy group by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
2016 cmdlets.
Note: If you do not have permissions, contact your Setup administrator or SQL Server administrator to
request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
2. Start the SharePoint 2019 Management Shell.
3. At the PowerShell command prompt, type the following commands:
Where:
$pg is a variable you set to represent the default proxy group.
You use an empty Identity parameter ("") to specify the default proxy group.
This returns a list of all proxies in the default proxy group, their display names, type names, and IDs.
For more information, see Get-SPServiceApplicationProxyGroup.
Now that the service applications are upgraded, you can start the process to upgrade the content databases. The
first step in that process is to create the web applications that are needed for each content database.
See also
Concepts
Create the SharePoint Server 2019 farm for a database attach upgrade
Copy databases to the new farm for upgrade to SharePoint Server 2019
Upgrade content databases to SharePoint Server 2019
Services upgrade overview for SharePoint Server 2019
Upgrade content databases to SharePoint Server
2019
6/7/2019 • 12 minutes to read • Edit Online
Reapply customizations
One frequent cause of failures during upgrade is that the new environment does not have customized features,
solutions, or other elements. Make sure that all custom elements from the SharePoint Server 2016 environment
are installed on your front-end web servers before you upgrade any content databases.
In this step, you manually transfer all customizations to your new farm. Make sure to install any components that
your sites depend on to work correctly, such as the following:
Custom site definitions
Custom style sheets, such as cascading style sheets, and images
Custom Web Parts
Custom Web services
Custom features and solutions
Custom assemblies
Web.config changes (such as security)
Ensure that you transfer all unique settings from the Web.config files for each web application to the new
servers.
Administrator-approved form templates (.xsn files) and data connection files (.udcx files) for InfoPath.
Any other components or files on which your sites depend.
The installation for SharePoint Server 2019 continues to use 16 as its major version number including in the file
system paths.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
TIP
Each site collection in a content database has a GUID that is registered in the configuration database and associated with
the site collection. Therefore, you cannot add the same site collection two times to the farm, even in separate web
applications. Although you can successfully attach the database in this situation, you will be unable to browse to the site
collection. > If you must have a copy of a site collection in the same farm, first attach the database that contains the site
collection to a separate farm, and then use the Backup-SPSite and Restore-SPSite PowerShell cmdlets to copy the site
collection to the other farm. The backup and restore process creates a new GUID for the site collection. For more
information about these cmdlets, see Backup-SPSite and Restore-SPSite.
For My Sites, attach the content database that contains the My Site host before attaching databases that contain
the My Sites.
By default, when you created the web applications in the new SharePoint Server 2019 environment, a content
database was created for each web application. You can ignore these default databases until after you have
attached your SharePoint Server 2016 databases, and then you can delete the default databases.
IMPORTANT
If you are moving the content databases across domains or forests or to another environment that has different service
accounts, make sure that the permissions for the service accounts are still correct before you attach the databases.
NOTE
One frequent cause of failures during upgrade is that the environment is missing customized features, solutions, or other
elements. Be sure that all custom elements from the SharePoint Server 2016 environment are installed on your servers in
the SharePoint Server 2019 environment before you start the upgrade process. Use the Test-SPContentDatabase cmdlet
to identify custom elements that your sites might be missing.
Ensure that the account that you use to attach the databases is a member of the db_owner fixed database
role for the content databases that you want to upgrade.
Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
2019 cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
NOTE
The format of the upgrade log for SharePoint Server 2016 is based on the same structure as ULS. > The upgrade
log file includes the name of the content database being upgraded.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
This cmdlet returns a table-style list of databases in your farm and indicates whether the database needs an
upgrade to SharePoint Server 2019.
Attach the remaining databases
After you restore the first content database and verify success, you can continue to restore and upgrade other
databases. You can perform parallel database attach upgrades to upgrade more than one database at a time. Use
separate Microsoft PowerShell command prompt to run multiple upgrades. It is recommended that you separate
the start time for each new database upgrade session by several minutes to prevent issues with temporary locks
set for the web application during attachment. Otherwise you might receive an error on the upgrade session. The
wait time to clear temporary locks varies depending on the number of site collections, or the speed of the
database server hardware.
Next steps
After you upgrade the databases, you might want to perform additional steps to make sure that your farm is
ready for use. For example:
Migrate user accounts to claims authentication, if it is necessary.
By default, new web applications in SharePoint Server 2019 use claims authentication. If you were using
classic authentication in the previous environment, you must migrate the users to claims authentication.
Update links that are used in any upgraded InfoPath form templates.
For a database-attach upgrade, you exported and imported all InfoPath form templates in your
environment when you created the new environment. After upgrade, you can now update the links that
are used in those upgraded form templates to point to the correct URLs by using a Microsoft PowerShell
cmdlet.
InfoPath is available in SharePoint Server only.
Perform a full crawl
For more information, see Start, pause, resume, or stop a crawl in SharePoint Server.
Back up your farm
For more information, see Back up farms in SharePoint Server.
NOTE
There is no concept of "site collection compatibility modes" in SharePoint Server 2019. You must be running the latest
version at all times.
NOTE
This is the default behavior and recommended method to upgrade databases.
IMPORTANT
If you want to delay the sites upgrade, use the SkipSiteUpgrade parameter of the Mount-SPContentDatabase cmdlet. >
When the parameter is provided, the site collection is upgraded when first browsed.
On-browse upgrade - You do not need to know whether the site collection has pending upgrade, SharePoint
decides it for you during the upgrade process. Once the site is browsed, SharePoint checks if the site needs to be
upgraded, if so, the site will be put in a queue and a timer job will pick it up for upgrade.
Farm administrators can use PowerShell to upgrade a site collection.
Manually trigger site upgrade - You can use the Upgrade-SPSite cmdlet to manually upgrade the site
collections.
NOTE
This is a legacy option to upgrade a site collection.
This option is ideal for databases with large number of sites and for customers who use only a subset of all their
sites.
NOTE
You can retrieve the log files by using PowerShell . > From a PowerShell command prompt type the following
syntax: Get-SPSiteUpgradeSessionInfo -Site <siteUrl> OR $site.UpgradeInfo
For farm administrators: The site collection upgrade log file and the upgrade error log file are located at
%COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\16\LOGS. The logs are named
in the following format: SiteUpgrade- YYYYMMDD -HHMMSS -SSS.log, where YYYYMMDD is the date
and HHMMSS -SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds). These
file system logs have more information if you want details about issues.
For additional information on how to troubleshoot error messages, see Troubleshoot site collection
upgrade issues in SharePoint Server 2019.
Use the following checklists to review your upgraded sites and look for issues for either trial upgrades or
upgrades in a production environment.
TIP
Most of the issues in this section can be resolved by correcting the links to an item.
Are all the images on your pages displayed correctly? Verify or fix the links to the images.
Are the appropriate cascading style sheet colors and styles Verify or fix the links to the cascading style sheet file. Verify
used in the appropriate locations? the link on the master page.
Theme choices are different in SharePoint 2019 - which Your site's home page, or other pages on your site, may look
theme do you want to use? different after the site is upgraded. You may have to re-create
or revise a theme and reapply it.
Do you have any JavaScript controls that are not working? Verify or fix the links to the controls.
Are your pages displayed correctly in the browser? Verify that any HTML on the page is in strict XHTML mode.
Are any script errors displayed on any pages? Verify the scripts and links, and verify that any HTML is in
strict XHTML mode.
See also
Concepts
Overview of the upgrade process to SharePoint Server 2019
Upgrade My Sites to SharePoint Server 2019
6/7/2019 • 5 minutes to read • Edit Online
My Sites are personal site collections that end users can use to store their documents, connect with other users,
and follow and discover content. Upgrading My Sites differs from upgrading other site collections because My
Sites consist of both the shared My Site Host site collection (also known as the My Site Host) and the My Site
personal site collection (also known as the personal site collection).
My Site Host. The My Site Host is a special site collection shared among all My Site users. The My Site
Host is used to show the profile (person.aspx) and newsfeed pages (default.aspx) on the My Site. The My
Site Host is also used for storing the user profile photos.
Personal site collection. In SharePoint Server 2019, the personal site collection is used to store a user's
documents. In SharePoint Server 2019, the personal site collection contains OneDrive for Business, followed
content, and so on.
IMPORTANT
This list highlights some important things to consider when you perform an upgrade of My Sites. For a detailed discussion on
upgrades, see Get started with upgrades to SharePoint Server 2019
Upgrade My Sites
The following list summarizes some of the upgrade activities for a My Site upgrade only. For more information
about upgrades, see Upgrade to SharePoint Server 2019
IMPORTANT
Once you upgrade your My Site Host and personal site collections, you cannot undo the upgrade. > Some of the items in the
following list require additional steps to be performed. These additional steps are discussed in the sections that follow this
procedure. It is recommended when upgrading the entire server farm, that you also upgrade My Sites.
1. Install and configure a new SharePoint Server 2019 farm. For more information, see Create the SharePoint
Server 2016 farm for a database attach upgrade.
2. Copy the SharePoint Server 2016 My Site content database, Social database, Sync database (optional),
Profile database, and Managed Metadata service database to the SQL Server that supports your SharePoint
Server 2019 farm. You will need db_owner permissions to perform this step. For more information, see
Copy databases to the new farm for upgrade to SharePoint Server 2016 and Create the SharePoint Server
2016 farm for a database attach upgrade.
3. Create the new service applications that you need for the SharePoint Server 2019 farm. Do not create the
User Profile Service application and the Managed Metadata service application. You must upgrade
these service applications, which is described in the next step. You must however start the User Profile
Service and Managed Metadata service from Manage Services on Server.
4. Upgrade the Managed Metadata service and User Profile service applications using the database
attach method. For more information, see Upgrade service applications to SharePoint Server 2019. Ensure
the My Site Host URL field on the User Profile Service application is left blank because this field will be
updated during the upgrade process. For more information, see Configure My Site settings for the User
Profile service application
5. Create the web application for the My Sites using the default content database. To ensure the storage
requirements of your users are met, you should review the site quota on the My Sites web application.
6. Install customizations.
7. Run the Test-SPContentDatabase cmdlet to make sure that all customizations and language packs are
installed on the server before upgrading the My Site content databases. This cmdlet must be run against all
My Sites content databases. After running this cmdlet, you'll get a report on your environment. Ensure you
review all items in this report as some reported items may prevent you from moving onto the next step.
8. Run the Mount-SPContentDatabase cmdlet. Note: this does not upgrade any of the personal site
collections at this point. After this step is complete, the My Sites will still be displayed as SharePoint Server
2013 My Sites.
9. Check the configuration of the self-service site creation and managed paths settings on the My Sites web
application to ensure the correct configuration settings are applied to the web application.
10. Verify that the My Site Host URL field on the User Profile Service application has the correct URL users
should use to access the My Sites web application. For more information, see Configure My Site settings for
the User Profile service application.
11. Upgrade the My Site Host from a SharePoint Server 2016 My Site host to a SharePoint Server 2019 My
Site Host (discussed in the section titled Upgrade the My Site Host site collection).
12. Upgrade the personal site collections (discussed in the section titled Upgrade the personal site collection).
Cau t i on
During the upgrade process, users will see some visual changes occurring on their My Sites until the upgrade
process is complete. You should inform your users and helpdesk administrators that this experience is expected.
IMPORTANT
Once you upgrade your My Sites to SharePoint Server 2019 My Sites, you cannot revert to SharePoint Server 2016 My Sites.
NOTE
The upgrade of the personal site collection is not an instant process. The My Site is added to an upgrade queue. When the
upgrade starts, the My Site remains available to use during the upgrade process. Users can work on their documents
throughout the upgrade process. The My Site Host and personal site collection will display mixed user interface modes until
the upgrade is complete.
Other Resources
Upgrade a site collection
Update-SPProfilePhotoStore
Upgrade to SharePoint Server 2016
6/7/2019 • 2 minutes to read • Edit Online
The following articles provide information about performing an upgrade to SharePoint Server 2016.
CONTENT DESCRIPTION
Get started with upgrades to Find resources about how to start the
SharePoint Server 2016 upgrade process from SharePoint
Server 2013 with Service Pack 1 (SP1)
to SharePoint Server 2016.
Upgrade databases from SharePoint Find resources to help you perform the
2013 to SharePoint Server 2016 steps to upgrade databases from
SharePoint Server 2013 with Service
Pack 1 (SP1) to SharePoint Server 2016.
The first step in any upgrade process is to learn about the process itself so that you can plan and prepare
appropriately. These articles help you understand how the SharePoint upgrade process works. These articles also
include overviews of how to upgrade service applications.
The following downloadable resources, articles, video recordings, and related resources provide information about
understanding the upgrade for SharePoint Server 2016.
CONTENT DESCRIPTION
Services upgrade overview for SharePoint Server 2013 with the March
SharePoint Server 2016 2013 Cumulative Update included
several service applications, some of
which have databases that can be
upgraded when you upgrade to
SharePoint Server 2016. Find out which
service application databases can be
upgraded and what steps you must
take before, during, and after the
upgrade for your service applications.
Best practices for upgrading to Get off to the right start - review these
SharePoint Server 2016 best practices for testing and
performing an upgrade to SharePoint
Server 2016.
Overview of the upgrade process to SharePoint
Server 2016
6/7/2019 • 6 minutes to read • Edit Online
To upgrade from Microsoft SharePoint Server 2013 with the March 2013 Cumulative Update to SharePoint
Server 2016, you use the database-attach method. In the database-attach method, you first create and configure
a SharePoint Server 2016 farm. Then you copy the content and service application databases from the
SharePoint Server 2013 with the March 2013 Cumulative Update farm, and then attach and upgrade the
databases. This upgrades the data to the new version. Site owners can then upgrade individual site collections.
SharePoint Server 2016 supports an upgrade from SharePoint Server 2013 with the March 2013 Cumulative
Update (CU ), version 15.0.4481.1005 or higher.
NOTE
All database must be upgraded to version 15.0.4481.1005 or higher, otherwise upgrade to SharePoint Server 2016 will be
blocked.
[TIP ] As a best practice, we recommend that you apply the latest Cumulative Update to SharePoint 2013
prior to upgrading to SharePoint 2016.
After you've configured a new SharePoint Server 2016 environment, you can copy the content and service
application databases from the SharePoint Server 2013 with the March 2013 Cumulative Update environment to
the SharePoint Server 2016 environment. You use a backup and restore process to copy the database. You can
also choose to set the databases to read-only in the SharePoint Server 2013 with the March 2013 Cumulative
Update environment so that users can continue to access their information, but not change it.
NOTE
SharePoint Server 2016 does not support SharePoint 2010 mode (that is, compatibility level 14) site collections. Any site
collection that is in this mode will block the attachment of that content database to the SharePoint Server 2016 farm. You
must upgrade all SharePoint 2010 mode sites to 2013 mode (that is, compatibility level 15) on the existing 2013 farm
before you mount the database on the new SharePoint 2016 farm. For additional information about site creation modes,
see the Control the compatibility range for site creation modes of Manage site collection upgrades to SharePoint
Server 2016.
You can run the Microsoft PowerShell Test-SPContentDatabase cmdlet on a SharePoint Server 2013 with the
March 2013 Cumulative Update content database that isn't attached to the SharePoint Server 2016 farm to
determine what site collections are running in SharePoint 2010 mode. The following Microsoft PowerShell
command sample returns the list of all site collections that are in SharePoint 2010 mode. You would run this
command on the SharePoint Server 2013 with the March 2013 Cumulative Update farm so that you could
upgrade those site collections into 2013 mode before attaching the content databases to a 2016 farm.
If you want to find sites in the SharePoint Server 2013 with the March 2013 Cumulative Update farm that are in
SharePoint 2010 mode but on a per-content database basis, run the following Microsoft PowerShell syntax on
the SharePoint Server 2013 with the March 2013 Cumulative Update farm:
Before you attach and upgrade the content databases, review the following information and take any
recommended actions.
Make sure that the account that you use to attach the databases is a member of the db_owner fixed
database role for the content databases that you want to upgrade.
Make sure that the account that you use to create web applications is a member of the Farm
administrators group in the SharePoint Central Administration website.
Figure: The sequence of upgrade stages
This article helps you understand the upgrade sequence so that you can plan an upgrade project. To get detailed
steps for an upgrade, see Upgrade databases from SharePoint 2013 to SharePoint Server 2016 and Upgrade site
collections to SharePoint Server 2016.
4. A server farm administrator then attaches the content databases to the new farm and upgrades the
content databases for those web applications.
Figure: Upgrade the databases by using Windows PowerShell
5. A server farm administrator confirms that the upgrade is successful.
IMPORTANT
This section applies to SharePoint Server 2016 only.
A server farm administrator upgrades the My Site host and then individual users can upgrade their My Sites or
the farm administrator can upgrade them by using PowerShell. The following illustration shows four stages for
the My Site host and My Sites during the upgrade process.
Figure: Stages in upgrading My Sites
1. The My Site host has not been upgraded. My Sites cannot be upgraded yet.
2. A server farm administrator has upgraded the My Site host. No My Sites have been upgraded.
3. Some users have upgraded their My Sites.
4. All My Sites have been upgraded.
NOTE
A server farm administrator can choose to force an upgrade of My Sites without waiting for users to upgrade them. For
details and steps, read Upgrade site collections to SharePoint Server 2016.
Upgrade other SharePoint Server 2013 with the March 2013 Cumulative Update site collections
For information about how to upgrade a site collection, see Upgrade site collections to SharePoint Server 2016.
NOTE
A server farm administrator can also force specific site collections to be upgraded without waiting for the site owners to
upgrade them. For details and steps, read Upgrade site collections to SharePoint Server 2016.
Services upgrade overview for SharePoint Server
2016
6/7/2019 • 4 minutes to read • Edit Online
The upgrade process for SharePoint Server 2016 uses the database attach upgrade method. When you move your
databases to a new farm and upgrade the content, you must create your services infrastructure in the new farm,
and configure the services appropriately for your new farm and new version. The following service applications
have databases that can be upgraded when you upgrade from SharePoint Server 2013 to SharePoint Server
2016:
Business Data Connectivity service application
Managed Metadata service application
PerformancePoint Services service application
Search service application
Secure Store Service application
User Profile service application
NOTE
Word Automation Services and Machine Translation Services can't be upgraded. A new service instance needs to be created.
Attaching and upgrading these databases configures these service applications. Settings for other services will
have to be reconfigured when you upgrade.
Search Search_Service_Application_DB_<GUID>
Search_Service_Application_AnalyticsReportingStoreDB_<GUI
D>
User Profile: Profile and Social databases User Profile Service Application_ProfileDB_<GUID>
User Profile Service Application_SocialDB_<GUID>
User Profile Service Application_SyncDB_<GUID>
The steps to upgrade these service application databases are included in Upgrade service applications to
SharePoint Server 2016.
See also
Concepts
Overview of the upgrade process to SharePoint Server 2016
Upgrade content databases to SharePoint Server 2016
Best practices for upgrading to SharePoint Server
2016
6/7/2019 • 5 minutes to read • Edit Online
The following articles provide information about upgrading databases to SharePoint Server 2016.
CONTENT DESCRIPTION
Create the SharePoint Server 2016 farm for a database attach Create and configure a SharePoint Server 2016 farm so that
upgrade you can upgrade databases from SharePoint Server 2013 with
Service Pack 1 (SP1).
Copy databases to the new farm for upgrade to SharePoint Copy SharePoint Server 2013 with Service Pack 1 (SP1)
Server 2016 content and service databases to a SharePoint Server 2016
farm so that you can upgrade the data to SharePoint Server
2016.
Upgrade service applications to SharePoint Server 2016 Upgrade service applications (Business Connectivity Services,
Managed Metadata, Secure Store, User Profiles, Search) to
SharePoint Server 2016.
Upgrade content databases to SharePoint Server 2016 Learn how to upgrade content databases from SharePoint
Server 2013 with Service Pack 1 (SP1) to SharePoint Server
2016.
Verify database upgrades in SharePoint Server 2016 Verify that the upgrade for your databases has succeeded and
that you are ready to begin to upgrade sites.
Create the SharePoint Server 2016 farm for a
database attach upgrade
6/7/2019 • 5 minutes to read • Edit Online
When you upgrade from SharePoint Server 2013 to SharePoint Server 2016, you must use a database attach
upgrade, which means that you upgrade only the content for your environment and not the configuration
settings. Before you can upgrade the content, you must configure a new server or server farm by using
SharePoint Server 2016. This article lists the items that you have to configure when you create that new
environment.
Phase 1 of the upgrade process: Create SharePoint Server 2016 farm
For an overview of the whole process, see Overview of the upgrade process to SharePoint Server 2016.
Before you start to upgrade, you must collect information and settings about your existing environment. You have
to know what is in your SharePoint Server 2013 environment before you can start to build your SharePoint
Server 2016 environment. Gather information such as the following:
Alternate access mappings
Authentication providers and authentication modes that are being used
Quota templates
Managed paths
Self-service site management settings
Incoming and outgoing e-mail settings
Customizations
You also have to turn off or remove services or components in the SharePoint Server 2013 with Service Pack 1
(SP1) environment that could cause errors in the upgrade process. The following services or components should
be removed or stopped before you back up your databases:
PowerPoint Broadcast Sites Office Online Server has changed into a separate server product which can
serve multiple SharePoint farms for viewing and editing documents. Because of this change, PowerPoint
Broadcast sites cannot be upgraded to SharePoint Server 2016.
NOTE
For more information about how to install available language packs, see Install or uninstall language packs for
SharePoint Server 2016.
4. Run the SharePoint Products Configuration Wizard to configure your server or servers.
IMPORTANT
Some service applications can be upgraded by using a service application database upgrade. If you want to upgrade
these service applications by upgrading the service application databases, do not use the Farm Configuration
Wizard to configure these service applications when you set up your new farm.
For step-by-step instructions for these tasks, see Install SharePoint Server 2016.
IMPORTANT
If you had disabled the Workflow Auto Cleanup timer job in your SharePoint Server 2013 environment, make sure that you
disable this timer job in your new environment also. If this timer job is enabled in the new environment and disabled in the
SharePoint Server 2013 environment, you might lose workflow associations when you upgrade. .
In a standard installation, the next step would be to create web applications. However, for upgrade, you create
web applications later in the process, after you upgrade the service application databases. For more information,
see Create web applications.
When you upgrade from SharePoint Server 2013 to SharePoint Server 2016, you must use a database attach
upgrade, which means that you upgrade only the content for your environment and not the configuration
settings. After you have configured a new SharePoint Server 2016 environment, you can copy the content and
service application databases from the SharePoint Server 2013 environment to the SharePoint Server 2016
environment. You use a backup and restore process to copy the database, and you can also choose to set the
databases to read-only in the SharePoint Server 2013 environment so that users can continue to access their
information, but not change it. This article contains the steps that you take to copy the databases.
Phase 2 of the upgrade process: Copy databases to the new farm
NOTE
Don't set search databases to read-only at this point. It's best not to interrupt the search experience until you're ready to
upgrade the Search service applications. You will handle these databases when you upgrade service applications (the
fourth phase in the process to upgrade SharePoint Server 2013 data and sites to SharePoint Server 2016).
IMPORTANT
Perform this step in the SharePoint Server 2013 environment.
You do not have to back up the configuration or admin content databases, because you recreated these
databases when you set up the SharePoint Server 2016 server farm. Upgrading the configuration or admin
content databases and the Central Administration site collection is not supported.
After you complete this procedure, you will have created backups of the read-only content databases.
IMPORTANT
Perform this step in the SharePoint Server 2013 environment.
IMPORTANT
Be sure to keep a copy of your original backups in reserve, just in case upgrade fails and you have to troubleshoot and try
again. > Perform this step in the SharePoint Server 2016 environment.
TIP
When you type the name for the restored database, you do not have to use the original name. If you want to
change the database name from a name with a long GUID to a shorter, friendlier name, this is an opportunity to
make that change. Be sure to also change the database and log file names in the file system (the MDF and LDF
files) so that they match.
5. In the To a point in time text box, keep the default (Most recent possible).
6. To specify the source and location of the backup sets to restore, click From device, and then use the
ellipsis ( ...) to select the backup file.
7. In the Specify Backup dialog box, in the Backup media box, be sure that File is selected.
8. In the Backup location area, click Add.
9. In the Locate Backup File dialog box, select the file that you want to restore, click OK, and then, in the
Specify Backup dialog box, click OK.
10. In the Restore Database dialog box, under Select the backup sets to restore grid, select the Restore
check box next to the most recent full backup.
11. In the Restore Database dialog box, on the Options page, under Restore options, select the Overwrite
the existing database check box.
12. Click OK to start the restore process.
See also
Concepts
Create the SharePoint Server 2016 farm for a database attach upgrade
Upgrade service applications to SharePoint Server 2016
Upgrade content databases to SharePoint Server 2016
Upgrade service applications to SharePoint Server
2016
6/7/2019 • 34 minutes to read • Edit Online
When you upgrade from SharePoint Server 2013 with Service Pack 1 (SP1) to SharePoint Server 2016, you must
use a database attach upgrade, which means that you upgrade only the content for your environment and not the
configuration settings. After you have configured the SharePoint Server 2016 environment, and copied the
content and service application databases, you can upgrade the service applications to SharePoint Server 2016.
This article contains the steps that you take to upgrade the service applications.
Phase 3 of the upgrade process: Upgrade service applications
TIP
Throughout this article, variables (such as $applicationPool, $sss, $upa, and so on) are used in the PowerShell cmdlets to
save time and effort. You do not have to use these variables if you would prefer not to. However, if you do not use these
variables, you must use IDs for the service applications and service application proxies when you specify the identity
parameters. Each procedure has information about the variables used, or the alternate cmdlets to use to look up any IDs
that are required. > Also, many procedures in this article include a step to set the $applicationPool variable. If you are
performing all of these procedures in the same session of PowerShell, and you want to use the same application pool for all
service applications, you do not have to repeat this step in each procedure. Instead, you can set this variable once at the
beginning and use it throughout the procedures in this article.
NOTE
For any SPWebURL Managed Property in their SharePoint 2013 Schema they should rename it before they start the
procedure (that is, SPWebURL to SPWebURL1). After you upgrade to SharePoint Server 2016, they SPWebURL1 managed
property name can changed back to the original name (that is, SPWebURL).
NOTE
Word Automation Services and Machine Translation Services can't be upgraded. A new service instance will need to be
created.
IMPORTANT
The following steps outlining starting service instances only apply to the Custom server role type. For more information on
server role types, see Planning for a MinRole server deployment in SharePoint Server 2016.
$SearchInst = Get-SPEnterpriseSearchServiceInstance
# Stores the identity for the Search service instance on this server as a variable
Start-SPServiceInstance $SearchInst
# Starts the service instance
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications. This is the default service application pool. You can specify a different service application pool.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the Secure Store service application, at the Microsoft PowerShell command prompt, type the
following command:
Where:
SecureStore is the name that you want to give the new Secure Store service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
SecureStore_Upgrade_DB is the name of the service application database that you want to upgrade.
This command sets a variable, $sss, that you use when you create the proxy later.
For more information, see New -SPSecureStoreApplication.
5. Type the following command to create a proxy for the Secure Store service application:
Where:
ProxyName is the proxy name that you want to use.
$sss is the variable that you set earlier to identify the new Secure Store service application.
TIP
If you do not use the variable $sss, then you must use an ID to identify the Secure Store service application instead
of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of all service
application IDs.
DefaultProxyGroup adds the Secure Store service application proxy to the default proxy group for the
local farm.
This command sets a variable, $sssp, for the service application proxy that you use when you restore the
passphrase.
For more information, see New -SPSecureStoreServiceApplicationProxy.
After you create the Secure Store service application and the proxy, you have to refresh the encryption key. For
information about how to refresh the encryption key, see Refresh the Secure Store encryption key.
6. Type the following command to restore the passphrase for the Secure Store service application:
Where:
<Passphrase> is the Passphrase for the Secure Store service application from your previous environment.
$sssp is a variable that you set earlier to identify the new Secure Store service application proxy.
TIP
If you do not use the variable $sssp, then you must use an ID to identify the Secure Store service application proxy
instead of a name. To find the ID, you can run the Get-SPServiceApplicationProxy cmdlet to return a list of all
service application proxy IDs.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the Business Data Connectivity service application, at the Microsoft PowerShell command prompt,
type the following command:
Where:
BDC Service is the name that you want to give the new Business Data Connectivity service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
BDC_Service_DB is name of the service application database that you want to upgrade.
For more information, see New -SPBusinessDataCatalogServiceApplication.
Upgrade the Managed Metadata service application
To upgrade the Managed Metadata service application, you create the new service application and upgrade the
database, and then create a proxy and add it to the default proxy group.
To upgrade the Managed Metadata service application by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
2016 cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that
follow. If you have multiple application pools and have to use a different application pool for a particular
service application, repeat this step in the procedure to create each service application to use the
appropriate application pool.
4. To upgrade the Managed Metadata service application, at the Microsoft PowerShell command prompt, type
the following command:
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
Managed Metadata Service_DB is name of the service application database that you want to upgrade.
This command sets a variable, $mms, that you use when you create the proxy later.
For more information, see New -SPMetadataServiceApplication.
5. At the Microsoft PowerShell command prompt, type the following command to create a proxy for the
Managed Metadata service application:
Where:
ProxyName is the proxy name that you want to use.
$mms is the variable that you set earlier to identify the new Managed Metadata service application.
TIP
If you do not use the variable $mms, then you must use an ID to identify the Managed Metadata service
application proxy instead of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a
list of all service application IDs.
DefaultProxyGroup adds the Managed Metadata service application proxy to the default proxy group for
the local farm.
For more information, see New -SPMetadataServiceApplicationProxy.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that
follow. If you have multiple application pools and have to use a different application pool for a particular
service application, repeat this step in the procedure to create each service application to use the
appropriate application pool.
4. To upgrade the PerformancePoint Services service application, at the Microsoft PowerShell command prompt,
type the following command:
Where:
PerformancePoint Service is the name that you want to give the new PerformancePoint Services service
application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
Where:
ProxyName is the proxy name that you want to use.
$pps is the variable that you set earlier to identify the new PerformancePoint Services service application.
TIP
If you do not use the variable $pps, then you must use an ID to identify the PerformancePoint Services service
application instead of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of
all service application IDs.
Default adds the PerformancePoint Services service application proxy to the default proxy group for the
local farm.
For more information, see New -SPPerformancePointServiceApplicationProxy.
NOTE
As SharePoint Server 2016 does not have the User Profile Synchronization Service, you do not copy the Synchronization
database. Instead, a new database will be created with an empty schema.
IMPORTANT
Perform these steps in the SharePoint Server 2013 with Service Pack 1 (SP1) environment.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to
request permissions. For additional information about PowerShell permissions, see Add-
SPShellAdmin.
IMPORTANT
Perform the next steps in the SharePoint Server 2016 environment.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new
service applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
5. To restore the User Profile service application and upgrade the Profile and Social databases, at the
Microsoft PowerShell command prompt, type the following command:
Where:
UserProfileApplicationName is the name of the User Profile service application.
$applicationpool is the variable that you set to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
ProfileDBName is the name of the Profile database that you want to upgrade.
SocialDBName is the name of the Social database that you want to upgrade.
SyncDBName is the name of the new Synchronization database that you want to upgrade.
6. Create the User Profile service application proxy and add it to the default proxy group by completing these
actions:
Type the following command to get the ID for the User Profile service application and store it as a
variable:
Where:
$proxy is the variable that you set earlier to identify the ID for the proxy you just created for
the User Profile service application.
Tip: If you do not use the variable $proxy, then you must use an ID to identify the User
Profile service application proxy instead of a name. To find the ID, you can run the Get-
SPServiceApplicationProxy cmdlet to return a list of all service application proxy IDs.
You use an empty Identity parameter ("") to add it to the default group.
For more information, see Add-SPServiceApplicationProxyGroupMember.
NOTE
During this upgrade, search doesn't crawl content in your SharePoint Server 2013 with Service Pack 1 (SP1). If freshness of
search results is important, save time by familiarizing yourself with these steps before starting the upgrade.
IMPORTANT
Because the search topology in the SharePoint Server 2016 farm is new, the index is empty. You have to perform a full crawl
of the entire indexed corpus after you have upgraded all content sources (the fourth phase in the process to upgrade
SharePoint Server 2013 with Service Pack 1 (SP1) data and sites to SharePoint Server 2016).
NOTE
You copied all other content and service databases in your SharePoint Server 2013 with Service Pack 1 (SP1)
environment in an earlier step of the process for upgrading to SharePoint Server 2016. We recommend copying the
Search Administration database at this later stage because you have to pause the Search service application in your
SharePoint Server 2013 with Service Pack 1 (SP1) environment while copying the Search Administration database.
IMPORTANT
Perform these steps in the SharePoint Server 2013 with Service Pack 1 (SP1) environment.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to
request permissions. For additional information about PowerShell permissions, see Add-
SPShellAdmin.
Where:
SearchServiceApplicationName is the name of the Search service application you want to pause.
NOTE
While the Search service application is paused, the index in the SharePoint Server 2013 with Service Pack 1
(SP1) environment isn't updated. This means that during the upgrade to SharePoint Server 2016, search
results might be less fresh.
Copy the search administration database in the SharePoint Server 2013 with Service Pack 1 (SP1)
farm to the SharePoint Server 2016 farm, follow the procedures in Copy databases to the new farm
for upgrade to SharePoint Server 2016 for the search administration database only.
IMPORTANT
Perform the next steps in the SharePoint Server 2016 environment.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new
service applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow.
If you have multiple application pools and have to use a different application pool for a particular service
application, repeat this step in the procedure to create each service application to use the appropriate
application pool.
5. To restore the Search service application and upgrade the Search Administration database, at the
Microsoft PowerShell command prompt, type the following command:
Where:
SearchServiceApplicationName is the name of the Search service application.
$applicationpool is the variable that you set to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
SearchServiceApplicationDBName is the name of the search administration database that you want
to upgrade, and that this Search service application shall use.
$searchInst is the variable that you set to identify the new Search Service application instance.
Note: A Search service application upgrade might fail, for example due to network or SQL Server latency.
If an error message appears during the upgrade, do the following:
Delete the Search Administration database that you were trying to upgrade.
Using the backup copy that you made of the Search Administration database, repeat the following
procedures in this article for the Search service application only:
Restore a backup copy of the database
Set the databases to read-write
Type the command to upgrade the Search service application again at the Microsoft PowerShell
command prompt.
For more information, see Restore-SPEnterpriseSearchServiceApplication.
6. Create the Search service application proxy and add it to the default proxy group by completing these
actions:
Type the following command to get the ID for the Search service application and store it as a
variable:
$ssa = Get-SPEnterpriseSearchServiceApplication
Where:
ProxyName is the proxy name that you want to use.
$ssa is the variable that you set earlier to identify the new Search service application.
Tip: If you do not use the variable $ssa, then you must use an ID to identify the Search
service application instead of a name. To find the ID, you can run the Get-
SPServiceApplication cmdlet to return a list of all service application IDs.
For more information, see New -SPEnterpriseSearchServiceApplicationProxy.
Type the following command to get the Search service application proxy ID for the proxy you just
created and set it as the variable $ssap:
$ssap = Get-SPEnterpriseSearchServiceApplicationProxy
Where:
$ssap is the variable that you set earlier to identify the ID for the proxy you just created for
the Search service application.
Tip: If you do not use the variable $ssap, then you must use an ID to identify the Search
service application proxy instead of a name. To find the ID, you can run the Get-
SPServiceApplicationProxy cmdlet to return a list of all service application proxy IDs.
You use an empty Identity parameter ("") to add it to the default group.
For more information, see Add-SPServiceApplicationProxyGroupMember.
7. If the SharePoint Server 2013 with Service Pack 1 (SP1) farm uses a Links Database that is partitioned,
partition the Links Database in the SharePoint Server 2016 farm the same way. Learn how in Move-
SPEnterpriseSearchLinksDatabases.
8. (Optional) Preserve search relevance settings from the SharePoint Server 2013 with Service Pack 1 (SP1)
farm. Because the upgraded Search service application has a new, empty index, search analytics data from
the SharePoint Server 2013 with Service Pack 1 (SP1) farm cannot be fully retained. Copy the Analytics
Reporting database from the SharePoint Server 2013 with Service Pack 1 (SP1) farm and attach it to the
new Search service application in the SharePoint Server 2016 farm:
In the SharePoint Server 2013 with Service Pack 1 (SP1) farm, backup the Analytics Reporting
database.
In the SharePoint Server 2016 farm, restore the backed up database to the new database server.
In the SharePoint Server 2016 farm, attach the restored database to the new Search service
application.
9. Verify that the search topology on the new SharePoint Server 2016 farm is alike that of the SharePoint
Server 2013 with Service Pack 1 (SP1) farm. If your requirements for search have changed, now is a good
time to scale out the search topology of the new SharePoint Server 2016 farm.
10. Resume the Search service application in the SharePoint Server 2013 with Service Pack 1 (SP1)
environment.
At the PowerShell command prompt, type the following command:
Where:
SearchServiceApplicationName is the name of the Search service application you want to resume.
Verify that all of the new proxies are in the default proxy group
Use the following procedure to verify that the steps to create the proxies and add them to the default proxy group
worked.
To verify that all of the new proxies are in the default proxy group by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint
Server 2016 cmdlets.
Note: If you do not have permissions, contact your Setup administrator or SQL Server administrator to
request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
2. Start the SharePoint 2016 Management Shell.
For Windows Server 2012 R2:
On the Start screen, click SharePoint 2016 Management Shell.
If SharePoint 2016 Management Shell is not on the Start screen, right-click Computer, click All apps,
and then click SharePoint 2016 Management Shell.
For more information about how to interact with Windows Server 2012 R2, see Common Management
Tasks and Navigation in Windows Server 2012.
3. At the PowerShell command prompt, type the following commands:
$pg = Get-SPServiceApplicationProxyGroup -Identity ""
$pg.Proxies
Where:
$pg is a variable you set to represent the default proxy group.
You use an empty Identity parameter ("") to specify the default proxy group.
This returns a list of all proxies in the default proxy group, their display names, type names, and IDs.
For more information, see Get-SPServiceApplicationProxyGroup.
Now that the service applications are upgraded, you can start the process to upgrade the content databases. The
first step in that process is to create the web applications that are needed for each content database.
See also
Concepts
Create the SharePoint Server 2016 farm for a database attach upgrade
Copy databases to the new farm for upgrade to SharePoint Server 2016
Upgrade content databases to SharePoint Server 2016
Services upgrade overview for SharePoint Server 2016
Other Resources
Checklist for database-attach upgrade (SharePoint 2013)
Upgrade content databases to SharePoint Server
2016
6/7/2019 • 14 minutes to read • Edit Online
When you upgrade from SharePoint Server 2013 with Service Pack 1 (SP1) to SharePoint Server 2016, you
must use a database attach upgrade, which means that you upgrade only the content for your environment and
not the configuration settings. After you have configured the SharePoint Server 2016 environment, copied the
content and service application databases, and upgraded the service applications, you can attach and upgrade
the content databases to SharePoint Server 2016. This article explains the steps you take to attach and upgrade
the content databases to SharePoint Server 2016.
Phase 4 of the upgrade process: Upgrade content databases
Reapply customizations
One frequent cause of failures during upgrade is that the new environment does not have customized features,
solutions, or other elements. Make sure that all custom elements from the SharePoint Server 2013 with Service
Pack 1 (SP1) environment are installed on your front-end web servers before you upgrade any content
databases.
In this step, you manually transfer all customizations to your new farm. Make sure to install any components that
your sites depend on to work correctly, such as the following:
Custom site definitions
Custom style sheets, such as cascading style sheets, and images
Custom Web Parts
Custom Web services
Custom features and solutions
Custom assemblies
Web.config changes (such as security)
Ensure that you transfer all unique settings from the Web.config files for each web application to the new
servers.
Administrator-approved form templates (.xsn files) and data connection files (.udcx files) for InfoPath.
InfoPath is available in SharePoint Server 2010 only.
Any other components or files on which your sites depend.
The installation for SharePoint Server 2016 contains both SharePoint Server 2013 with Service Pack 1 (SP1) and
SharePoint Server 2016 versions of many elements. The directories on the file system are duplicated in both the
15 and 16 paths, for example:
Web Server Extensions/15/TEMPLATE/Features
Web Server Extensions/16/TEMPLATE/Features
There are also two versions of the IIS support directories: _Layouts, _Layouts/16 and _ControlTemplates,
_ControlTemplates/16.
Be sure to install customizations to the correct location in your new farm. For example, additional style sheets for
SharePoint Server 2013 with Service Pack 1 (SP1) should be installed in the /15 path, not the new /16 path so
that site collections that you haven't upgraded can use them. If you want a solution to be available to both paths,
install it two times, and the second time use the CompatibilityLevel parameter when you install it, and it will be
installed to the /16 path. For more information, see Install-SPSolution.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
TIP
Each site collection in a content database has a GUID that is registered in the configuration database and associated with
the site collection. Therefore, you cannot add the same site collection two times to the farm, even in separate web
applications. Although you can successfully attach the database in this situation, you will be unable to browse to the site
collection. > If you must have a copy of a site collection in the same farm, first attach the database that contains the site
collection to a separate farm, and then use the Backup-SPSite and Restore-SPSite PowerShell cmdlets to copy the site
collection to the other farm. The backup and restore process creates a new GUID for the site collection. For more
information about these cmdlets, see Backup-SPSite and Restore-SPSite.
For My Sites, attach the content database that contains the My Site host before attaching databases that contain
the My Sites.
By default, when you created the web applications in the new SharePoint Server 2016 environment, a content
database was created for each web application. You can ignore these default databases until after you have
attached your SharePoint Server 2013 with Service Pack 1 (SP1) databases, and then you can delete the default
databases.
IMPORTANT
If you are moving the content databases across domains or forests or to another environment that has different service
accounts, make sure that the permissions for the service accounts are still correct before you attach the databases.
NOTE
One frequent cause of failures during upgrade is that the environment is missing customized features, solutions, or other
elements. Be sure that all custom elements from the SharePoint Server 2013 with Service Pack 1 (SP1) environment are
installed on your front-end web servers in the SharePoint Server 2016 environment before you start the upgrade process.
Use the Test-SPContentDatabase cmdlet to identify custom elements that your sites might be missing.
NOTE
Using the Mount-SPContentDatabase cmdlet to attach a content database is the recommended behavior and
option for upgrading databases and site collections in SharePoint Server 2016.
Ensure that the account that you use to attach the databases is a member of the db_owner fixed database
role for the content databases that you want to upgrade.
Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
2016 cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
This cmdlet returns a table-style list of databases in your farm and indicates whether the database needs an
upgrade to SharePointAll_2nd_CurrentVer.
Next steps
After you upgrade the databases, you might want to perform additional steps to make sure that your farm is
ready for use. For example:
Migrate user accounts to claims authentication, if it is necessary.
By default, new web applications in SharePoint Server 2016 use claims authentication. If you were using
classic authentication in the previous environment, you must migrate the users to claims authentication.
Update links that are used in any upgraded InfoPath form templates.
For a database-attach upgrade, you exported and imported all InfoPath form templates in your
environment when you created the new environment. After upgrade, you can now update the links that
are used in those upgraded form templates to point to the correct URLs by using a Microsoft PowerShell
cmdlet.
InfoPath is available in SharePoint Server only.
Perform a full crawl
For more information, see Start, pause, resume, or stop a crawl in SharePoint Server.
Back up your farm
For more information, see Back up farms in SharePoint Server.
DESCRIPTION
Upgrade a site collection to SharePoint Server 2016 Site collection administrators can preview a copy of their sites
in SharePoint Server 2016 mode, upgrade their site
collections, and then review them for issues.
Upgrade My Sites to SharePoint Server 2016 Learn how to upgrade My Sites in SharePoint Server 2016.
Upgrade a site collection to SharePoint Server 2016
7/17/2019 • 5 minutes to read • Edit Online
In SharePoint Server 2016 the way site collection upgrades are performed has changed. After a server farm
administrator has upgraded the databases, site collections are automatically upgraded.
NOTE
There is no concept of "site collection compatibility modes" in SharePoint Server 2016. You must be running the latest
version at all times.
NOTE
This is the default behavior and recommended method to upgrade databases.
IMPORTANT
If you want to delay the sites upgrade, use the SkipSiteUpgrade parameter of the Mount-SPContentDatabase cmdlet. >
When the parameter is provided, the site collection is upgraded when first browsed.
On-browse upgrade - You do not need to know whether the site collection has pending upgrade, SharePoint
decides it for you during the upgrade process. Once the site is browsed, SharePoint checks if the site needs to be
upgraded, if so, the site will be put in a queue and a timer job will pick it up for upgrade.
Farm administrators can use PowerShell to upgrade a site collection.
Manually trigger site upgrade - You can use the Upgrade-SPSite cmdlet to manually upgrade the site
collections.
NOTE
This is a legacy option to upgrade a site collection.
This option is ideal for databases with large number of sites and for customers who use only a subset of all their
sites.
Verify that site collection upgrade has succeeded
Site collection administrators can view the Upgrade Status page in Site Settings to verify that upgrade has
succeeded for a site collection.
To view upgrade status in Site Settings
1. Verify that the user account that performs this procedure is a site collection administrator.
2. On the Site Settings page for the site collection, in the Site Collection Administration section, click Site
collection upgrade.
3. On the Site Collection Upgrade page, click Review Site Collection Upgrade Status.
The Upgrade Status page for the site collection is displayed.
Farm administrators can use PowerShell to view site collection upgrade status.
NOTE
You can retrieve the log files by using PowerShell . > From a PowerShell command prompt type the following syntax:
Get-SPSiteUpgradeSessionInfo -Site <siteUrl> OR $site.UpgradeInfo
For farm administrators: The site collection upgrade log file and the upgrade error log file are located at
%COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\16\LOGS. The logs are named
in the following format: SiteUpgrade- YYYYMMDD -HHMMSS -SSS.log, where YYYYMMDD is the date and
HHMMSS -SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds). These file
system logs have more information if you want details about issues.
For additional information on how to troubleshoot error messages, see Troubleshoot site collection
upgrade issues in SharePoint Server 2016.
Use the following checklists to review your upgraded sites and look for issues for either trial upgrades or
upgrades in a production environment.
TIP
Most of the issues in this section can be resolved by correcting the links to an item.
Are all the images on your pages displayed correctly? Verify or fix the links to the images.
Are the appropriate cascading style sheet colors and styles Verify or fix the links to the cascading style sheet file. Verify
used in the appropriate locations? the link on the master page.
Theme choices are different in SharePoint 2016 - which Your site's home page, or other pages on your site, may look
theme do you want to use? different after the site is upgraded. You may have to re-create
or revise a theme and reapply it.
Do you have any JavaScript controls that are not working? Verify or fix the links to the controls.
Are your pages displayed correctly in the browser? Verify that any HTML on the page is in strict XHTML mode.
Are any script errors displayed on any pages? Verify the scripts and links, and verify that any HTML is in
strict XHTML mode.
See also
Concepts
Overview of the upgrade process to SharePoint Server 2016
Upgrade My Sites to SharePoint Server 2016
6/7/2019 • 9 minutes to read • Edit Online
My Sites are personal site collections that end users can use to store their documents, connect with other users,
and follow and discover content. Upgrading My Sites differs from upgrading other site collections because My
Sites consist of both the shared My Site Host site collection (also known as the My Site Host) and the My Site
personal site collection (also known as the personal site collection).
My Site Host. The My Site Host is a special site collection shared among all My Site users. The My Site
Host is used to show the profile (person.aspx) and newsfeed pages (default.aspx) on the My Site. The My
Site Host is also used for storing the user profile photos.
Personal site collection. In SharePoint Server 2013, the personal site collection was used to store a user's
documents. In SharePoint Server 2016, the personal site collection contains OneDrive for Business,
followed content, and so on.
IMPORTANT
This list highlights some important things to consider when you perform an upgrade of My Sites. For a detailed discussion on
upgrades, see Get started with upgrades to SharePoint Server 2016
Upgrade My Sites
The following list summarizes some of the upgrade activities for a My Site upgrade only. For more information
about upgrades, see Upgrade to SharePoint Server 2016
IMPORTANT
Once you upgrade your My Site Host and personal site collections, you cannot undo the upgrade. > Some of the items in
the following list require additional steps to be performed. These additional steps are discussed in the sections that follow this
procedure. It is recommended when upgrading the entire server farm, that you also upgrade My Sites.
1. Install and configure a new SharePoint Server 2016 farm. For more information, see Create the SharePoint
Server 2016 farm for a database attach upgrade.
2. Copy the SharePoint Server 2013 My Site content database, Social database, Sync database (optional),
Profile database, and Managed Metadata service database to the SQL Server that supports your SharePoint
Server 2016 farm. You will need db_owner permissions to perform this step. For more information, see
Copy databases to the new farm for upgrade to SharePoint Server 2016 and Create the SharePoint Server
2016 farm for a database attach upgrade.
3. Create the new service applications that you need for the SharePoint Server 2016 farm. Do not create the
User Profile Service application and the Managed Metadata service application. You must upgrade
these service applications, which is described in the next step. You must however start the User Profile
Service and Managed Metadata service from Manage Services on Server.
4. Upgrade the Managed Metadata service and User Profile service applications using the database
attach method. For more information, see Upgrade service applications to SharePoint Server 2016. Ensure
the My Site Host URL field on the User Profile Service application is left blank because this field will be
updated during the upgrade process. For more information, see Configure My Site settings for the User
Profile service application
5. Create the web application for the My Sites using the default content database. To ensure the storage
requirements of your users are met, you should review the site quota on the My Sites web application.
6. Set the compatibility range settings for site creation on the My Sites web application. Use
MinCompatibilityLevel = 15 and MaxCompatibilityLevel= 15 for your compatibility range settings.
7. Install customizations.
8. Run the Test-SPContentDatabase cmdlet to make sure that all customizations and language packs are
installed on the server before upgrading the My Site content databases. This cmdlet must be run against all
My Sites content databases. After running this cmdlet, you'll get a report on your environment. Ensure you
review all items in this report as some reported items may prevent you from moving onto the next step.
9. Run the Mount-SPContentDatabase cmdlet. Note: this does not upgrade any of the personal site
collections at this point. After this step is complete, the My Sites will still be displayed as SharePoint Server
2013 My Sites.
10. Check the configuration of the self-service site creation and managed paths settings on the My Sites web
application to ensure the correct configuration settings are applied to the web application. For more
information, see Configure My Sites in SharePoint Server.
11. Verify that the My Site Host URL field on the User Profile Service application has the correct URL users
should use to access the My Sites web application. For more information, see Configure My Site settings for
the User Profile service application.
12. Upgrade the My Site Host from a SharePoint Server 2013 My Site host to a SharePoint Server 2016 My
Site Host (discussed in the section titled Upgrade the My Site Host site collection).
13. Upgrade the personal site collections (discussed in the section titled Upgrade the personal site collection).
Cau t i on
During the upgrade process, users will see some visual changes occurring on their My Sites until the upgrade
process is complete. You should inform your users and helpdesk administrators that this experience is expected.
Where:
http://MySiteHostURL is the URL of the My Site Host.
IMPORTANT
Once you upgrade your My Sites to SharePoint Server 2016 My Sites, you cannot revert to SharePoint Server 2013 My Sites.
Get-SPSite -limit all |where {$_.CompatibilityLevel -eq '14'} | where {$_.RootWeb.WebTemplateId -eq 21}
| upgrade-spsite -versionupgrade
IMPORTANT
Before performing a forced upgrade, you should confirm that the My Site Host was upgraded successfully. You can
verify this by either making sure that the My Site Host has the SharePoint Server 2016 user interface, or by
inspecting the ULS logs to make sure that no errors were encountered during the upgrade process.
Cau t i on
Using the forced upgrade approach may take lots of time to complete depending on the number of My
Sites you are upgrading. This will affect your server farm's performance and the farm will be in read-only
mode during the complete upgrade process.
Deferred site collection upgrade. The deferred site collection upgrade process uses the compatibility
range settings to allow administrators to upgrade their databases and keep their site collections in
SharePoint Server 2010 mode. When the compatibility range settings allow both 2010 user interface mode
and 2013 user interface mode (MinCompatibilityLevel = 14 and MaxCompatibilityLevel= 15), the owner of
the My Site will see a red banner at the top of their My Site. From the banner, they can request an
evaluation site collection of their My Site to preview before upgrading to the SharePoint Server 2013 user
interface. The evaluation site cannot be converted to a regular My Site because it is a temporary site which
will eventually be deleted. The deferred site collection upgrade path is performed per user.
Cau t i on
Using the deferred site collection upgrade may result in the mixed user interface mode issue. Be sure to
stage and test your upgrade carefully before you do this in production. When you encounter the mixed user
interface mode on your My Sites, new users who do not have a My Site cannot create new My Sites.
NOTE
The upgrade of the personal site collection is not an instant process. The My Site is added to an upgrade queue. When the
upgrade starts, the My Site remains available to use during the upgrade process. Users can work on their documents
throughout the upgrade process. The My Site Host and personal site collection will display mixed user interface modes until
the upgrade is complete.
See also
Other Resources
Upgrade a site collection
Update-SPProfilePhotoStore
Video: Cleanup of databases after upgrade
procedure
6/7/2019 • 2 minutes to read • Edit Online
Listen to two Microsoft Field Engineers as they talk about best practices on how to cleanup databases after an
upgrade procedure.
Microsoft periodically releases software updates for SharePoint Server 2016 and 2019. The following articles
provide information about the software update process for SharePoint Server 2016 and 2019.
Articles about software updates for SharePoint Server 2016 and 2019
CONTENT DESCRIPTION
Software updates overview for SharePoint Server 2016 Provides an overview of the software update process for
SharePoint Server 2016.
Install a software update for SharePoint Server 2016 Learn how to install a software update on servers in a
SharePoint farm.
Video demo of Zero Downtime Patching in SharePoint Server Learn how to patch a software update on servers in a
2016 SharePoint farm.
SharePoint Server 2016 zero downtime patching steps Learn the steps to patch a software update on servers in a
SharePoint farm.
Video: How to enable Remote Windows PowerShell to use Learn how to enable remote Powershell to use with servers in
with SharePoint Server a SharePoint farm.
NOTE
The articles above reference SharePoint Server 2016 but the same process is applicable to SharePoint Server 2019.
Software updates overview for SharePoint Server
2016 and 2019
7/31/2019 • 14 minutes to read • Edit Online
Administrators update SharePoint Server 2016 or SharePoint Server 2019 to deploy or update assemblies that
provide functionality and to upgrade databases. A successful update follows a methodical approach that minimizes
interruptions in service. Review information in this article to learn about the process before you begin the update
process.
NOTE
This article applies to both SharePoint Server 2016 and SharePoint Server 2019.
NOTE
The process that installs software updates in stand-alone environments of SharePoint Server 2016 or 2019 is a simpler
process than the process that installs software updates in a server farm and does not require all the steps that are required
for a server farm.
Micrososft releases Public Updates each month. The first update is known as the language independent update.
This update will often include both feature and security fixes. It is also known as the 'sts-x-none' patch.
The second type of patch is the language dependent patch. This patch covers all language packs, including English
installations. This patch is required to fully update the farm, although may not be released every month. This patch
is also known as the 'wssloc' patch.
IMPORTANT
If a lanaguage dependent patch isn't available for a given month, update to the latest previosuly available language
dependent patch. For example, if applying the July 2019 Public Update for SharePoint Server 2016, install the language
indepdendnt update for July 2019 and the language dependent patch from April 2019. If you do not install the language
dependent patch, you may encounter missing or incorrect functionality.
upgrade Process by which you change an In SharePoint Server 2016, for build-to-
environment to use a newer version of build upgrades, you can use either in-
software. You can upgrade to a minor place or database-attach methods. For
release, such as an update or patch, or version-to-version upgrade, only
to a major release. An upgrade to a database-attach is supported. For more
minor release is called a build-to-build information about version-to-version
upgrade. An upgrade to a major release upgrade, see Overview of the upgrade
is called a version-to-version upgrade. process to SharePoint Server 2016. For
an overview of the steps for in-place
and database-attach upgrade for build-
to-build upgrades, see Install a software
update for SharePoint Server 2016
For a complete list of terminology about software updates, see Description of the standard terminology that is
used to describe Microsoft software updates.
Software update features
SharePoint Server 2016 has features that facilitate the end-to-end software update experience. Some of these
features are as follows:
Backward compatibility between an updated services farm and non-updated content farm.
There is full support for automatic updates that use Windows Server Update Services (WSUS ), Windows
Update, and Microsoft Update.
NOTE
An automatic update copies the binary files to the farm servers, but you must complete the software update by
running the upgrade on the servers.
Administrators can use the SharePoint Central Administration website or Microsoft PowerShell to monitor
the status of an update.
Although we try to ensure the highest level of backwards compatibility, the longer you run in such a state, the
greater the chance of finding a case where farm behavioral issues might occur.
Patch phase
The patch phase involves running the update on each SharePoint Server in the farm. There may be one or two
patches that are required to be run, the language independent update and language dependent update.
NOTE
No specific order of installation in a farm is required.
The patch phase has two steps, the patch deployment step and the binaries deployment step. During the patch
deployment step, new binary files are copied to the server running SharePoint Server 2016. Services that use files
that the patch has to replace are temporarily stopped. Stopping services reduces the requirement to restart the
server to replace files that are being used. However, in some instances you have to restart the server.
The second step in the patch phase is the binaries deployment step. In this step, the installer copies support
dynamic link library (.dll) files to the appropriate directories on the server that is running SharePoint Server 2016.
This step ensures that all the web applications are running the correct version of the binary files and will function
correctly after the update is installed. The update phase is complete after the binaries deployment step.
The next and final phase to deploy software updates is the build-to-build upgrade phase. This phase modifies
database schemas, updates objects in the farm, and updates site collections.
Build-to -build upgrade phase
The build-to-build upgrade phase requires the administrator to run the Configuration Wizard or psconfig from
the SharePoint Managmeent Shell.
NOTE
No specific order of execution of the Configuration Wizard in a farm is required.
After you finish the patch phase, you must complete the update installation by starting the build-to-build upgrade
phase. The build-to-build upgrade phase is task intensive and, therefore, takes the most time to finish. The first
action is to upgrade all the SharePoint processes that are running. After you upgrade the processes, the databases
are crawled and upgraded. After you complete a farm upgrade on one server, you have to complete the process on
all other servers to maintain compatibility.
The update strategy that you select is based primarily on one of the following factors:
The amount of downtime that is acceptable to install the update.
The additional staff and computing resources that are available to reduce downtime.
As you determine your update strategy, consider how the strategy enables you to manage and control the update.
In terms of downtime reduction, the following options, ordered from most to least downtime, are available:
Install the update and do not postpone the upgrade phase.
Install the update and postpone the upgrade phase.
Evaluate techniques
A test farm also enables you to evaluate the techniques that you plan to use to update the production environment.
In addition to testing and assessing your downtime reduction strategy, you can refine update monitoring. This is
especially important in the areas of validating and troubleshooting the software update.
Step 4: Implement software updates
The update strategy that you use determines whether you have to build a new farm or deploy the update on the
current farm servers.
Build or update farms
Whether you build a new farm or do an in-place update, the most important farm elements to consider are as
follows:
Content
Services
Service applications
Deploy customizations
Use solutions whenever possible so that you can deploy individual files or components.
Reduce downtime
Reduce downtime by using techniques such as read-only databases and update parallelism.
Monitor progress
The refined techniques that you use to monitor the software update in the test environment apply when you
deploy the update in the production environment. Use the Upgrade and Migration page in Central
Administration to monitor available status indicators. This feature enables live monitoring and provides a single
location to view the patch status for all farm servers. Additionally, you can use the Upgrade and Migration page
to view the update status for individual servers and the status and type of farm databases. Finally, when you use
Central Administration to monitor updates, you can identify farm servers that you must update.
The following tables describe the status information that is available in Central Administration.
Installation required Farm server is missing an .msi file that Hyperlink to the Patch Deployment
is set to mandatory for all farm servers State page
or has a patch level below the individual
farm-wide effective patch version.
Upgrade in progress Farm server is currently undergoing an Hyperlink to the Upgrade Status page
upgrade operation.
Upgrade available Farm server is running in backward- Hyperlink to the Upgrade and
compatibility mode. Migration page
STATUS VALUE DESCRIPTION HYPERLINK
Upgrade required Farm server is outside the backward- Hyperlink to the Upgrade and
compatibility mode range with one or Migration page
more databases.
Upgrade blocked If an upgrade is available and any farm Hyperlink to the Patch Deployment
server requires installation, the State page
remaining servers that do not require
installation will be set to this status
unless they are currently undergoing an
upgrade.
Log files and PowerShell commands are other tools to monitor the update process.
IMPORTANT
Remember to monitor the length of time that the update is taking. Compare current update processes against the
benchmark schedule to determine whether the update will meet the downtime window. If not, communicate this information
to users of the farm.
NOTE
While the steps in this article refer to SharePoint Server 2016, they are applicable to SharePoint Foundation 2013, SharePoint
Server 2013, and SharePoint Server 2019 unless otherwise noted.
To perform the procedures in this article, you must have the following memberships and roles:
securityadmin fixed server role on the SQL Server instance
db_owner fixed database role on all databases that are to be updated
Local administrator on the server on which you run the Microsoft PowerShell cmdlets
Before you install an update, verify that the following conditions are satisfied:
All front-end web servers are load balanced together and are in rotation with the load balancer.
All farm servers are operating properly. For Search, you can view server status by using the Microsoft
PowerShell cmdlet Get-SPEnterpriseSearchStatus or by going to Central Administration > Manage Service
Applications > Search_service_application_name.
All databases are active and operating properly.
Do not start the update if any of the preceding conditions are not satisfied. Resolve all issues before you continue.
SharePoint Server 2016 can handle certain upgrade failures after the patching phase finishes. However, if the
build-to-build upgrade fails, you might have to restore from a backup. Therefore, make sure that you perform a full
backup before you start the update process. After the restore is complete, you can resume the update. Completed
tasks do not run again. For more information, see the following resources:
Test and troubleshoot an upgrade to SharePoint 2016
NOTE
Certain links in this article go to content that is about version-to-version upgrade rather than build-to-build upgrade.
However, the general process is similar for the two types of upgrade. For example, the database upgrade phase is essentially
the same for build-to-build upgrade and version-to-version upgrade.
Initial state
The following illustration shows the farm topology that is used as an example for each patching scenario that is
described in this article.
When you are ready to continue, perform only one of the following procedures in this article to install the update:
Use the in-place method without backward compatibility
Use the in-place method with backward compatibility
Use the database attach method for high availability of existing content
NOTE
Run the configuration wizard to ensure that if an update fails for a specific server, the error is not propagated to the
other web servers. For example, a failed update for one server could make the update fail for one or more site
collections.
13. Repeat the preceding step for each remaining web server.
14. Verify update completion and success. For more information, see Verify database upgrades in SharePoint
Server 2016.
15. Add the web servers (WEB -1 to WEB -4) to the rotation in the load balancer, or start the load balancer to
enable incoming requests to the servers.
16. Notify users that the farm is available. You are finished installing the update and using this article.
For more information, see the Software updates overview for SharePoint Server 2016 section in Overview of the
upgrade process from SharePoint 2013 to SharePoint Server 2016.
Update phase
The following illustration shows the steps that are required to install the update on the farm. You can use the
illustration as a guide as you go through the steps in the following procedure, "To install the update".
IMPORTANT
Monitor the status of the upgrade on each server before you upgrade the next server in the sequence. We recommend that
you create a backup of the farm before you begin to upgrade.
The following procedure shows all the steps to upgrade the farm. You can upgrade all components within the same
outage window, or you can take some smaller outage windows and upgrade separate parts of the farm at different
times. If you want to break up the upgrade stage, you can upgrade the following components in separate outage
windows:
Services
If the software update contains updates to services that must be applied, you can upgrade the service, and
then resume operating the farm (step 8 in the following procedure) until it is possible to take a longer farm
outage to complete the content and farm upgrade.
Content databases
You can take a short farm outage to upgrade only a few content databases (steps 3 and 4 in the following
procedure) each time and then resume farm operation (step 8 in the following procedure). You can repeat
the process over successive outage windows until you upgrade all content and the farm servers are ready to
be upgraded.
You can also upgrade individual content databases in parallel for a very small number of content databases
at the same time. However, do not attempt to upgrade too many content databases in parallel because it will
slow down the overall upgrade process and extend the outage time. We recommend that you do not
upgrade more than two content databases on the same SQL Server volume at a time. Start the upgrade for
each content database that will occur in parallel several minutes apart to prevent lock contention as the
upgrade process starts. In addition, limit the number of content databases that you upgrade on a single web
server or application server. Each additional upgrade process will consume a relatively large amount of
resources. The typical number of content databases that you can upgrade per web server or application
server is four databases. However, be sure not to exceed the number of databases that are being upgraded
per SQL Server volume, no matter which web server or application server originates the upgrade.
To upgrade the farm
1. Remove the web servers (WEB -1 to WEB -4) from rotation in the load balancer, or pause the load balancer to
stop incoming requests to the servers.
IMPORTANT
The sites and services will not be available until upgrade is complete and the servers are returned to an active load-
balancing state.
IMPORTANT
Run the Upgrade-SPContentDatabase cmdlet for each database. You can run this cmdlet from any of the upgraded
web servers or application servers. Note that the content for each database will be unavailable while this process is
running on that database.
5. Run the SharePoint Products Configuration Wizard or PSConfig (as in step 4 of this procedure) on the
remaining application server (APP -2).
6. Run the SharePoint Products Configuration Wizard or PSConfig (as in step 4 of this procedure) on the web
servers (WEB -1 to WEB -4).
7. Verify update completion and success. For more information, see Verify database upgrades in SharePoint
2013.
8. Add the upgraded web servers (WEB -1 to WEB -4) back into rotation in the load balancer.
You are finished installing the update and using this article.
NOTE
If the original farm uses a database mirror, configure mirroring after you deploy the software update on the new farm.
2. Configure the databases on the existing farm so that they are in a read-only state.
NOTE
If the existing farm is mirrored, pause mirroring before setting the databases to read-only.
For more information about how to configure read-only databases, see the "Set the Previous Version Databases
to Be Read-Only (Database Attach with Read-Only Databases)" section in Upgrade content databases from
SharePoint 2013 to SharePoint Server 2016 and Run a farm that uses read-only databases in SharePoint Server.
3. Configure the service application databases on the existing farm so that they are in a read-only state. This
prevents unexpected changes to service applications.
NOTE
Steps 4 through 14 do not apply to SharePoint Foundation 2013, SharePoint Server 2016, and SharePoint Server
2019.
4. If you are patching the User Profile Service service application database, you must export the User Profile
Synchronization Service encryption key from the old database and then import the key to the new database.
This key is also known as the Microsoft Identity Integration Server (MIIS ) key, the Synchronization Service
encryption key, and the Forefront Identity Manager 2010 (FIM 2010) key. If you do not export and then
import the key correctly, the Synchronization Service will not start. To export the encryption key, complete
these steps:
5. Use farm administrator credentials to log on to the computer that contains the old User Profile Service
service application database.
6. Open the Command Prompt window, and then change to the following folder:
%Program Files%\Microsoft Office Servers\15.0\Synchronization Service\Bin\
7. Type the following command, and then press Enter:
miiskmu.exe /e <Path>
Where <Path> is the full path of the file to which you want to export the key.
8. Back up the content databases on the existing farm. For more information, see Plan for backup and recovery
in SharePoint Server.
9. To import the encryption key, perform these steps:
10. Use farm administrator credentials to log on to the computer that contains the new User Profile Service
service application database.
11. Attempt to start the User Profile Synchronization service. Because you have not yet imported the encryption
key, the service will not start. Confirm that the service did not start by using the ULS log or by making sure
that the status of the service is Stopped.
12. Open the Command Prompt window, and then change to the following folder:
%Program Files%\Microsoft Office Servers\15.0\Synchronization Service\Bin\
13. Type the following command, and then press Enter:
miiskmu.exe /i <Path> {0E19E162-827E -4077-82D4-E6ABD531636E }
Where <Path> is the full path of the file to which you exported the key.
14. (Optional) To check that the encryption key was imported correctly, at the command prompt, type the
following command, and then press Enter:
miiskmu.exe /c {0E19E162-827E -4077-82D4-E6ABD531636E }
15. Restore the content databases to the new database server.
16. Create service applications on the new farm for each existing service application in the old farm.
Duplicate all the settings from your existing farm.
17. Use the database-attach method to create the databases on the new farm. For more information, see
Upgrade databases from SharePoint 2013 to SharePoint Server 2016 and Attach and restore read-only
content databases in SharePoint Server.
18. Verify that there are no issues with the new farm.
19. Enable the new farm as the production farm by configuring DNS to point to the new farm or by making sure
that the new farm is load balanced. Verify that users can access the new farm.
20. Allow time for users to switch from cached DNS, and then decommission the old farm.
21. Verify update completion and success. For more information, see Verify database upgrades in SharePoint
2016.
You are finished installing the update and using this article.
$ssa=Get-SPEnterpriseSearchServiceApplication
Suspend-SPEnterpriseSearchServiceApplication -Identity $ssa
2. On each server that hosts one or more Search components, stop the Search-related Windows services in the
following order:
3. SPTimerV4
4. OSearch16
5. SPSearchHostController
IMPORTANT
Verify that each service is stopped before you stop the next service.
6. On each server that hosts one or more Search components, run the update executable file to install the
update.
7. On each server that hosts one or more Search components, start the Search-related Windows services in
the following order:
8. SPSearchHostController
9. OSearch16
10. SPTimerV4
11. Verify that all Search components become active after the update by typing the following command at the
PowerShell command prompt:
Rerun the command until no Search components are listed in the output.
6. Resume the Search service application by typing the following command at the PowerShell command prompt:
7. Verify that the farm is crawling updated content and able to index new and modified documents. To do this, you
can add or modify an item in a site collection, perform a crawl for the Local SharePoint sites content source, and
then perform a search for the item and verify that it appears in the search results.
Update servers that host Search components with minimal downtime
1. Divide the servers that host Search components into two availability groups to minimize downtime during
their update and build-to-build upgrade. (As long as one of the groups is active and healthy, the farm can
serve queries and crawl and index content.) For instructions about how to divide the servers into two
availability groups, see the procedure Determine server availability groups for update with minimal
downtime later in this article.
2. Pause the Search service application by typing the following command at the PowerShell command prompt:
3. On each server in server availability group 1, stop the Search-related Windows services in the following
order:
4. SPTimerV4
5. OSearch16
6. SPSearchHostController
IMPORTANT
Verify that each service is stopped before you stop the next service.
7. On each server in availability group 1, run the update executable file to install the update.
8. On each server in availability group 2, stop the Search-related Windows services in the same order that was
prescribed for stopping them for availability group 1. Again, it is important to verify that each service is
stopped before you stop the next service.
9. On each server in availability group 1, start the Search-related Windows services in the following order:
10. SPSearchHostController
11. OSearch16
12. SPTimerV4
13. Wait until all Search components associated with availability group 1 are active. To determine which
components are active, type the following command at the PowerShell command prompt:
Rerun the command until all Search components that are associated with availability group 1 are listed in the
output.
8. On each server in availability group 2, run the update executable file to install the update.
9. On each server in availability group 2, start the Search-related Windows services in the same order that was
prescribed for starting them for availability group 1.
10. Wait until all Search components associated with availability group 2 are active. To determine which
components are active, type the following command at the PowerShell command prompt:
Rerun the command until all Search components that are associated with availability group 2 are listed in the
output.
11. Resume the Search service application by typing the following command at the PowerShell command prompt:
12. Verify that the farm is crawling updated content and able to index new and modified documents. To do this, you
can add or modify an item in a site collection, perform a crawl for the Local SharePoint sites content source, and
then perform a search for the item and verify that it appears in the search results.
Determine server availability groups for update with minimal downtime
1. Start a SharePoint 2016 Management Shell on any server in the farm.
2. Determine the primary Search administration component and the server that hosts the component by
typing the following commands at the PowerShell command prompt:
$ssa=Get-SPEnterpriseSearchServiceApplication
Get-SPEnterpriseSearchStatus -SearchApplication $ssa | where { (($_.State -ne "Unknown") -and ($_.Name -match
"Admin")) } | ForEach {if (Get-SPEnterpriseSearchStatus -SearchApplication $ssa -Component $_.Name -Primary) {
Get-SPEnterpriseSearchTopology -SearchApplication $ssa -active | Get-SPEnterpriseSearchComponent -identity
$($_.Name) } }
3. Determine the set of servers in availability group 1. These servers must fulfill the following three requirements:
The set must contain one or more, but not all, of the following types of Search components:
Content processing component
Query processing component
Analytics processing component
Crawl component
Index component
The set must contain one or more, but not all, of the index components for each index partition.
The set must contain a Search administration component that is not the primary component that was
identified in step 2 in this procedure.
4. Determine the set of servers in availability group 2. This set must contain all remaining servers that host Search
components, including the server that hosts the primary Search administration component that was identified in
step 2 of this procedure.
IMPORTANT
Do not use Stop-SPDistributedCacheServiceInstance -Graceful as this will terminate Distributed Cache prior to the
cache being transferred to another server in the farm.
Initialize-SPResourceSecurity
See also
Other Resources
SharePoint updates
Video demo of Zero Downtime Patching in
SharePoint Server 2016
6/7/2019 • 4 minutes to read • Edit Online
Overview
One of the new features in SharePoint Server 2016 is Zero Downtime patching.
Zero Downtime patching doesn't demand any server downtime while patching a SharePoint Server 2016 farm,
but does require that your farm be set up in a Highly Available (HA) configuration (so that SharePoint roles are
hosted on more than one server). That way, patching can be done in batches where certain of the redundant
servers are taken out of load balancing, patched, replaced, and tested for soundness before the other servers
follow through the same process.
There is a two-step process to patch a server in a SharePoint Server 2016 farm. First, you install the binaries of the
patch to each server, this is called the patch phase. Second, after you finish the patch phase, you must complete the
update installation by starting the build-to-build upgrade phase.
During Zero downtime patching, users can add and edit files and use search just as at any other time, accessing the
servers still handled by the load balancer. Likewise, though the database schemas may differ between the patched
and unpatched sides of the farm, SharePoint Server 2016 operates in a backward-compatible mode, and its
databases are able to properly function, until patching completes.
This SharePoint tutorial explains how to patch a SharePoint Server 2016 HA farm from beginning to end,
including the installation of the binary files on all servers, and the build-to-build (B2B ) upgrade itself.
IMPORTANT
During the demonstration, the graceful shut down of Distributed Cache Service was discussed and demonstrated. The
environment depicted is a test farm and the process shown is NOT how a customer should do this in a live environment.
Important: If you are actively using areas such as Microblogs, Newsfeeds etc. you will instead need to use the
following steps to gracefully shut down the Distributed Cache Service on each Distributed Cache Server during
the patch and upgrade sequence:
Gracefully STOP Distributed Cache Service
$instanceName ="SPDistributedCacheService Name=AppFabricCachingService"
$serviceInstance = Get-SPServiceInstance | ? {($.service.tostring ()) -eq $instanceName -and ($.server.name) -eq
$env:computername}
$serviceInstance.Unprovision()
Start Distributed Cache Service
$instanceName ="SPDistributedCacheService Name=AppFabricCachingService"
$serviceInstance = Get-SPServiceInstance | ? {($.service.tostring ()) -eq $instanceName -and ($.server.name) -eq
$env:computername}
$serviceInstance.Provision()
For reference, here is an overview of the steps, however for further detail on SharePoint patching please watch the
video.
1. Remove the Front-end web server (SPWEB01) from the Load balancer.
2. Patch the front-end web server (SPWEB01) by using the STS & WSS Packages.
3. Restart the front-end web server (SPWEB01).
4. Add the front-end web server (SPWEB01) back into the Load balancer.
5. Remove the front-end web server (SPWEB02) from the Load balancer.
6. Patch the front-end web server (SPWEB02).
7. Restart the front-end web server (SPWEB02) computer.
8. Patch the following Application servers: SPAPP01, SPDCH01, and SPSRCH01 in parallel, and then restart
the computers.
9. Patch the following Application servers: SPAPP02, SPDCH02, and SPSRCH02 in parallel, and then restart
the computers.
10. With the front-end web server (SPWEB02) out of the Load balancer (See step 7), Open the SharePoint
2016 Management Shell, and then run following PSConfig command:
PSConfig.exe -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd
secureresources -cmd services -install
NOTE
In the video, syntax is condensed to save time, but the full syntax listed in Step 10 is the recommend one to run.
11. Once the upgrade is complete, add the front-end web server (SPWEB02) back into the Load balancer. Once
the front-end web server (SPWEB02) has been added to the Load balancer, remove the front-end web
server (SPWEB01).
12. On the front-end web server (SPWEB01) computer, run the PSConfig command from step 10.
13. Add the front-end web server (SPWEB01) back into the Load balancer.
14. On the Application server (SPAPP01), run the PSConfig command from Step 10.
15. On the Distributed Cache server (SPDCH01), run the PSConfig command from Step 10.
16. On the Search server (SPSRCH01), run the PSConfig command from Step10.
17. Once the upgrade has completed run the same steps (14-16) on 02 series servers (SPAPP02, SPDCH02,
SPSRCH02).
NOTE
We recommend to test pages throughout to ensure patching and upgrading of servers is complete.
During the video the following Microsoft PowerShell script was used to take Servers out of the Azure Service
Management Internal Load Balancer.
#Remove the SPWEB01 Azure Load Balanced EndPoint
$svc=<"NameYourLBService">
$vmname=<"NameofYourVM">
$epname="TCP-80-80"
Get-AzureVM -ServiceName $svc -Name $vmname | Remove-AzureEndpoint -Name $epname | Update-AzureVM
#Add the SPWEB01 AzureEndpoint back
$ilb="minroleilb"
$prot="tcp"
$locport=80
$pubport=80
$epname="TCP-80-80"
$lbsetname=<"NameYourLB">
$vmname=<"NameofYourVM">
Get-AzureVM -ServiceName $svc -Name $vmname | Add-AzureEndpoint -Name $epname -LbSetName $lbsetname -Protocol
$prot -LocalPort $locport -PublicPort $pubport -DefaultProbe -InternalLoadBalancerName $ilb | Update-AzureVM
# Remove the SPWEB02 Azure Load Balanced EndPoint for the patch install and build to build (B2B) phase
$vmname=<"NameofYourVM">
$epname="TCP-80-80-2"
Get-AzureVM -ServiceName $svc -Name $vmname | Remove-AzureEndpoint -Name $epname | Update-AzureVM
#Add for the B2B SPWEB02 AzureEndPoint to ILB
$prot="tcp"
$locport=80
$pubport=80
$epname="TCP-80-80-2"
$lbsetname=<"NameYourLB">
$vmname=<"NameofYourVM">
Get-AzureVM -ServiceName $svc -Name $vmname | Add-AzureEndpoint -Name $epname -LbSetName $lbsetname -Protocol
$prot -LocalPort $locport -PublicPort $pubport -DefaultProbe -InternalLoadBalancerName $ilb | Update-AzureVM
# B2B for SPWEB01::::: Phase Remove the SPWEB01 Azure Load Balanced EndPoint
$svc=<"NameYourLBService">
$vmname=<"NameofYourVM">
$epname="TCP-80-80"
Get-AzureVM -ServiceName $svc -Name $vmname | Remove-AzureEndpoint -Name $epname | Update-AzureVM
#Add the SPWEB01 AzureEndpoint back
$ilb="minroleilb"
$prot="tcp"
$locport=80
$pubport=80
$epname="TCP-80-80"
$lbsetname=<"NameYourLB">
$vmname=<"NameofYourVM">
Get-AzureVM -ServiceName $svc -Name $vmname | Add-AzureEndpoint -Name $epname -LbSetName $lbsetname -Protocol
$prot -LocalPort $locport -PublicPort $pubport -DefaultProbe -InternalLoadBalancerName $ilb | Update-AzureVM
For additional information about the Microsoft PowerShell for Azure cmdlets, see Get-AzureVM and Add-
AzureEndpoint
Related Topics
Install a software update for SharePoint Server 2016
SharePoint Server 2016 zero downtime patching steps
Video: How to enable Remote Windows PowerShell to use with SharePoint Server
SharePoint Server zero downtime patching steps
6/7/2019 • 10 minutes to read • Edit Online
NOTE
The steps in this article and information about Zero downtime patching also apply to SharePoint Server 2019.
Zero downtime patching is a method of patching and upgrade developed in SharePoint Online. It was made to let
administrators patch the service at the same time as users kept using their subscriptions. In other words, this
tested method is designed to allow patching while people actively work with their files, and search crawls and
renders results, on the SharePoint Server farm. That's what's meant by 'zero down time'.
A couple of things to note as we discuss ZDP (we'll talk about these elements later in the article).
Your ZDP experience could be enhanced by using MinRole in SharePoint Server 2016 or 2019, but
MinRole is not a requirement.
Why could MinRole help?
Your farm must leverage high availability (HA) to reap the benefits of ZDP. A highly available SharePoint
Server 2016 farm is a requirement for ZDP.
Why is High Availability required?
It's important to remember that the goal of ZDP is uptime for your users, so, in this article, all the decisions
involved in patching and rebooting your farm will be made with that bias in mind.
IMPORTANT
Even if all the servers in your SharePoint Server 2016 or 2019 farm were configured to use the 'Custom' role, you can still
manually configure a highly available farm. There are documents on TechNet that will help you construct highly available
farms, and the principals of fault tolerance (having redundant hardware) and high availability (having systems and software
in place to support failover and continuation of uptime) are the same. Be aware that in more complex Highly Available or
Custom farms, you should take special care to patch the Search servers in a way that supports HA, for example, patch one
index replica at a time and never patch or upgrade index replicas from the same partition at the same time.
NOTE
General information on Software Updates for SharePoint Server 2016 can be found here. Notice that the article links out to
documentation on permissions settings for SharePoint Server 2016. Review these articles as needed, and remember that
part of patching involves database updates. If you've changed SQL Server permissions for SharePoint accounts post-
installation, for example, you'll need to review these articles.
Make sure you've rebooted and tested your WFEs before you take either out of the load balancer to avoid
situations where the WFE to be patched first is taken out of rotation, and other WFEs don't handle the resulting
load. All servers in the farm should be fresh from a reboot and healthy before you patch. Also, consider stopping
Search crawls and Profile Imports during the upgrade or patch window.
IMPORTANT
You should enable the side-by-side file copy process before you Upgrade. Running in side-by-side ensures that all the web
front ends in the farm serve the same static content during the upgrade, even if static files on a given WFE are being
upgraded or replaced. Side-by-side is built in to PSCONFIG but must be enabled. This feature makes sure users have the
same experience of the sites when browsing SharePoint and working on their files, even while file-system files are being
changed and updated.
To enable side-by-side upgrade capabilities, you will need to open SharePoint 2016 Management Shell and run the following
commands on all your SharePoint servers:
$webapp = Get-SPWebApplication <webappURL>
$webapp.WebService.EnableSideBySide = $true
$webapp.WebService.update()
Please note that administrators can opt out of side-by-side by setting the 'enableSideBySide' value to $false. Be aware that
this could impact what users see when browsing. They may see upgraded UI in one browse, and not, in another, or may
experience issues if, for example, javascript files are being changed or upgraded at the time of their browse.
1.
Take the first WFE (SPWeb01) out of the load balancer and patch it with the 'STS' and 'WSS' packages.
Reboot the server when patching is done.
Return the server to rotation in the load balancer.
2.
Take the second WFE (SPWeb02) out of the load balancer and patch it with the 'STS' and 'WSS' packages.
Reboot the server when patching is done.
Leave this server out of the load balancer until the entire upgrade is complete.
NOTE
If you aren't running the upgrade in a maintenance window and the farm has a lot of load, you can return this WFE
to the network load balancer until you're ready to run PSCONFIG.
3.
For each of SPApp, SPDCH, and SPSRCH in column 1, patch with 'STS' and 'WSS' packages.
Reboot them when they're done. (The work sent by SPWeb01 will fall on servers in column 2).
4.
Now you repeat the 'patch and reboot' for column 2. For each of SPApp02, SPDCH02, and SPSRCH02 in
column 2, patch with 'STS' and 'WSS' packages.
Reboot them when they're done. (As you can see, work sent by SPWeb01 will now fall on servers in column
1.)
Phase 2 - PSCONFIG upgrade
Every node in the SharePoint Server 2016 farm has the patches installed, and all have been rebooted. It's time to
do the build-to-build upgrade.
NOTE
During the ZDP process, you can run Upgrade-SPContentdatabase to reduce the overall time it will take to finish running
PSCONFIG. Consider this if you have a large number of databases, or select large databases.
1.
Return to the WFE that is out of load-balanced rotation (SPWeb02), open the SharePoint 2016
Management Shell, and run this PSCONFIG command:
PSCONFIG.exe -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd
secureresources -cmd services -install
After the command completes, return this WFE (SPWeb02) to the load balancer. This server is fully patched
and upgraded.
TIP
The last step in the PSCONFIG process ensures that updates to the User Interface (UI) are copied from the /layouts
folder to a version-specific folder. This is part of the side-by-side UI update that lets users browsing your farm have
one experience of the UI until the upgrade is completed, and you're ready to switch over to the new interface.
To be sure the side-by-side copy was successful, check the associated logfile. By default, this is located under:
C:\program files\common files\Microsoft shared\web server extensions\16\logs. (Your root drive letter may vary!)
If, for some reason, PSCONFIG didn't successfully copy UI files, please run this command to manually copy them
Copy-SidebySideFiles!
2.
Remove SPWeb01 from the load-balancer. > Open theSharePoint 2016 Management Shell and run the
same PSCONFIG command:
PSCONFIG.exe -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd
secureresources -cmd services -install
Return this WEF (SPWeb01) to the load balancer. It's also fully patched and upgraded now.
Both WFEs are patched and upgraded. Move on to the remainder of the farm, but be sure that the required
Microsoft PowerShell commands are run one server at a time and not in parallel. That means, for all of
column 1, you'll run the commands one server at a time. Then you'll run them, one server at a time, for
servers in column 2 with no overlapping. The end-goal is preserving uptime. Running the PSCONFIG
commands serially is the safest and most predictable means of completing the ZDP process, so that's what
we'll do.
3.
For all remaining servers in column 1 (SPApp01, SPDCH01, SPSRCH01), run the same PSCONFIG
command in the SharePoint 2016 Management Shell. Do this on each server, one at a time, until all servers
in column 1 are upgraded.
IMPORTANT
Remember to gracefully remove the Distributed Cache before running PSCONFIG and add the Distributed Cache to
the server again after completion.
PSCONFIG.exe -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd
secureresources -cmd services -install
4.
For all remaining servers in column 2 (SPApp02, SPDCH02, SPSRCH02), run the same PSCONFIG
command in the SharePoint 2016 Management Shell. Do this on each server, one at a time, until all servers
in column 2 are upgraded.
IMPORTANT
Remember to gracefully remove the Distributed Cache before running PSCONFIG and add the Distributed Cache to
the server again after completion.
PSCONFIG.exe -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd
secureresources -cmd services -install
IMPORTANT
After all servers have been through PSCONFIG successfully, remember to run the SharePoint 2016 Management
Shell command below to switch to the new user interface files and complete the side-by-side process:
$webapp.WebService.SideBySideToken = <current build number in quotes, ex: "16.0.4338.1000">
$webapp.WebService.update()
Now you're done, and the farm has been fully upgraded while in use and without downtime.
Related Topics
Video demo of Zero Downtime Patching in SharePoint Server 2016
Video: How to enable Remote Windows PowerShell
to use with SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
SharePoint 2013 - Upgrade Process model Describes the steps in the process for a database-attach
upgrade.
SharePoint 2013 - Test Your Upgrade Process model See a visual display of information about how to test the
upgrade process.
SharePoint 2013 Upgrade Worksheet Use this worksheet to record information about your
environment while you test upgrade.
Get started with upgrades to SharePoint 2013 Find resources to help you understand how to upgrade
databases and site collections from SharePoint 2010 Products
to SharePoint 2013.
Plan for upgrade to SharePoint 2013 Find resources about how to plan to upgrade from
SharePoint 2010 Products to SharePoint 2013.
Test and troubleshoot an upgrade to SharePoint 2013 Find resources about how to test and troubleshoot an
upgrade from SharePoint 2010 Products to SharePoint 2013.
Upgrade databases from SharePoint 2013 to SharePoint Find resources to help you perform the steps to upgrade
Server 2016 databases from SharePoint 2010 Products to SharePoint
2013.
Upgrade site collections to SharePoint 2013 Find out how to upgrade a site collection to SharePoint 2013.
Advanced upgrade scenarios for SharePoint 2013 Learn how to upgrade to SharePoint 2013 in advanced
scenarios, such as from Office SharePoint Server 2007 or
Windows SharePoint Services 3.0, from FAST Search Server, or
when using content type syndication.
Get started with upgrades to SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
SharePoint 2013 Products Preview - Upgrade Process model Describes the steps in the process for a database attach
upgrade
What's new in SharePoint 2013 upgrade Find out about new requirements, approaches, and features
that are available for upgrading to SharePoint 2013.
Overview of the upgrade process from SharePoint 2010 to Get a visual overview of the steps involved in performing an
SharePoint 2013 upgrade.
Upgrade overview videos for SharePoint 2013 View this series of short overview videos to understand how
upgrade works for SharePoint 2013.
Services upgrade overview from SharePoint 2010 to SharePoint 2010 Products included several service
SharePoint Server 2013 applications, some of which have databases that can be
upgraded when you upgrade to SharePoint 2013. Find out
which service application databases can be upgraded and
what steps that you must take before, during, and after
upgrade for your service applications.
Upgrade farms that share services (parent and child farms) to In SharePoint Server 2010, it was possible to configure parent
SharePoint 2013 farms and child farms to share services. In such an
environment, the parent farm hosts one or more service
applications from which one or more child farms consume
services. Learn how to approach upgrading these
environments to SharePoint 2013.
Best practices for upgrading from SharePoint 2010 to Get off to the right start - review these best practices for
SharePoint 2013 testing and performing an upgrade to SharePoint 2013.
CONTENT DESCRIPTION
Review supported editions and products for upgrading to Understand the requirements for upgrade. And if you are
SharePoint 2013 planning to change SKUs or products during upgrade,
understand which upgrade paths are supported.
See also
Other Resources
Upgrade from SharePoint 2010 to SharePoint 2013
Plan for upgrade to SharePoint 2013
What's new in SharePoint 2013 upgrade
6/7/2019 • 5 minutes to read • Edit Online
This article helps you understand the upgrade sequence so that you can plan an upgrade project. To get
detailed steps for an upgrade, see Upgrade content databases from SharePoint 2010 to SharePoint 2013 and
Upgrade a site collection to SharePoint 2013.
IMPORTANT
This article applies to both SharePoint Foundation 2013 and SharePoint 2013, except for information about how to
upgrade My Sites and specific service applications that are only in SharePoint 2013.
4. A server farm administrator then attaches the content databases to the new farm and upgrades the
content databases for those web applications.
Figure: Upgrade the databases by using Windows PowerShell
5. A server farm administrator confirms that the upgrade is successful.
IMPORTANT
This section applies to SharePoint Server 2013 only.
A server farm administrator upgrades the My Site host and then individual users can upgrade their My Sites
or the farm administrator can upgrade them by using PowerShell. The following illustration shows four stages
for the My Site host and My Sites during the upgrade process.
Figure: Stages in upgrading My Sites
1. The My Site host has not been upgraded. My Sites cannot be upgraded yet.
2. A server farm administrator has upgraded the My Site host. No My Sites have been upgraded.
3. Some users have upgraded their My Sites.
4. All My Sites have been upgraded.
NOTE
A server farm administrator can choose to force an upgrade of My Sites without waiting for users to upgrade them. For
details and steps, read Upgrade a site collection to SharePoint 2013.
NOTE
A server farm administrator can also force specific site collections to be upgraded without waiting for the site owners to
upgrade them. For details and steps, read Upgrade a site collection to SharePoint 2013.
See also
Other Resources
Upgrade databases from SharePoint 2010 to SharePoint 2013
Upgrade a site collection to SharePoint 2013
Upgrade from SharePoint 2010 to SharePoint 2013
Plan for upgrade to SharePoint 2013
Upgrade overview videos for SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
Related resources
RESOURCE DESCRIPTION
Overview of the upgrade process from SharePoint 2010 to Learn about how to upgrade databases, service applications,
SharePoint 2013 My Sites, and site collections to SharePoint 2013.
Related resources
RESOURCE DESCRIPTION
Create the SharePoint 2013 farm for a database attach Create and configure a SharePoint 2013 farm so that you can
upgrade upgrade databases from SharePoint 2010 Products.
Related resources
RESOURCE DESCRIPTION
RESOURCE DESCRIPTION
Copy databases to the new farm for upgrade to SharePoint Copy SharePoint 2010 Products content and service
2013 databases to a SharePoint 2013 farm so that you can upgrade
the data to SharePoint 2013.
Related resources
RESOURCE DESCRIPTION
Upgrade service applications to SharePoint 2013 Upgrade service applications (Business Connectivity Services,
Managed Metadata, Secure Store, User Profiles, Search) to
SharePoint 2013.
Related resources
RESOURCE DESCRIPTION
Upgrade content databases from SharePoint 2010 to Learn how to upgrade content databases from SharePoint
SharePoint 2013 2010 Products to SharePoint 2013.
Migrate from classic-mode to claims-based authentication in Convert SharePoint 2010 Products or SharePoint 2013 classic-
SharePoint 2013 mode web applications to claims-based authentication or
create new claims-based web applications in SharePoint 2013.
Related resources
RESOURCE DESCRIPTION
Upgrade a site collection to SharePoint 2013 Learn how site collection administrators can preview a copy of
their sites in SharePoint 2013 mode, and then upgrade their
sites.
See also
Upgrade from SharePoint 2010 to SharePoint 2013
Checklist for database-attach upgrade (SharePoint 2013)
Services upgrade overview from SharePoint 2010 to
SharePoint Server 2013
6/7/2019 • 4 minutes to read • Edit Online
IMPORTANT
The content in this article about the Business Data Connectivity service application applies to both SharePoint Foundation
2013 and SharePoint Server 2013. Other services are available only in SharePoint Server 2013.
NOTE
My Sites are not available in SharePoint Foundation 2010 or SharePoint Foundation 2013.
User Profile: Profile and Social databases User Profile Service Application_ProfileDB_ ID
User Profile Service Application_SocialDB_ ID
User Profile Service Application_SyncDB_ ID
The steps to upgrade these service application databases are included in Upgrade content databases to
SharePoint Server 2016.
Considerations for specific services
The following services in SharePoint Server 2013 also require additional steps to enable and configure when you
upgrade:
Excel Services
You can enable this service by using the Farm Configuration Wizard, but you must make sure that you re-
create all trusted data connections. For more information, see Manage Excel Services trusted data providers
(SharePoint Server 2013).
InfoPath Forms Service
This service is not part of the Farm Configuration Wizard. If you want to use this service, you can use the
Configure InfoPath Forms Services link on the General Application Settings page in SharePoint
Central Administration to configure it. If you want to continue using form templates from your previous
environment, you can export any administrator-deployed form templates (.xsn files) and data connection
files (.udcx files) from your SharePoint Server 2010 environment, and then import them to your new
SharePoint Server 2013 environment by using the Export-SPInfoPathAdministrationFiles PowerShell
cmdlet. If the URL of the new server differs from the URL of the previous server, you can run the Update-
SPInfoPathAdminFileUrl PowerShell cmdlet to update links that are used in the upgraded form
templates. For more information, see Configure InfoPath Forms Services (SharePoint Server 2010).
Office Web Apps
If you installed Office Online with SharePoint 2010 Products, Office Online will not be available after you
upgrade to SharePoint 2013 Products. You must deploy Office Online Server and then connect SharePoint
2013 Products it to after the content databases are upgraded. You do not have to wait until the site
collections are upgraded because Office Online Server supports both the 2010 and 2013 site collection
modes in SharePoint 2013 Products. For more information, see Office Web Apps.
See also
Other Resources
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Upgrade content databases from SharePoint 2010 to SharePoint 2013
Upgrade farms that share services (parent and child
farms) to SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
NOTE
This article applies to both SharePoint Server 2013 and SharePoint Foundation 2013. However, only the Business Data
Connectivity service is available in SharePoint Foundation 2013. The other services are available only in SharePoint Server
2013.
See also
Other Resources
Upgrade content databases from SharePoint 2010 to SharePoint 2013
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Best practices for upgrading from SharePoint 2010 to
SharePoint 2013
6/7/2019 • 6 minutes to read • Edit Online
See also
Other Resources
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Get started with upgrades to SharePoint 2013
Plan for upgrade to SharePoint 2013
Review supported editions and products for
upgrading to SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
IMPORTANT
Upgrade from a pre-release version of SharePoint 2013 to the release version of SharePoint 2013 is not supported. > Pre-
release versions are intended for testing only and should not be used in production environments. Upgrading from one pre-
release version to another is also not supported.
Supported topologies
For SharePoint 2013, the only upgrade method is the database-attach upgrade method. Because this method
upgrades the databases instead of installing in place over an existing environment, you can attach the databases
from a stand-alone installation to server farm (Complete) installation if you want to expand your environment.
Figure: Upgrade to either stand-alone or server farm (Complete) topologies
Before you create your new SharePoint 2013 environment and attach and upgrade the databases, determine the
type and size of the environment that you need.
Physical topology guidance
The SQL Server topology — in addition to network, physical storage, and caching considerations — can
significantly affect system performance. To learn more about how to map your solution design to the farm size and
hardware that will support your business goals, see Performance planning in SharePoint Server 2013. For more
information about requirements, see Hardware and software requirements for SharePoint 2013.
SharePoint Server 2010, Standard SharePoint Server 2013, Standard SharePoint Server 2013, Enterprise
edition edition edition
You can convert to Enterprise edition
after upgrade.
SharePoint Server 2010, Enterprise SharePoint Server 2013, Enterprise SharePoint Server 2013, Standard
Edition edition edition.
SharePoint Server 2010, Trial edition SharePoint Server 2013, Trial edition SharePoint Server 2013, full product
(either edition)
You can't upgrade directly from a trial
version to the full product, but you can
convert to the full product after
upgrade.
Project Server 2010 with SharePoint Project Server with SharePoint Server
Server 2010, Enterprise Edition 2013, Enterprise Edition
Plan for upgrade to SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Determine strategy for upgrade to SharePoint 2013 Understand how to minimize downtime and plan for special
cases during an upgrade to SharePoint 2013.
Create a plan for current customizations during upgrade to Learn how to identify and evaluate the customizations in your
SharePoint 2013 environment, and determine whether you will upgrade them,
and how.
Plan for site collection upgrades in SharePoint 2013 Plan to upgrade site collections to SharePoint 2013. Plan for
upgrade evaluation sites, notifications, and throttling.
Plan for performance during upgrade to SharePoint 2013 Understand upgrade performance and how to plan for the
space and time that is required to upgrade to SharePoint
2013.
Create a communication plan for the upgrade to SharePoint Create a plan to coordinate and communicate with the
2013 upgrade team, site owners and users, and stakeholders.
Clean up an environment before an upgrade to SharePoint Make sure that your environment is in a healthy state, and
2013 delete unnecessary items before you upgrade to SharePoint
2013.
See also
Other Resources
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Upgrade databases from SharePoint 2010 to SharePoint 2013
Upgrade a site collection to SharePoint 2013
Determine strategy for upgrade to SharePoint 2013
6/7/2019 • 3 minutes to read • Edit Online
Special cases
You might have other requirements or additional goals that you want to achieve when you perform an upgrade.
The following table lists special cases and describes how to approach upgrade for each case.
Upgrading an environment that uses forms-based Additional steps are required to upgrade when you are using
authentication? forms-based authentication. For more information, see
Configure forms-based authentication for a claims-based web
application in SharePoint Server.
CASE UPGRADE APPROACH
Upgrading very large databases? In general, very large databases — especially databases that
have a large number or large size of document versions inside
them — take longer to upgrade than smaller databases.
However, the complexity of the data determines how long it
takes to upgrade, not the size of the database itself. If the
upgrade process times out, it is usually because of connection
issues. For more information about how long upgrade might
take for your environment, see Plan for performance during
upgrade to SharePoint 2013.
Upgrading from the server products in the Office 2007 Use a database attach upgrade method to upgrade to
release? SharePoint 2010 Products, and then upgrade to SharePoint
2013.
Upgrading from SharePoint Foundation 2010 to SharePoint Attach and upgrade the content databases from SharePoint
2013? Foundation 2010 to SharePoint 2013.
Changing languages? You have two choices, depending on whether a single site or
your whole environment is changing languages:
To change the multiple user interface (MUI) language for a
specific site, upgrade in the same language, and then install
the new language pack and change to that language.
> [!CAUTION]> You must have the appropriate language
packs installed to upgrade any sites based on a localized site
definition. If you do not have the new language pack, the sites
will not be available. Wait for the new language packs to be
released before you try to upgrade those sites. To change the
installation language for your environment, set up your new
environment in the new language, and then attach and
upgrade your databases in the new language.
See also
Other Resources
Plan for performance during upgrade to SharePoint 2013
Review supported editions and products for upgrading to SharePoint 2013
Use a trial upgrade to SharePoint 2013 to find potential issues
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Create a plan for current customizations during
upgrade to SharePoint 2013
6/7/2019 • 10 minutes to read • Edit Online
Data structure affecting Content types Can affect database upgrade if content
List types or list type names conflict with new
Web templates content or list types in the product, or if
Site definitions templates or definitions are missing.
Now that you know what customizations that you have, and what type that they are, you can decide what to do
about them. The following questions can help you evaluate the customizations:
Is the customization still valuable?
Does it serve a useful business need?
Is it widely deployed and used?
Does it do something that you cannot do with standard features in the product?
Is the customization well-designed?
Is it built on supported, predefined site definitions?
Does it follow best practices for customizations?
Is it a supported kind of customization, or does it introduce risk into your environment?
As you evaluate every customization, you can also think about your overall approach for customizations. You can
choose from among these options:
Keep the customizations, don't upgrade the sites You can continue to run the site in 2010 mode in the
upgraded environment. Although you can use this approach to keep the same functionality, you will be
unable to take advantage of the features and capabilities that are available in the new version. Use this
approach only temporarily - eventually you must address the issue (such as before an upgrade to the next
version of the product).
Replace or redo the customizations If you want to use new functionality, plan to redesign your sites, or
are significantly changing the information architecture, the upgrade is your opportunity to start over with
new features, a new look, or a new organization. When you replace or redo customizations, you can take
advantage of the new capabilities, change your design slightly if you want, or move to a more manageable
design.
Discard the customizations Replace the customizations by using default functionality. You can reset pages
to the default site definitions and remove any Web Parts or features that you no longer want to support. In
fact, the site collection health-checker checks for unghosted pages and can reset the pages to the default
versions. If you decide to discard any customizations, you must fix any issues that result from removing the
customizations in the sites that used them. You can use your customizations inventory to determine which
sites require this kind of attention before or after upgrade.
Custom site templates If you have custom site templates (a site template that has
been customized and saved as a WSP template) that you want
to continue to use after you upgrade to SharePoint 2013, you
must plan to recreate them in 2013 mode before you upgrade
your site collection. You have to create them again because
custom site templates apply to specific versions and don't
always look or work the same way in subsequent versions.
Furthermore, if you used a template to make various 2010
sites, they could all require manual adjustments to ensure that
they work and render properly in SharePoint 2013.
"Fabulous 40" application templates Microsoft is not creating new versions of these templates.
Environments that contain sites based on these templates can
be upgraded as long as the templates are installed. But there
might be issues when you try to upgrade the site collections.
Make sure that you test each site before you upgrade the
production environment. For more information, see
Troubleshoot database upgrade issues in SharePoint 2013.
Workflows and server controls Depends on the solution. Contact the vendor to discover
whether there is an updated solution. If a workflow is
compatible with the new version, redeploy.
Event handler Most event handlers will continue to work without changes.
However, if the code for the event handler makes calls to APIs
which were deprecated, you will have to rewrite it, and then
redeploy it as a feature.
Managed paths (inclusions/exclusions) Re-create inclusions to make sure that you can access all site
collections under those paths.
Exclusions were not used in SharePoint 2010 Products. If you
had any remaining from an earlier version, they do not have
to be re-created.
Master pages and CSS files Rework to accommodate the new user experience. For more
information, see Branding issues that may occur when
upgrading to SharePoint 2013 [Migrated].
Search provider or security trimmer Test to determine whether any actions are required.
CUSTOMIZATION TYPE RECOMMENDATION
Web Parts Test to determine whether any actions are required. You might
have to adjust the Web Parts to work with strict XHMTL
mode.
Test to verify that there have not been changes to any object
models or Web services that you call from the Web Part.
If a Web Part is located on a page but not in a Web Part Zone
(so that it is, basically, HTML code embedded directly in a
page), it will not work if you reset the page to the default
template. There is a site collection health rule that will identify
files in this status inside a site collection. There is a link from
that rule to the page where they can reset to template.
Authentication providers Test to determine whether any actions are required. Redeploy
the provider with the same provider name (exactly. This
includes the letter case) on a test farm and make sure that it
works correctly.
Custom search solutions that use SQL syntax Rework to use FQL syntax and KQL syntax.
Custom search solutions in SharePoint 2013 do not support
SQL syntax. Search in SharePoint 2013 supports FQL syntax
and KQL syntax for custom search solutions. You cannot use
SQL syntax in custom search solutions using any technologies.
This includes the query server object model, the client object
model, and the Search REST service. Custom search solutions
that use SQL syntax with the index server object model and
the Query web service that were created in SharePoint Server
2010 will not work when you upgrade them to SharePoint
2013. Queries submitted via these applications will return an
error. For more information about how to use FQL syntax and
KQL syntax, see Keyword Query Language (KQL) syntax
reference and FAST Query Language (FQL) syntax reference.
While you are reviewing customizations in your environment, you should also make sure that the environment is
not using any features or elements that are deprecated. For example, Web Analytics from SharePoint 2010
Products are not available in SharePoint 2013 and you should turn them off before upgrading. Also, SQL Server
Search queries are not available in SharePoint 2013. For more information, see Changes from SharePoint 2010 to
SharePoint 2013.
Some methods of deploying customizations might require additional steps in SharePoint 2013. The following table
lists issues that you might encounter for specific methods of deploying customizations.
Customizations deployed as MSI files Contact the vendor for updated files. Most likely, you will have
to get a replacement file compatible with SharePoint 2013.
Manually deployed features, files, or changes You can re-deploy them to the equivalent directory in
SharePoint 2013. However, consider packaging them into a
deployable solution package for easier administration.
Sandboxed solutions No special steps. Sandboxed solutions are upgraded with the
content databases.
DEPLOYMENT METHOD RECOMMENDATION
Solution packages Deploy to SharePoint 2013 again. Make sure that you deploy
it to the appropriate directory (/14 or /15), depending on the
version.
Note that you can no longer add partial trust solution
packages to the \bin directory. Any files deployed to the \bin
directory must be full trust. Be sure to test any such solutions
to make sure that deploying them in full trust does not
introduce security vulnerabilities. Also, update any deployment
scripts to make sure that they specify the correct trust level.
For more information, see Install-SPSolution.
Administrator-deployed form templates You must extract them from SharePoint Server 2010 and
redeploy them to SharePoint 2013. For more information, see
Upgrade service applications to SharePoint 2013.
The following kinds of customizations are not supported. If you have any of these customizations in your
environment, you must replace them by using a supported kind of customization before you can upgrade.
Otherwise, you might experience upgrade issues that cannot be fixed:
Predefined files, features, or site definitions that were changed.
Cau t i on
Some predefined file types — such as document icons or actions — can be carried forward in a supportable
way, although this does not occur automatically. Do not copy over the old version files as that can cause
other issues, instead, make the same changes to the new version file Modifications to other predefined files,
such as server-side ASPX pages, will be lost during upgrade if you reset to the site template or if you don't
make the same changes in the new version files. Depending on the files that were changed and the extent of
these changes, the upgrade experience can vary significantly.
SharePoint databases that were changed, either by directly changing data or changing the schema. This
includes adding or removing triggers, tables, views, or indexes.
If you have any of these kinds of customizations, remove them and replace them with supported customizations
before you attempt to upgrade. This is a best practice for helping to make sure that not only your current upgrade
will work, but any future upgrades will go more smoothly. Changing predefined files and databases will remain
unsupported.
See also
Other Resources
Best practices for upgrading from SharePoint 2010 to SharePoint 2013
Use a trial upgrade to SharePoint 2013 to find potential issues
Deploy custom features to upgraded site collections in SharePoint Server 2013
Plan for site collection upgrades in SharePoint 2013
6/7/2019 • 13 minutes to read • Edit Online
PROPERTY DESCRIPTION
For more information about how to set these properties, see Manage site collection upgrades (SharePoint 2013
Products).
You can also control settings upgrade notifications. You can determine the following:
Whether to add a link to more information from the Upgrading now status bar.
How many days to wait before reminding a site collection administrator about upgrade if they choose
Remind me later on the status bar.
If a user clicks Remind me later, the current date is added to the number that is set for the
UpgradeReminderDelay and the notification is hidden until that new date occurs. For example, if the setting
is 30, then the notification will appear 30 days from the current date.
The following properties control site collection upgrade notifications:
Properties that control upgrade notifications
PROPERTY DESCRIPTION
For more information about how to set these properties, see Manage site collection upgrades (SharePoint 2013
Products).
Create Upgrade Evaluation Site Creates upgrade evaluation sites. Runs daily, between 1:00 and 1:30 AM
Collections (job-create-upgrade-eval-
sites)
Delete Upgrade Evaluation Site (job- Deletes expired upgrade evaluation Runs daily, between 1:00 and 1:30 AM
delete-upgrade-eval-sites) sites and sends notifications for sites
near their expiration date.
Upgrade site collections (job-upgrade- Upgrades site collections in the queue Runs every 1 minute
sites) for a content database.
You can decide when and how often these timer jobs run, and you can also run them manually.
How the upgrade evaluation site collections are created
The Create Upgrade Evaluation Site Collections job timer collects the list of site collections that were queued for
evaluation sites, and then copies the sites to new URLs and Site IDs. It also adds the sites to the upgrade queue so
that they will be picked up by the Upgrade Site Collections timer job later. To create the copy of the site:
1. If you have an Enterprise version of SQL Server, the Create Upgrade Evaluation Site Collections job timer
takes a snapshot of the database and reads the data from the snapshot to a destination database (with the
source database being the default target). This doesn't affect the read-only status of the source site
throughout the whole process.
2. For other versions of SQL Server that do not have snapshot capabilities, the Create Upgrade Evaluation
Site Collections job timer backs up a site collection and restores it to a new URL. This makes the source site
read-only for the whole duration of the process.
The Upgrade Site Collections job collects the list of site collections that were queued for upgrade and then
upgrades the queued sites from oldest to newest. The recently added evaluation site is then upgraded (or at least
upgrade is tried).
Content of a site collection (size and Default is that a site that is more than SPWebApplication.SiteUpgradeThrottleS
number of subwebs) 10 MB, or has more than 10 subwebs, ettings UsageStorageLimit and
cannot be upgraded in a self-service SubwebCountLimit
manner by the site collection
administrator, but must be upgraded by
the farm administrator.
The following illustration shows the relationship between the web application and content database upgrade
throttle limits.
Upgrade throttles and the site upgrade queue for web applications and content databases
In this illustration, the content database contains fifteen sites, and all sites were requested to start upgrade.
1. Because of the web application throttle limit, only five sites can start to upgrade for web application 1 -
instance 1 on Web server 1.
2. An additional five sites start to upgrade on web application 1 - instance 2 on Web server 2.
3. Because of the content database throttle, five sites are sent to the upgrade queue to wait their turn.
You can use the default throttling settings, or you can specify your own values for how many site collections can be
upgraded at the same time. Farm administrators can also override throttle settings when they upgrade a site by
using PowerShell. Exercise caution when you change these values and make sure that you verify the settings that
you want to use in a test environment before you implement them in production. If you increase throttling too
much, you could create performance problems in your environment. For example, too many parallel upgrades
could affect site rendering. For information about how to change these settings, see Manage site collection
upgrades.
See also
Other Resources
Manage site collection upgrades
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Upgrade a site collection to SharePoint 2013
Run site collection health checks in SharePoint 2013
Create a communication plan for the upgrade to
SharePoint 2013
6/7/2019 • 7 minutes to read • Edit Online
NOTE
Farm administrators might not be local administrators for the server.
Database administrators If you have a separate database administration team, you must coordinate with
them to schedule the upgrade and perform the upgrade.
Server security teams You must coordinate with your security teams, such as the Active Directory Domain
Services (AD DS ) team, to verify accounts and permissions or to take advantage of the new policy settings
that you can apply for SharePoint 2013.
Network teams You must coordinate with the network teams, especially if you must switch DNS to point to
your new farm, or add the new servers to the network infrastructure.
Client deployment team Communicate with client deployment teams to coordinate deployments of new
client and server applications. Client deployment might have to occur before you upgrade, or it might be an
option for users after their sites are upgraded.
Services administrators You must communicate with the administrators for service applications, such as
the Business Data Connectivity service, to make sure that they are ready for the upgrade and they can
review or reconfigure the appropriate settings in the new version.
IT or application Helpdesk leadership and personnel If you have a helpdesk for your company, make
sure that they know about the timing for the upgrade and are prepared for questions after upgrade.
Helpdesk should be a key stakeholder for planning and testing so that they can be understand the potential
changes from an upgrade and the effect that it will have on users.
Site collection owners You must notify site collection owners when the upgrade process is about to occur.
Warn them about any issues that you find when you run the pre-upgrade checker or when you upgrade
their sites. You must also communicate with site collection owners about their role in upgrade. Site collection
owners can upgrade their own sites in SharePoint 2013. Site collection owners can run health checks and
review upgrade evaluation sites before they upgrade their sites.
Site designers and developers and third-party solution providers If you have custom templates, Web
Parts, Web services, or other custom elements that are associated with your sites, you must work with the
associated site designers and developers or third-party solution providers. Because custom elements can fail
or perform differently in an upgraded environment, you have to make sure that designers or developers can
create new versions of these custom elements or verify that these elements were upgraded correctly.
Because their work can have a big influence on the upgrade schedule, work with these stakeholders early in
the process. For more information about potential issues with custom elements, see Use a trial upgrade to
SharePoint 2013 to find potential issues.
Site users Although you do not have to include site users in making decisions about the upgrade process,
you must tell site users when it will occur and what they should expect.
Sponsors and other stakeholders Other people in your organization might be involved in the upgrade
planning process. Make sure that you include them in your communication plan appropriately.
NOTE
An upgrade team can include one or more members in each role, depending on your organization.
See also
Other Resources
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Clean up an environment before an upgrade to
SharePoint 2013
7/17/2019 • 10 minutes to read • Edit Online
Items to clean up
Many of these items can be removed or repaired by using Stsadm command-line tool or PowerShell cmdlets.
IMPORTANT
To use the Stsadm command-line tool, you must be a member of the Administrators group on the local computer. > To use
PowerShell cmdlets in the SharePoint Management Shell, you must have the following memberships: > securityadmin fixed
server role on the SQL Server instance. > db_owner fixed database role on all databases that are to be updated. >
Administrators group on the server on which you are running the PowerShell cmdlets.
Be sure to back up these sites before you remove them. For more information, see Get-SPSite and Remove-
SPSite.
Remove FAST Search Center sites
You cannot upgrade FAST Search Center sites to the 2013 experience. Existing FAST Search Center sites can
continue to work in 2010 mode after upgrade. If you want the new functionality, you must create new Enterprise
Search Center sites in 2013 mode.
Finish Visual Upgrades in SharePoint 2010 Products
During an upgrade from the server products in the Office 2007 release to SharePoint 2010 Products, you could
allow site owners to use Visual Upgrade to keep sites in the old experience on the upgraded environment. When
you upgrade to SharePoint 2013, all sites that are still in the old experience in SharePoint 2010 Products are
automatically upgraded to the 2010 experience. If you want the opportunity to address any issues and review the
sites before they are switched to the new experience, upgrade them to the new experience in your SharePoint 2010
Products environment and review them before you upgrade them to SharePoint 2013. We recommend that you
finish visual upgrades before you upgrade to SharePoint 2013. Finishing visual upgrades before you upgrade
provides the following benefits:
You can address issues while you still have the server products in the Office 2007 release components
available.
You can have users be involved in reviewing and fixing issues in their sites.
You can roll back to the old experience temporarily if it is necessary. You cannot roll back when you are in
the SharePoint 2013 experience.
You avoid adding potential errors to the upgrade process. The fewer operations occurring during upgrade,
the better. Trying to troubleshoot errors is more difficult when you have more processes involved. And users
might think that upgrade has caused an issue when it's really the experience changing to the new version. If
you have an issue with how the site interface is displaying, how will you know whether it is an old issue
from the site that was forced through visual upgrade, a problem with the 2010 mode in SharePoint 2013, or
a problem with a new CSS file?
To check for sites in the old experience, on the SharePoint 2010 Products environment, you can use the Get-
SPSite PowerShell command.
To check for and upgrade sites still in the old experience in the SharePoint 2010 Products environment
by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions.
For additional information about PowerShell permissions, see Add-SPShellAdmin.
Get-SPSite | ForEach-Object{$_.GetVisualReport()}
6. At the PowerShell command prompt, type the following command to upgrade those sites to the new
experience:
Get-SPSite | ForEach-Object{$_.VisualUpgradeWebs()}
For more information, see Get-SPSite and Manage visual upgrade (SharePoint Server 2010).
Repair data issues
Make sure that you repair all issues in your databases or site content before you upgrade. In particular, check the
following items:
Check databases for corrupted data
Clean up your databases to remove any orphaned sites or other corrupted data, such as a corrupted list.
Consider defragmenting if you have removed sites or subsites from the database. For more information,
see:
Databaserepair: Stsadm operation
Forcedeletelist: Stsadm operation
Check databases for duplicate or orphaned site collections
Make sure that site collections exist in only one content database. Occasionally, site collections can leave
behind duplicate or orphaned references in old content databases if they are moved to new databases, or if
a copy of a database was attached to the farm, or if there was an error when a site collection was
provisioned. If a site collection is referenced in more than one content database or there is more than one
instance of the site collection in a content database, it can cause issues when you upgrade by using the
database attach upgrade method. If you upgrade a duplicate version of the site collection first, the site map
in your configuration database might end up pointing to that version of the site instead of the current
version.
Before you upgrade, use the Enumallwebs operation in stsadm command-line tool to discover which sites
are in which content databases and compare the results. Also, examine each site collection in the results and
check whether it is listed as missing in the site map. Being listed as missing indicates that it is an orphaned
site. For more information, see Enumallwebs: Stsadm operation. If you find duplicate or orphaned sites, you
can use the Remove-SPSite cmdlet in PowerShell to remove the duplicate or orphaned sites from the
database.
For more information, see Remove-SPSite.
Check variations
In publishing environments, check for any variations that must be fixed. For more information, see
Variationsfixuptool: Stsadm operation.
See also
Other Resources
Use a trial upgrade to SharePoint 2013 to find potential issues
Best practices for upgrading from SharePoint 2010 to SharePoint 2013
Test and troubleshoot an upgrade to SharePoint
2013
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
SharePoint 2013 Products Preview - Test Your Upgrade See a visual display of information about how to test the
Process model upgrade process.
Use a trial upgrade to SharePoint 2013 to find potential Find out how to plan for success by testing upgrade by using
issues your actual data in either a physical or virtual environment.
Troubleshoot database upgrade issues in SharePoint 2013 Follow these recommendations to troubleshoot any issues
that occur during database-attach upgrade. You can also
look up common issues and discover how to address them.
Troubleshoot site collection upgrade issues in SharePoint Follow these recommendations to troubleshoot any issues
2013 that occur during a site collection upgrade. You can also look
up common issues and discover how to address them.
Branding issues that may occur when upgrading to Learn how to address issues with branding in an upgraded
SharePoint 2013 [Migrated] site, such as custom CSS, custom themes, and custom master
pages and page layouts.
Restart a database-attach upgrade or a site collection If you encounter errors during upgrade, you can address
upgrade to SharePoint 2013 them by using the troubleshooting article, and then use this
article to restart or resume upgrade.
See also
Other Resources
Best practices for upgrading from SharePoint 2010 to SharePoint 2013
Use a trial upgrade to SharePoint 2013 to find
potential issues
6/7/2019 • 13 minutes to read • Edit Online
TIP
Whom do you contact about customizations that you did not create? > Contact Microsoft if you have problems with a
template that you downloaded from the Microsoft website. > Contact your third-party solution vendor if you have problems
with a template or component that they supplied you for the earlier version. An upgraded version may be available.
After you identify all the customizations, copy them to the appropriate servers in your test farm. Ensure that the
following customizations are deployed:
Solutions - by default legacy solutions are deployed to the /14 directories. Use the CompatibilityLevel
parameter when you install the solutions to deploy them to the /15 directories. For more information, see
Install-SPSolution.
Custom Master Pages
Custom JavaScript
Custom CSS files (including those for themes)
Custom workflow actions (must be included in actions file)
Confirm large list query throttling settings to make sure that large lists are displayed as expected.
When you test customizations, use the following guidance:
Check for visual changes.
Check for behavioral changes.
Test in both 2010 and 2013 mode site collections.
Look for any language or resource loading issues.
This is an issue that can occur when customizations exist in 2010 mode and new customizations replace
them in 2013 mode. Because there is only one global directory for language resources, there can be an
issue loading the correct file. Make sure that replacement 2013 customizations include the 2010 resources
so that the customizations can continue to work correctly in both modes.
Validate that upgrade did not affect customizations. Ensure that customizations do not block site collection
upgrade.
You can use the Test-SPContentDatabase Microsoft PowerShell cmdlet before you attach a database to
SharePoint 2013 to determine whether any customizations are missing from the environment. Run this command
for each database after you restore the databases to your database server but before you run the upgrade. Note
that this cmdlet runs silently — it will not return any output unless there is an issue found.
IMPORTANT
Testing a subset of your data does not produce a valid benchmark for how long it will take to process the whole volume of
data for your environment.
After you copy the data, take a first pass through the upgrade process to see what happens. This is just the
preliminary round. Follow the steps in Upgrade content databases from SharePoint 2010 to SharePoint 2013 to
try the database attach upgrade process.
When you test the upgrade process, make sure that you test services that are shared across farms. Consider all
states, such as the following:
A SharePoint Server 2010 farm connected to a SharePoint 2013 services farm.
A SharePoint 2013 farm connected to a SharePoint 2013 services farm.
Different version farms for different services.
Use the test environment to find any security, configuration, compatibility, and performance issues for service
applications.
NOTE
Content about My Sites applies only to SharePoint 2013.
See also
Other Resources
Best practices for upgrading from SharePoint 2010 to SharePoint 2013
Plan for performance during upgrade to SharePoint 2013
Upgrade databases from SharePoint 2010 to SharePoint 2013
Upgrade a site collection to SharePoint 2013
Test and troubleshoot an upgrade to SharePoint 2013
Troubleshoot database upgrade issues in SharePoint
2013
6/7/2019 • 10 minutes to read • Edit Online
Common issues
Check to see whether any of the following issues cause an upgrade error or warning.
Q: I want to upgrade from a pre -release version of SharePoint 2013
A: Upgrade from a pre-release version of SharePoint 2013 to the release version of SharePoint 2013 is not
supported.
Pre-release versions are intended for testing only and should not be used in production environments.
Upgrading from one pre-release version to another is also not supported.
Q: The log says I have missing templates, features, or other server-side customizations
A: Identify all server-side customizations and install them before you upgrade
One common error during upgrade is missing server-side files — either files that were installed with SharePoint
2010 Products or customized files. When you prepared for upgrade, you should have created an inventory of the
server-side customizations (such as site definitions, templates, features, Web Parts, assemblies) that your sites
required. Check this inventory to make sure that all the files that are needed for your customizations are installed in
your new environment.
You can use the test-spcontentdatabase Microsoft PowerShell cmdlet before you upgrade the database to
identify missing files. You can also use the enumallwebs operation in Stsadm.exe to identify server-side
customizations that are being used.
In the upgrade log files, you may see errors such as the following:
ERROR Found Reference Count web(s) using missing web template Site Template Identifier (lcid: Site
Template Language Code) in ContentDatabase Content Database Name.
ERROR Found a missing feature Id = [Feature Identifier ]
WARNING File [Relative File Path] is referenced [Reference Count] times in the database, but is not
installed on the current farm.
WARNING WebPart class [Web Part Identifier ] is referenced [Reference Count] times in the database, but is
not installed on the current farm.
WARNING Assembly [Assembly Path] is referenced in the database, but is not installed on the current farm.
WARNING Feature could not be upgraded. Exception: Feature definition id 'Feature Identifier' could not be
found.
If you can obtain a missing server-side file or dependency, install it, and then run upgrade again for the affected
sites. If the file or dependency (such as a Web Part) was deprecated, you have to investigate whether you want to
rebuild the site, page, or Web Part to use a different template, feature, or Web Part. If you can redo the
customization by using dependencies that were not deprecated, you can run upgrade again for the affected sites. If
you cannot remove the dependency, you cannot upgrade the site.
After you install the missing file or dependency, use the test-SPContentDatabase Microsoft PowerShell cmdlet
on a test server to determine whether any other files for that database are missing. If you only run upgrade again,
the error might not appear in the log files, even though it might still be occurring.
Q: The log file says that something is not right with my farm, web application, or service application
configuration settings
A: Verify your farm and web application settings.
A: Create and start missing service applications
A: Verify that managed paths (included paths) are configured correctly for each web application.
In the upgrade log files, you may see errors such as the following:
ERROR Template Template Id: SPSite Id= Site Id could not be accessed due to exception. Skipping SPWeb
Id= Web Id for template upgrade. Exception: System.IO.FileNotFoundException: The site with the id Site Id
could not be found.
This error indicates that a managed path is missing. Add the managed path for the site collection into the
web application and restart upgrade for the content database that contains this site collection.
Q: I see errors and warnings during upgrade about connectivity or corruption
A: Verify your power connections and connection to the network and to SQL Server. Loss of connectivity to
data sources can cause errors. If your servers cannot connect to the databases, they cannot be upgraded.
Q: I ran out of disk space
A: Free some space, or increase the size of the transaction log file before you resume upgrade. If you run out
of space (for example, for transaction log files on your database servers), upgrade cannot continue.
For more information, see Managing the Size of the Transaction Log File.
Q: I see an error about authentication
A: Make sure that the web application is using the right authentication method.
A mismatch in authentication methods can cause problems when you upgrade. The following resources can help if
you have a mismatch between authentication methods:
Classic-to-claims authentication
Make sure that the web applications that you created in SharePoint 2013 use the same authentication
method that was used in SharePoint 2010 Products. Claims-based authentication is the default
authentication method for web applications in SharePoint 2013. If the web application was using classic
mode, you can either update it to claims before you upgrade the database, or create the web application in
classic mode and then migrate it to claims. For more information about how to create a web application that
uses classic mode, and then migrating to claims, see [Create web applications that use classic mode
authentication in SharePoint Server]/previous-versions/office/sharepoint-server-
2010/gg276326(v=office.14)) and Migrate from classic-mode to claims-based authentication in SharePoint
2013
Forms-based authentication
Additional steps are necessary if you are upgrading an environment that uses forms-based authentication.
Follow the steps in Configure forms-based authentication for a claims-based web application in SharePoint
Server to upgrade forms-based authentication providers.
Q: SQL Server says I don't have permissions
A: If you receive an error about an unknown account, or if a database is not upgraded, check the
permissions for the database. In particular, between instances of SQL Server, make sure that you verify that
security is configured correctly. Check that the login accounts that you use have the appropriate fixed roles
and permissions on the databases, and that they will still be valid if you upgrade across domains.
A: Make sure the account that you use to attach the databases is a member of the db_owner fixed database
role for the databases that you want to upgrade.
Q: A database will not upgrade
**A: ** Verify that the database is not set to read-only. You cannot upgrade a database that is set to read-only.
Make sure that you set the databases to read-write before you attach and upgrade the databases.
Q: I changed a database name during restore, but I cannot find the files that have that name
**A: ** When you rename a database at restore time, you must also rename the database and log file names in
the file system (the MDF and LDF files) so that they match.
Q: I cannot back up the Search service application Administration database
**A: ** Before you can back up the Search service application Administration database, you must stop the
Search service on your SharePoint Server 2010 farm. To stop the Search service, on the original farm, on the
Start menu, click Administrative Tools, and then click Services. Right-click SharePoint Server Search 14,
and then click Stop. Be sure to start the service again after you back up the database.
Q: Trusted connections are not working for Excel Services after upgrade
**A: ** You must manually create all trusted data connections for Excel Services after upgrade.
Q: My workflows are no longer associated correctly
**A: ** Verify that the Workflow Auto Cleanup timer job is turned off. If you had disabled the Workflow Auto
Cleanup timer job in your SharePoint 2010 Products environment, make sure that you disable this timer job in
the new environment also. If this timer job is enabled in the new environment and disabled in the SharePoint
2010 Products environment, you might lose workflow associations when you upgrade.
Q: I migrated users from classic authentication to claims-based authentication after upgrade. But some users
have information that is out of date
**A: ** For issues with user profiles, make sure that that the User Profile to SharePoint Full Synchronization
job was run.
If you started the User Profile to SharePoint Full Synchronization job (either automatically or manually)
before the migration process was complete, some users might not be migrated. You can run the following
cmdlet in Microsoft PowerShell after the migration is complete to clear the sync data, and then you can run
the User Profile to SharePoint Full Synchronization job again to include the additional users.
Where DatabaseName is the name of the content database for the site collection associated with the out-of-
date user profile.
**A: ** Verify that the user exists in the Active Directory domain.
If the user does not exist, you can designate the user as deleted in the UserInfo table. If the user does exist,
you can run the migration again. For more information, see Migrate from classic-mode to claims-based
authentication in SharePoint 2013.
See also
Other Resources
Use a trial upgrade to SharePoint 2013 to find potential issues
Verify database upgrades in SharePoint 2013
Review site collections upgraded to SharePoint 2013
[Restart a database-attach upgrade or a site collection upgrade to SharePoint 2013](/previous-
versions/office/sharepoint-server-2010/ff382638(v=office.14)
Troubleshoot site collection upgrade issues in
SharePoint 2013
7/17/2019 • 7 minutes to read • Edit Online
Common issues
Check to see whether any of the following issues are causing an upgrade error, a warning, or a problem in your
site.
Q: I don't see a UI control on the page that used to be there
A: Reset the page to the default version (that is, reghost it).
Making changes to the site UI can cause problems in site upgrades. If a page was customized to place a UI control
in a non-standard location, you can reset the page to the default version to recover the control.
To reset the page, you can use the Reset to site definition link under Site Actions on the Site Settings page or
use the Reset to Template command in SharePoint Designer.
Q: The view on a large list is not working any longer
A: Create indexed columns, folders, or new views for large lists. You might have to add the indexed column to
your existing views.
If a list is very large, and users use a view or perform a query that exceeds the limit or throttling threshold, the
view or query will not be permitted. You can create indexed columns with filtered views, organize items into
folders, set an item limit on the page for a large view, or use an external list. For more information about large list
throttling and how to address issues with large lists, see Manage lists and libraries with many items.
Q: I see an error about a duplicate content type name
A: Rename content types or fields that conflict with default names.
Occasionally, custom elements (such as a content type) may have a name that conflicts with a name in the new
version.
In the upgrade log files, you may see an error such as the following:
Failed to activate site collection features on site Site Url. Exception: A duplicate content type name "name" was
found.
This error indicates that a third-party content type was added to the specified site in SharePoint Server 2010.
During upgrade to SharePoint 2013 its name conflicted with the default content type by the same name. Rename
the third-party content type in the specified site to a different name and run upgrade again. For more information,
see Create or customize a content type.
NOTE
Either renaming or removing a content type can cause any customizations dependent on that content type to stop working.
See also
Other Resources
Review site collections upgraded to SharePoint 2013
Upgrade a site collection to SharePoint 2013
Test and troubleshoot an upgrade to SharePoint 2013
Use a trial upgrade to SharePoint 2013 to find potential issues
Branding issues that may occur when upgrading to
SharePoint 2013
6/7/2019 • 8 minutes to read • Edit Online
Custom CSS
The most common way to apply custom branding to a SharePoint 2010 Products site is to create a CSS file that
contains styles that override the default SharePoint styles.
To make the new UI faster and more fluid, SharePoint 2013 introduced fundamental changes in how CSS is
implemented:
CSS file sizes are reduced.
Nesting of CSS selectors is limited.
CSS inheritance is used whenever possible.
Classes are defined in only one place.
Related classes are grouped in the CSS file.
Inline styles and the !mportant declaration are not used because they cannot be overridden.
Styles use a consistent structure and naming convention.
In SharePoint 2013, styles use a consistent structure and naming convention.
Explanation Indicates this is a Microsoft The name of the feature with A descriptive name of the
class. which this item is associated, item, such as title, link, and
or "core" if it's used as part so on
of the core UI.
Because of these changes in how SharePoint 2013 implements CSS, when you upgrade, custom CSS styles will
not be applied to your site. To resolve this, you should first create an evaluation site collection and then use that site
as the environment where you can identify the new SharePoint 2013 styles that you have to override. Create a CSS
file for these styles, and then apply that CSS to your upgraded site.
Custom theme
In SharePoint 2010 Products, you can use an Office program such as PowerPoint 2010 to create a THMX file. Then
you can upload that theme file to SharePoint 2010 Products and apply the theme to your site.
In SharePoint 2013, the theming engine was improved so that theming is faster and more flexible, and so that
themes can be more easily upgraded moving forward. The theming model uses comment-style markup in the CSS
and then replaces parts of the CSS based on parameters such as fonts and color schemes that users select. Themes
in SharePoint 2013 are defined by XML files:
SPColor.xml defines the color palette, in which slots now have semantic names so that it's more clear what
UI elements will be affected when you change a color value. Also, themes now support setting opacity.
SPFont.xml defines the font scheme and supports multiple languages, web-safe fonts, and web fonts.
But there is no support to upgrade a THMX file from SharePoint 2010 Products to SharePoint 2013. If you applied
a custom theme to the SharePoint 2010 Products site, when you upgrade to SharePoint 2013, the theme files
remain in place. But the theme is no longer applied to the site, and the site reverts to the default theme.
To resolve this, you should first create an evaluation site collection and then use the new theming features in
SharePoint 2013 to create the theme again. For more information about the new themes, see the following articles
on MSDN:
Themes overview in SharePoint 2013
How to: Deploy a custom theme in SharePoint 2013
Color palettes and fonts in SharePoint 2013
How to: Create a master page preview file in SharePoint 2013
IMPORTANT
Moving forward, if you want to use custom branding, and if you want that branding to work after future upgrades, we
recommend that you use themes to implement your design. Themes will have upgrade support when future updates are
available. If themes don't work for your scenario or you must have more extensive branding, we recommend that you use a
publishing site together with Design Manager. But understand that if you invest in building custom master pages and page
layouts, you may have to rework or update your design files during and after each SharePoint upgrade.
Copy and change a master page that ships with SharePoint 2013
In SharePoint 2010 Products, a common way to make minor customizations to the UI is to copy and change a
master page that ships with SharePoint 2010 Products. For example, you might change the master page to remove
or hide capabilities from users.
When you upgrade a SharePoint 2010 Products site to SharePoint 2013, the master page is reset to use the default
master page in SharePoint 2013. Therefore, after upgrade, your site will display its custom branding. The custom
master page that was created in SharePoint 2010 Products still lives in the site, but you should not apply the old
master page to the new site because the new site will not display as expected.
To support the new UI in SharePoint 2013, changes were made to the default master pages. For this reason, you
cannot apply a master page that was created in SharePoint 2010 Products to a site in SharePoint 2013.
To resolve this, you should first create an evaluation site collection, and then create the master page again in the
SharePoint 2013 site. After you verify that the new master page works as expected, move the master page to the
new site collection and apply it to the site. If the sites are publishing sites, you can use Design Manager to export
and then import the master page as part of a design package. Otherwise, you can move the master page as part of
a sandboxed solution or by uploading the file to the master page gallery.
IMPORTANT
SharePoint Foundation 2013 does not support publishing sites. You'll need SharePoint 2013 to use publishing sites.
To determine whether you have this issue, you can create an evaluation site collection that is also a publishing site,
and then set the master page to the master page that ships with SharePoint 2013. If the site still displays, you don't
have this issue. If the site doesn't display and you get an "unexpected error" with a correlation ID, you likely have
this issue.
To resolve this issue, do the following:
1. Create an evaluation site collection that is a publishing site collection.
2. Create a SharePoint 2013 master page.
3. Add the custom content placeholder to the 2013 master page.
4. Apply the new master page to the site.
5. Create a page layout that does not contain the custom content placeholder.
The page layout will be associated with the new master page that was applied to the site.
6. Change all the pages that use the old page layout to use the new page layout.
You can manually edit each page individually in the browser and use the option on the Ribbon, or you can
use the client-side object model for SharePoint to update pages programmatically.
7. Delete the old page layout that contains the custom content placeholder.
We recommend that you do not add custom content placeholders to your custom master page or page layouts.
See also
Other Resources
Troubleshoot site collection upgrade issues in SharePoint 2013
Review site collections upgraded to SharePoint 2013
Upgrade a site collection to SharePoint 2013
Run site collection health checks in SharePoint 2013
Overview of Design Manager in SharePoint 2013
Restart a database-attach upgrade or a site
collection upgrade to SharePoint 2013
8/13/2019 • 4 minutes to read • Edit Online
NOTE
One frequent cause of failures during upgrade is that the environment is missing customized features, solutions, or other
elements. Be sure that any custom elements that you must have are installed on your front-end web servers before you
start the upgrade process. You can use the Test-SPContentDatabase Microsoft PowerShell cmdlet to identify any custom
elements that your sites might be using. For more information, see Use a trial upgrade to SharePoint 2013 to find potential
issues in the article "Use a trial upgrade to find potential issues."
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Upgrade-SPContentDatabase <Name>
Where:
Name is the database name that you want to upgrade.
You can also use the -id parameter and provide the database GUID instead of a database name. You can run the
following cmdlet to find the GUID for a content database:
NOTE
The site collection health checks are run automatically in repair mode before the upgrade starts. The results from the
health checks are included in the upgrade log for the site collection. If there is an error, you must address it before
you can continue to upgrade.
The upgrade starts, and the Upgrade status page for the site collection is displayed. This page
automatically updates while the upgrade is in progress and displays information about the process, such as
the following:
Errors or warnings
When the upgrade started
Where you can find the upgrade log file
After the upgrade is complete, the Upgrade status page is displayed in the new user interface with the
message, Upgrade Completed Successfully.
5. Click Let's see the new site to go to the home page.
Farm administrators can restart upgrade by using PowerShell.
To restart upgrade for a site collection by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<http://site> is the URL for the site collection.
Add the option -Unthrottled option to skip the site collection upgrade queue and start the upgrade
immediately.
For more information, see Upgrade-SPSite.
See also
Other Resources
Upgrade from SharePoint 2010 to SharePoint 2013
Upgrade databases from SharePoint 2010 to
SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
SharePoint 2013 Products Preview - Describes the steps in the process for a
Upgrade Process model database-attach upgrade
CONTENT DESCRIPTION
Checklist for database-attach upgrade Use this checklist to make sure that you
(SharePoint 2013) follow all necessary steps as you
prepare for upgrade, perform the
upgrade, and perform post-upgrade
steps.
Create the SharePoint 2013 farm for a Create and configure a SharePoint
database attach upgrade 2013 farm so that you can upgrade
databases from SharePoint 2010
Products.
Copy databases to the new farm for Copy SharePoint 2010 Products
upgrade to SharePoint 2013 content and service databases to a
SharePoint 2013 farm so that you can
upgrade the data to SharePoint 2013.
Verify database upgrades in SharePoint Verify that the upgrade for your
2013 databases has succeeded and that you
are ready to begin to upgrade sites.
See also
Other Resources
Test and troubleshoot an upgrade to SharePoint 2013
Plan for upgrade to SharePoint 2013
Get started with upgrades to SharePoint 2013
Checklist for database-attach upgrade (SharePoint
2013)
6/7/2019 • 13 minutes to read • Edit Online
IMPORTANT
The steps in this article apply to both SharePoint Foundation 2013 and SharePoint 2013, except for the steps about how to
upgrade the service applications, which apply mostly to SharePoint 2013 (the Business Data Connectivity service application
applies to both).
STEP NOTES
[] Clean up your environment Complete this step one time for the
Before you begin to upgrade, make whole environment.
sure that your environment is This process might take days or weeks
functioning in a healthy state and that to finish.
you clean up any content that you do
not have to upgrade. Clean up any
orphaned sites or data, address any
large lists and large ACLs, remove
extraneous document versions, and
remove any unused templates, features
and Web Parts.
Detailed steps: Clean up an
environment before an upgrade to
SharePoint 2013.
[] Test the upgrade process Perform this step multiple times, until
Try out upgrade in a test environment you are prepared to perform the actual
to find any issues and determine how upgrade.
long your actual upgrade might take.
Detailed steps: Use a trial upgrade to
SharePoint 2013 to find potential issues
STEP NOTES
[] Configure service applications Complete this step one time for the
Enable and configure the services that whole environment.
you need in your new environment.
Do not configure the following service
applications - you will configure them
while you upgrade their databases later
in the process:
Business Data Connectivity service
Managed Metadata service
PerformancePoint services
Search
Secure Store service
User Profile service
STEP NOTES
[] Configure general farm settings Complete this step one time for the
Reapply any general farm settings that whole environment.
you must have from your previous farm
— such as blocked file types, e-mail
setting, and quota settings — and add
users or groups to the Farm
Administrators group. Configure new
settings such as usage and health data
collection, diagnostic logging, and
mobile accounts.
IMPORTANT
If you had disabled the Workflow Auto Cleanup timer job in your SharePoint 2013 environment, make sure that you disable
this timer job in your new environment also. If this timer job is enabled in the new environment and disabled in the previous
version environment, you might lose workflow associations when you upgrade. For more information about this timer job,
see Disable preservation of workflow history (SharePoint Server 2010) .
Detailed steps for this phase: Create the SharePoint 2013 farm for a database attach upgrade.
Back up and restore databases
STEP NOTES
[] Record the passphrase for the Complete this step one time for each
Secure Store service application Secure Store service application in the
The Secure Store service application environment.
uses a passphrase to encrypt
information. You must record this
passphrase so that you can use it in the
new environment.
[] Set the previous version databases Complete this step for each content
to be read-only database in your environment.
If you want your original environment Depending on your organization, you
to remain available to users in a read- might need a database administrator to
only state, set the databases to read- complete this step.
only before you back them up.
[] Export the encryption key for the Complete this step one time for each
User Profile service application User Profile service application in the
The User Profile Service service environment.
application requires an encryption key
that is stored separately from the
database and is needed if you want to
upgrade the User Profile Sync database.
[] Restore a backup copy of the Complete this step for each content
databases database and supported service
Restore the databases from the backup. application database in your
environment.
This step can take an hour or longer,
depending on your dataset and your
environment.
Depending on your organization, you
might need a database administrator to
complete this step.
[] Set the restored databases to be Complete this step for each content
read-write database and supported service
Before you can attach and upgrade the application database in your
databases that you copied to the new environment.
environment, you must set them to Depending on your organization, you
read-write. might need a database administrator to
complete this step.
Detailed steps for this phase: Copy databases to the new farm for upgrade to SharePoint 2013
Upgrade service application databases
STEP NOTES
[] Start the service application Complete this step one time for the
instances whole environment.
Start the following service instances
from Central Administration:
Business Data Connectivity service
Managed Metadata service
PerformancePoint services
Secure Store service
User Profile service
Start the instance of the Search service
application by using PowerShell.
[] Upgrade the Secure Store service Complete this step one time for each
application Secure Store service application in the
Use PowerShell to create the new previous environment.
service application and upgrade the
database, create a proxy and add it to
the default proxy group, and then
restore the passphrase from the
previous environment.
STEP NOTES
[] Upgrade the Business Data Complete this step one time for each
Connectivity service application Business Data Connectivity service
Use PowerShell to create the new service application in the previous
service application and upgrade the environment.
database. You do not have to create a
proxy for the Business Data
Connectivity service application.
> [!NOTE]> The Business Data
Connectivity service application is
available in both SharePoint Foundation
2013 and SharePoint 2013.
[] Upgrade the Managed Metadata Complete this step one time for each
service application Managed Metadata service application
Use PowerShell to create the new in the previous environment.
service application and upgrade the
database, and then create a proxy and
add it to the default proxy group. You
must upgrade the Managed Metadata
service application before you can
upgrade the User Profile service
application.
[] Upgrade the User Profile service Complete this step one time for each
application User Profile service application in the
Use PowerShell to create the new previous environment.
service application and upgrade the
database, and then create a proxy and
add it to the default proxy group. After
you have created the User Profile
service application, you must import
the Microsoft Identity Integration
Server Key (MIIS) encryption key.
Finally, you can start the User Profile
Synchronization service.
[] Upgrade the PerformancePoint Complete this step one time for each
Services service application PerformancePoint Services service
Use PowerShell to create the new application in the previous
service application and upgrade the environment.
database, and then create a proxy and
add it to the default proxy group.
[] Upgrade the Search service Complete this step one time for each
application Search service application in the
Use PowerShell to create the new previous environment.
service application and upgrade the
database, and then create a proxy and
add it to the default proxy group.
> [!NOTE]> This step applies to only
SharePoint 2013. Although SharePoint
Foundation 2013 includes search
functionality, it is not the same Search
service application that is in SharePoint
2013 and it cannot be upgraded.
STEP NOTES
[] Verify that all of the new proxies are Complete this step one time for the
in the default proxy group whole environment.
Use the Get-
SPServiceApplicationProxyGroup
cmdlet to verify that all of the service
application proxies are in the default
proxy group.
Detailed steps for this phase: Upgrade service applications to SharePoint 2013.
Create web applications
STEP NOTES
[] Create and configure web Complete this step one time for the
applications whole environment.
Create a web application for each web
application that existed in the old
environment. If the desire is to use
Windows Claims Authentication, create
the new Web Applications in Windows
Claims mode instead of Classic mode.
Detailed steps for this phase: Upgrade content databases from SharePoint 2010 to SharePoint 2013.
Attach and upgrade content databases
STEP NOTES
STEP NOTES
[] Attach a content database to a web Complete this step for one content
application database in your environment.
Attach the content database that This step might take several minutes or
contains the root site collection first. several hours, depending on your
For My Sites, attach the content dataset and hardware on the web
database that contains the My Site host servers, database servers, and storage
before attaching databases that contain subsystem.
the My Sites.
You must perform this action from the
command line. Use the Mount-
SPContentDatabase Microsoft
PowerShell cmdlet.
[] Verify upgrade for the first Complete this step for the content
database database that you just attached.
Verify that upgrade succeeded for the
first database, and review the site to
see whether there are any issues.
Detailed steps: Verify database
upgrades in SharePoint 2013.
[] Verify upgrade for the remaining Complete this step for each of the
database remaining content databases in your
Verify that upgrade succeeded for the environment.
remaining databases. This step might take several minutes,
Detailed steps: Verify database an hour, several hours, or days,
upgrades in SharePoint 2013. depending on your content.
Detailed steps for this phase: Upgrade content databases from SharePoint 2010 to SharePoint 2013.
STEP NOTES
STEP NOTES
[] Verify that site collections are Complete this step one time for your
working as expecting in 2010 mode whole environment.
Review the site collections and make
sure that they work in 2010 mode
before you begin to upgrade any site
collections. You can use a similar review
list as the one provided for upgraded
sites in Review site collections upgraded
to SharePoint 2013
> [!NOTE]> If the SharePoint 2013
Web Application was created in
Windows Claims mode, complete the
next step prior to testing site
collections.
[] Migrate user accounts to claims Complete this step one time for every
authentication, if it is necessary web application that has changed
By default, new web applications in authentication methods.
SharePoint 2013 use claims
authentication. If you were using classic
authentication in the previous
environment, you must migrate the
users to claims authentication. For
more information, see Migrate from
classic-mode to claims-based
authentication in SharePoint 2013.
[] Update links that are used in any Complete this step one time for your
upgraded InfoPath form templates whole environment.
For a database-attach upgrade, you
exported and imported all InfoPath
form templates in your environment
when you created the new
environment. After upgrade, you can
now update the links that are used in
those upgraded form templates to
point to the correct URLs by using a
Microsoft PowerShell cmdlet.
For more information, see Configure
InfoPath Forms Services (SharePoint
Server 2010).
[] Configure your Search topology Complete this step one time for your
The architecture for the Search service whole environment.
has changed for SharePoint 2013. Plan
and configure your Search topology to
suit your environment and the new
architecture. For more information, see
Scale search for Internet sites in
SharePoint Server and Manage the
search topology in SharePoint Server.
[] Start a full crawl Complete this step one time for your
After all content is upgraded and all whole environment.
settings are configured, you can start a A full crawl can take several hours or
full search crawl of your content. For days to complete, depending on how
more information, see Start, pause, much content is in your environment.
resume, or stop a crawl in SharePoint
Server.
STEP NOTES
[] Back up your farm Complete this step one time for your
Back up your farm so that you have a whole environment.
current backup of your upgraded
environment before you start to
upgrade site collections. For more
information, see Back up farms in
SharePoint Server.
See also
Other Resources
Create the SharePoint 2013 farm for a database attach upgrade
Copy databases to the new farm for upgrade to SharePoint 2013
Upgrade service applications to SharePoint 2013
Upgrade content databases from SharePoint 2010 to SharePoint 2013
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Upgrade a site collection to SharePoint 2013
Test and troubleshoot an upgrade to SharePoint 2013
Create the SharePoint 2013 farm for a database
attach upgrade
7/17/2019 • 9 minutes to read • Edit Online
Export the encryption key for the User Profile service application
The User Profile Service service application requires an encryption key that is stored separately from the
database and is needed if you want to upgrade the User Profile Sync database. You must export the Microsoft
Identity Integration Server Key (MIIS ) encryption key from your SharePoint Server 2010 environment. You will
import this exported key to the SharePoint 2013 environment after you upgrade the User Profile service
application databases. By default, the key is located on the server that is running SharePoint Server 2010 and that
is hosting the Microsoft Forefront Identity Manager services in the following directory: < root directory
drive>\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin.
IMPORTANT
This section applies only to SharePoint 2013, not SharePoint Foundation 2013.
To export the encryption key for the User Profile service application
1. Verify that you have the following memberships:
Administrators group on the server on which you are running the command.
2. Open the Command Prompt window, and then change to the following folder:
%Program Files%\Microsoft Office Servers\14.0\Synchronization Service\Bin\
3. To export the key, type the following at the command prompt, and then press ENTER:
miiskmu.exe
4. In the Microsoft Identity Integration Server Key Management Utility wizard, verify that Export key set is
selected, and then click Next.
5. In the Account Name box, type the account name for the farm administrator.
6. In the Password box, type the password for the farm administrator.
7. In the Domain box, type the domain that contains the farm administrator account, and then click Next.
8. In the Specify export file name and location box, type or click browse to select the path and file name
to use for the exported key, and then click Next.
The key is exported as a file that has a .BIN file name extension.
9. Verify the information, and then click Finish.
A message appears indicating that the key was successfully exported.
10. Click Close to close the Microsoft Identity Integration Server Key Management Utility.
NOTE
For more information about how to install available language packs, see Install or uninstall language packs for
SharePoint 2013.
4. Run the SharePoint Products Configuration Wizard to configure your server or servers.
IMPORTANT
Some service applications can be upgraded by using a service application database upgrade. If you want to upgrade
these service applications by upgrading the service application databases, do not use the Farm Configuration
Wizard to configure these service applications when you set up your new farm.
For step-by-step instructions for these tasks, see Install for SharePoint 2013.
IMPORTANT
If you had disabled the Workflow Auto Cleanup timer job in your SharePoint 2010 Products environment, make sure that
you disable this timer job in your new environment also. If this timer job is enabled in the new environment and disabled in
the SharePoint 2010 Products environment, you might lose workflow associations when you upgrade. For more information
about this timer job, seeDisable preservation of workflow history (SharePoint Server 2010) Disable preservation of workflow
history (SharePoint Server 2010).
In a standard installation, the next step would be to create web applications. However, for upgrade, you create
web applications later in the process, after you upgrade the service application databases. For more information,
see Create web applications.
See also
Other Resources
Checklist for database-attach upgrade (SharePoint 2013)
Upgrade farms that share services (parent and child farms) to SharePoint 2013
Test and troubleshoot an upgrade to SharePoint 2013
Copy databases to the new farm for upgrade to
SharePoint 2013
8/13/2019 • 9 minutes to read • Edit Online
IMPORTANT
Perform this step in the SharePoint 2010 Products environment.
User Profile: Profile, Social, and Sync databases User Profile Service Application_ProfileDB_ ID
User Profile Service Application_SocialDB_ ID
User Profile Service Application_SyncDB_ ID
NOTE
The Business Data Connectivity service application is available in both SharePoint Foundation 2010 and SharePoint Server
2010. The other service applications are available only in SharePoint Server 2010. Although SharePoint Foundation 2010
includes search functionality, it is not the same Search service application that is in SharePoint Server 2010 and it cannot be
upgraded.
You do not have to back up the configuration or admin content databases, because you recreated these databases
when you set up the SharePoint 2013 server farm. Upgrading the configuration or admin content databases and
the Central Administration site collection is not supported.
After you complete this procedure, you will have created backups of the read-only content databases.
IMPORTANT
Perform this step in the SharePoint 2010 Products environment.
IMPORTANT
Before you can back up the Search service application Administration database, you must stop the Search service on your
SharePoint Server 2010 farm. To stop the Search service, on the original farm, on the Start menu, click Administrative
Tools, and then click Services. Right-click SharePoint Server Search 14, and then click Stop. Be sure to start the service
again after you back up the database.
IMPORTANT
Be sure to keep a copy of your original backups in reserve, just in case upgrade fails and you have to troubleshoot and try
again. > Perform this step in the SharePoint 2013 environment.
5. In the To a point in time text box, keep the default (Most recent possible).
6. To specify the source and location of the backup sets to restore, click From device, and then use the
ellipsis ( ...) to select the backup file.
7. In the Specify Backup dialog box, in the Backup media box, be sure that File is selected.
8. In the Backup location area, click Add.
9. In the Locate Backup File dialog box, select the file that you want to restore, click OK, and then, in the
Specify Backup dialog box, click OK.
10. In the Restore Database dialog box, under Select the backup sets to restore grid, select the Restore
check box next to the most recent full backup.
11. In the Restore Database dialog box, on the Options page, under Restore options, select the Overwrite
the existing database check box.
12. Click OK to start the restore process.
IMPORTANT
Perform this step in the SharePoint 2013 environment.
IMPORTANT
Although this article applies to both SharePoint Foundation 2013 and SharePoint 2013, the sections about how to
upgrade service applications apply only to SharePoint 2013. (The exception is the section about how to upgrade the
Business Data Connectivity service application which applies to SharePoint Foundation 2013 and SharePoint 2013).
TIP
Throughout this article, variables (such as $applicationPool, $sss, $upa, and so on) are used in the PowerShell cmdlets to
save time and effort. You do not have to use these variables if you would prefer not to. However, if you do not use these
variables, you must use IDs for the service applications and service application proxies when you specify the identity
parameters. Each procedure has information about the variables used, or the alternate cmdlets to use to look up any IDs
that are required. > Also, many procedures in this article include a step to set the $applicationPool variable. If you are
performing all of these procedures in the same session of PowerShell, and you want to use the same application pool for all
service applications, you do not have to repeat this step in each procedure. Instead, you can set this variable once at the
beginning and use it throughout the procedures in this article.
NOTE
The Business Data Connectivity service application is available for upgrade both from SharePoint Foundation 2010 to
SharePoint Foundation 2013 and SharePoint Server 2010 to SharePoint 2013. The other service applications are available
for upgrade only from SharePoint Server 2010 to SharePoint 2013. Although SharePoint Foundation 2013 includes search
functionality, it is not the same Search service application that is in SharePoint 2013 and it cannot be upgraded.
$SearchInst = Get-SPEnterpriseSearchServiceInstance
# Stores the identity for the Search service instance on this server as a variable
Start-SPServiceInstance $SearchInst
# Starts the service instance
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications. This is the default service application pool. You can specify a different service application pool.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that
follow. If you have multiple application pools and have to use a different application pool for a particular
service application, repeat this step in the procedure to create each service application to use the
appropriate application pool.
4. To upgrade the Secure Store service application, at the Microsoft PowerShell command prompt, type the
following command:
Where:
SecureStore is the name that you want to give the new Secure Store service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
SecureStore_Upgrade_DB is the name of the service application database that you want to upgrade.
This command sets a variable, $sss, that you use when you create the proxy later.
For more information, see New -SPSecureStoreApplication.
5. Type the following command to create a proxy for the Secure Store service application:
Where:
ProxyName is the proxy name that you want to use.
$sss is the variable that you set earlier to identify the new Secure Store service application.
TIP
If you do not use the variable $sss, then you must use an ID to identify the Secure Store service application instead
of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of all service
application IDs.
DefaultProxyGroup adds the Secure Store service application proxy to the default proxy group for the
local farm.
This command sets a variable, $sssp, for the service application proxy that you use when you restore the
passphrase.
For more information, see New -SPSecureStoreServiceApplicationProxy.
After you create the Secure Store service application and the proxy, you have to refresh the encryption key. For
information about how to refresh the encryption key, see Refresh the Secure Store encryption key.
6. Type the following command to restore the passphrase for the Secure Store service application:
Where:
<Passphrase> is the Passphrase for the Secure Store service application from your previous environment.
$sssp is a variable that you set earlier to identify the new Secure Store service application proxy.
TIP
If you do not use the variable $sssp, then you must use an ID to identify the Secure Store service application proxy
instead of a name. To find the ID, you can run the Get-SPServiceApplicationProxy cmdlet to return a list of all
service application proxy IDs.
NOTE
The Business Data Connectivity service application is available in both SharePoint Foundation 2013 and SharePoint 2013.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
BDC Service is the name that you want to give the new Business Data Connectivity service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
BDC_Service_DB is name of the service application database that you want to upgrade.
For more information, see New -SPBusinessDataCatalogServiceApplication.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the Managed Metadata service application, at the Microsoft PowerShell command prompt, type
the following command:
Where:
Managed Metadata Service Application is the name that you want to give the new Managed Metadata
service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
Managed Metadata Service_DB is name of the service application database that you want to upgrade.
This command sets a variable, $mms, that you use when you create the proxy later.
For more information, see New -SPMetadataServiceApplication.
5. At the Microsoft PowerShell command prompt, type the following command to create a proxy for the
Managed Metadata service application:
Where:
ProxyName is the proxy name that you want to use.
$mms is the variable that you set earlier to identify the new Managed Metadata service application.
TIP
If you do not use the variable $mms, then you must use an ID to identify the Managed Metadata service
application proxy instead of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a
list of all service application IDs.
DefaultProxyGroup adds the Managed Metadata service application proxy to the default proxy group for
the local farm.
For more information, see New -SPMetadataServiceApplicationProxy.
NOTE
You must upgrade the Managed Metadata service application before you can upgrade the User Profile service application.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the User Profile service application, at the Microsoft PowerShell command prompt, type the
following command:
$upa = New-SPProfileServiceApplication -Name 'User Profile Service Application' -ApplicationPool
$applicationPool -ProfileDBName 'User Profile Service Application_ProfileDB' -SocialDBName 'User Profile
Service Application_SocialDB'
-ProfileSyncDBName 'User Profile Service Application_SyncDB'
Where:
User Profile Service Application is the name that you want to give the new User Profile service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
User Profile Service Application_ProfileDB is name of the User Profile service application Profile database
that you want to upgrade.
User Profile Service Application_SocialDB is name of the User Profile service application Social database
that you want to upgrade.
User Profile Service Application_SyncDB is name of the User Profile service application Sync database
that you want to upgrade.
> [!NOTE]
> The **SocialDBName** and **ProfileSyncDBName** parameters are optional. Use these parameters if you have
Social and Sync databases that you want to upgrade. If you do not specify these parameters, new Social and
Sync databases are created for you.
This command sets a variable, $upa, that you use when you create the proxy later.
For more information, see New -SPProfileServiceApplication.
5. Type the following command to create a proxy for the User Profile service application:
Where:
TIP
If you do not use the variable $upa, then you must use an ID to identify the User Profile service application instead
of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of all service
application IDs.
DefaultProxyGroup adds the User Profile service application proxy to the default proxy group for the local
farm.
For more information, see New -SPProfileServiceApplicationProxy.
After you have created the User Profile Service service application, you can start the User Profile
Synchronization service.
Start the User Profile Synchronization service
1. Start the SharePoint Central Administration website.
2. In Central Administration, on the System Settings page, under Servers click Manage services on
Server.
3. Next to the User Profile Synchronization Service, click Start.
4. In the Select the User Profile Application section, select the User Profile service application that you
upgraded.
5. In the Service Account Name and Passwordsection, type the account name and password to use for
the User Profile Synchronization service.
After you have started the User Profile Synchronization service, you must import the Microsoft Identity
Integration Server Key (MIIS ) encryption key. Import this key to the following directory: < root directory
drive>\Program Files\Microsoft Office Servers\15.0\Synchronization Service\Bin.
To import the encryption key for User Profile service application
1. Verify that you have the following memberships:
Administrators group on the server on which you are running the command.
2. Open the Command Prompt window, and then change to the following folder:
%Program Files%\Microsoft Office Servers\15.0\Synchronization Service\Bin\
3. To import the key, type the following at the command prompt, and then press ENTER:
Where:
Path is the path and file name for the key that you want to import.
You might also have to enter a user name and password. These are the credentials for the farm administrator.
IMPORTANT
Use the GUID as specified. This GUID is fixed.
For more information, see Install a software update (SharePoint Server 2010).
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the PerformancePoint Services service application, at the Microsoft PowerShell command prompt,
type the following command:
Where:
PerformancePoint Service is the name that you want to give the new PerformancePoint Services service
application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
Where:
ProxyName is the proxy name that you want to use.
$pps is the variable that you set earlier to identify the new PerformancePoint Services service application.
TIP
If you do not use the variable $pps, then you must use an ID to identify the PerformancePoint Services service
application instead of a name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of
all service application IDs.
Default adds the PerformancePoint Services service application proxy to the default proxy group for the
local farm.
For more information, see New -SPPerformancePointServiceApplicationProxy.
NOTE
This section applies to only SharePoint 2013. Although SharePoint Foundation 2013 includes search functionality, it is not
the same Search service application that is in SharePoint 2013 and it cannot be upgraded.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
SharePoint Web Services default is the name of the service application pool that will contain the new service
applications.
This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you
have multiple application pools and have to use a different application pool for a particular service application,
repeat this step in the procedure to create each service application to use the appropriate application pool.
4. To upgrade the Search service application, at the Microsoft PowerShell command prompt, type the following
command:
Where:
SearchServiceApplicationName is the name of the Search service application.
$applicationpool is the variable that you set earlier to identify the service application pool to use.
TIP
If you do not use the variable $applicationPool, then you must specify the name of an existing service application
pool in the format ' Application Pool Name'. To view a list of service application pools, you can run the Get-
SPServiceApplicationPool cmdlet.
NOTE
A Search service application upgrade might fail because of an issue that occurs during upgrade, such as network or
SQL Server latency. If an error message appears during the Search service application upgrade, do the following:
$ssa = Get-SPEnterpriseSearchServiceApplication
Where:
ProxyName is the proxy name that you want to use.
$ssa is the variable that you set earlier to identify the new Search service application.
TIP
If you do not use the variable $ssa, then you must use an ID to identify the Search service application instead of a
name. To find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of all service application
IDs.
$ssap = Get-SPEnterpriseSearchServiceApplicationProxy
Where:
$ssap is the variable that you set earlier to identify the ID for the proxy you just created for the Search
service application.
TIP
If you do not use the variable $ssap, then you must use an ID to identify the Search service application proxy
instead of a name. To find the ID, you can run the Get-SPServiceApplicationProxy cmdlet to return a list of all
service application proxy IDs.
You use an empty identity parameter (" ") to add it to the default group.
For more information, see Add-SPServiceApplicationProxyGroupMember.
Verify that all of the new proxies are in the default proxy group
Use the following procedure to verify that the steps to create the proxies and add them to the default proxy
group worked.
To verify that all of the new proxies are in the default proxy group by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
$pg is a variable you set to represent the default proxy group.
You use an empty identity parameter (" ") to specify the default proxy group.
This returns a list of all proxies in the default proxy group, their display names, type names, and IDs.
For more information, see Get-SPServiceApplicationProxyGroup.
Now that the service applications are upgraded, you can start the process to upgrade the content databases. The
first step in that process is to create the web applications that are needed for each content database.
See also
Other Resources
Checklist for database-attach upgrade (SharePoint 2013)
Services upgrade overview from SharePoint 2010 to SharePoint Server 2013
Upgrade farms that share services (parent and child farms) to SharePoint 2013
Test and troubleshoot an upgrade to SharePoint 2013
Upgrade content databases from SharePoint 2010
to SharePoint 2013
8/13/2019 • 14 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
DatabaseName is the name of the database that you want to test.
URL is the URL for the web application that will host the sites.
For more information, see Test-SPContentDatabase.
TIP
Each site collection in a content database has a GUID that is registered in the configuration database and associated with
the site collection. Therefore, you cannot add the same site collection two times to the farm, even in separate web
applications. Although you can successfully attach the database in this situation, you will be unable to browse to the site
collection. > If you must have a copy of a site collection in the same farm, first attach the database that contains the site
collection to a separate farm, and then use the Backup-SPSite and Restore-SPSite PowerShell cmdlets to copy the site
collection to the other farm. The backup and restore process creates a new GUID for the site collection. For more
information about these cmdlets, see Backup-SPSite and Restore-SPSite.
For My Sites, attach the content database that contains the My Site host before attaching databases that
contain the My Sites.
By default, when you created the web applications in the new SharePoint 2013 environment, a content
database was created for each web application. You can ignore these default databases until after you have
attached your SharePoint 2010 Products databases, and then you can delete the default databases.
IMPORTANT
If you are moving the content databases across domains or forests or to another environment that has different service
accounts, make sure that the permissions for the service accounts are still correct before you attach the databases.
You must use the Mount-SPContentDatabase cmdlet to attach a content database to a web application.
Using the SharePoint Central Administration pages to attach a content database is not supported for
upgrading.
Ensure that the account that you use to attach the databases is a member of the db_owner fixed database role
for the content databases that you want to upgrade.
NOTE
One frequent cause of failures during upgrade is that the environment is missing customized features, solutions, or other
elements. Be sure that all custom elements from the SharePoint 2010 Products environment are installed on your front-
end web servers in the SharePoint 2013 environment before you start the upgrade process. Use the test-
spcontentdatabase Microsoft PowerShell cmdlet to identify custom elements that your sites might be missing.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
2. Start the SharePoint Management Shell.
3. At the PowerShell command prompt, type the following command and then press ENTER:
Where:
DatabaseName is the name of the database that you want to upgrade.
ServerName is server on which the database is stored.
URL is the URL for the web application that will host the sites.
For more information, see Mount-SPContentDatabase.
TIP
To upgrade from SharePoint Foundation 2010 to SharePoint 2013, attach the SharePoint Foundation 2010 content
databases directly to the SharePoint 2013 environment. Just follow the same steps in this article, but use the SharePoint
Foundation 2010 databases and a SharePoint 2013 farm. The upgrade process will upgrade the version and the product
at the same time.
NOTE
The format of the upgrade log for SharePoint 2013 is based on the same structure as ULS. > The upgrade log file
includes the name of the content database being upgraded.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
This cmdlet returns a table-style list of databases in your farm and indicates whether the database needs an
upgrade to SharePoint2013.
Next steps
After you upgrade the databases, you might want to perform additional steps to make sure that your farm is
ready for use. For example:
Verify that site collections are working as expecting in 2010 mode.
Visually review site collections. You can use a similar review list as the one provided for upgraded sites in
Review site collections upgraded to SharePoint Server 2016.
Migrate user accounts to claims authentication, if it is necessary.
By default, new web applications in SharePoint 2013 use claims authentication. If you were using classic
authentication in the previous environment, you must migrate the users to claims authentication. For
more information, see Migrate from classic-mode to claims-based authentication in SharePoint 2013.
Update links that are used in any upgraded InfoPath form templates.
For a database-attach upgrade, you exported and imported all InfoPath form templates in your
environment when you created the new environment. After upgrade, you can now update the links that
are used in those upgraded form templates to point to the correct URLs by using a Microsoft
PowerShell cmdlet.
For more information, see Configure InfoPath Forms Services (SharePoint Server 2010).
InfoPath is available in SharePoint Server only.
Configure your Search topology
The architecture for the Search service has changed for SharePoint 2013. Plan and configure your
Search topology to suit your environment and the new architecture. For more information, see Scale
search for Internet sites in SharePoint Server and Manage the search topology in SharePoint Server.
Perform a full crawl
For more information, see Start, pause, resume, or stop a crawl in SharePoint Server.
Back up your farm
For more information, see Back up farms in SharePoint Server.
Although SharePoint Foundation 2013 includes search functionality, it is not the same Search service
application that is in SharePoint 2013. These steps apply only to SharePoint 2013.
After your farm is ready, you can enable access to users, and then start to upgrade site collections. For
information about how to upgrade site collections, see Upgrade a site collection to SharePoint 2013.
See also
Other Resources
Checklist for database-attach upgrade (SharePoint 2013)
Upgrade a site collection to SharePoint 2013
Upgrade a site collection to SharePoint 2013
Verify database upgrades in SharePoint 2013
6/7/2019 • 3 minutes to read • Edit Online
See also
Other Resources
Restart a database-attach upgrade or a site collection upgrade to SharePoint 2013
Test and troubleshoot an upgrade to SharePoint 2013
Upgrade a site collection to SharePoint 2013
Review site collections upgraded to SharePoint 2013
Migrate from classic-mode to claims-based
authentication in SharePoint 2013
8/13/2019 • 8 minutes to read • Edit Online
After you convert a web application to claims-based authentication, you cannot revert it to classic-mode
authentication.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Permissions and Add-SPShellAdmin.
2. From the PowerShell command prompt, type the following to set the specified user account as an
administrator for the site:
$WebAppName = "http://<yourWebAppUrl>"
$wa = get-SPWebApplication $WebAppName
$wa.UseClaimsAuthentication = $true
$wa.Update()
Where:
<yourWebAppUrl> is the URL of the web application.
3. From the PowerShell command prompt, type the following to configure the policy to enable the user to have
full access:
$account = "yourDomain\yourUser"
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
$wa = get-SPWebApplication $WebAppName
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
$wa.MigrateUsers($true)
5. After user migration completes, type the following from the PowerShell command prompt to perform
provisioning:
$wa.ProvisionGlobally()
NOTE
When you attach the SharePoint 2010 Products content databases to the SharePoint 2013 claims-based web
application, the databases will be upgraded to the SharePoint 2013 database format but will not be claims-enabled.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Permissions and Add-SPShellAdmin.
2. In the SharePoint 2013 environment, on the Start menu, click All Programs.
3. Click SharePoint 2013.
4. Click SharePoint 2013 Management Shell.
5. Change to the directory where you saved the file.
6. At the PowerShell command prompt, type the following command:
Where:
<domainname>\ <user> is the domain to which the server belongs and the name of the user account.
7. Attach the two existing SharePoint 2010 Products content databases to the new SharePoint 2013 claims-
mode web application. For more information, see Attach or detach content databases in SharePoint
Server.
NOTE
When you attach the SharePoint 2010 Products content databases to the SharePoint 2013 claims-mode web
application, the databases are upgraded to the SharePoint 2013 database format. You have to verify that the
content databases work correctly after you have attached them.
Where:
<yourWebAppUrl> is the URL of the web application.
NOTE
Convert-SPWebApplication converts the content databases to claims-based authentication. You have to verify that the
users can access the web application after you have converted the content databases.
9. If necessary, attach a third SharePoint 2010 Products content database to the new SharePoint 2013
claims-mode web application, and verify that the content database working correctly after you have
attached it.
10. From the PowerShell command prompt, type the following:
Verify that users can access the web application after you have converted the content databases to claims-based
authentication. For more information, see New -SPWebApplication, Get-SPManagedAccount, and Convert-
SPWebApplication.
Where:
<Name> is the name of the new web application that uses classic-mode authentication.
<ApplicationPool> is the name of the application pool.
<WindowsAuthType> is either "NTLM" or "Kerberos". Kerberos is recommended.
<ApplicationPoolAccount> is the user account that this application pool will run as.
<Port> is the port on which the web application will be created in IIS.
<URL> is the public URL for the web application.
NOTE
For more information, see New-SPWebApplication.
NOTE
After you successfully create the web application, when you open the Central Administration page, you see a health
rule warning that indicates that one or more web applications is enabled with classic authentication mode. This is a
reflection of our recommendation to use claims-based authentication instead of classic mode authentication.
Where:
<servername> is the name of the server.
Verify that users can access the web application after you have converted it to claims-based authentication.For
more information, see New -SPWebApplication, Get-SPManagedAccount, and Convert-SPWebApplication.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Permissions and Add-SPShellAdmin.
Where:
<domainname>\ <user> is the domain to which the server belongs and the name of the user account.
3. Attach the two existing SharePoint 2010 Products content databases to the new SharePoint 2013 classic-
mode web application. Verify that the content databases work correctly after you have attached them. For
more information, see Attach or detach content databases in SharePoint Server.
For more information, see New -SPWebApplication and Get-SPManagedAccount.
See also
Other Resources
Create claims-based web applications in SharePoint Server
Create claims-based web applications in SharePoint Server
Upgrade site collections to SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
SharePoint 2013 Products Preview - Upgrade Process model Describes the steps in the process for a database-attach
upgrade.
Run site collection health checks in SharePoint 2013 Run the site collection health checks to verify your site is
running well. Check each site before you upgrade to
SharePoint 2013.
Upgrade a site collection to SharePoint 2013 Site collection administrators can preview a copy of their sites
in SharePoint 2013 mode, and then upgrade their sites.
Review site collections upgraded to SharePoint 2013 Review site collections after you have upgraded them to
SharePoint 2013.
Manage site collection upgrades to SharePoint 2013 Farm administrators manage the upgrade queue and
throttling settings and upgrade site collections to SharePoint
2013.
See also
Other Resources
Upgrade from SharePoint 2010 to SharePoint 2013
Run site collection health checks in SharePoint 2013
8/13/2019 • 5 minutes to read • Edit Online
For a visual overview of the entire upgrade process, see Overview of the upgrade process from SharePoint 2010
to SharePoint 2013.
You run the health checks manually to prepare for an upgrade. In addition, the health checks are run automatically
in repair mode when you start to upgrade a site collection. You can also run the health checks at any time to verify
that a site is working as expected. The site collection pre-upgrade health checks examine a site collection and list
potential upgrade issues, such as missing or unsupported elements. For example, the results itemize customized
files so that you can identify the custom file and reset it to the default template in the site definition, if you want.
After you run the checks, a report lists potential issues. The report also has information about how to address the
issues.
The site collection health checker includes the following rules:
Site collection health check rules
Conflicting Content Types This rule checks for conflicts between befe203b-a8c0-48c2-b5f0-
existing content types and content 27c10f9e1622
types that are created when you
upgrade the site to SharePoint 2013. A
conflict occurs when both content types
have the same name.
Customized Files This rule checks for any files that were cd839b0d-9707-4950-8fac-
customized (or unghosted) in the site f306cb920f6c
collection or subsites. When run in
repair mode, it can reset the page to
the default (reghost the file).
Missing Galleries This rule checks for all default galleries ee967197-ccbe-4c00-88e4-
and reports if any are missing from the e6fab81145e1
site collection or subsites.
RULE NAME DESCRIPTION RULE ID
Missing Parent Content Types This rule checks for missing parent a9a6769f-7289-4b9f-ae7f-
content types. If a missing parent 5db4b997d284
content type is found, you can either
delete the orphaned content type or
associate the orphaned content type
with a different parent content type.ge
Missing Site Templates This rule checks to make sure that the 5258ccf5-e7d6-4df7-b8ae-
template the site is based on is available 12fcc0513ebd
and reports if any elements are missing.
Unsupported Language Pack This rule checks to make sure that the 99c946f7-5751-417c-89d3-
References language packs that are used by the b9c8bb2d1f66
site collection exist and are referenced
correctly by the site collection.
Unsupported MUI References This rule checks to make sure that the 6da06aab-c539-4e0d-b111-
multi-user interface elements that are b1da4408859a
used by the site collection exist and are
referenced correctly by the site
collection.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<RuleID> is ID for a specific rule that you want to run.
To run the site collection health checks in repair mode by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
Either a site collection administrator or be granted full control (for repair mode) for the web application by
policy. For more information about permission policies for web applications, see Manage permission
policies for a web application in SharePoint Server.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<RuleID> is ID for a specific rule that you want to run.
Additional steps
If you are performing an upgrade to SharePoint 2013, you can start the site collection upgrade after you have
addressed all issues from the health checks. You can create an upgrade evaluation site to try the new user interface
for your site, or you can upgrade your site collection directly. To learn about how to create evaluation site
collections or upgrade a site collection, see Upgrade a site collection to SharePoint 2013.
See also
Other Resources
Plan for upgrade to SharePoint 2013
Upgrade a site collection to SharePoint 2013
6/7/2019 • 6 minutes to read • Edit Online
For a visual overview of the upgrade process, including site collection upgrade, see Overview of the upgrade
process from SharePoint 2010 to SharePoint 2013. For more information about how farm administrators
can control site collection upgrades, see Manage site collection upgrades to SharePoint 2013. For more
conceptual information about site upgrade, including how to plan for upgrade, see Plan for site collection
upgrades in SharePoint 2013.
Watch the SharePoint 2013 Upgrade: Phase 5 video
IMPORTANT
If you upgrade from SharePoint Server 2010 to SharePoint 2013, there are special considerations for My Sites. (My
Sites are not available in SharePoint Foundation 2013.) Make sure that you upgrade the My Site Host site collection
before you allow users to access their individual My Sites in SharePoint 2013. This makes sure that the server
software and database changes are complete so that users can upgrade their individual My Sites successfully. > A
user can upgrade his or her My Site by following the steps to upgrade a site collection later in this article, or a farm
administrator can upgrade My Sites by using PowerShell. >
NOTE
The site collection health checks are run automatically in repair mode before the upgrade starts. The results
from the health checks are included in the upgrade log for the site collection. If there is an error, you must
address it before you can continue to upgrade.
The upgrade starts, and the Upgrade status page for the site collection is displayed. This page
automatically updates while the upgrade is in progress and displays information about the process,
such as the following:
Errors or warnings
When the upgrade started
Where you can find the upgrade log file
After the upgrade is complete, the Upgrade status page is displayed in the new user interface with
the message, Upgrade Completed Successfully.
5. Click Let's see the new site to go to the home page.
Farm administrators can use PowerShell to upgrade a site collection. For more information, see Manage site
collection upgrades to SharePoint 2013.
Verification
To verify that upgrade has succeeded, check the Upgrade status page for the site collection.
View upgrade status in Site Settings
Site collection administrators can view the Upgrade Status page in Site Settings to verify that upgrade has
succeeded for a site collection.
To view upgrade status in Site Settings
1. Verify that the user account that performs this procedure is a site collection administrator.
2. On the Site Settings page for the site collection, in the Site Collection Administration section,
click Site collection upgrade.
3. On the Site Collection Upgrade page, click Review Site Collection Upgrade Status.
The Upgrade Status page for the site collection is displayed.
Farm administrators can use PowerShell to view site collection upgrade status. For more information, see
Manage site collection upgrades to SharePoint 2013.
Additional steps
Next, review your upgraded site collection to be sure that everything is working as expected. For more
information see Review site collections upgraded to SharePoint 2013.
See also
Other Resources
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Review site collections upgraded to SharePoint 2013
7/17/2019 • 8 minutes to read • Edit Online
TIP
To test your Web Parts quickly, you can build a new Web Part page that contains all the custom Web Parts before you
test an upgrade, and then review the page for any missing or broken Web Parts after the trial upgrade.
WHAT TO CHECK WHAT TO DO IF THERE IS A PROBLEM
Do all the Web Parts from your original site appear in your If a Web Part zone exists in a customized (unghosted) page,
upgraded site? but not in the site definition, the Web Parts from that Web
Part zone may have been moved into the bottom zone on
the page during the upgrade.
Either in Edit Mode for the page in the browser or in
SharePoint Designer 2013, look for missing Web Parts in the
bottom zone or other zones, or check whether the Web
Parts were closed. For more information about how to work
with Web Parts and Web Part zones in SharePoint Designer
2013, see the SharePoint Designer Help system.
Are there any broken Web Parts pages and are the Web Either in Edit Mode for the page in the browser or in
Parts displayed correctly (in the correct zone, location, and SharePoint Designer 2013, drag the Web Part into the
size)? correct zone or modify the Web Part properties to correct
any sizing or positioning problems.
Are there any extra or missing Web Parts? Open the page either in Edit Mode for the page in the
browser or in SharePoint Designer 2013. If you see
additional Web Parts on your page, look for closed or
inactive Web Parts on the original version of the page. Were
the closed or inactive Web Parts opened by the upgrade
process? If so, you can modify the Web Part properties to
close these Web Parts.
If Web Parts are missing, look for errors in SharePoint
Designer 2013 such as "Error Rendering Control" or "Missing
Assembly." These errors indicate that the Web Part was not
installed or was configured incorrectly for the new
environment and must be reinstalled or reconfigured.
Do the Web Parts work correctly? Open the page either in Edit Mode for the page in the
browser or in SharePoint Designer 2013, and look for errors
that indicate that a component or service is missing. Make
sure that any components or services that the Web Parts
rely on exist in the upgraded site. Particularly for the
database attach upgrade approach, you must make sure
that you have installed all the components or services that
you must have for your Web Parts, and that you have
configured them correctly (for example, you have configured
the Web.config Safe Controls list).
Update and redeploy any Web Parts that exist but no longer
function correctly.
Are any Web Parts pages still checked out? If you check out a page to make changes, make sure that
you check in the page again.
Are your Excel Web Access Web Parts working correctly? Did Verify all connections and external data sources.
you create your connections again correctly? Are external
data sources still working?
TIP
If you have problems with a Web Part, append ?contents=1 to the end of the URL syntax (http:// siteurl/default.aspx?
contents=1 ), and then press ENTER. This opens the Web Part Maintenance page where you can remove and repair the
broken Web Part.
Large lists
By default, large list query throttling is turned on in SharePoint 2013. If a list is very large, and users use a view
or perform a query that exceeds the limit or throttling threshold, the view or query will not be permitted. Check
any large lists in your environment and have the site administrator or list owner address the issue. For example,
they can create indexed columns with filtered views, organize items into folders, set an item limit on the page for
a large view, or use an external list. For more information about large list throttling and how to address issues
with large lists, see Manage lists and libraries with many items.
Styles and appearance
The following table lists common issues with the style and appearance of your web site after upgrade and how
to address them.
TIP
Most of the issues in this section can be resolved by correcting the links to an item.
Are all the images on your pages displayed correctly? Verify or fix the links to the images.
Are the appropriate cascading style sheet colors and styles Verify or fix the links to the cascading style sheet file. Verify
used in the appropriate locations? the link on the master page.
Theme choices are different in SharePoint 2013 - which Your site's home page, or other pages on your site, may look
theme do you want to use? different after the site is upgraded. You may have to re-
create or revise a theme and reapply it.
Do you have any JavaScript controls that are not working? Verify or fix the links to the controls.
Are your pages displayed correctly in the browser? Verify that any HTML on the page is in strict XHTML mode.
Are any script errors displayed on any pages? Verify the scripts and links, and verify that any HTML is in
strict XHTML mode.
Are your customizations still in place? Determine whether you have only one issue or a larger
problem with the whole page.
If you added a brand-new page to your original site (for
example, if you replaced Default.aspx with a different file
instead of changing the existing Default.aspx file), the new
page has no association with the site definition. Therefore, it
might not resemble the other pages on the upgraded site —
nor can it be reset to resemble them. If you want your
customized page to have the same appearance and behavior
as the other pages on your site, consider creating a brand-
new page that is based on the site definition and then
transferring your customizations to that new page.
WHAT TO CHECK WHAT TO DO IF THERE IS A PROBLEM
Can you still access the editing controls on the pages? If you customized the editing controls (for example, the Site
Actions link or the Edit Page link in SharePoint 2010
Products), check whether they still appear. If they don't
appear, you can replace them with the editing controls of the
new version by resetting the page to the default version.
Use the Reset to Template command in SharePoint
Designer to reset the page to the default version (also
known as reghosting). After you have restored the default
page, you can then reapply your customizations in the
browser by applying a different master page, or by
reapplying the customizations in SharePoint Designer.
Are your customizations still appropriate in the new If you want the new functionality and features, you must
environment, or do you want to update to the new reset any customized pages to use the template. Resetting
functionality and look? the page basically discards the customizations and attaches
your page to the appropriate master page. Any
customizations that you want can then be transferred to the
master page instead of being stored in individual pages.
Use the Reset to Template command in SharePoint
Designer to reset the page to the default version (that is,
reghost it). After you have restored the default page, you
can then reapply your customizations in the browser by
applying a different master page, or by reapplying the
customizations in SharePoint Designer.
Are any pages still checked out? If you check out a page to make changes, make sure that
you check in the page again.
See also
Other Resources
Upgrade a site collection to SharePoint 2013
Test and troubleshoot an upgrade to SharePoint 2013
Restart a database-attach upgrade or a site collection upgrade to SharePoint 2013
Manage site collection upgrades to SharePoint 2013
8/13/2019 • 20 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<URL> is URL for the web application that you want to check.
This command returns the Upgrade reminder delay setting for the specified web application.
4. At the PowerShell command prompt, type the following command to view the self-service upgrade setting for
a site collection:
$site=Get-SPSite <URL>
$site.AllowSelfServiceUpgrade=<Value>
Where:
<URL> is URL for the site collection that you want to affect.
<Value> is either 'true' to allow site collection administrators to upgrade the site, or 'false' to not show
them the notification and not allow them to upgrade.
For more information, see Get-SPWebApplication and Get-SPSite.
To change the upgrade notification and self-service upgrade settings for a web application by using
PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
$wa=Get-SPWebApplication <URL>
$wa.UpgradeReminderDelay=<Value>
$wa.UpgradeMaintenanceLink='<LinkURL>'
Where:
<URL> is URL for the web application that you want to affect.
<Value> is the numeric value that you want to set for the delay (for example, 10 for 10 days).
<LinkURL> is a link where the user can find more information.
4. At the PowerShell command prompt, type the following command to change the self-service upgrade setting
for a site collection:
$site=Get-SPSite <URL>
$site.AllowSelfServiceUpgrade=<Value>
Where:
<URL> is URL for the site collection that you want to affect.
<Value> is either 'true' to allow site collection administrators to upgrade the site, or 'false' to not show
them the notification and not allow them to upgrade.
For more information, see Get-SPWebApplication and Get-SPSite.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
$wa=Get-SPWebApplication <URL>
# Stores the web application at that URL as a variable
$wa.CompatibilityRange
# Returns the CompatibilityRange for the specified web application
Where:
<URL> is URL for the web application that you want to check.
This command returns the compatibility range for the specified web application. For example:
4. At the PowerShell command prompt, type the following commands to view the maximum, minimum, and
default settings for a specific range:
[Microsoft.SharePoint.SPCompatibilityRange]::<RangeName>
Where:
RangeName is one of the following values: OldVersions, NewVersion, AllVersions.
This command returns the compatibility range for the specified value. For example, for NewVersion:
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
$wa=Get-SPWebApplication <URL>
# Stores the web application at that URL as a variable
$wa.CompatibilityRange = [Microsoft.SharePoint.SPCompatibilityRange]::<RangeName>
# Specifies which range to use
$wa.Update()
# Updates the CompatibilityRange setting to use only the range you specified
$wa.CompatibilityRange
# Returns the new CompatibilityRange for the web application
Where:
<URL> is URL for the web application that you want to change.
RangeName is one of the following values: OldVersions, NewVersion, AllVersions.
4. At the PowerShell command prompt, type the following command to change the values for the
CompatibilityRange manually:
$wa=Get-SPWebApplication <URL>
# Stores the web application at that URL as a variable
$range = New-Object Microsoft.SharePoint.SPCompatibilityRange(<Integer>,<Integer>)
# Creates a new compatibility range from <Integer> to <Integer>
$wa.CompatibilityRange = $range
# Specifies which range to use
$wa.Update()
#Updates the CompatibilityRange setting to use only the range you specified with $range
$wa.CompatibilityRange
# Returns the new CompatibilityRange for the web application
Where:
<URL> is URL for the web application that you want to change.
Integer is a number to use as the minimum or maximum value. For example, (14,15) would set the
MinCompatibilityLevel to 14 (2010) and the MaxCompatibilityLevel to 15 (2013). The
DefaultCompatibilityLevel is automatically set to the lower of the MaxCompatibilityLevel and the current
major version (for example, 15).
This command sets and then returns the range that you specified. For example:
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<DatabaseName> is name of the database that you want to check. You can also use the GUID for the
database instead of the name.
4. To see all sites that are currently being upgraded, at the PowerShell command prompt, type the following
command:
Where:
<DatabaseName> is name of the database that you want to check. You can also use the GUID for the
database instead of the name.
For more information, see Get-SPSiteUpgradeSessionInfo.
5. To see whether a particular site is in the queue, at the PowerShell command prompt, type the following
command:
Where:
<http://site> is URL for the site collection you want to add to the upgrade queue.
6. To add a site collection to the upgrade queue, at the PowerShell command prompt, type the following
command:
Where:
<http://site> is URL for the site collection you want to add to the upgrade queue.
For more information, see Upgrade-SPSite.
7. To remove a site collection from the upgrade queue, at the PowerShell command prompt, type the following
command:
Where:
<URL> is URL for the site collection you want to add to the upgrade queue.
For more information, see Remove-SPSiteUpgradeSessionInfo.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<URL> is URL for the web application that you want to check.
This command returns the set of throttling settings for the specified web application. For example:
AppPoolConcurrentUpgradeSessionLimit : 5
UsageStorageLimit : 10
SubwebCountLimit : 10
Name :
TypeName : Microsoft.SharePoint.Administration.SPSiteUpgradeThrottleSettings
DisplayName :
Id : ca76dda0-7050-4c6b-a126-05917da39f8a
Status : Online
Parent : SPWebApplication Name=SharePoint - 80
Version : 8222
Properties : {}
Farm : SPFarm Name=SharePoint_ConfigUpgradedPersistedProperties : {}
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
2. Start the SharePoint Management Shell.
3. At the PowerShell command prompt, type the following command:
$wa=Get-SPWebApplication <URL>
$wa.SiteUpgradeThrottleSettings.AppPoolConcurrentUpgradeSessionLimit=<Value>
$wa.SiteUpgradeThrottleSettings.UsageStorageLimit=<Value>
$wa.SiteUpgradeThrottleSettings.SubwebCountLimit=<Value>
Where:
<URL> is URL for the web applications that you want to affect.
Value is the numeric value that you want to set for that limit (for example, 8).
This command changes the throttling settings for a web application to the value that you supply.
For more information, see Set-SPWebApplication.
The following procedure provides steps to view upgrade throttling settings for a content database.
To view the throttle settings for a content database by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
$db.ConcurrentSiteUpgradeSessionLimit
# Returns the value for the limit for that database
Where:
<DatabaseName> is name of the database that you want to check. You can also use the GUID for the
database instead of the name.
This command returns the set of throttling settings for the specified content database.
For more information, see Get-SPContentDatabase.
You can change the upgrade throttle settings for a content database. The following procedure provides steps to
change the upgrade throttling settings for a content database.
To change the throttle settings for a content database by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
$db.ConcurrentSiteUpgradeSessionLimit=<value>
# Changes the limit to the value you specify.
Where:
<DatabaseName> is name of the database that you want to affect. You can also use the GUID for the
database instead of the name.
<value> is a numeric value to set the property to, such as 9.
This command changes the throttling settings for the specified content database to the value that you supply.
For more information, see Set-SPContentDatabase.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
URL to site is the URL to a site collection in 2010 mode.
For more information, see Request-SPUpgradeEvaluationSite.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<http://site> is the URL for the site collection.
Add the option -Unthrottled option to skip the site collection upgrade queue and start the upgrade
immediately.
This cmdlet upgrades the specific site collection to 2013 mode. For more information, see Upgrade-SPSite.
To upgrade all site collections in a database, use PowerShell. However, because sites can continue to run in 2010
mode in the SharePoint 2013 environment, this is not a necessary procedure for most environments. If you do
choose to upgrade all site collections immediately, site collection owners do not have an opportunity to use an
upgrade evaluation site to preview the new user interface or change their original site before upgrading. We do
not recommend that you upgrade all site collections immediately as part of your initial upgrade. However, you
might want to upgrade all site collections after some time has passed and all customizations were verified in 2013
mode.
To upgrade all site collections in a database by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<DBName> is the name of the content database for which you want to upgrade all site collections.
The QueueOnly parameter adds the site collections to the upgrade queue. This allows the timer job to perform
parallel upgrades when it is possible and can save time. The sites are upgraded in the order in which they are
added to the queue.
This cmdlet upgrades all site collections in the specific content database to 2013 mode.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<http://site> is the URL of the site collection.
This cmdlet returns the upgrade status for the specified site collection together with information about the
upgrade session and a link to the log files for more information. For more information, see Get-
SPSiteUpgradeSessionInfo.
4. Or, you can use the following command to view the information about a specific site collection upgrade:
Where:
<http://site> is the URL of the site collection.
This command returns the compatibility level and upgrade information (such as a pointer to the log file) for the
specified site collection. If the compatibility level is "15," then it has been upgraded to 2013 mode. For more
information, see Get-SPSite.
To view upgrade status for a single database by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<DatabaseName> is the name of the database that you want to check.
This cmdlet returns any site collections that have an upgrade in progress, completed, or failed and lists their
status, plus a link to the log files for more information. You can use only one parameter to find only in progress,
completed, or failed upgrades. For more information, see Get-SPSiteUpgradeSessionInfo.
To view upgrade status for all site collections by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
This cmdlet returns the URL for all site collections in the environment and the compatibility level (14 or 15) for
each site collection.
See also
Other Resources
Overview of the upgrade process from SharePoint 2010 to SharePoint 2013
Run site collection health checks in SharePoint 2013
Review site collections upgraded to SharePoint 2013
Upgrade My Sites to SharePoint Server 2013
6/7/2019 • 10 minutes to read • Edit Online
My Sites are site collections owned by the user for the user to store their documents, connect with other users,
follow and discover content, and so on. Upgrading My Sites differs from upgrading other site collections because
My Sites consist of both the shared My Site Host site collection (also known as the My Site Host) and the My Site
personal site collection (also known as the personal site collection).
My Site Host. The My Site Host is a special site collection shared among all My Site users. The My Site
Host is used to show the profile (person.aspx) and newsfeed pages (default.aspx) on the My Site. The My
Site Host is also used for storing the user profile photos.
Personal site collection. In SharePoint Server 2010, the personal site collection was used to store a user's
documents. In SharePoint Server 2013, the personal site collection contains OneDrive for Business, followed
content, and so on.
IMPORTANT
If you follow the section titled Upgrade My Sites, you will not encounter mixed user interface modes.
IMPORTANT
This list highlights some important things to consider when you perform an upgrade of My Sites. For a detailed discussion on
upgrades, see Get started with upgrades to SharePoint 2013
IMPORTANT
Once you upgrade your My Site Host and personal site collections, you cannot undo the upgrade.
IMPORTANT
Some of the items in the following list require additional steps to be performed. These additional steps are discussed in the
sections that follow this procedure. It is recommended when upgrading the entire server farm, that you also upgrade My
Sites.
1. Install and configure a new SharePoint Server 2013 farm. For more information, see Create the SharePoint
2013 farm for a database attach upgrade.
2. Copy the SharePoint Server 2010 My Site content database, Social database, Sync database (optional),
Profile database, and Managed Metadata service database to the SQL Server that supports your SharePoint
Server 2013 farm. You will need db_owner permissions to perform this step. For more information, see
Copy databases to the new farm for upgrade to SharePoint 2013 and Create the SharePoint 2013 farm for a
database attach upgrade.
3. Create the new service applications that you need for the SharePoint Server 2013 farm. Do not create the
User Profile Service application and the Managed Metadata service application. You must upgrade
these service applications, which is described in the next step. You must however start the User Profile
Service and Managed Metadata service from Manage Services on Server.
4. Upgrade the Managed Metadata service and User Profile service applications using the database
attach method. For more information, see Upgrade service applications to SharePoint 2013. Ensure the My
Site Host URL field on the User Profile Service application is left blank because this field will be updated
during the upgrade process. For more information, see Configure My Site settings for the User Profile
service application
5. Create the web application for the My Sites using the default content database. To ensure the storage
requirements of your users are met, you should review the site quota on the My Sites web application.
6. Set the compatibility range settings for site creation on the My Sites web application. Use
MinCompatibilityLevel = 15 and MaxCompatibilityLevel= 15 for your compatibility range settings.
7. Install customizations.
8. Run the Test-SPContentDatabase cmdlet to make sure that all customizations and language packs are
installed on the server before upgrading the My Site content databases. This cmdlet must be run against all
My Sites content databases. After running this cmdlet, you'll get a report on your environment. Ensure you
review all items in this report as some reported items may prevent you from moving onto the next step.
9. Run the Mount-SPContentDatabase cmdlet. Note: this does not upgrade any of the personal site
collections at this point. After this step is complete, the My Sites will still be displayed as SharePoint Server
2010 My Sites.
10. Check the configuration of the self-service site creation and managed paths settings on the My Sites web
application to ensure the correct configuration settings are applied to the web application. For more
information, see Configure My Sites in SharePoint Server.
11. Verify that the My Site Host URL field on the User Profile Service application has the correct URL users
should use to access the My Sites web application. For more information, see Configure My Site settings for
the User Profile service application.
12. Upgrade the My Site Host from a SharePoint Server 2010 My Site host to a SharePoint Server 2013 My
Site Host (discussed in the section titled Upgrade the My Site Host site collection).
13. Upgrade the personal site collections (discussed in the section titled Upgrade the personal site collection).
Cau t i on
During the upgrade process, users will see some visual changes occurring on their My Sites until the upgrade
process is complete. You should inform your users and helpdesk administrators that this experience is expected.
Where:
http://MySiteHostURL is the URL of the My Site Host.
IMPORTANT
Once you upgrade your My Sites to SharePoint Server 2013 My Sites, you cannot revert to SharePoint Server 2010 My Sites.
Get-SPSite -limit all |where {$_.CompatibilityLevel -eq '14'} | where {$_.RootWeb.WebTemplateId -eq 21}
| upgrade-spsite -versionupgrade
IMPORTANT
Before performing a forced upgrade, you should confirm that the My Site Host was upgraded successfully. You can
verify this by either making sure that the My Site Host has the SharePoint Server 2013 user interface, or by inspecting
the ULS logs to make sure that no errors were encountered during the upgrade process.
Cau t i on
Using the forced upgrade approach may take lots of time to complete depending on the number of My Sites
you are upgrading. This will affect your server farm's performance and the farm will be in read-only mode
during the complete upgrade process.
Deferred site collection upgrade. The deferred site collection upgrade process uses the compatibility
range settings to allow administrators to upgrade their databases and keep their site collections in
SharePoint Server 2010 mode. When the compatibility range settings allow both 2010 user interface mode
and 2013 user interface mode (MinCompatibilityLevel = 14 and MaxCompatibilityLevel= 15), the owner of
the My Site will see a red banner at the top of their My Site. From the banner, they can request an evaluation
site collection of their My Site to preview before upgrading to the SharePoint Server 2013 user interface.
The evaluation site cannot be converted to a regular My Site because it is a temporary site which will
eventually be deleted. The deferred site collection upgrade path is performed per user.
Cau t i on
Using the deferred site collection upgrade may result in the mixed user interface mode issue. Be sure to
stage and test your upgrade carefully before you do this in production. When you encounter the mixed user
interface mode on your My Sites, new users who do not have a My Site cannot create new My Sites.
Troubleshooting a My Site upgrade
If users are experiencing issues, such as mixed user interface modes or they cannot upgrade their My Site to the
SharePoint Server 2013 user interface mode, verify that the following steps were completed:
The My Site Host was upgraded to a SharePoint Server 2013 My Site Host.
The compatibility range settings allow site creation in 2013 user interface mode.
The SPSite.CanUpgrade property on the personal site collection of the user requesting the upgrade is set to
true. An administrator may allow or restrict certain site collections from being upgraded by setting this
property at the site collection level.
NOTE
The upgrade of the personal site collection is not an instant process. The My Site is added to an upgrade queue. When the
upgrade starts, the My Site remains available to use during the upgrade process. Users can work on their documents
throughout the upgrade process. The My Site Host and personal site collection will display mixed user interface modes until
the upgrade is complete.
See also
Other Resources
Upgrade a site collection to SharePoint 2013
Update-SPProfilePhotoStore
Advanced upgrade scenarios for SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Search-first migration from FAST Search Server for SharePoint Learn how to perform a search-first migration from Microsoft
2010 to SharePoint Server 2013 FAST Search Server 2010 for SharePoint to Microsoft
SharePoint 2013.
How to upgrade an environment that uses content type Upgrade the Managed Metadata service application and site
syndication (SharePoint Server 2013) collections that use content type syndication and share the
service applications to the old farm.
Deploy custom features to upgraded site collections in Learn supported scenarios for deploying custom features to
SharePoint Server 2013 upgraded site collections in a SharePoint Server 2013 farm
that has been upgraded from SharePoint Server 2010.
For descriptions of additional cross-product upgrade paths that are allowed, see the following articles:
Review supported editions and products for upgrading to SharePoint 2013
Determine strategy for upgrade to SharePoint 2013
Search-first migration from FAST Search Server for
SharePoint 2010 to SharePoint Server 2013
8/13/2019 • 5 minutes to read • Edit Online
NOTE
Due to the many architectural changes between FAST Search Server 2010 for SharePoint and SharePoint 2013, not all
configurations and features can be migrated. If you are unsure of the implications of a migration from FAST Search Server
2010 for SharePoint to SharePoint 2013, we strongly recommend that you contact a trusted Microsoft partner or Microsoft
Consulting Services for guidance.
Make sure that you have a FAST Search Server 2010 for SharePoint production farm with at least one Search
service application. This production farm must also be configured and operating with enterprise search
functionality.
To complete a search-first migration:
1. Install SharePoint 2013 on a single server with an additional dedicated SQL Server.
See also: Install SharePoint 2013 on a single server with SQL Server
2. On the SharePoint 2013 SQL Server, install:
Microsoft .NET Framework version 4.5
PowerShell Snapins for SQL Server
3. On the FAST Search Server 2010 for SharePoint farm, back up these databases:
FAST Search Administration database
FAST Content Search Service Application database
FAST Query Search Service Application database
4. Download the search-first migration scripts from TechNet Gallery. For details and guidance on using these
scripts, refer to the PDF included in the download package.
Edit the environment variables in the scripts.
Save and copy the scripts to the SQL Server and to the SharePoint 2013 server.
5. On the SharePoint 2013 SQL Server, run the search-first migration scripts.
6. On the SharePoint 2013 server, run the search-first migration scripts.
7. Build out the new SharePoint 2013 farm topology. For instructions on how to do this, see Manage the
search topology in SharePoint Server.
8. On the SharePoint 2013, start crawling.
NOTE
For information about limitations, see Search-first migration from FAST Search Server for SharePoint 2010 to SharePoint
Server 2013.
Visual Best Bets Visual Best Bets are converted to Best Bets
Rank profile No
NOTE
A FAST Search Server 2010 for SharePoint rank profile can't be converted to a SharePoint 2013 ranking model.
Duplicate documents link in the search results page The Duplicate documents link is displayed in the search results
page. However, it displays no duplicate documents when it is
clicked. To avoid confusion, you can disable this link by editing
the XSLT file in the Core results Web Part.
Author refiner The Author managed property was redefined and replaced by
the managed property DisplayAuthor in SharePoint 2013.
The migration script migrates the Author refiner without
changing it. To make the Author refiner work, you must
manually edit the XSLT in the refinement panel, and change
the Author to DisplayAuthor .
Best Bets SharePoint 2013 does not support Best Bets. The feature's
been replaced by query rules. Best Bets are not automatically
converted to query rules, so you have to create new query
rules.
Initial state
This article uses a specific example environment to show how to configure the service applications and
connections (proxies) before you upgrade the site collections. At the start, this example environment contains the
following components:
A Managed Metadata service application
A site collection based on the Document Center template
This site collection acts as a content type hub (ContentTypeHub1) that contains the document and document
set content types.
Two consuming site collections that are also based on the Document Center template
The content type hub publishes documents and document set content types to these site collections.
The following illustration shows this example environment before the start of the upgrade process.
SharePoint 2010 farm with content type syndication
Here is more information about this illustration:
The Managed Metadata service application has a Content Type Hub property that is set to point to the
ContentTypeHub1 site collection.
For information about how to share content types, see Plan to share terminology and content types
(SharePoint Server 2010).
The following Managed Metadata connection properties are selected:
This service application is the default storage location for Keywords.
This service application is the default storage location for column specific term sets.
Consumes content types from the Content Type Gallery at <URL>.
Push-down Content Type Publishing updates from the Content Type Gallery to sub-sites
and lists using the content type.
For information about connection properties, see Managed metadata connections and Update a
managed metadata service connection.
A document content type (Doc1) and a document set content type (DocSet1) were published from
ContentTypeHub1 to the two consuming sites.
For information about publishing content types, see Publish a content type from a content publishing hub.
Both consuming site collections contain document libraries that use the two content types, and documents
that are based on the two published content types are stored in those libraries.
Back up the data and create a duplicate content type hub in the
SharePoint 2010 environment
If you want to continue to use any of the consuming site collections in the 2010 environment but upgrade others,
you must upgrade your environment so that you have a 2010 version of the content type hub and a 2013 version.
The following illustration and list describe the steps to take to back up the databases and sites in preparation for
upgrade, and to create a duplicate content type hub to continue service site collections in the SharePoint 2010
environment.
Original server farm for SharePoint Server 2010
1. Use SQL Server Management Studio to back up the database for the Managed Metadata service
application.
Name the backup something that you can remember, such as ManagedMetadata2010DB.bak.
2. Use SQL Server Management Studio to back up the database or databases that contain the content type
hub and consuming site collections.
Name the backup something that you can remember, such as 2010ContentHubDB.bak.
3. Use Central Administration or the Backup-SPSite Microsoft PowerShell cmdlet to perform a site collection
backup of the original content type hub.
For more information, see Back up a site collection in SharePoint Server 2010.
Clear the following Managed Metadata connection properties:
This service application is the default storage location for Keywords.
This service application is the default storage location for column specific term sets.
Consumes content types from the Content Type Gallery at <URL>.
Push-down Content Type Publishing updates from the Content Type Gallery to sub-sites and lists
using the content type.
For information about connection properties, see Update a managed metadata service connection.
4. Create a web application to host a duplicate of the content type hub.
For information, see Create a web application (SharePoint Server 2010).
5. Use the Restore-SPSite Microsoft PowerShell cmdlet to restore a copy of the original content type hub.
Use the following syntax:
Where:
<URL> is the URL for the new web application.
<path> is the path of the backup file.
For information, see Restore a site collection in SharePoint Server 2010.
After you restore the site collection, you can change the name to ContentTypeHub2.
6. Use SQL Server Management Studio to back up the database that contains the duplicate content type hub.
You now have SQL Server backups of the databases for the Managed Metadata service application, the consuming
site collections, and a copy of the content type hub (now in a separate database from the consuming site
collections). In the next section, you create and configure the 2013 farm, restore these databases, and upgrade
them to 2013.
NOTE
Make sure that no other managed metadata service applications are in the 2013 environment.
NOTE
When you upgrade the content database, the site collections remain in 2010 mode in the 2013 farm. Do not upgrade
the site collections to 2013 mode yet. You upgrade the site collections later in this process.
Final state
When you have finished, the Managed Metadata connections (proxies) should be as seen in the following
illustration:
New server farm for SharePoint Server 2013
Where:
Managed Metadata 1 is the service application that is used for content type syndication for the consuming
sites in the 2013 farm that are in 2013 mode. This service application is also used for all term store
operations in both the 2010 and 2013 farm.
Managed Metadata 2 is the service application that is used for content type syndication for the consuming
sites in the 2013 farm that are still in 2010 mode.
Managed Metadata 3 is the service application that is used for content type syndication for the consuming
sites in the 2010 farm.
3. Create a content type that uses that ID on both of the other content type hubs (ContentTypeHub2 and
ContentTypeHub3), and then publish it.
To create a content type that has a specific ID, you can't use the user interface. You have to use XML or the
object model. For more information, see Creating Content Types.
When you add a new field to a content type, make sure that the field ID is the same on all three Content Type
Hubs. To do this, follow this procedure:
1. On the 2013 farm, on the ContentTypeHub1, manually create the new field for the content type and
republish the content type.
2. Use the object model or Microsoft PowerShell to extract the SchemaXML property of the
SPContentType.
3. Add the extracted property to the corresponding content type on both of the other content type hubs
(ContentTypeHub2 and ContentTypeHub3).
4. Republish the updated content type from the other content type hubs (ContentTypeHub2 and
ContentTypeHub3).
The following article on MSDN provides an example of how to use the object model to manipulate content
types: SPContentType class.
Deploy custom features to upgraded site collections
in SharePoint Server 2013
6/7/2019 • 15 minutes to read • Edit Online
You can use a solution package to add your customizations to the new farm. A solution package is a distribution
package that delivers your custom SharePoint 2013 development work to the web servers or the application
servers in your server farm. You can use solutions to package and deploy custom features, site templates, web
templates, layout pages, web parts, cascading style sheets, and timer jobs.
To deploy a solution package to a SharePoint 2013 farm, you need to:
1. Add the solution package to the farm. Use the Add-SPSolution PowerShell cmdlet to upload the
SharePoint solution package to the farm. This adds the solution to the farm's solution store, located in the
farm's configuration database.
2. Deploy the solution package to the farm. Use the Install-SPSolution PowerShell cmdlet to deploy the
SharePoint solution package to the farm. This unpacks the solution package and copies all files that are
contained with a custom feature to a "Feature" directory located on the farm's front-end web server. A
subfolder for each custom feature is created and includes a Feature.xml file. This file defines the feature's
base properties and the elements bound to it, as well as one or more element manifest files (elements.xml)
that define the elements that make up the feature.
NOTE
For more information about how to deploy a solution package to a SharePoint 2013 farm, see Install and manage solutions
for SharePoint Server.
The Install-SPSolution PowerShell cmdlet also includes a compatibility-level parameter to deploy the solution
package to locations in the root folder that are designated for either SharePoint 2010 mode or SharePoint 2013
mode site collections. These are the "14" and "15" root folders ( hives), and when you deploy the solution, files such
as features, layout files, images, and control templates are added here.
Figure: SharePoint 2010 and 2013 Root folders
You should also be aware that when you deploy a solution package to a SharePoint 2013 farm, some files are
copied to specific locations regardless of the compatibility level. For more details about where files are copied to,
see Planning Deployment of Farm Solutions for SharePoint 2013.
Site collections in either mode in the farm point to their corresponding hive so that they can use the custom
features that are provided in the solution package.
Figure: Deploy legacy custom features after you upgrade to SharePoint Server 2013
The custom feature might have been tested to work correctly in both SharePoint 2010 and SharePoint 2013 mode.
If so, the feature assembly files can be identical. For example, if the custom feature, Feature1, is known to work in
SharePoint 2013 and SharePoint 2010 modes, the same solution package can be used to deploy the same custom
feature (Feature1) to the "14" and "15" folders.
However, if testing shows that the legacy custom feature might not work in site collections in SharePoint 2013
mode, you might need to make the following changes:
Update the solution package to include conditional logic that enables functionality that is based on
SharePoint site collection mode.
Create a new and separate solution package with updated functionality for the feature when it is used by
upgraded site collections.
Feature masking involves using a new and separate solution package for the same feature for upgraded sites and
site collections (when a feature is scoped to a site or site collection). Feature masking allows upgraded site
collections to automatically find and use the correct custom feature assemblies. This way, your users can seamlessly
use the same custom feature.
Legacy custom features in a SharePoint Server 2013 farm
When you use legacy custom features in a SharePoint 2013 farm, you might find yourself in one of the following
three situations:
The custom feature provided by the solution package currently works for site collections in SharePoint 2010
mode. It also works for site collections in SharePoint 2013 mode.
The custom feature provided by the solution package currently works for site collections in SharePoint 2010
mode. It also works for site collections in SharePoint 2013 mode. You should also account for additional
custom feature functionality that you might want to incrementally add in the future for site collections in
SharePoint 2013 mode.
The custom feature provided by the solution package currently works for site collections in SharePoint 2010
mode. But it doesn't work for site collections in SharePoint 2013 mode.
Supported scenarios
When you deploy custom features to a SharePoint 2013 farm that has been upgraded from SharePoint Server
2010, three different deployment scenarios are supported:
NOTE
For details about where solution package files are installed in the farm based on compatibility level, see the TechNet blog
post, Planning Deployment of Farm Solutions for SharePoint 2013.
Scenario 1: Legacy solution for SharePoint 2010 compatibility mode, and functionality is expected to remain the
same when upgraded to SharePoint 2013
In this scenario, the custom feature that is provided through the solution package currently works correctly in site
collections in SharePoint 2010 compatibility mode. Additionally, it's expected to work when the site collection is
upgraded to SharePoint 2013 mode. For example, a custom Web Part was created for SharePoint 2010. It was
tested to work in SharePoint 2013 without a change to the code. You know that you can add it to your SharePoint
2013 farm, and it works for users in site collections in SharePoint 2010 compatibility mode and when you upgrade
the site to SharePoint 2013.
Because the custom feature is expected to work in both SharePoint modes, you can use the same custom feature
assemblies. However, it's important to deploy the solution package for both SharePoint modes, which you can do
with a parameter when you're using the Install-SPSolution cmdlet. Feature masking is not used in this scenario
because site collections in both modes use the same code (duplicate feature assemblies located in the
corresponding 2010 and 2013 mode folders).
The steps for this scenario include the following:
1. Create the solution package containing the custom feature.
2. Add the solution package to the farm. You can do this through the Add-SPSolution PowerShell cmdlet. For
example:
Add-SPSolution -LiteralPath c:\Solution.wsp
5. Deploy the solution package for SharePoint 2013 compatibility. You can do this by using the Install-
SPSolution PowerShell cmdlet. Make sure to set the -CompatibilityLevel parameter to 15. For example:
Install-SPSolution -Identity Solution.wsp -CompatibilityLevel 15 -GAC …
NOTE
The -CompatibilityLevel parameter in Install-SPSolution Windows PowerShell cmdlet also allows you the option to install a
solution package to both the 14 and 15 root directories at the same time. You can do this by using the values of "14,15" or
"All". For example: > Install-SPSolution -Identity Solution.wsp -CompatibilityLevel 14, 15 -GAC … > For more
information about the CompatibilityLevel parameter in the Install-SPSolution Windows PowerShell cmdlet, see Install-
SPSolution .
NOTE
When you use the Install-SPSolution command to install both SharePoint modes, use the same solution name and ID.
Scenario 2: Legacy solution for SharePoint 2010 compatibility mode, but rebuilt the solution to incrementally
add functionalities for SharePoint 2013
In this scenario, the custom feature works correctly in SharePoint Server 2010. You want to build a solution
package by adding this feature to a SharePoint 2013 farm, but you also want to make sure that you can
incrementally add functionality for site collections in SharePoint 2013 mode that are using this solution package.
For example, a custom Web Part was created for SharePoint 2010. It was tested to work in SharePoint 2013
without a change to the code. However, you know that you might want to add additional functionality for your
SharePoint 2013 users, but you still want to use the same feature assemblies to allow for backward compatibility.
Because the custom feature is expected to work in both SharePoint modes, you can use the same custom feature
assemblies. You must install the solution package for both SharePoint modes as you did for the previous scenario.
The key difference in this scenario is that the solution package must include logic that enables feature functionality
that is conditionally based on site collection compatibility.
For example, let's say you have a method named Sample() implemented in a custom feature that was designed for
SharePoint 2010. If you want to change its implementation in SharePoint 2013 mode, your code should include
conditional logic that uses the SPSite.CompatibilityLevel property:
void Sample()
{
if (site.CompatibilityLevel == 14) { /*Existing O14 implementation*/}
else {/*New O15 implementation*/}}
}
By doing this, the same feature assembly serves both SharePoint 2010 and SharePoint 2013 versions of the
feature. Feature masking isn't used in this scenario either because you're not only using the same feature assembly
but also the same solution package. The same files for the custom feature are copied to the "14" and "15"
\Template\Features directories. For more information, see the "Planning Considerations" section of the TechNet
blog post, Planning Deployment of Farm Solutions for SharePoint 2013.
The steps for this scenario include the following:
1. Create the solution package containing the custom feature. Include conditional logic that enables feature
functionality that is based on site collection compatibility.
2. Add the solution package to the farm. You can do this by using the Add-SPSolution PowerShell cmdlet.
For example:
Add-SPSolution -LiteralPath c:\Solution.wsp
5. Install the solution package for SharePoint 2013 compatibility. You can do this by using the Install-
SPSolution PowerShell cmdlet. Make sure to set the -CompatibilityLevel parameter to 15. For example:
Install-SPSolution -Identity Solution.wsp -CompatibilityLevel 15 -GAC …
NOTE
The CompatibilityLevel parameter in Install-SPSolution Microsoft PowerShell cmdlet also allows you the option to install a
solution package to both the 14 and 15 root directories at the same time. You can do this by using the values of "14,15" or
"All". For example: > Install-SPSolution -Identity Solution.wsp -CompatibilityLevel 14, 15 -GAC … > For more
information about the -CompatibilityLevel parameter in the Install-SPSolution Microsoft PowerShell cmdlet, see Install-
SPSolution .
NOTE
When you use the Install-SPSolution command to install for both SharePoint modes, use the same solution name and ID.
Scenario 3: Legacy solution for SharePoint 2010 compatibility mode, and build a new solution to implement new
functionalities for SharePoint Server 2013
In this scenario, the custom feature is known to work correctly in SharePoint Server 2010, but it's known not to
work in SharePoint 2013. You need to create a new and separate solution package in which the functionality of the
custom feature has been fixed to work correctly in SharePoint 2013. In this scenario, you have two different
solution packages with different feature assemblies. This scenario uses feature masking. As users are moved from
compatibility mode to SharePoint 2013, they are "masked" from the fact that the custom feature they are using has
moved from one different code base to another.
In this scenario, you need to add and deploy two separate solution packages that contain two different feature
assemblies. Both versions of the feature must have the same name, feature ID, and feature manifest location, even
though the feature assemblies and resources are different.
Feature masking requirements
3. Add the solution package for SharePoint 2013 compatibility to the farm. You can also do this through the
Add-SPSolution PowerShell cmdlet. For example:
Add-SPSolution -LiteralPath c:\POC15.wsp
4. Deploy the solution package for SharePoint 2010 compatibility. You can do this through the Install-
SPSolution PowerShell cmdlet. Make sure to set the -CompatibilityLevel parameter to 14. For example:
Install-SPSolution -Identity POC14.wsp -CompatibilityLevel 14 -GAC …
5. Install the solution package for SharePoint 2013 compatibility. You can also do this through the Install-
SPSolution PowerShell cmdlet. Make sure to set the -CompatibilityLevel parameter to 15. For example:
Install-SPSolution -Identity POC15.wsp -CompatibilityLevel 15 -GAC …
You will no longer need the legacy solution package you deployed for SharePoint 2010 compatibility mode site
collections once all site collections have been upgraded to SharePoint 2013 mode. When this happens, the legacy
solution package can be retracted and removed from your SharePoint Server 2013 farm. You can do this through
the Uninstall-SPSolution and Remove-SPSolution PowerShell cmdlets.
IMPORTANT
We recommend using the Uninstall-SPSolution PowerShell cmdlet when retracting a solution from a SharePoint Server
2013 farm. Retracting a solution through Central Administration will retract the solution from both the SharePoint 2010 and
SharePoint 2013 root folders by default. This is especially important to note when you are using feature masking to deploy a
custom feature.
IMPORTANT
Make sure to use the CompatibilityLevel parameter to " 14 " to retract the solution package for 2010 compatibility
mode only. For example: Uninstall-SPSolution POC14.wsp -CompatibilityLevel 14
2. Remove the solution package from the farm's solution store: You can do this through the Remove-
SPSolution PowerShell cmdlet. For example:
Remove-SPSolution -Identity POC14.wsp
Other Considerations
This section includes information on additional considerations, including the following:
Deploy a feature in site collections using mixed mode
Master Page considerations
Deploy a feature in site collections using mixed mode
If your custom feature is farm or web application scoped, you can deploy it even though not all site collections
within the farm or web application have been upgraded to SharePoint 2013 compatibility mode.
For web application scoped features, if the root site collection has not been upgraded, you won't be able to activate
the feature using the Install-SPSolution PowerShell cmdlet. You must instead use the SharePoint Central
Administration site to activate the feature.
Master Page Considerations
Regarding branding customizations, custom master pages are reset by default to seattle.master after a site
collection upgrade in SharePoint 2013. If you are using the feature masking scenario, you need to reset any custom
master pages that you have created for SharePoint 2013 site collections. For details about how to do this, see the
MSDN article Use Feature upgrade to apply new SharePoint Server 2013 master pages when upgrading from
SharePoint 2010.
NOTE
For more information about the branding considerations you need to make when you upgrade site collections in SharePoint
2013, see Branding issues that may occur when upgrading to SharePoint 2013.
See also
Other Resources
Create a plan for current customizations during upgrade to SharePoint 2013
SharePoint 2013 and SharePoint Online solution pack for branding and site provisioning
Branding issues that may occur when upgrading to SharePoint 2013
Deploy software updates for SharePoint 2013
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Software updates overview for SharePoint Server 2013 Provides an overview of the software update process for
SharePoint 2013.
Prepare to deploy software updates for SharePoint 2013 Helps you determine which approach to use to update the
servers or server farms in your environment, and lists the
steps that you must take before you can start to install the
update.
Install a software update for SharePoint Server Learn how to install a software update on servers in a
SharePoint farm.
Update Workflow in SharePoint Server Learn the steps required to keep workflow up to date in
SharePoint Server 2013.
Software updates overview for SharePoint Server
2013
6/7/2019 • 13 minutes to read • Edit Online
Terminology
To understand how to implement software updates in SharePoint 2013, it is important to understand the
terminology for the core components.
For a complete list of terminology about software updates, see Description of the standard terminology that is
used to describe Microsoft software updates.
Features
SharePoint 2013 has features that facilitate the end-to-end software update experience. Some of these features are
as follows:
Backward compatibility between an updated services farm and non-updated content farm.
There is full support for automatic updates that use Windows Server Update Services (WSUS ), Windows
Update, and Microsoft Update.
NOTE
An automatic update copies the binary files to the farm servers, but you must complete the software update by
running the upgrade on the servers.
Administrators can use the SharePoint Central Administration website or Microsoft PowerShell to monitor
the status of an update.
NOTE
The process that installs software updates in stand-alone environments of SharePoint 2013 is a simpler process than the
process that installs software updates in a server farm and does not require all the steps that are required for a server farm.
Although we try to ensure the highest level of backwards compatibility, the longer you run in such a state, the
greater the chance of finding a case where farm behavioral issues might occur.
Patch phase
The patch phase has two steps, the patch deployment step and the binaries deployment step. During the patch
deployment step, new binary files are copied to the server running SharePoint 2013. Services that use files that the
patch has to replace are temporarily stopped. Stopping services reduces the requirement to restart the server to
replace files that are being used. However, in some instances you have to restart the server.
The second step in the patch phase is the binaries deployment step. In this step, the installer copies support
dynamic link library (.dll) files to the appropriate directories on the server that is running SharePoint 2013. This
step ensures that all the web applications are running the correct version of the binary files and will function
correctly after the update is installed. The update phase is complete after the binaries deployment step.
The next and final phase to deploy software updates is the build-to-build upgrade phase. This phase modifies
database schemas, updates objects in the farm, and updates site collections.
Build-to -build upgrade phase
After you finish the patch phase, you must complete the update installation by starting the build-to-build upgrade
phase. The build-to-build upgrade phase is task intensive and, therefore, takes the most time to finish. The first
action is to upgrade all the SharePoint processes that are running. After you upgrade the processes, the databases
are crawled and upgraded. After you complete a farm upgrade on one server, you have to complete the process on
all other servers to maintain incompatibility.
TIP
Clean up the farm environment before you deploy the update. The benefits of a cleanup are improved update installation
performance and the elimination of potential issues during and after the software update. For more information, see Clean
up an environment before an upgrade to SharePoint 2013.
The two final requirements for the update strategy are a communication plan and an update schedule.
It is important to communicate with site owners and users about what to expect during an upgrade. An
administrator should inform users about downtime and the risk that the upgrade may take longer than expected or
that some sites may need some rework after upgrade. For more information, see Create a communication plan for
the upgrade to SharePoint 2013.
Create a benchmark schedule for update operations that contains the start times of operations that are related to
the update deployment. At a minimum, the plan should include the following operations:
Back up the farm.
Start the update of the farm servers.
Start the upgrade of the farm databases.
Stop the upgrade and resume operations in the non-upgraded farm.
Resume the upgrade, if it is required.
Verify that the environment is completely working, either as the original version if you rolled back or the
new version if you completed the upgrade.
Make farm items ready for updates
Ensure that farm items are ready for the update. Farm items are ready if they are backed up, documented, or
updated to ensure that the update can be installed. Verify that the following aspects of a farm are ready for
updates:
Solutions
Features
Site definitions
Web Parts
Test
The rigor, thoroughness, and detail of your tests determine the success or failure of the software update
deployment. In a production computer environment, there are no safe shortcuts, and there are consequences from
insufficient testing. For more information, see Use a trial upgrade to SharePoint 2013 to find potential issues.
Build a test farm
Build a test farm that represents the production environment. We recommend that you use a copy of the
production data to determine potential problem areas and monitor overview system performance during the
upgrade. The key indicator is the length of time it takes from the beginning to the end of the deployment process.
This should include backup and validation. You can incorporate this information in the update schedule.
If possible, use hardware in the test environment that has equivalent performance capabilities to the production
servers.
TIP
Consider the use of a test farm in a virtual environment. After you finish the tests, you can shut down the virtual farm and
use it later for future updates.
Evaluate techniques
A test farm also enables you to evaluate the techniques that you plan to use to update the production environment.
In addition to testing and assessing your downtime reduction strategy, you can refine update monitoring. This is
especially important in the areas of validating and troubleshooting the software update.
Implement
The update strategy that you use determines whether you have to build a new farm or deploy the update on the
current farm servers.
Build or update farms
Whether you build a new farm or do an in-place update, the most important farm elements to consider are as
follows:
Content
Services
Service applications
Deploy customizations
Use solutions whenever possible so that you can deploy individual files or components.
Reduce downtime
Reduce downtime by using techniques such as read-only databases and update parallelism. For more information,
see the "How to minimize downtime during upgrade" section in Determine strategy for upgrade to SharePoint
2013.
Monitor progress
The refined techniques that you use to monitor the software update in the test environment apply when you
deploy the update in the production environment. Use the Upgrade and Migration page in Central
Administration to monitor available status indicators. This feature enables live monitoring and provides a single
location to view the patch status for all farm servers. Additionally, you can use the Upgrade and Migration page
to view the update status for individual servers and the status and type of farm databases. Finally, when you use
Central Administration to monitor updates, you can identify farm servers that you must update.
The following tables describe the status information that is available in Central Administration.
Installation required Farm server is missing an .msi file that Hyperlink to the Patch Deployment
is set to mandatory for all farm servers State page
or has a patch level below the individual
farm-wide effective patch version.
Upgrade in progress Farm server is currently undergoing an Hyperlink to the Upgrade Status page
upgrade operation.
Upgrade available Farm server is running in backward- Hyperlink to the Upgrade and
compatibility mode. Migration page
Upgrade required Farm server is outside the backward- Hyperlink to the Upgrade and
compatibility mode range with one or Migration page
more databases.
Upgrade blocked If an upgrade is available and any farm Hyperlink to the Patch Deployment
server requires installation, the State page
remaining servers that do not require
installation will be set to this status
unless they are currently undergoing an
upgrade.
Log files and PowerShell commands are other tools to monitor the update process.
IMPORTANT
Remember to monitor the length of time that the update is taking. Compare current update processes against the
benchmark schedule to determine whether the update will meet the downtime window. If not, communicate this information
to users of the farm.
Validate
You can start to validate the success of the update during the implementation phase and continue validation after
the update is implemented.
Logged event failures
Review the event logs to discover issues that occurred during the deployment. Resolve these issues and then
resume or restart the update as appropriate. For more information about event log files, see Configure diagnostic
logging in SharePoint Server.
User interface or experience issues
Any user interface or user experience issues will surface on site pages. These issues mainly occur during a version-
to-version upgrade. Look for the following issues:
Unghosted files that are, ASP.NET (.aspx) pages that a user has modified within the site collection, and now
behave differently than expected or have rendering issues caused by recent upgrades of the files on the
server.
User interface version mismatch
HTML and XHTML compliance
Other issues may include missing templates, user identifiers, and content issues such as large lists.
Data issues
Data issues result from the condition of the farm databases and can include all or some of the following:
Connectivity issues to data sources
Database corruption
Orphaned items
Hidden column data
In some cases you can troubleshoot minor issues and then resume or restart the update. Be prepared to roll back
the update if you cannot resolve issues.
Prepare to deploy software updates for SharePoint
2013
8/13/2019 • 6 minutes to read • Edit Online
NOTE
Because the action of installing a software update is related to a software upgrade, documentation about software upgrades
applies to deploying software updates.
You can use either the SharePoint Products Configuration Wizard or Microsoft PowerShell cmdlets to upgrade
your content with any method that you choose to use to update your servers
IMPORTANT
Test the farm backups before you start to deploy the software update. You have to be sure that these backups are valid so
that you can recover if there is a hardware failure or data corruption during the update process.
NOTE
You must use the name Updates for this updates folder. If you use the SupdateLocation="path-list" property to
specify a different location, Setup stops responding.
You can now use this location as an installation point, or you can create an image of this source that you can save
to media or save as an ISO file.
Slipstream package
SharePoint farm deployments require that all servers have the same patch level when joining the farm. It may also
be desired to have a specific patch level when building a new farm. To do this, the update packages can be
slipstreamed into the SharePoint installation media. The steps to slipstream an update are outlined below.
Copy the SharePoint installation media to a read-write location, such as the local disk of the SharePoint
server, for example, C:\SharePointInstall.
Within the extracted SharePoint installation folder, there is an Updates folder, C:\SharePointInstall\Updates.
This is the folder where the slipstreamed packages will reside.
Download the necessary package(s) to bring the new server to the desired patch level.
Extract each package to the target location. This can be done via the Command Prompt/PowerShell using
the following example.
ubersrv2013-kb4092476-fullfile-x64-glb.exe /extract:C\SharePointInstall\Updates
With the extraction complete, run the Setup from the installation location, C:\SharePointInstall\setup.exe . Setup
will automatically apply the update during the installation process of SharePoint.
See also
Other Resources
Deploy software updates for SharePoint 2013
Install a software update
Install a software update for SharePoint Server 2016
8/6/2019 • 22 minutes to read • Edit Online
NOTE
While the steps in this article refer to SharePoint Server 2016, they are applicable to SharePoint Foundation 2013,
SharePoint Server 2013, and SharePoint Server 2019 unless otherwise noted.
To perform the procedures in this article, you must have the following memberships and roles:
securityadmin fixed server role on the SQL Server instance
db_owner fixed database role on all databases that are to be updated
Local administrator on the server on which you run the Microsoft PowerShell cmdlets
Before you install an update, verify that the following conditions are satisfied:
All front-end web servers are load balanced together and are in rotation with the load balancer.
All farm servers are operating properly. For Search, you can view server status by using the Microsoft
PowerShell cmdlet Get-SPEnterpriseSearchStatus or by going to Central Administration > Manage
Service Applications > Search_service_application_name.
All databases are active and operating properly.
Do not start the update if any of the preceding conditions are not satisfied. Resolve all issues before you
continue.
SharePoint Server 2016 can handle certain upgrade failures after the patching phase finishes. However, if the
build-to-build upgrade fails, you might have to restore from a backup. Therefore, make sure that you perform a
full backup before you start the update process. After the restore is complete, you can resume the update.
Completed tasks do not run again. For more information, see the following resources:
Test and troubleshoot an upgrade to SharePoint 2016
NOTE
Certain links in this article go to content that is about version-to-version upgrade rather than build-to-build upgrade.
However, the general process is similar for the two types of upgrade. For example, the database upgrade phase is
essentially the same for build-to-build upgrade and version-to-version upgrade.
Initial state
The following illustration shows the farm topology that is used as an example for each patching scenario that is
described in this article.
When you are ready to continue, perform only one of the following procedures in this article to install the
update:
Use the in-place method without backward compatibility
Use the in-place method with backward compatibility
Use the database attach method for high availability of existing content
NOTE
Run the configuration wizard to ensure that if an update fails for a specific server, the error is not propagated to
the other web servers. For example, a failed update for one server could make the update fail for one or more site
collections.
13. Repeat the preceding step for each remaining web server.
14. Verify update completion and success. For more information, see Verify database upgrades in SharePoint
Server 2016.
15. Add the web servers (WEB -1 to WEB -4) to the rotation in the load balancer, or start the load balancer to
enable incoming requests to the servers.
16. Notify users that the farm is available. You are finished installing the update and using this article.
IMPORTANT
During the update phase, the farm can continue to be in production with minimal downtime. However, during the build-
to-build upgrade phase, the farm will be unavailable. If users attempt to access content while the farm is upgrading, the
result could be failed upgrades or excessive slowdowns in the upgrade process because of resource contention and locking.
Such an attempt is unsupported and untested.
For more information, see the Software updates overview for SharePoint Server 2016 section in Overview of
the upgrade process from SharePoint 2013 to SharePoint Server 2016.
Update phase
The following illustration shows the steps that are required to install the update on the farm. You can use the
illustration as a guide as you go through the steps in the following procedure, "To install the update".
IMPORTANT
Monitor the status of the upgrade on each server before you upgrade the next server in the sequence. We recommend
that you create a backup of the farm before you begin to upgrade.
The following procedure shows all the steps to upgrade the farm. You can upgrade all components within the
same outage window, or you can take some smaller outage windows and upgrade separate parts of the farm at
different times. If you want to break up the upgrade stage, you can upgrade the following components in
separate outage windows:
Services
If the software update contains updates to services that must be applied, you can upgrade the service, and
then resume operating the farm (step 8 in the following procedure) until it is possible to take a longer
farm outage to complete the content and farm upgrade.
Content databases
You can take a short farm outage to upgrade only a few content databases (steps 3 and 4 in the following
procedure) each time and then resume farm operation (step 8 in the following procedure). You can repeat
the process over successive outage windows until you upgrade all content and the farm servers are ready
to be upgraded.
You can also upgrade individual content databases in parallel for a very small number of content
databases at the same time. However, do not attempt to upgrade too many content databases in parallel
because it will slow down the overall upgrade process and extend the outage time. We recommend that
you do not upgrade more than two content databases on the same SQL Server volume at a time. Start the
upgrade for each content database that will occur in parallel several minutes apart to prevent lock
contention as the upgrade process starts. In addition, limit the number of content databases that you
upgrade on a single web server or application server. Each additional upgrade process will consume a
relatively large amount of resources. The typical number of content databases that you can upgrade per
web server or application server is four databases. However, be sure not to exceed the number of
databases that are being upgraded per SQL Server volume, no matter which web server or application
server originates the upgrade.
To upgrade the farm
1. Remove the web servers (WEB -1 to WEB -4) from rotation in the load balancer, or pause the load balancer
to stop incoming requests to the servers.
IMPORTANT
The sites and services will not be available until upgrade is complete and the servers are returned to an active
load-balancing state.
IMPORTANT
Run the Upgrade-SPContentDatabase cmdlet for each database. You can run this cmdlet from any of the
upgraded web servers or application servers. Note that the content for each database will be unavailable while this
process is running on that database.
IMPORTANT
The SharePoint Products Configuration Wizard also starts an immediate upgrade of the configuration database and all
other databases that are not already upgraded. Because it is likely that the content databases are the only databases that
have already been upgraded, as described in the previous step, all the service application databases are also upgraded in
this step. Your sites will not be available while this process runs.
5. Run the SharePoint Products Configuration Wizard or PSConfig (as in step 4 of this procedure) on the
remaining application server (APP -2).
6. Run the SharePoint Products Configuration Wizard or PSConfig (as in step 4 of this procedure) on the
web servers (WEB -1 to WEB -4).
7. Verify update completion and success. For more information, see Verify database upgrades in SharePoint
2013.
8. Add the upgraded web servers (WEB -1 to WEB -4) back into rotation in the load balancer.
You are finished installing the update and using this article.
NOTE
If the original farm uses a database mirror, configure mirroring after you deploy the software update on the new
farm.
2. Configure the databases on the existing farm so that they are in a read-only state.
NOTE
If the existing farm is mirrored, pause mirroring before setting the databases to read-only.
For more information about how to configure read-only databases, see the "Set the Previous Version
Databases to Be Read-Only (Database Attach with Read-Only Databases)" section in Upgrade content databases
from SharePoint 2013 to SharePoint Server 2016 and Run a farm that uses read-only databases in SharePoint
Server.
3. Configure the service application databases on the existing farm so that they are in a read-only state. This
prevents unexpected changes to service applications.
NOTE
Steps 4 through 14 do not apply to SharePoint Foundation 2013, SharePoint Server 2016, and SharePoint Server
2019.
4. If you are patching the User Profile Service service application database, you must export the User Profile
Synchronization Service encryption key from the old database and then import the key to the new
database. This key is also known as the Microsoft Identity Integration Server (MIIS ) key, the
Synchronization Service encryption key, and the Forefront Identity Manager 2010 (FIM 2010) key. If you
do not export and then import the key correctly, the Synchronization Service will not start. To export the
encryption key, complete these steps:
5. Use farm administrator credentials to log on to the computer that contains the old User Profile Service
service application database.
6. Open the Command Prompt window, and then change to the following folder:
%Program Files%\Microsoft Office Servers\15.0\Synchronization Service\Bin\
7. Type the following command, and then press Enter:
miiskmu.exe /e <Path>
Where <Path> is the full path of the file to which you want to export the key.
8. Back up the content databases on the existing farm. For more information, see Plan for backup and
recovery in SharePoint Server.
9. To import the encryption key, perform these steps:
10. Use farm administrator credentials to log on to the computer that contains the new User Profile Service
service application database.
11. Attempt to start the User Profile Synchronization service. Because you have not yet imported the
encryption key, the service will not start. Confirm that the service did not start by using the ULS log or by
making sure that the status of the service is Stopped.
12. Open the Command Prompt window, and then change to the following folder:
%Program Files%\Microsoft Office Servers\15.0\Synchronization Service\Bin\
13. Type the following command, and then press Enter:
miiskmu.exe /i <Path> {0E19E162-827E -4077-82D4-E6ABD531636E }
Where <Path> is the full path of the file to which you exported the key.
14. (Optional) To check that the encryption key was imported correctly, at the command prompt, type the
following command, and then press Enter:
miiskmu.exe /c {0E19E162-827E -4077-82D4-E6ABD531636E }
15. Restore the content databases to the new database server.
16. Create service applications on the new farm for each existing service application in the old farm.
Duplicate all the settings from your existing farm.
17. Use the database-attach method to create the databases on the new farm. For more information, see
Upgrade databases from SharePoint 2013 to SharePoint Server 2016 and Attach and restore read-only
content databases in SharePoint Server.
18. Verify that there are no issues with the new farm.
19. Enable the new farm as the production farm by configuring DNS to point to the new farm or by making
sure that the new farm is load balanced. Verify that users can access the new farm.
20. Allow time for users to switch from cached DNS, and then decommission the old farm.
21. Verify update completion and success. For more information, see Verify database upgrades in SharePoint
2016.
You are finished installing the update and using this article.
$ssa=Get-SPEnterpriseSearchServiceApplication
Suspend-SPEnterpriseSearchServiceApplication -Identity $ssa
2. On each server that hosts one or more Search components, stop the Search-related Windows services in
the following order:
3. SPTimerV4
4. OSearch16
5. SPSearchHostController
IMPORTANT
Verify that each service is stopped before you stop the next service.
6. On each server that hosts one or more Search components, run the update executable file to install the
update.
7. On each server that hosts one or more Search components, start the Search-related Windows services in
the following order:
8. SPSearchHostController
9. OSearch16
10. SPTimerV4
11. Verify that all Search components become active after the update by typing the following command at the
PowerShell command prompt:
Rerun the command until no Search components are listed in the output.
6. Resume the Search service application by typing the following command at the PowerShell command
prompt:
7. Verify that the farm is crawling updated content and able to index new and modified documents. To do this,
you can add or modify an item in a site collection, perform a crawl for the Local SharePoint sites content
source, and then perform a search for the item and verify that it appears in the search results.
Update servers that host Search components with minimal downtime
1. Divide the servers that host Search components into two availability groups to minimize downtime
during their update and build-to-build upgrade. (As long as one of the groups is active and healthy, the
farm can serve queries and crawl and index content.) For instructions about how to divide the servers into
two availability groups, see the procedure Determine server availability groups for update with
minimal downtime later in this article.
2. Pause the Search service application by typing the following command at the PowerShell command
prompt:
3. On each server in server availability group 1, stop the Search-related Windows services in the following
order:
4. SPTimerV4
5. OSearch16
6. SPSearchHostController
IMPORTANT
Verify that each service is stopped before you stop the next service.
7. On each server in availability group 1, run the update executable file to install the update.
8. On each server in availability group 2, stop the Search-related Windows services in the same order that
was prescribed for stopping them for availability group 1. Again, it is important to verify that each service
is stopped before you stop the next service.
9. On each server in availability group 1, start the Search-related Windows services in the following order:
10. SPSearchHostController
11. OSearch16
12. SPTimerV4
13. Wait until all Search components associated with availability group 1 are active. To determine which
components are active, type the following command at the PowerShell command prompt:
Rerun the command until all Search components that are associated with availability group 1 are listed in the
output.
8. On each server in availability group 2, run the update executable file to install the update.
9. On each server in availability group 2, start the Search-related Windows services in the same order that
was prescribed for starting them for availability group 1.
10. Wait until all Search components associated with availability group 2 are active. To determine which
components are active, type the following command at the PowerShell command prompt:
Rerun the command until all Search components that are associated with availability group 2 are listed in the
output.
11. Resume the Search service application by typing the following command at the PowerShell command
prompt:
12. Verify that the farm is crawling updated content and able to index new and modified documents. To do this,
you can add or modify an item in a site collection, perform a crawl for the Local SharePoint sites content
source, and then perform a search for the item and verify that it appears in the search results.
Determine server availability groups for update with minimal downtime
1. Start a SharePoint 2016 Management Shell on any server in the farm.
2. Determine the primary Search administration component and the server that hosts the component by
typing the following commands at the PowerShell command prompt:
$ssa=Get-SPEnterpriseSearchServiceApplication
Get-SPEnterpriseSearchStatus -SearchApplication $ssa | where { (($_.State -ne "Unknown") -and ($_.Name -
match "Admin")) } | ForEach {if (Get-SPEnterpriseSearchStatus -SearchApplication $ssa -Component $_.Name -
Primary) { Get-SPEnterpriseSearchTopology -SearchApplication $ssa -active | Get-SPEnterpriseSearchComponent
-identity $($_.Name) } }
3. Determine the set of servers in availability group 1. These servers must fulfill the following three
requirements:
The set must contain one or more, but not all, of the following types of Search components:
Content processing component
Query processing component
Analytics processing component
Crawl component
Index component
The set must contain one or more, but not all, of the index components for each index partition.
The set must contain a Search administration component that is not the primary component that was
identified in step 2 in this procedure.
4. Determine the set of servers in availability group 2. This set must contain all remaining servers that host
Search components, including the server that hosts the primary Search administration component that was
identified in step 2 of this procedure.
IMPORTANT
Do not use Stop-SPDistributedCacheServiceInstance -Graceful as this will terminate Distributed Cache prior to the
cache being transferred to another server in the farm.
Initialize-SPResourceSecurity
See also
Other Resources
SharePoint updates
Update Workflow in SharePoint Server 2013
6/7/2019 • 2 minutes to read • Edit Online
IMPORTANT
The latest update level must be installed on SharePoint Server 2013, Workflow Manager, and Workflow Manager Client
before you run the update cmdlets.
$credential = [System.Net.CredentialCache]::DefaultNetworkCredentials
$site = Get-SPSite(<siteUri>)
$proxy = Get-SPWorkflowServiceApplicationProxy
$svcAddress = $proxy.GetWorkflowServiceAddress($site)
Copy-SPActivitiesToWorkflowService -WorkflowServiceAddress $svcAddress -Credential $credential -Force $true
NOTE
Because workflow supports environments with multiple Site Subscriptions, the $site Site Collection address determines the
proper configuration location for workflow settings.
$proxy = Get-SPWorkflowServiceApplicationProxy
$site = Get-SPSite(<siteUri>)
$proxy.GetWorkflowServiceAddress($site)
Inspect any errors displayed in the SharePoint Designer user interface or any errors shown in the
SharePoint Workflow Status user interface.
Test and troubleshoot an upgrade to SharePoint
Server 2016
6/7/2019 • 2 minutes to read • Edit Online
Before you upgrade from SharePoint Server 2013 with Service Pack 1 (SP1) to SharePoint Server 2016, you
should take time to test an upgrade process and understand the issues that you might face in an actual upgrade.
After you perform a test upgrade, or after you upgrade your actual databases, you might find issues that have to be
addressed. After you address issues, you can restart the upgrade to try again.
The following articles provide information about how to test and troubleshoot upgrade.
CONTENT DESCRIPTION
Troubleshoot site collection upgrade issues in SharePoint Follow these recommendations to troubleshoot any issues
Server 2016 that occur during a site collection upgrade. You can also look
up common issues and discover how to address them.
Troubleshoot site collection upgrade issues in
SharePoint Server 2016
7/17/2019 • 5 minutes to read • Edit Online
When you upgrade a site collection to SharePoint Server 2016, errors can occasionally occur. This article helps you
understand those errors and address them.
Common issues
Check to see whether any of the following issues are causing an upgrade error, a warning, or a problem in your
site.
Q: I don't see a UI control on the page that used to be there
A: Reset the page to the default version (that is, reghost it).
Making changes to the site UI can cause problems in site upgrades. If a page was customized to place a UI control
in a non-standard location, you can reset the page to the default version to recover the control.
To reset the page, you can use the Reset to site definition link under Site Actions on the Site Settings page or
use the Reset to Template command in SharePoint Designer.
Q: The view on a large list is not working any longer
A: Create indexed columns, folders, or new views for large lists. You might have to add the indexed column to
your existing views.
If a list is very large, and users use a view or perform a query that exceeds the limit or throttling threshold, the
view or query will not be permitted. You can create indexed columns with filtered views, organize items into
folders, set an item limit on the page for a large view, or use an external list. For more information about large list
throttling and how to address issues with large lists, see Manage lists and libraries with many items.
Q: I see an error about a duplicate content type name
A: Rename content types or fields that conflict with default names.
Occasionally, custom elements (such as a content type) may have a name that conflicts with a name in the new
version.
In the upgrade log files, you may see an error such as the following:
Failed to activate site collection features on site Site Url. Exception: A duplicate content type name "name" was
found.
This error indicates that a third-party content type was added to the specified site in SharePoint Server 2013 with
Service Pack 1 (SP1). During upgrade to SharePoint Server 2016 its name conflicted with the default content type
by the same name. Rename the third-party content type in the specified site to a different name and run upgrade
again. For more information, see Create or customize a site content type.
NOTE
Either renaming or removing a content type can cause any customizations dependent on that content type to stop working.
See also
Concepts
Upgrade a site collection to SharePoint Server 2016
Sites
6/7/2019 • 2 minutes to read • Edit Online
Plan sites and site collections in SharePoint Server Learn the critical decisions that you need to make in your
SharePoint Server 2016 and SharePoint 2013 site planning
process.
Manage site collections in SharePoint Server Use these articles to learn how to manage site collections in
SharePoint Server 2016 and SharePoint 2013.
Manage web parts in SharePoint Server Helps you prepare to manage security for web parts pages
and controls that are used with SharePoint Server 2016 and
SharePoint 2013.
Permissions planning for sites and content in SharePoint Learn about how to plan permissions for sites and site content
Server for SharePoint Server 2016.
Overview of managing digital assets in SharePoint Server 2013 Learn about the asset library and how you can use it to store
and share image, audio, or video files.
Overview of OneDrive for Business in SharePoint Server Learn about OneDrive for Business in SharePoint Server.
Plan sites and site collections in SharePoint Server
6/7/2019 • 12 minutes to read • Edit Online
The SharePoint Server 2019 modern experience is similar to the experience in SharePoint Online. The modern
experience is compelling, flexible, and easier to use. The main difference is hub sites aren't available in SharePoint
Server. We do recommend in SharePoint Server 2019 that you create site collections for each unit of work instead
of creating subsites. This will make it easier when migrating your SharePoint farm to SharePoint Online. For more
information about the modern experience in SharePoint Server 2019, see Differences between SharePoint Server
2016 and 2019.
Internal Collaboration and Publishing You can create a site collection to host your internal team and
communication sites. In SharePoint Server 2019 you can create either new modern experience, or classic
experience, team and community site collections. These can be broken down into two major categories. One
branch can be organized around your company's internal hierarchy, with divisional portals hosting subsites for the
individual long standing teams to use to store their content, collaborate, and publish their work out to the rest of
the organization. Another peer branch can be for ad hoc or v-teams or project teams. These teams have members
from across the long standing teams and need to have a collaboration and publishing space for a limited period of
time.
Internal Enterprise Applications You can create a site collection to host sites and resources that everyone in
your company will use. For example, your company intranet, enterprise search, My Sites, and records repositories.
It is best practice to keep document center sites and records center sites in separate site collections.
Internet Presence It is best practice to place your company Internet presence in a separate SharePoint Server
farm. Site collections of this type host resources that are available to anonymous users on the Internet. For
example, you might use an Internet presence site to provide news articles or reviews that are tagged with
metadata to categorize articles so that users can search or browse for information. For more information about
how to design SharePoint Server for an Internet presence, see Overview of publishing to Internet, intranet, and
extranet sites in SharePoint Server and Plan the logical architecture for cross-site publishing in SharePoint Server.
All sites in a site collection are stored together in the same SQL database. This can potentially affect site and
server performance, depending on how your site collections and sites are structured, and depending on the
purpose of the sites. Be aware of the following limits when you plan how to allocate your content across one or
more site collections:
Keep extremely active sites in separate site collections. For example, a knowledge base site on the Internet
that allows anonymous browsing could generate lots of database activity. Other examples are SharePoint
Server 2019, modern Team and Communications sites. If other sites use the same database, their
performance could be affected. By putting the knowledge base site in a separate site collection with its own
database, you can free up resources for other sites that no longer have to compete with it for database
resources.
Because all content in a site collection is stored in the same content database, the performance of database
operations — such as backing up and restoring content — depends on the amount of content across the
site collection, the size of the database, the speed of the servers hosting the database, and other factors.
Depending on the amount of content and the configuration of the database, you might have to divide a site
collection into multiple site collections to meet service-level agreements for backing up and restoring,
throughput, or other requirements.
Creating too many sites below a top-level site in a site collection might affect performance and usability.
The maximum recommended number of sites and subsites in a site collection is 250,000 sites. We
recommend staying below 2,000 subsites per site collection. The maximum recommended number of site
collections per farm is 500,000 Personal Sites plus 250,000 for all other site templates. For more
information, see Site collection limits.
Once you have your site collection plan in place, you can move on to planning the organization of the sites in
those site collections.
Plan sites by organizational hierarchy
Plan the basic sites that you need based on the scale and structure of your organization. Some sites for larger
divisions or projects can also combine information that is found on all the smaller subsites that are devoted to
smaller long standing teams or v-teams that are responsible for time limited projects. Using modern Team and
Communication sites in SharePoint Server 2019 are a great way to create site collections for each unit of work
instead of creating subsites.
Use the following guidelines when you plan sites that are based on your organizational structure:
Divisional or team sites Plan to create one site per team under a divisional rollup site. In large organizations,
there might be several levels of sites, with each site focusing on the content that is created and managed at its level
of the organization.
You can design a site for members of your organization to collaborate on content related to your business or
organizational goals. These can be self-contained or they can work with other sites as part of a publishing process.
Often, these sites will have a mixture of collaborative content that is used internally and content that is intended
for publication to an audience.
Rollup sites A rollup site surfaces content that is stored on other subsites. It makes it possible for users across
divisions to find information, and experts. It often contains sites that are related to the overall organizational
information architecture and that are usually mapped to the structure of the divisional or project sites.
Plan application sites
An application site organizes team processes and provides mechanisms for running them. Application sites often
include digital dashboards and other features to view and change data that is related to the site's purpose. The
information that is presented in an application site usually comes from diverse sources, such as databases or other
SharePoint sites.
For example, the human resources organization could design an application site to provide employees with:
Access to general information, such as employee handbooks and career opportunities.
Ways to do common tasks, such as submitting timecards and expense reports.
Dashboards to view personalized information, such as an employee's salary and benefits history.
As another example, the internal technical support group in an organization could design a Help Desk application
site to provide technical support to members of the organization. Features of the application site could include the
following:
Access to a knowledge base of past support incidents and best-practices documentation.
Ways to do common tasks, such as starting a support incident or reviewing the status of an ongoing
incident.
Integration with communications features that support online meetings and discussions.
Personalized views of data. For example, support managers could view dashboards that provide views of
their team members' productivity and customer satisfaction ratings. Support engineers could view their
current unresolved incidents.
Plan publishing sites
By using a publishing site, authors can create and modify content in the form of web pages and documents, and
they can use an approval process to make the content available to users who have the appropriate levels of
viewing permissions. The publishing process involves creating content and then submitting it for approval. After
content is approved, it is made available, or published, to the website for readers. This publishing occurs according
to either a default schedule or a customized schedule, based on the needs of the project. Publishing sites can be
used as intranet, extranet, or Internet sites, depending on the audience.
For example, you might use a publishing site for an Internet site that publishes press releases. The public relations
team creates press releases, uses the publishing workflow to approve new content, and specifies when it should be
made available to consumers. As another example, you might use a publishing site for a corporate intranet site,
where company news is made available to employees. Page authors can specify the target audience for their
content, which makes the content viewable by only the members of the designated groups.
You can use one of two ways to make published content available to users: author-in-place, or cross-site
publishing. With the author-in-place method, you use a single site collection to author content and make it
available to readers of your site. With the cross-site publishing method, you use one or more site collections to
author content, and one or more site collections to control the design of the site and the display of the content. For
more information, see Overview of publishing to Internet, intranet, and extranet sites in SharePoint Server.
Plan other sites
You can plan to make it possible for site users to create additional sites. For example, you can plan to give a My
Site to each team member who uses a site. A My Site is a team site that is based on SharePoint Server and has
public and private views. You can also make it possible for team members to create other sites, such as Document
Workspace sites, when they collaborate on documents and other projects. Similarly, you can give users of an
Internet site access to collaboration sites as part of a web-based service. For example, you can give them
permissions to create Meeting Workspace sites and participate in online meetings as part of their experience of
using your site. For more information, see Configure self-service site creation in SharePoint Server 2019.
For information about the kinds of sites that you can create, see Overview of sites and site collections in
SharePoint Server.
Where:
URL is the address of the site.
Title is name of the site as configured in site settings and displayed on the title bar of the site.
Description is the value in the description field in the sites properties.
ParentWeb is the site immediately above the inventoried site in the hierarchy.
AssociatedOwnerGroup is the group that owns the site.
Site Administrations are the current users who are listed as the sites primary and secondary site
administrators.
Web Template is the type of site template that the site was created from.
UIVersion is the SharePoint Server version of the site.
QuickLaunchEnabled indicates if the site has the Quick Launch enabled in the vertical navigation.
TreeViewEnabled indicates if the site has the tree view enabled for the Quick Launch.
Language is the language the site was created in.
Locale is the locale of the site.
Author is who created the site.
HasUniquePerm indicates if the site inherits permissions from its parent site or implements unique
permissions.
<file location and name.csv> is the location where you want to save the csv file and the name you
want to give it. For example, 'C:\FarmReports\1.csv'.
For more information, see the PowerShell reference for SharePoint Server article, SharePointServer.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Software boundaries and limits for SharePoint Servers 2016 and 2019
Overview of publishing to Internet, intranet, and extranet sites in SharePoint Server
Other Resources
Overview of SharePoint site collections
Overview of sites and site collections in SharePoint
Server
6/7/2019 • 20 minutes to read • Edit Online
The SharePoint Server 2019 modern experience is similar to the experience in SharePoint Online. The main
difference is Hub sites aren't available in SharePoint Server. We do recommend that you use the same process as
in SharePoint Online, create site collections for each unit of work instead of creating subsites. This will make it
easier when migrating your SharePoint farm to SharePoint Online.
The following guidelines show the relationship between SharePoint Server sites and site collections, and content
databases:
All content in a site collection must be stored in a single content database. You can't store a site collection's
content across multiple content databases.
You can scale up content databases that support a site collection. You can also scale-out a content database
at the web application level to support additional site collections.
A site collection can exist in only one content database, but one content database can host the content for
multiple site collections.
A site can't exist outside of a site collection and can only exist in one site collection but a site collection can
host many sites.
Collaboration Team Site A place to work together Site collection and site
with a group of people.
SharePoint Server 2019
offers a modern and classic
team site.
TYPE NAME DESCRIPTION AVAILABILITY
Collaboration Blog A site for a person or team Site collection and site
to post ideas, observations,
and expertise that site
visitors can comment on.
Collaboration Project Site A site for managing and Site collection and site
collaborating on a project.
This site template brings all
status, communication, and
artifacts relevant to the
project into one place.
Collaboration Community Site A place where community Site collection and site
members discuss topics of
common interest. Members
can browse and discover
relevant content by
exploring categories, sorting
discussions, by popularity or
by viewing only posts that
have a best reply. Members
gain reputation points by
participating in the
community, such as starting
discussions and replying to
them, liking posts, and
specifying best replies.
Enterprise Document Center A site to centrally manage Site collection and site
documents in your
enterprise.
Enterprise In-Place Hold Policy Center A site to manage policies to Site collection only
preserve content for specific
amounts of time.
Enterprise Records Center This template creates a site Site collection and site
designed for records
management. Records
managers can configure the
routing table to direct
incoming files to specific
locations. The site also lets
you manage whether
records can be deleted or
modified after they are
added to the repository.
TYPE NAME DESCRIPTION AVAILABILITY
Enterprise Business Intelligence Center A site for presenting Site collection and site
Business Intelligence
content.
Enterprise Compliance Policy Center A site to manage policies Site collection and site
and delete documents after
specified times.
Enterprise Enterprise Search Center A site focused on delivering Site collection and site
an enterprise-wide search
experience.
Note:
Search Centers should be
separate site collections
because they search for
information across a
company portal or division.
If you create a Search Center
as a subsite, you might have
to create some workarounds
for a full customization. For
more information, see
Customizing the Search
Center.
Enterprise My Site Host A site used for hosting Site collection only
personal sites (My Sites) and
the public People Profile
page.
Enterprise Basic Search Center A site focused on delivering Site collection and site
a basic search experience. It
includes a welcome page
with a search box that
connects users to a search
results page and an
advanced search page. This
Search Center will not
appear in navigation.
Note:
Search Centers should be
separate site collections
because they search for
information across a
company portal or division.
If you create a Search Center
as a subsite, you might have
to create some workarounds
for a full customization. For
more information, see
Customizing the Search
Center.
TYPE NAME DESCRIPTION AVAILABILITY
Enterprise Visio Process Repository A site for viewing, sharing, Site collection and site
and storing Visio process
diagrams. It includes a
versioned document library
and templates for Basic
Flowcharts, Cross-functional
Flowcharts, and BPMN
diagrams.
Note:
The Visio Process Repository
site template will be
removed in the next version
of SharePoint Server.
Publishing Enterprise Wiki A site for publishing Site collection and site
knowledge that you capture
and want to share across
the enterprise.
Publishing Product Catalog A site for managing product Site collection only
catalog data that can be
published to an Internet-
facing site through search.
Custom <Select template later…> Create an empty site and Site collection only
pick a template for the site
at a later time.
The following table describes the 2013 experience version site templates that are available in SharePoint 2013.
Table: 2013 experience version site templates in SharePoint 2013
Collaboration Team Site A place to work together Site collection and site,
with a group of people. Server and Foundation
TYPE NAME DESCRIPTION AVAILABILITY
Project Site A site for managing and Site collection and site,
collaborating on a project. Server only
This site template brings all
status, communication, and
artifacts relevant to the
project into one place.
Enterprise Document Center A site to centrally manage Site collection and site,
documents in your Server only
enterprise.
Records Center This template creates a site Site collection and site,
designed for records Server only
management. Records
managers can configure the
routing table to direct
incoming files to specific
locations. The site also lets
you manage whether
records can be deleted or
modified after they are
added to the repository.
Enterprise Search Center A site focused on delivering Site collection and site,
an enterprise-wide search Server only
experience.
Note:
Search Centers should be
separate site collections
because they search for
information across a
company portal or division.
If you create a Search Center
as a subsite, you might have
to create some workarounds
for a full customization. For
more information, see
Customizing the Search
Center in the MSDN Library.
My Site Host A site used for hosting Site collection only, Server
personal sites (My Sites) and only
the public People Profile
page.
Basic Search Center A site focused on delivering Site collection and site,
a basic search experience. It Server and Foundation
includes a welcome page
with a search box that
connects users to a search
results page and an
advanced search page. This
Search Center will not
appear in navigation.
Note:
Search Centers should be
separate site collections
because they search for
information across a
company portal or division.
If you create a Search Center
as a subsite, you might have
to create some workarounds
for a full customization. For
more information, see
Customizing the Search
Center in the MSDN Library.
TYPE NAME DESCRIPTION AVAILABILITY
Visio Process Repository A site for viewing, sharing, Site collection and site,
and storing Visio process Server only
diagrams. It includes a
versioned document library
and templates for Basic
Flowcharts, Cross-functional
Flowcharts, and BPMN
diagrams.
Note:
The Visio Process Repository
site template will be
removed in the next version
of SharePoint Server.
Publishing Publishing Portal A starter hierarchy for an Site collection only, Server
Internet-facing site or a only
large intranet portal. This
site can be customized easily
with distinctive branding.
Typically, this site has many
more readers than
contributors and it is used
to publish web pages with
approval workflows.
Product Catalog A site for managing product Site collection only, Server
catalog data that can be only
published to an Internet-
facing site through search.
Blank Publishing site A blank site for expanding Site only, Server only
your website and quickly
publishing web pages.
Contributors can work on
draft versions of pages and
publish them to make them
visible to readers. The site
includes document and
image libraries for storing
web publishing assets.
Publishing Site with A site for publishing web Site only, Server only
workflow pages on a schedule by
using approval workflows. It
includes document and
image libraries for storing
web publishing assets. By
default, only sites with this
template can be created
under this site.
Custom <Select template later…> Create an empty site and Site collection only, Server
pick a template for the site and Foundation
at a later time.
The following table describes the 2010 experience version site templates that are available in SharePoint 2013.
Table: 2010 experience version site templates in SharePoint 2013
Collaboration Team Site Same functionality as the Site collection and site,
2013 Team site. Server and Foundation
Blank Site A blank site for you to Site collection and site, Site collection and site,
customize based on your Server and Foundation Server and Foundation
requirements.
Document Workspace A site for colleagues to work Site collection and site, Site collection and site,
together on a document. It Server and Foundation Server and Foundation
provides a document library
for storing the primary
document and supporting
files.
Blog Same functionality as the Site collection and site, Site collection and site,
2013 Blog site. Server and Foundation Server and Foundation
Group Work Site This template provides a Site collection and site, Site collection and site,
groupware solution that Server and Foundation Server and Foundation
enables teams to create,
organize, and share
information. It includes a
Group Calendar, Circulation,
Phone-Call Memo, a
document library, and other
basic lists.
Visio Process Repository Same functionality as the Site collection and site, Site collection and site,
2013 Visio Process Server only Server and Foundation
Repository. Site collection and site,
Server and Foundation
Meetings Basic Meeting Workspace A site to plan, organize, and Site collection and site,
capture the results of a Server and Foundation
meeting. It provides lists for
managing the agenda,
meeting attendees, and
documents.
Blank Meeting Workspace A blank meeting site for you Site collection and site, Site collection and site,
to customize based on your Server and Foundation Server and Foundation
requirements.
Decision Meeting A site for meetings that Site collection and site, Site collection and site,
Workspace track status or make Server and Foundation Server and Foundation
decisions. It provides lists for
creating tasks, storing
documents, and recording
decisions.
TYPE NAME DESCRIPTION AVAILABILITY
Social Meeting Workspace A site to plan social Site collection and site, Site collection and site,
occasions. It provides lists Server and Foundation Server and Foundation
for tracking attendees,
providing directions, and
storing pictures of the event.
Multipage Meeting A site to plan, organize, and Site collection and site, Site collection and site,
Workspace capture the results of a Server and Foundation Server and Foundation
meeting. It provides lists for
managing the agenda and
meeting attendees in
addition to two blank pages
for you to customize based
on your requirements.
Enterprise Document Center A site to centrally manage Site collection and site,
documents in your Server only
enterprise.
Records Center This template creates a site Site collection and site, Site collection and site,
designed for records Server only Server only
management. Records
managers can configure the
routing table to direct
incoming files to specific
locations.
Business Intelligence Center Same functionality as the Site collection only, Server Site collection and site,
2013 Business Intelligence only Server only
site.
Enterprise Search Center A site for delivering the Site collection and site, Site collection and site,
search experience. It includes Server only Server only
a search box with scopes for
general searches and for
people searches. You can
add and customize tabs to
focus on other search
scopes or result types.
My Site Host Same functionality as the Site collection only, Server Site collection and site,
2013 My Site Host site. only Server only
Basic Search Center A site for delivering the Site collection and site, Site collection and site,
search experience. The site Server and Foundation Server only
includes pages for search
results and advanced
searches.
FAST Search Center A site for delivering the FAST Site collection and site, Site collection and site,
search experience. Server only Server only
Publishing Publishing Portal Same functionality as the Site collection only, Server
2013 Publishing Portal site. only
Enterprise Wiki Same functionality as the Site collection only, Server Site collection only, Server
2013 Enterprise Wiki site. only only
TYPE NAME DESCRIPTION AVAILABILITY
Publishing Site with Same functionality as the 2010 site only, Server only Site collection only, Server
Workflow 2013 Publishing Site with only
Workflow site.
Custom <Select template later…> Same functionality as the Site collection only, Server
2013 <Select template and Foundation
later…> option.
Web Databases Assets Web Database Create an assets database to 2010 site only
keep track of assets,
including asset details and
owners.
Charitable Contributions Create a database to track 2010 site only 2010 site only
Web Database information about
fundraising campaigns
including donations made
by contributors, campaign-
related events, and pending
tasks.
Contacts Web Database Create a contacts database 2010 site only 2010 site only
to manage information
about people that your
team works with, such as
customer and partner.
Issues Web Database Create an issues database to 2010 site only 2010 site only
manage a set of issues or
problems. You can assign,
prioritize, and follow the
progress of issues from start
to finish.
Projects Web Database Create a project tracking 2010 site only 2010 site only
database to track multiple
projects and assign tasks to
different people.
NOTE
The Web Databases site templates that are available through the 2010 experience sites in SharePoint 2013 are no longer
available in the 2013 experience sites in SharePoint 2013. In SharePoint Server 2016, you create an Access database by
creating a new app, instead of creating a site.
IMPORTANT
Some SharePoint 2010 Products site templates, such as the Document Workspace Site templates, were deprecated and are
not available as an option in SharePoint 2013. Existing sites that were created by using these deprecated site templates and
then upgraded will continue to operate in SharePoint 2013. The deprecated site templates will be removed completely from
the next version of SharePoint.
Examples of solutions that benefit from being implemented as site collections are as follows:
Team collaboration site A site collection to support authoring and collaboration tasks. Often, this kind of
site includes collaborative content that is not published but only used internally. For example, a team
collaboration site collection might contain a site for each team in your organization to use to plan projects,
coordinate tasks, record meeting notes, and store team documents.
Published Internet site A site collection for publishing content to anonymous Internet readers. A small
number of authors create and publish content for many readers. For example, you might use a published
Internet site to provide information about company products or services to customers. You can implement
publishing sites in a single site collection, where authoring and publishing tasks are performed on the same
site. You can also implement publishing sites as two or more site collections that separate the stages of
authoring and publishing. Content is created on one or more authoring site collections, and is displayed on
one or more publishing site collections by using the Cross-Site Collection Publishing feature in SharePoint
Server. For information about how to decide which publishing method to use, see Plan for Internet,
intranet, and extranet publishing sites in SharePoint Server. For information about cross-site publishing,
see Plan for cross-site publishing in SharePoint Server.
NOTE
You cannot save a SharePoint publishing site collection or site as a template. If you activate the SharePoint Server Publishing
Infrastructure feature on a non-publishing site collection, the Save site as template link is removed from the Site Actions
section on the Site Settings page.
See also
Concepts
Plan sites and site collections in SharePoint Server
Overview of site navigation in SharePoint Server
Overview of site policies in SharePoint Server
Plan self-service site creation in SharePoint Server
6/7/2019 • 7 minutes to read • Edit Online
NOTE
My Sites and the policies feature are not available in SharePoint Foundation 2013 and Self-Service Site Creation is disabled by
default.
Determine who can create sites and a method for site creation
By default, new site collections can only be created by using Central Administration or the SharePoint
Management Shell, by members of the Farm Administrators group. If your organization wants to tightly control
and manage the environment so only a few people are allowed to add top-level sites, this is the method to use.
However, if you have any of the following requirements, then self-service site creation might be the better choice
for your organization:
You want users to be able to easily create informal, perhaps even disposable, top-level sites, such as for
short-term projects.
You want to create an informal space for team, group, or community interaction.
You are hosting top-level sites (either internally or externally) and want the process for requesting and
receiving a top-level site to be as quick and low cost as possible.
There are several ways to allow users to create their own sites, while still maintaining some control over your
environment. Consider which of the following methods will work best for your organization.
Self-Service Site Creation Self-Service Site Creation enables users to create site collections under the
/sites path (or other path you specify) within a particular web application. This method is best used when
you want to allow groups or communities to create sites. This method also works well if you are hosting
sites and want to allow users to create sites without waiting for a complicated process. The create a site user
interface can be customized or replaced with a custom form that includes all of the information you might
need to integrate with a billing system or to track custom metadata about the site at creation time. This
method does not work well when large numbers of users need access to multiple sites. Because Self-Service
Site Creation creates site collections, which have separate permissions, users need to be added uniquely to
different site collections. If you use subsites instead, the users can be inherited from the parent site in the site
collection. For more information, see Configure self-service site creation in SharePoint Server 2019.
Self-Service Site Creation can also be configured to create sites instead of site collections. When enabled,
users can create a new site quickly and easily from their personal site. Clicking the new site link from the
Sites page creates a new site. The site is created by using the Team Site template and will have separate
permissions. The site creator can add additional users to the new site.
Subsites of existing sites Limit users to creating subsites of existing sites, instead of new site collections
and top-level sites. Any user who has the Full Control or Manage Hierarchy permission level on an existing
site can create a subsite. This method is the most limited, because you still control how many site collections
there are. Because the sites are always subsites of other sites, they can be either easy to organize (if there are
just a few ) or very difficult to organize and browse. For example, if everyone in your organization wants a
subsite and they create them at different levels in the site collection's hierarchy, the site collection can soon
become very difficult to navigate.
NOTE
If you do not want users to have this capability, you can remove the Create Subsites right from the Full Control and
Manage Hierarchy permission levels, either at the site collection or web application level.
My Sites Allow users to create personal sites (also known as My Sites). Personal sites are site collections
stored under the /personal path of the web application. Personal sites are created for individual users, so
they are not the appropriate method to use if you are trying to create sites for groups or communities. Self-
Service Site Creation is used to create My sites For more information on My Sites, see Configure My Sites
in SharePoint Server.
NOTE
Keep in mind that none of these methods can control how much space each site takes up in your content databases. To
control site sizes, you should use quotas and set a size limit for site collections. You cannot set individual size limits for
subsites. For more information, see Quotas.
NOTE
Self-service site creation only creates path based site collections. You cannot create host-named site collections with self-
service site collections.
NOTE
In SharePoint Foundation 2013, Self-Service Site Creation is disabled by default. When you enable Self-Service Site Creation,
users can use the site creation page (http://<server>/_layouts/15/scsignup.aspx) to create a new site or site collection.
NOTE
If you want to use a path other than /sites for Self-Service Site Creation, you must add the path as a wildcard inclusion.
If you enable Self-Service Site Creation, you should consider the following:
We recommend that you should require a secondary site contact. Administrative alerts, such as those for
when quotas are exceeded, or checking for unused websites, go to the primary and secondary
administrators. Having more than one contact reduces administrator involvement with these sites because
the secondary contact can perform required tasks even if the primary contact is not available.
Define a storage quota and set it as the default quota for the web application.
NOTE
You can also configure Self-Service Site Creation to apply a quota template to any site collections that are created.
Consider requiring a retention policy. When users create a site or site collection, they must select a policy to
apply. For more information on site policies see, Overview of site policies in SharePoint Server.
Review the number of sites allowed per content database. Combined with quotas, this will help you limit the
size of the databases in your system.
Enable unused website notifications, so that sites that are forgotten or no longer of value can be identified.
Because Self-Service Site Creation creates new top-level websites on an existing web application, any new sites
automatically conform to the web application's default quota settings, unused website notification settings, and
other administrative policies.
You can configure Self-Service Site Creation in a variety of ways to meet your needs. For example, if you have a
web application dedicated to My Sites, you can enable Self-Service Site Creation but select to hide the new site
link so that no one can use it to create new sites or site collections. You can also create a custom form that users
utilize to create a site or site collection.
See also
Configure self-service site creation in SharePoint Server 2019
Configure self-service site creation in SharePoint
Server 2019
6/7/2019 • 3 minutes to read • Edit Online
NOTE
When you enable self-service site creation, a link to create a site is added to the SharePoint home page.
NOTE
When configuring self-service site creation on remote farms, both farms must be running SharePoint Server 2019. We don’t
support self-service site creation in remote farms if the remote farms are running an older version of SharePoint.
NOTE
For cross-web application scenarios, you must create the AAM on both web applications to ensure the form reads from the
correct named path.
See also
Plan self-service site creation in SharePoint Server
Enable SharePoint home page in SharePoint Server
2019 farms
6/7/2019 • 2 minutes to read • Edit Online
A user can also click on the word “SharePoint” in the top bar to visit SharePoint home page.
See also
Concepts
Create a User Profile service application in SharePoint Server
Configure profile synchronization by using SharePoint Active Directory Import in SharePoint Server
Manage the Distributed Cache service in SharePoint Server
Congiure self-service site creation in SharePoint Server 2019
Overview of site policies in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
A site owner can re-open a closed site by going to the Site Closure and Deletion page from the Site Settings menu.
Run a workflow to close the site, and delete the site automatically. This option gives the same
choices for how to delete the site automatically, and also requires you to specify a workflow to run. When
the workflow finishes running, SharePoint Server 2016 closes the site. You specify the name of the
workflow, how long after the site is created to run the workflow, and whether to rerun the workflow
periodically until the site is closed.
A site policy can also specify that if it is applied to the root site in a site collection, when the root site is closed, the
root site and all sub-sites become read-only.
Site policies are also available in SharePoint Server 2019 modern Team and Communication sites. You must first
activate the Site Polcy feature before it appears on the Site Settings page.
NOTE
To delete a site manually, a site owner must select Delete this site on the Site Settings menu. The Site Closure and Deletion
page shows when a site will be deleted automatically. However, it does not provide an option for the site owner to delete the
site manually.
If the site collection in which you define site policies is a content type hub, then you can publish policies and share
them across site collections.
See also
Other Resources
Overview of document deletion policies in SharePoint Server
Overview of in-place hold in SharePoint Server
Overview of site navigation in SharePoint Server
6/7/2019 • 8 minutes to read • Edit Online
NOTE
If you want to include Web Part zones on page layouts but prevent authors from inserting navigation Web Parts into these
zones, you can change the permissions that are required to use navigation Web Parts in the Web Parts gallery of your site
to make those Web Parts unavailable to authors based on their permission level.
See also
Concepts
Overview of managed navigation in SharePoint Server
Manage web parts in SharePoint Server
Plan for multilingual sites in SharePoint Server
6/7/2019 • 13 minutes to read • Edit Online
IMPORTANT
This section does not apply to SharePoint Foundation 2013.
This option creates a source variation site that is used to author content in one language, and then syncs
that content to one or more target variation sites where it can be translated and consumed in other
languages. For example, you can author and publish content in English for http://contoso.com/en, and use
variations to sync content to http://contoso.com/fr, where you can translate it to French and publish it.
Unlike the first two options, the variations feature does not affect site administration pages or the user
interface; it affects only content. You can create the variation sites in different languages, and you can enable
the multilingual user interface for users who create content for the variation sites. For information about
variations, see Variations overview in SharePoint Server.
NOTE
Only options 1 and 2 require that language packs be installed. But if you want to create variation sites in other languages, or
enable the multilingual user interface on variation sites, you must also install language packs for option 3. For information
about language packs, see Install or uninstall language packs for SharePoint Servers 2016 and 2019 or Install or uninstall
language packs for SharePoint 2013.
For information about how to decide whether to use multilingual user interface features, the variations feature, or
both, see Introduction to multilingual features.
If your organization supports users in different regions or users who speak different languages, you must
determine what your multilingual requirements are and plan for multilingual site deployment when you plan your
overall site structure and navigation. To determine your multilingual requirements, you must do the following:
Determine the languages and locales that you must support.
Determine the language pack requirements for sites and users.
Decide whether you want to use the variations feature.
NOTE
Although Office SharePoint Server 2007 and Windows SharePoint Services 3.0 supported internationalized domain names
(IDNs), SharePoint 2013, SharePoint Server 2016, and SharePoint Server 2019 don't. If you currently use IDNs with Office
SharePoint Server 2007 or Windows SharePoint Services 3.0 and you plan to upgrade or migrate to either SharePoint 2013
or SharePoint Servers 2016 or 2019, you must stop using IDNs, delete any IDN settings, and set up a non-IDN environment
before you upgrade or migrate to SharePoint Servers 2016 and 2019.
NOTE
If users change their preferred language, some site elements, such as column names, might still appear in the default site
language.
Do not assume that you have to create a site collection or site in multiple languages only because a document
library contains documents in multiple languages. A document library can contain documents in multiple
languages without requiring you to create site collections or sites in multiple languages. For example, the
document library for an English site collection can contain documents that are written in French, Spanish, and
Japanese. For publishing sites, content can be created in any language. You do not have to create a site collection
or site in a specific language to show pages that contain content in other languages.
When you plan multilingual sites, you should also consider which locales are necessary to support your sites.
Locale is a regional setting that specifies the way numbers, dates, and times are shown on a site. But locale does
not change the language in which the site is viewed. For example, selecting the Thai locale changes the default
sort order of list items, and uses the Buddhist calendar instead of the default calendar. But it does not change the
site user interface language to Thai. Locale is a setting that is configured independently of the language specified
when a site is created. In your spreadsheet, record any locales that you want to use with specific languages. The
site locale can be changed, but only until any of the lists on the site are indexed.
NOTE
Language packs provide translation only of the user interface. They do not translate content that is created and shown in
content pages or Web Parts. You can use the Machine Translation service to enable users to automatically translate
documents. For more information, see Turn on automated document translation in SharePoint Server.
The list of available languages that you can use to create a site collection or site, and which you can enable for the
multilingual user interface, is generated by the language packs that are installed on the web and application
servers of the server farm. By default, site collections and sites are created in the language in which SharePoint
Server was installed. For example, if you install the Spanish version of SharePoint Server, the default language for
site collections and sites is Spanish. If you must create site collections or sites in a language other than the default
SharePoint Server language, you must first install the language pack for that other language on the web and
application servers before you can select another language in which to create a site. For example, if you are
running the French version of SharePoint Server and you want to create sites in French, English, and Spanish, you
must install the English and Spanish language packs on the web and application servers before you can create the
English and Spanish sites.
NOTE
Every time that a language pack is installed, you must rerun the SharePoint Products Configuration Wizard, which stops and
restarts Internet Information Services (IIS), the SharePoint Administration Service, and the SharePoint Timer Service. To
minimize interruption of service to your users, you should plan to install all language packs before your sites go live.
Based on the language requirements of your site collections or sites, determine the language packs that must be
installed on every web and application server. In your spreadsheet, for each site, record the list of language packs
that you want to make available as alternative languages. For information about which language packs are
available, see Language Packs for SharePoint Server 2019, Language Packs for SharePoint Server 2016 and
Language Packs for SharePoint Server 2013.
The following table lists when language packs are or are not required:
Table: When language packs are required
Even though you specify a language for a site, some user interface elements such as error messages, notifications,
or dialog boxes might not appear in the language that you choose. This is because SharePoint Server relies on
several supporting technologies — such as the .NET Framework, Microsoft Windows Workflow Foundation,
ASP.NET, and SQL Server — and some of these supporting technologies are localized into a limited number of
languages. If a user interface element is generated by one of the supporting technologies, and if the supporting
technology is not localized into the language that the site administrator specified for the site, the user interface
element appears in English.
In addition, some text might originate from the original installation language, which can create a mixed-language
experience. This type of mixed-language experience is typically seen only by content creators, site collection
administrators, or site owners, and is not seen by site users.
NOTE
Error logs that SharePoint Server stores on the server are always in English.
For information about how to install language packs, see Install or uninstall language packs for SharePoint
Servers 2016 and 2019 and Install or uninstall language packs for SharePoint 2013.
NOTE
The variations feature is not available in SharePoint Foundation 2013.
The SharePoint Server variations feature enables site owners to make the same content available to specific
audiences across different sites by maintaining customizable copies of the content from the source variation site in
each target variation site. For a multilingual site, you might want to use the primary language of your organization
as the source variation site. You can create the target variation sites in the same language as the source variation
site, or in the language the target variation site is intended to support. If you plan to create the target variation
sites in other languages, verify that the corresponding language packs are installed. For more information about
variations, see Variations overview in SharePoint Server.
When you plan for multilingual sites, consider whether you have to create content that will be shared across sites,
but must be changed to meet regional requirements or translated to meet language requirements. If you think
there is a possibility that you might have to set up variations sites, you should plan for them beforehand. It is very
difficult to integrate variations sites into a site collection after the site structure is implemented. The following
factors can affect your ability to easily move to using variations sites later in the life of your site:
Custom code Code that contains references to the location of the root variations site.
Site customizations Site navigation, Master Pages, and other customizations.
Search Search scopes must be created for each variation label, and the site properties of each variations
site must be changed.
If you plan to translate content on your variations sites, you must decide whether to use human translation or
machine translation. If you plan to use machine translation, make sure that the language to which you want to
translate content is available for the Machine Translation service. For more information about how to plan for
variations, see Plan for variations in SharePoint Server.
See also
Concepts
Plan for the multilingual user interface in SharePoint Server
Variations overview in SharePoint Server
Other Resources
Language Packs for SharePoint Server 2019
Language Packs for SharePoint Server 2016
Language Packs for SharePoint Server 2013
Plan for the multilingual user interface in SharePoint
Server
6/7/2019 • 15 minutes to read • Edit Online
NOTE
This does not apply to the Taxonomy Refinement Panel Web Part, which displays the same language labels as the
ones used in managed navigation.
See also
Concepts
Plan for multilingual sites in SharePoint Server
Variations overview in SharePoint Server
Plan for variations in SharePoint Server
Other Resources
Language Packs for SharePoint Server 2019
Language Packs for SharePoint Server 2016
Language Packs for SharePoint Server 2013
Overview of themes in SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
About themes
Themes enable lightweight branding of a SharePoint Server site by allowing a site owner or a user who has
designer rights to make changes to the color palette, site layout, font scheme, and background of a site. Themes are
applied and customized directly in the user interface, and do not require knowledge of cascading style sheets or
master pages.
By default, a theme is only applied to the site for which it is selected. It is not inherited by any subsites unless you
are working with a publishing site., Or, if the publishing feature was enabled for a site, you can choose to either
inherit the theme from the parent site or specify a theme that will be used by the site. When working publishing
sites and you want more control over your customizations than themes can provide, use Design Manager.
NOTE
Themes were redesigned in SharePoint 2013 to simplify the process of customizing sites by changing the site layout, color
palette, font scheme, and background image. The themes user interface has been redesigned and there is a set of new file
formats related to themes. The themes remain the same in SharePoint Server 2016. Themes created in SharePoint 2010
Products cannot be used on SharePoint Server sites. However, they can still be used on site collections that have not been
upgraded and are running in 2010 mode.
See also
Other Resources
Use composed looks to brand SharePoint sites
Branding SharePoint sites in the SharePoint add-in model
Change the look of your SharePoint site
Plan for site maintenance and management in
SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
Quotas
The first step in controlling the amount of resources that your sites and site collections use is to establish and apply
quota templates. Quotas let you control how much data a site collection can hold and then lock the site to further
content when site storage reaches a maximum size. With quotas you can also control the amount of resources,
such as processor and memory, that a site or site collection can use. Quotas let you set storage limit values and
warning limit values as well as resource utilization limits which applications cannot exceed. Once you configure and
apply quotas, you reduce the impact of issues caused by out-of-control site collections. For more information on
working with quotas and how to configure them, see Create, edit, and delete quota templates in SharePoint Server.
When you perform your database and server capacity planning, determine what size limits (if any) you want to
enforce. The following list describes how to take the best advantage of quotas:
Create different quota templates for different site types. For example, you might want different quotas for
different divisions, or for different customer types, or for different paths (perhaps sites under the /sites path
only get 100 MB per site collection, whereas sites under the /VIP path can take up to 300 MB per site
collection). Whenever you create a site collection from Central Administration, you can specify which quota
template to use. Note that sites created by using Self-Service Site Management use the default quota for the
web application.
Give enough room for reasonable growth in sites. Depending on what each site is used for, storage space
needs can vary dramatically. Sites are designed to grow over time as they are used. A quota limit of 50 MB
is unlikely to be enough storage space to start with for most sites, and is unlikely to be anywhere near
enough for a site that has a long life.
Allow for reasonable notice between the warning email message and locking the site for exceeding its quota.
For example, do not set the warning limit to 80 MB and the site storage limit to 85 MB. If users are in the
middle of uploading several large files, they will not be happy if they are blocked from completing that task
with very little notice.
Archive obsolete content or sites. However, if you are going to archive or delete obsolete content or sites, be
sure that users understand that plan and that you perform these actions only at predictable times. For
example, publish a schedule of when you are going to archive content or delete unused sites.
Periodically review site permissions. For example, review the permissions quarterly to remove permissions
for any users who have left the group or project.
Create a plan to back up site content often. Determine or discover how often backups will be made, and the
process for restoring content when necessary. For more , see Plan for backup and recovery in SharePoint
Server.
Usage reports
Quotas prevent site collections as a whole from exceeding the limits you set, but within a site collection, some sites
and pages will be used more than others. In order to balance your system resources you need to be aware of highly
used pages and sites and of underused or abandoned sites. The highly used sites may need more resources and
underused or abandoned ones should be archived or deleted. One part of your site maintenance plan should be a
plan for how to manage the size and number of site collections in your environment. This is most important if you
allow Self-Service Site Management. Most organizations want to be able to predict and control how much growth
they can expect from sites because of the impact that they can have on database resources. For example, if a
content database contains 100 sites, and one of those sites is taking up more than 50 percent of the space, then you
might need to move that site collection to a different content database. This will ensure that you preserve some
room for additional growth, while maintaining the ability to back up and restore the databases.
In SharePoint Server usage reports let you track the number of hits and number of unique users for a site or site
collection on a daily and monthly basis. Before you can view the reports, a farm administrator must configure
usage and data collection. For more information, see Configure usage and health data collection in SharePoint
Server. For more information on viewing and using usage reports, see View usage reports in SharePoint Server.
See also
Concepts
Manage unused site collections in SharePoint Server
Create, edit, and delete quota templates in SharePoint Server
Configure usage and health data collection in SharePoint Server
Delete and restore site collections in SharePoint Server
Create a site collection in SharePoint Server
Manage site collections in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
NAME DESCRIPTION
Create a site collection in SharePoint Server How to create a site collection based on an existing Web
application or create a Web application and then create a site
collection within that application.
Delete and restore site collections in SharePoint Server How to delete the content, user information, and site
hierarchy that comprise a site collection and restore a site
collection that has been deleted.
Types of files that cannot be added to a list or library How to restrict files from being uploaded or downloaded
based on their file name extension.
Manage the lock status for site collections in SharePoint How to add or remove a lock from a site collection.
Server
View all site collections in SharePoint Server How to see the list of site collections.
Manage a connection to a document center or a records How to connect a web application to a SharePoint Server
center in SharePoint Server document center or records center and how to modify and
delete connections.
Change site collection administrators in SharePoint Server How to change site collection administrators for SharePoint
Server site collections by using Central Administration or the
SharePoint 2016 Management Shell.
Create, edit, and delete quota templates in SharePoint Server How to create, edit, and delete site quota templates for a
SharePoint Server site collection.
See also
Administration of SharePoint Server
Create a site collection in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
Get-SPWebTemplate
New-SPSite -Url "<URL for the new site collection>" -OwnerAlias "<domain\user>" -Template $template
This example retrieves a list of all available site templates and then creates a site collection by using the
Team Site template. For more information, see New -SPSite and Get-SPWebTemplate.
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks.
The Stsadm command-line tool has been deprecated, but is included to support compatibility with
previous product versions.
See also
Concepts
Manage site collections in SharePoint Server
Delete and restore site collections in SharePoint
Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
You should back up a site collection before you delete it. For more information, see Plan for backup and recovery in
SharePoint Server.
If the site collection is associated with a Project Server service application, you must remove the association and
delete the Project Web App before you delete the site collection. You can remove the site collection association
with the Project Server service application from service application settings page in the SharePoint Central
Administration website.
Where: <URL> is the unique address of the site collection you want to delete.
This command removes the specified site collection and all subsites. Gradual deletion reduces the load on the
system during the deletion process.
The previous procedure illustrates a common way to use the Remove-SPSite cmdlet to delete a site collection.
You can specify different parameters to configure this command differently. For more information, see Remove-
SPSite.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Create a site collection in SharePoint Server
Overview of sites and site collections in SharePoint Server
Manage the lock status for site collections in
SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
OPTION DESCRIPTION
Not locked Unlocks the site collection and makes it available to users.
Adding content prevented Prevents users from adding new content to the site collection.
Updates and deletions are still allowed.
Read-only (blocks additions, updates, and deletions) Prevents users from adding, updating, or deleting content.
When a user attempts to add, update, or delete content, the
user receives an error message that informs the user that
access is denied and that the user does not have permission
to perform the action or access the resource. A read-only lock
can be either site collection administrator controlled if the site
collection is archived or farm administrator controlled
No access Prevents users from accessing the site collection and its
content. Users who attempt to access the site receive an error
page that informs the user that the website declined to show
the webpage.
NOTE
If you want to limit the amount of content that can be stored in a site collection, you can apply a quota template to the site
collection. When the content storage limit that is specified in the quota template is reached, the site collection is locked
automatically until the storage limit quota has been increased or some content has been removed. For more information, see
Create, edit, and delete quota templates in SharePoint Server.
IMPORTANT
The steps in this article apply to SharePoint Server 2016, SharePoint Foundation 2013, and SharePoint Server 2013.
Where:
<SiteCollection> is the URL of the site collection that you want to lock or unlock.
<State> is one of the following values:
Unlock to unlock the site collection and make it available to users.
NoAdditions to prevent users from adding new content to the site collection. Updates and
deletions are still allowed.
ReadOnly to prevent users from adding, updating, or deleting content.
NoAccess to prevent users from accessing the site collection and its content. Users who
attempt to access the site receive an error message.
For more information, see Set-SPSite.
See also
Concepts
Create, edit, and delete quota templates in SharePoint Server
Other Resources
Manage site collections and global settings in the SharePoint admin center
View all site collections in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
ITEM DESCRIPTION
Database name The content database that is used by the site collection.
NOTE
This command displays the URLs of all the web applications in a server farm and the site collections in each web
application.
See also
Other Resources
Manage site collections and global settings in the SharePoint admin center
Manage a connection to a document center or a
records center in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
The destination document or record center must already exist before you perform the procedures for this task. You also need
the URL of the destination document or record center for the procedures in this article.
Create a connection
Use this procedure to create a connection to a document repository or a records center.
To create a connection
1. To create a connection, you must be a member of the Farm Administrators group.
2. On the SharePoint Central Administration website, click General Application Settings and in the
External Service Connections section, select Configure Send To Connections.
3. On the Configure Send To Connections page, in the Web Application field, select the web application
that hosts the site collections from which documents will be sent.
4. In the Tenant Settings section, select Allow sites to send to connections outside their tenancy if you
want tenants on this farm to able to send content to other tenants on this farm.
5. In the Send To Connections list, select New Connection.
6. In the Display name field, type a name for this connection. This is the name that users will see as one of the
options to which to send a document.
7. In the Send to URL field, enter the URL to the Content Organizer for the destination site. (To find the
correct URL go to the Site Settings page, in the Site Administration section, click Content Organizer
Settings, and then look in the Submission Points section of the Content Organizer : Settings page of
the destination repository.) Use Click here to test if you want to confirm that you have entered a URL to a
Content Organizer.
8. To display this connection in the list that appears when a user clicks Send To, select Allow manual
submission from the Send To menu.
9. In the Send To action list, select one of the following values:
Copy Select this option to create a copy of the document and send the copy to the destination
repository.
Move Select this option to delete the document from its current location and move the document to
the destination repository. Users will no longer be able to access the document from its original
location.
Move and Leave a Link Select this option to delete the document from its current location, move it
to the destination repository, and leave a link at the current location indicating that the document has
been moved. When a user clicks this link, a page will appear that displays the URL of the document
and the document's metadata.
10. In the Explanation dialog box, type the information to be added to the audit log when the user sends a
document by using this connection. If you selected Move and Leave a Link in the previous step, the page
that appears when the user clicks the link will also display the explanation.
11. Click Add Connection to create the connection, and then click OK when you are finished configuring
connections.
NOTE
The Allow sites to send to connections outside their tenancy option applies to all site subscription connections in a web
application, and is not used when you add, modify, or delete a single connection.
Modify a connection
Use this procedure to modify an existing connection to a document repository or a records center.
To modify a connection
1. To modify a connection, you must be a member of the Farm Administrators group.
2. On the Central Administration website, click General Application Settings, and select Configure Send
To Connections.
3. On the Configure Send To Connections page, in the Web Application field, select the web application
that contains the site collections that use this connection.
4. In the Send To Connections list, select the connection that you want to modify.
5. Modify any of the connection settings as described in the previous procedure.
6. Click Update Connection to modify the connection, and then click OK when you are finished configuring
connections.
Delete a connection
Use this procedure to delete an existing connection to a document repository or a records center.
To delete a connection
1. To delete a connection, you must be a member of the Farm Administrators group.
2. On the Central Administration website, click General Application Settings, and select Configure Send
To Connections.
3. On the Configure Send To Connections page, in the Web Application field, select the web application
that contains the site collections that use this connection.
4. In the Send To Connections list, select the connection that you want to delete.
5. Click Remove Connection to delete the connection, and then click OK when you are finished configuring
connections.
See also
Concepts
Manage site collections in SharePoint Server
Other Resources
Manage site collections and global settings in the SharePoint admin center
Change site collection administrators in SharePoint
Server
6/7/2019 • 4 minutes to read • Edit Online
A site collection can have only one primary site collection administrator and one secondary site collection
administrator. The steps in this procedure describe how to change either of them. Any user who is removed as a
site collection administrator is removed from the site collection administrators group for the site collection.
To change the primary or secondary site collection administrator by using Central Administration
1. Verify that you have the following administrative credentials:
To add a site collection administrator, you must be a member of the Farm Administrators group on the
computer that is running Central Administration.
2. In Central Administration, click Application Management. On the Application Management page, in
the Site Collections section, click Change site collection administrators.
3. On the Site Collection Administrators page, click the arrow next to the site collection name, and then
select Change Site Collection if the site collection you want is not already selected.
4. If the site collection to which you want to add an administrator is listed, select the URL of the site collection,
and then click OK. If the site collection is not listed, click the arrow next to the web application name, click
Change Web Application, select the name of the web application that contains the site collection, select
the URL of the site collection, and then click OK.
5. In the Primary site collection administrator or Secondary site collection administrator area, either
type the name of the user whom you want to add by using the format <domain>\ <username> or select
the user by using the address book.
6. Click OK.
To add a primary or secondary site collection administrator by using Microsoft PowerShell
1. Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
2. Open the SharePoint Management Shell.
3. At the PowerShell command prompt, type the following command to replace the secondary site collection
administrator:
Where:
<SiteCollection> is the URL of the site collection to which you want to add a site collection
administrator.
<User> is name of the user whom you want to add in the format <domain>\ <username>.
The previous procedure shows a common way to use the Set-SPSite cmdlet to add a secondary site collection
administrator. You can specify different parameters to configure different settings for a site collection. For more
information, see Set-SPSite.
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The
Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product
versions.
See also
Concepts
Create a site collection in SharePoint Server
Other Resources
Manage administrators for a site collection
Create, edit, and delete quota templates in
SharePoint Server
6/7/2019 • 9 minutes to read • Edit Online
NOTE
When you apply a quota template to a site collection, the storage limit applies to the site collection as a whole. In other
words, the storage limit applies to the sum of the content sizes for the top-level site and all subsites within the site
collection. If versioning is enabled, the versions in a site and the content in the Recycle Bins count toward storage limits.
You can also specify a percentage of storage limits for the second-stage Recycle Bin.
Where:
<Site> is the URL or GUID of the site collection whose quota template that you want to change.
<Template> is the name or GUID of the replacement quota template.
For more information, see Set-SPSite.
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The
Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product
versions.
Where:
<Site> is the URL of the site collection whose storage limits you want to change.
<Limit> is the new storage limit for the site collection, in bytes.
NOTE
The new storage limit overrides the limit set in the quota template that is currently applied to the site collection.
See also
Concepts
Create a site collection in SharePoint Server
Manage the lock status for site collections in SharePoint Server
Manage unused site collections in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
To send email notifications, you must configure outgoing email settings. For more information, see Configure outgoing email
for a SharePoint Server farm.
Site usage confirmation and deletion can help to free resources that are used by site collections that are no longer
needed. Site collections can be deleted automatically after a specified period of inactivity or can depend on the site
collection owner's response to a notification.
NOTE
Automatic deletion permanently removes all the content and information from the site collection and any sites within
the site collection.
See also
Concepts
Delete and restore site collections in SharePoint Server
Manage web parts in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
NOTE
The apps for SharePoint add functionality to a site. Site owners can add apps for SharePoint to SharePoint sites so that they
and other users of the site can use the application. For more information, see Add apps for SharePoint to a SharePoint site.
RECOMMENDED
ROLE CATEGORY APPLIES TO DESCRIPTION GUIDELINES
Developer Input Validation Web Part code Input validation refers Building Secure
to how your ASP.NET Pages and
application filters, Controls
scrubs, or rejects Creating Web Parts
input before For SharePoint
additional processing.
This includes
verification that the
input that your
application receives is
valid and safe.
RECOMMENDED
ROLE CATEGORY APPLIES TO DESCRIPTION GUIDELINES
Thank you to Waqas Sarwar, Microsoft MVP, for providing the following article about web part security in
SharePoint Server 2016, SharePoint 2016 Central Admin - Security - Manage Web Part security.
The following articles about managing web parts in SharePoint Server are available in this section:
CONTENT DESCRIPTION
Configure and deploy web parts in SharePoint Server How to secure and deploy web parts in SharePoint Server.
Edit existing web parts in SharePoint Server How to edit web parts and web part properties in SharePoint
Server,
See also
Concepts
Configure and deploy web parts in SharePoint Server
Edit existing web parts in SharePoint Server
Security for SharePoint Server
Plan for user authentication methods in SharePoint Server
Other Resources
Add, edit, minimize, or delete a Web Part from a page
Using web parts on pages
Configure and deploy web parts in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
Configuration options
ASP.NET web parts are deployed to either the SharePoint Server bin directory or to the Global Assembly
Cache (GAC ).
Bin directory Stored in the bin folder under the root directory of your Web application.
Advantages of this location:
A partial-trust location. By default, code that runs from this directory has a low level of code access security
permissions. If the web part requires access across applications or more access than the default
permissions allow, the administrator must explicitly raise permissions that are granted to a web part so that
it can function correctly. Administrators might prefer that assemblies run in the Bin directory, with a known
minimum set of required code access security permissions.
Disadvantages of this location:
To run your web part everywhere, you must deploy your assembly to the Bin directory on each SharePoint
Server 2016 server with the MinRole Front-end and Application server roles, and each SharePoint 2013
server with web and application role installed.
Global Assembly Cache (GAC ) All standard web parts are automatically installed in the GAC, where the
common language runtime of the .NET Framework is located, at %windir%\assembly. web parts stored in
the GAC can be shared across applications.
Advantages of this location:
A global location where you can deploy signed assemblies, which can run with full trust by default. Because
the assemblies are installed globally, they work in any Web application.
Disadvantages of this location:
Generally, there are no code access security restrictions on code that is installed to the GAC; therefore, you
lose the benefit of defense-in-depth security.
Additionally, it can be difficult to deploy your program database (.pdb) files to assemblies in the GAC.
Setting security attributes
ASP.NET web parts that are stored in the Bin directory have additional security attributes. You can decide whether
to set these attributes for your web part, depending on how you plan to use it.
The Bin directory is a partial-trust location. Therefore, your web part is not automatically granted full trust code
permissions when it is executed. Because the code that calls into your web part is granted only partial trust
permissions, the web part developer must configure the AllowPartiallyTrustedCallers attribute on your
ASP.NET web part.
Marking a component as "safe" with the AllowPartiallyTrustedCallers attribute puts the responsibility for safe
implementation on the development team.
By default, the Bin directory and its contents are assigned minimal code access security permissions. You should
test your web parts carefully to determine the correct level of permissions to assign, and to ensure that the web
part does not present a security risk to your environment.
You can elevate permissions in either of two ways:
(Recommended) Create a trust policy file and point your Web.config file at the new file. This option is more
complex, but it enables you to set precise permissions for your web parts. For more information about trust
policy files, see Microsoft Windows SharePoint Services and Code Access Security.
Raise the overall trust level of the Bin directory. In the Web.config file in the root directory of your Web
application, locate the trust element. The default value for the trust element's level attribute is
WSS_Minimal. You can change this level to WSS_Medium. Although this option is simpler, it grants
arbitrary new permissions that you might not need, and it is less secure than creating a trust policy file.
Cau t i on
The WSS_Minimal and WSS_Medium entries in the Web.config file are case sensitive.
Where:
<YourWebPartName> is the name of the web part that is being deployed.
<YourWebPartNamespace> is the namespace that is associated with your web part.
An alternative to manually installing a web part to the Bin folder or manually changing the Web.config file is to
use PowerShell to install the web part package. For this process to work, a developer or system administrator
must create a CAB solution package for the web part. After you create a CAB file, follow these steps to deploy the
web part.
To deploy the web part by using Microsoft PowerShell
1. Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
2. Open SharePoint Management Shell.
3. At the PowerShell command prompt (PS C:\>), type the following command, and then press ENTER:
Where:
<PathToCabFile> is the full path to the CAB file that is being deployed.
<WebPartName> is the name of the web part that is being deployed.
The previous procedure shows a common way to use Install-SPWebPartPack to deploy a web part. You can
specify additional parameters to change the way the web part is deployed. For more information, see Install-
SPWebPartPack.
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The
Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product
versions.
See also
Concepts
Manage web parts in SharePoint Server
Other Resources
How to: Deploy, Publish, and Upgrade SharePoint Solutions on a Remote Server
Edit existing web parts in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
Notice that all web parts on the page now display borders and are individually selectable.
5. Move your mouse over the upper right corner of the web part you will edit.
NOTE
Notice that a small drop-down arrow and a check-box become visible when you hover over the corner. The check-
box allows you to select the web part. When the check-box is selected the web part tab shows in the Ribbon and
allows several options including viewing the Web Part Properties, Minimize, and the option to Delete the web
part.
6. The drop-down arrow allows similar choices with the addition of the Export option. Export allows you to
save the entire selected Web-Part in the .webpart file format for import and use on another page or
SharePoint Server site.
7. The editable properties for the selected web part are available by selecting Web Part Properties, from the
Web Part tab in the Ribbon, or Edit Web Part from the drop-down arrow.
8. That's it. You're editing a SharePoint Server web part.
9. When you've completed editing, to save your work and return to the normal page view, select the Page tab
in the Ribbon, and then click Save. This will save your work and exit the edit mode and return you to your
normal page view.
TIP
If you've made a mistake, or aren't happy with the revisions you've made to the page or its web parts, you can
choose to Stop Editing and then Discard changes. Select the Page tab in the Ribbon, and then select the drop-
down arrow below the Save icon. Select Stop Editing, the Save Changes dialog appears. Select Discard changes.
IMPORTANT
One last thing, the SharePoint Server online help available via the help icon question mark. This help is available for all
elements on the page, including web parts. When you have selected a web part, if you want additional help, click the help
icon question mark and a SharePoint Help window will open. The default topics will display for the item on the page you've
selected and you can search for additional topics. For web parts the search terms Configure Web Part will return many
related results.
See also
Concepts
Configure and deploy web parts in SharePoint Server
Configure properties of the Search Box Web Part in SharePoint Server
Configure properties of the Search Results Web Part in SharePoint Server
Configure properties of the Refinement Web Part in SharePoint Server
Configure properties of the Search Navigation Web Part in SharePoint Server
Use the Hero web part
What is a SharePoint communication site?
Permissions planning for sites and content in
SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
NOTE
Although you cannot directly edit the Limited Access and Full Control permission levels, you can make individual permissions
unavailable for the entire web application, which removes those permissions from the Limited Access and Full Control
permission levels. For more information, see Manage permissions for a web application in SharePoint Server.
The following table lists the default permission levels for team sites in SharePoint Server.
View Only Enables users to view application pages. View Application Pages
The View Only permission level is used View Items
for the Excel Services Viewers group. View Versions
Create Alerts
Use Self Service Site Creation
View Pages
Browse User Information
Use Remote Interfaces
Use Client Integration Features
Open
Read Enables users to view pages and list Limited Access permissions, plus:
items, and to download documents. View Items
Open Items
View Versions
Create Alerts
Use Self-Service Site Creation
View Pages
Full Control Enables users to have full control of the All permissions
website.
If you use a site template other than the team site template, you will see a different list of default SharePoint
permission levels. For example, the following table shows additional permission levels provided with the
publishing template.
Approve Edit and approve pages, list items, and Contribute permissions, plus:
documents. For publishing sites only. Override List Behaviors
Approve Items
Manage Hierarchy Create sites; edit pages, list items, and Design permissions minus the Approve
documents, and change site Items, Apply Themes and Borders, and
permissions. For Publishing sites only. Apply Style Sheets permissions, plus:
Manage permissions
View Web Analytics Data
Create Subsites
Manage Alerts
Enumerate Permissions
Manage Web Site
User permissions
SharePoint Server includes 33 permissions, which are used in the default permission levels. You can configure
which permissions are included in a particular permission level (except for the Limited Access and Full Control
permission levels), or you can create a new permission level to contain specific permissions.
Permissions are categorized as list permissions, site permissions, and personal permissions, depending on the
objects to which they can be applied. For example, site permissions apply to a particular site, list permissions apply
only to lists and libraries, and personal permissions apply only to certain objects, such as personal views and
private Web Parts. The following tables describe what each permission is used for, the dependent permissions, and
the permission levels in which it is included.
List permissions
INCLUDED IN THESE
PERMISSION LEVELS BY
PERMISSION DESCRIPTION DEPENDENT PERMISSIONS DEFAULT
Manage Lists Create and delete lists, add View Items, View Pages, Edit, Design, Full Control,
or remove columns in a list, Open Manage Hierarchy
and add or remove public
views of a list.
Override List Behaviors Discard or check in a View Items, View Pages, Design, Full Control
document that is checked Open
out to another user, and
change or override settings
that allow users to read/edit
only their own items.
Add Items Add items to lists, and add View Items, View Pages, Contribute, Edit, Design, Full
documents to document Open Control
libraries.
Edit Items Edit items in lists, edit View Items, View Pages, Contribute, Edit, Design, Full
documents in document Open Control
libraries, and customize Web
Part pages in document
libraries.
Delete Items Delete items from a list, and View Items, View Pages, Contribute, Edit, Design, Full
documents from a Open Control
document library.
View Items View items in lists, and View Pages, Open Read, Contribute, Edit,
documents in document Design, Full Control
libraries.
Approve Items Approve a minor version of Edit Items, View Items, View Design, Full Control
list items or document. Pages, Open
Open Items View the source of View Items, View Pages, Read, Contribute, Edit,
documents with server-side Open Design, Full Control
file handlers.
View Versions View past versions of a list View Items, Open Items, Read, Contribute, Edit,
item or document. View Pages, Open Design, Full Control
INCLUDED IN THESE
PERMISSION LEVELS BY
PERMISSION DESCRIPTION DEPENDENT PERMISSIONS DEFAULT
Delete Versions Delete past versions of list View Items, View Versions, Contribute, Edit, Design, Full
items or documents. View Pages, Open Control
Create Alerts Create alerts. View Items, View Pages, Read, Contribute, Edit,
Open Design, Full Control
Site permissions
INCLUDED IN THESE
PERMISSION LEVELS BY
PERMISSION DESCRIPTION DEPENDENT PERMISSIONS DEFAULT
Manage Permissions Create and change View Items, Open Items, Full Control
permission levels on the web View Versions, Browse
site and assign permissions Directories, View Pages,
to users and groups. Enumerate Permissions,
Browse User Information,
Open
View Web Analytics Data View reports on Web site View Pages, Open Full Control
usage.
Create Subsites Create subsites such as View Pages, Browse User Full Control
team sites, Meeting Information, Open
Workspace sites, and
Document Workspace sites.
Manage Web Site Grants the ability to perform View Items, Add and Full Control
all administration tasks for Customize Pages, Browse
the web site, as well as Directories, View Pages,
manage content. Enumerate Permissions,
Browse User Information,
Open
Add and Customize Pages Add, change, or delete View Items, Browse Design, Full Control
HTML pages or Web Part Directories, View Pages,
pages, and edit the website. Open
Apply Themes and Borders Apply a theme or borders to View Pages, Open Design, Full Control
the whole website.
Apply Style Sheets Apply a style sheet (.css file) View Pages, Open Design, Full Control
to the website.
Create Groups Create a group of users that View Pages, Browse User Full Control
can be used anywhere Information, Open
within the site collection.
INCLUDED IN THESE
PERMISSION LEVELS BY
PERMISSION DESCRIPTION DEPENDENT PERMISSIONS DEFAULT
Browse Directories Enumerate files and folders View Pages, Open Contribute, Edit, Design, Full
in a website by using Control
SharePoint Designer 2013
and Web DAV interfaces.
Use Self-Service Site Create a website using Self- View Pages, Browse User Read, Contribute, Edit,
Creation Service Site Creation. Information, Open Design, Full Control
Manage Alerts Manage alerts for all users View Items, View Pages, Full Control
of the website. Open, Create Alerts
Use Remote Interfaces Use SOAP, Web DAV, the Open All
Client Object Model, or
SharePoint Designer 2013
interfaces to access the
website.
Use Client Integration Use features that launch Use Remote Interfaces, All
Features client applications. Without Open, View Items
this permission, users must
work on documents locally
and then upload their
changes.
Edit Personal User Enables users to change Browse User Information, Contribute, Edit, Design, Full
Information their own user information, Open Control
such as adding a picture.
Personal permissions
INCLUDED IN THESE
PERMISSION LEVELS BY
PERMISSION DESCRIPTION DEPENDENT PERMISSIONS DEFAULT
Manage Personal Views Create, change, and delete View Items, View Pages, Contribute, Edit, Design, Full
personal views of lists. Open Control
Add/Remove Personal Web Add or remove personal View Items, View Pages, Contribute, Edit, Design, Full
Parts Web Parts on a Web Part Open, Update Personal Web Control
page. Parts
INCLUDED IN THESE
PERMISSION LEVELS BY
PERMISSION DESCRIPTION DEPENDENT PERMISSIONS DEFAULT
Update Personal Web Parts Update Web Parts to display View Items, View Pages, Contribute, Edit, Design, Full
personalized information. Open Control
See also
Other Resources
Manage permissions for a web application in SharePoint Server
Overview of the Contribute permission level in
SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
See also
Concepts
User permissions and permission levels in SharePoint 2013
Best practices for using fine-grained permissions in
SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions.
For additional information about PowerShell permissions, see Add-SPShellAdmin.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
IMPORTANT
Using a SharePoint group will cause a full crawl of the index. If possible, use a domain group.
Introduction
In AD DS, the following groups are commonly used to organize users:
Distribution group A group that is used only for e-mail distribution and that is not security-enabled.
Distribution groups cannot be listed in discretionary access control lists (DACLs), which are used to define
permissions on resources and objects.
Security group A group that can be listed in DACLs. A security group can also be used as an e-mail entity.
You can use security groups to control permissions for your site by adding security groups to SharePoint groups
and granting permissions to the SharePoint groups. You cannot add distribution groups to SharePoint groups, but
you can expand a distribution group and add the individual members to a SharePoint group. If you use this
method, you must manually keep the SharePoint group synchronized with the distribution group. If you use
security groups, you do not need to manage the individual users in the SharePoint application. Because you
included the security group instead of the individual members of the group, AD DS manages the users for you.
NOTE
For ease of security management, we do not recommend the following items when you manage AD DS groups. > Assign
permission levels directly to AD DS groups. > Adding security groups that contain nested security groups, contacts, or
distribution lists.
IMPORTANT
To improve security for sites, lists, or libraries, do not enable anonymous access. Anonymous access allows users to
contribute to lists, discussions, and surveys, which will possibly use up server disk space and other resources.
Anonymous access also allows anonymous users to discover site information, including user e-mail addresses and any
content posted to lists, and libraries, and discussions.
Permission policies provide a centralized way to configure and manage a set of permissions that applies to only a
subset of users or groups in a web application. You can manage permission policy for anonymous users by
enabling or disabling anonymous access for a web application. If you enable anonymous access for a web
application, site administrators can then grant or deny anonymous access at the site collection, site, or item level. If
anonymous access is disabled for a web application, no sites within that web application can be accessed by
anonymous users.
None No policy. This is the default option. No additional permission restrictions or additions are applied to
site anonymous users.
Deny Write Anonymous users cannot write content, even if the site administrator specifically attempts to
grant the anonymous user account that permission.
Deny All Anonymous users cannot have any access, even if site administrators specifically attempt to grant
the anonymous user account access to their sites. For more information about permission policies, see
Manage permission policies for a web application in SharePoint Server.
See also
Other Resources
Permissions planning for sites and content in SharePoint Server
Manage permission policies for a web application in SharePoint Server
Determine permission levels and groups in SharePoint
Server
6/7/2019 • 8 minutes to read • Edit Online
If you use a site template other than the team site template, you will see a different list of default SharePoint
groups. For example, the following table shows the additional groups provided by a publishing site template.
Restricted Readers Restricted Read to the site, plus Limited Members of this group can view pages
Access to specific lists and documents, but cannot view
historical versions or review user rights
information.
GROUP NAME DEFAULT PERMISSION LEVEL DESCRIPTION
Style Resource Readers Read to the Master Page Gallery and Members of this group are given Read
Restricted Read to the Style Library. permission to the Master Page Gallery
and Restricted Read permission to the
Style Library. By default, all
authenticated users are a member of
this group.
> [!NOTE]> Do not remove all
authenticated users from this group.
Because Master Page Gallery and Style
Library are shared across all sites in the
site collection and must be accessible to
all users of all sites. If you remove all
authenticated users from the group,
anyone with this permission level on a
subsite will not be able to render the
site. SharePoint will not automatically
add or remove users of subsites to or
from this group as needed.
Designers Design, Limited Access Members of this group can to view, add,
update, delete, approve, and customize
the layout of site pages by using the
browser or SharePoint Designer 2013.
Approvers Approve, plus Limited Access Members of this group can edit and
approve pages, list items, and
documents.
Hierarchy Managers Manage Hierarchy, plus Limited Access Members of this group can create sites,
lists, list items, and documents.
TIP
The Limited Access permission level is used to give groups access to a specific list, library, folder, document, or item, without
giving them access to the entire site. Do not remove this permission level from the groups listed above. If this permission
level is removed, the groups might not be able to navigate through the site to get the specific items with which they need to
interact.
Make most users members of the Visitors or Members groups. By default, users in the Members group can
contribute to the site by adding or removing items or documents, but cannot change the structure, site settings, or
appearance of the site. The Visitors group has read-only access to the site, which means that they can see pages
and items, and open items and documents, but cannot add or remove pages, items, or documents.
If the default groups do not map to the exact user groups in your organization, you can create custom groups.
Besides the above SharePoint groups, there are also administrator groups for higher-level administration tasks.
They are Windows administrators, SharePoint farm administrators, and site collection administrators.
For more information, see Choose administrators and owners for the administration hierarchy in SharePoint 2013.
NOTE
If this permission level is removed, group members might be unable to navigate the site to access items, even if they
have the appropriate permissions for an item within the site.
**Read ** Includes permissions that enable users to view items on the site pages.
**Edit ** Includes permissions that enable users to add, edit and delete lists; can view, add, update and delete
list items and documents.
**Contribute ** Includes permissions that enable users to add or change items on the site pages or in lists
and document libraries.
**Design ** Includes permissions that enable users to view, add, update, delete, approve, and customize the
layout of site pages by using the browser or SharePoint Designer 2013.
**Full Control ** Includes all permissions.
For more information about permissions that are included in the default permission levels, see User permissions
and permission levels in SharePoint 2013.
The following additional permission levels are provided with the publishing template by default:
**Approve ** Includes permissions to edit and approve pages, list items, and documents.
**Manage Hierarchy ** Includes permissions to sites and edit pages, list items, and documents.
**Restricted Read ** Includes permissions to view pages and documents, but not historical versions or
permissions information.
NOTE
Do not customize the default permission levels if your organization has security or other concerns about a specific
permission that is part of the permission level. If you want to make that permission unavailable for all users assigned
to the permission level or levels that include that permission, turn off the permission for all Web applications in your
server farm, instead of change all of the permission levels To manage permissions for a web application, see Manage
permissions for a web application in SharePoint Server.
If you must make several changes to a permission level, create a custom permission level that includes all of the
permissions that you need.
You might want to create additional permission levels if either of the following conditions is true:
You want to exclude several permissions from a specific permission level.
You want to define a unique set of permissions for a new permission level.
To create a permission level, you can create a permission level and then select the permissions that you want to
include.
NOTE
Some permissions depend on other permissions. If you clear a permission that another permission depends on, the other
permission is also cleared.
Choose administrators and owners for the
administration hierarchy in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
Levels of administration
Most levels of the server and site hierarchy have a corresponding administration group. The administration groups
that have administrative permissions at different levels are described in the following list:
Server or farm level
Farm Administrators group Members of the Farm Administrators group have Full Control
permissions to and responsibility for all servers in the server farm. Members can perform all
administrative tasks in Central Administration for the server or server farm. They can assign
administrators to manage service applications, which are instances of shared services. This group
does not have access to individual sites or their content.
Windows Administrators group Members of the Windows Administrators group on the local
server can perform all farm administrator actions. Administrators on the local server can perform
additional tasks, such as installing new products or applications, deploying Web Parts and new
features to the global assembly cache, creating new Web applications and new Internet Information
Services (IIS ) Web sites, and starting services. Like farm administrators, members of this group on
the local server have no access to site content, by default.
NOTE
Farm administrators and members of the local Administrators group can take ownership of specific site
collections if it is necessary. For example, if a site administrator leaves the organization and a new
administrator must be added, the farm administrator or a member of the local Administrators group can take
ownership of the site collection to make the change. To take ownership, they can add themselves as the site
collection administrator on the Application Management page.
NOTE
You can create additional SharePoint groups and permission levels if that you must have more control over the actions that
the users can take. For example, if you do not want the Read permission level on a specific subsite to include the Create Alerts
permission, break the inheritance and customize the Read permission level for that subsite. > SharePoint Foundation 2013
and SharePoint Server use Check Permissions to determine a user or group's permissions on all resources in a site collection.
You can now find both the user's directly assigned permissions and the permissions assigned to any groups of which the user
is a member by checking permissions for a specific site or site content.
However, it is not as easy to manage a site that has permission inheritance as shown in the following table.
SiteA/SubsiteA/LibraryA Non-sensitive documents, but with one Inherited, with unique permissions at
or two sensitive documents the document level
SiteA/SubsiteB/ListB Non-sensitive data, but with one or two Inherited, with unique permissions at
sensitive items the item level
Introduction
You can control access to site and site content by assigning permissions to users or groups for a specific site or site
content at the following levels in a site collection:
Site
Library or list
Folder
Document or item
Before developing your plan for site and content access, you should consider the following questions:
To what granularity do you want to control permissions for the site or site content? For example, you might
want to control access at the site level, or you might need more restrictive security settings for a specific list,
folder, or item.
How do you want to categorize and manage the users by using SharePoint groups? Groups have no
permission until they are assigned a permission level for a specific site or for specific site content. When you
assign permission levels to SharePoint groups at the site collection level, by default, all sites and site content
inherit those permission levels.
For more information about how to use groups to help manage permissions, see Choose security groups
(SharePoint Server 2010).
TIP
If you choose to break inheritance and use fine-grained permissions, you should use groups to avoid having to track
individual users. Because people move in and out of teams and change responsibilities frequently, tracking those changes and
updating the permissions for uniquely secured objects would be time-consuming and error-prone.
Overview of managing digital assets in SharePoint
Server 2013
6/7/2019 • 8 minutes to read • Edit Online
SCENARIO DESCRIPTION
Corporate brand library The asset library stores branded corporate assets such as
logos, artwork, and other digital assets, and workflows and
policies help manage the content. Creative teams can submit
digital assets to the asset library where they are reviewed and
published. Content stewards manage and edit the digital
assets to make sure that they are correctly tagged and
organized. Information workers and extranet partners who
want corporate logos or brand assets use the library to find
the content they require.
Divisional portal The asset library is a repository for images and rich media files
for a single portal site. In this scenario, any contributor or
designer can upload logos and images to the library for other
people to view and use. The content is typically managed by
contributors, and there is minimal workflow or policy
associated with adding and managing content. For example,
the divisional portal library might have multiple contributors
but only a few approvers. Authors and web designers of the
site use content in the library by viewing, downloading, and
inserting it into their work products, such as documents or
presentations.
Team site Similar to a divisional portal but smaller. The asset library is a
repository for images and rich media for a single team site. In
this scenario, any team member can upload assets to the
library for other team members to view and use. The content
is managed as necessary by contributors, and there is minimal
workflow or policy. Team members use content in the library
by viewing, downloading, and inserting it into their work
products, such as documents or presentations.
Corporate archive The asset library stores pictures, video, documents, and other
assets that have historical value to the organization. Users can
submit current and past items, which are collected, scanned,
organized, and tagged by curators who manage the library so
that other users can browse, search, and view archived
content.
Divisional media sharing site The asset library stores audio and video files. In this scenario,
anyone can contribute to the library, and there is minimal or
no management of items in the library. Ratings are enabled
for the library, and are combined with social tagging of assets
to drive the structure and presentation of assets within the
library.
Plan digital asset libraries in SharePoint Server 2013
6/7/2019 • 15 minutes to read • Edit Online
NOTE
SharePoint Server 2013 does not support live streaming of audio or video content.
As a centralized repository for digital assets for the organization. In this situation, you use content
approval and workflow for all assets that are added to the library. People who have different roles might be
responsible for separate stages of the approval process. For example, graphic designers and audio or video
producers could upload assets to the library. But a content manager might be responsible for triaging
incoming assets, assigning additional metadata to the assets, and approving them for publication.
For more information about scenarios in which you might use a digital asset library, see the Scenarios for using
the asset library section in Overview of managing digital assets in SharePoint Server 2013.
NOTE
If you enable the disk-based cache for a web application, every site collection within that web application will use the cache.
If you do not have to have the disk-based cache for most the sites, consider putting in a separate web application only
those site collections that contain an asset library that requires the disk-based cache.
Decide where you want to create each asset library. Where you create the asset library depends on how you
plan to use it. For an asset library that will be used at the team level, you might create the asset library at the site
level. For a centralized repository, you might create the asset library at the site collection level. If the asset library
will be used with a web publishing site, put the library in the same site collection as the publishing site so that
asset files that are used by publishing pages are available to the publishing site. Use your asset analysis to
determine who creates and uses assets, and how those assets are used. This will help you decide where asset
libraries are needed in the enterprise.
Choose a fixed or collaborative library. Depending on the scenario, the asset library will be either a fixed
library or a collaborative environment. In a fixed library, completed assets are checked in and the library is read-
only. In a collaborative environment, versioning is enabled for the library, and users who have appropriate
permissions can both read and write to existing assets.
Decide how to organize the asset library. You can plan to store all assets in the root of the asset library, and
use custom views to display assets to library users based on certain criteria. You can also use folders to hold assets
based on criteria that you specify. For example, you might put video files in one folder and audio files in another.
Or, you might create folders based on products and put all assets related to a particular product into the product
folder. Refer to your asset analysis to determine the most common scenarios for how assets are used in your
organization.
Plan content types
The content types included in an asset library are image, audio, and video. You can either use these content types
or create custom content types that are derived from them, depending on the classification needs of your
organization. For example, you might create two separate content types for posters and product logos, and derive
the base characteristics for those new content types from the image content type. This arrangement lets you
associate separate properties for the two new content types, specify different workflows, or set different
information management policies based on the content types. For more information, see Plan content types and
workflows in SharePoint 2013.
Plan content governance for digital assets
You plan the appropriate degree of control for each content type and storage location for digital assets. For
example, if the asset library is a collaborative solution, you can use versioning to store successive iterations of
assets in the library, and can require users to check assets in and out before working on assets. You can also
specify an approval process by which assets must be approved before they can be made available to an audience.
For more information, see Plan document versioning, content approval, and check-out controls in SharePoint
2013.
Plan workflows
You use workflows to perform management tasks on assets in the asset library in the same manner as you use
workflows in a document library. Important considerations include the following:
Do assets have to be reviewed and approved before they can be used by asset consumers?
Who is responsible for managing the expiration of assets?
Are assets retained or deleted after expiration?
For more information, see Plan content types and workflows in SharePoint 2013.
Plan policies
For each content type that you want to use in the asset library, you must plan the information management
policies that specify how assets are audited, retained, and labeled. For more information, see Plan for information
management policy in SharePoint Server.
IMPORTANT
SharePoint Server 2013 does not automatically apply Information Rights Management (IRM) protection to audio or video
content that is stored in a SharePoint Server 2013 asset library. Additionally, when audio or video assets stored in
SharePoint Server 2013 are viewed by a user, copies of those assets might be stored in the user's local browser cache. The
SharePoint Server 2013 media player supports playing IRM-protected audio and video formats where the Digital Rights
Management protection was applied by an external IRM provider that is supported by Silverlight 3 or later versions. For
more information, see Digital Rights Management (DRM) (https://go.microsoft.com/fwlink/p/?LinkId=154933).
FEATURE DESCRIPTION
Podcasts Users can enter the URL for the library RSS feed into their
podcast application to receive updates when new audio and
video files are added to the asset library. For more
information about how to upload audio and video files, see
Set up an Asset Library to store image, audio, or video files.
Suggested Content Browser Locations When you are using a publishing site, the URL for an asset
library in a separate site can be added to the Suggested
Content Browser Locations list for the publishing site. This lets
content creators access the asset library when they insert
assets into web pages within SharePoint Server 2013, or
within Office applications, such as Word.
See also
Concepts
Overview of managing digital assets in SharePoint Server 2013
Overview of OneDrive for Business in SharePoint
Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
While OneDrive for Business is used in both SharePoint Server on-premises and Office 365 environments, this article
describes how it works in SharePoint Server. For more information about how it works in an Office 365 environment, see
What is OneDrive for Business?.
OneDrive for Business is the default document library in a user's What's new in social computing in SharePoint
Server 2013 in SharePoint Server or in Office 365. The contents of this library can optionally be synchronized
with one or more of the user's computers or devices.
By using OneDrive for Business, you can help ensure that business files for your users are stored in a central
location. Storing business files in one location makes it easy for users to share and collaborate on documents. If
you're using OneDrive for Business in Office 365, you can also reduce your on-premises storage costs by moving
your users' files to the cloud.
OneDrive for Business is different from the consumer OneDrive service in that OneDrive for Business is based on
SharePoint and is meant for storing a user's business documents and files. Consumer OneDrive is a separate
service that is meant for personal use.
Synchronizing files
To synchronize OneDrive for Business files, you need to use a sync client. Sync clients automatically synchronize
files between OneDrive for Business and a user's computer or a mobile device. They are available for a variety of
operating systems and mobile devices. The OneDrive for Business Windows sync client is also included as part of
an Office installation.
When you're using OneDrive for Business in SharePoint Server, you can synchronize your files to a variety of
devices, but those devices need to be connected to the network where SharePoint Server resides in order for the
sync to work. Synchronizing is mostly useful for laptops that are used while disconnected from your corporate
network at times, such as when traveling. This differs from usingOneDrive for Business in Office 365, in which an
Internet connection is required since files are synchronized from your users device to Office 365 instead of to an
on-premises location in your network.
Getting started
Setting up OneDrive for Business in SharePoint Server requires configuring a User Profile Service application and
setting up My Sites. For detailed planning information, see Plan for OneDrive for Business in SharePoint Server.
For more information about syncing OneDrive for Business files in SharePoint Server 2016 or 2013, see Sync
SharePoint files with the OneDrive for Business sync client (Groove.exe).
Plan for OneDrive for Business in SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
NOTE
For more information about OneDrive for Business in Office 365, see What is OneDrive for Business?
Managed Metadata service Manages metadata across all sites in your organization.
User Profile Service Application Stores information about users, and is required for My Sites.
NOTE
For detailed information about how to set up each service as required for OneDrive for Business, see Set up OneDrive for
Business in a SharePoint Server on-premises environment.
IMPORTANT
Use the OneDrive for Business sync client for Groove.exe when using OneDrive for Business in a SharePoint Server on-
premises environment. The OneDrive for Business Next Generation sync client (OneDrive.exe) is currently not supported to
work in a SharePoint Server on-premises environment.
Data security
Sync clients use the http:// or https:// protocol of the site that they're synchronizing with to transfer data. If the
OneDrive for Business site uses a Secure Socket Layer (SSL ) connection (https://), then the data being transferred
by the sync client is encrypted; otherwise, it's not.
Office 365 uses SSL for OneDrive for Business connections by default. If you're using SharePoint Server, we
recommend configuring your My Site host to use SSL for any connections that will occur outside your corporate
domain. If you're using Active Directory directory services, you can configure the Group Policy setting Sync Only
On Domain Network. The setting requires an SSL connection for OneDrive for Business clients that connect to
SharePoint Server from outside the organization's intranet.
Data on local disks on both server and Windows client computers can be encrypted by using Windows BitLocker
Drive Encryption.
Data on local devices
Once a document library is synchronized with a computer or mobile device, the files continue to exist there. Files
remain on the computer or device even if the user's My Site and their user account are deleted. In this situation,
although the files remain on the computer or device, the user can't synchronize the files with SharePoint Server
again.
If storing files on a client workstation is against your corporate policy, you can remove synchronization
functionality from document libraries in SharePoint Server.
NOTE
For more information about configuring a hybrid environment for OneDrive for Business in SharePoint Server, see Configure
hybrid OneDrive for Business - roadmap.
NOTE
For more information, see Upgrade the My Site Host site collection.
Set up OneDrive for Business in a SharePoint Server
on-premises environment
6/7/2019 • 7 minutes to read • Edit Online
NOTE
This article describes how to set up OneDrive for Business in a SharePoint Server on-premises environment, and does not
describe OneDrive for Business in an Office 365 environment. For more information about administering OneDrive for
Business in Office 365, see OneDrive for Business admin help.
When setting up OneDrive for Business in your SharePoint Server on-premises environment, an IT-administrator
will need to go through the following steps:
Set up the required services
Enable the Recently Shared Items (RSI) cache to quickly populate the Shared with Me view
Verify that OneDrive for Business is available to your users
Before proceeding with setup, please review planning considerations you might need to address that are described
in Plan for OneDrive for Business in SharePoint Server.
NOTE
The following provides basic steps to configure the Managed Metadata and Users Profile service applications to provide
OneDrive for Business functionality in SharePoint Server. Careful planning is required for both services if you intend to use
them for additional functionality in SharePoint Server. For more information, about managed metadata, see Plan for
managed metadata in SharePoint Server.
Enable the Recently Shared Items (RSI) cache to quickly populate the
Shared with Me view
This step allows your users to immediately view files that are shared explicitly with them in their OneDrive for
Business Shared with Me View.
The Shared with Me view in OneDrive for Business lets users to see which documents and folders that users have
shared directly with them. By default, the Shared with Me view is populated once a shared item is crawled and re-
indexed through search. This means that your crawling/indexing schedule may cause some latency between the
when the item was shared and when the it appears in the user's Shared with Me View.
Your users will still be able to open the shared items or folder if they are sent a link (for example, through an email
notification), they just won't be able to see the items listed in the Shared with me View until the items have been
crawled and indexed. For more information about how files are shared in OneDrive for Business, see Share
OneDrive files and folders.
To eliminate this latency in your SharePoint Server environment, your IT administrator can enable the Recently
Shared Items (RSI) cache. The RSI cache is provisioned on the My Site host and it is used to populate the Shared
with Me view until the file permission changes resulting from the sharing action are crawled. The RSI cache is
disabled by default in SharePoint Server.
RSI doesn't support a multi-farm scenario where the My Site Host is not on the content farm. This site collection
typically has a URL such as http://<hostname>/my. If the My Site Host is not on the content farm, sharing will be
broken.
IMPORTANT
The RSI list contains information identifying the sharing action, including the name of the shared file and who it was shared
with. If you choose to enable RSI, this information will be viewable by the My Site Host admin and those to whom My Site
Host access has been delegated.
To enable the RSI list in the My Site Host, run the following PowerShell command:
If you need to disable the RSI list in the My Site Host, run the following PowerShell command:
$Farm = Get-SPFarm
$Farm.OneDriveUserExperienceVersion =
[Microsoft.SharePoint.Administration.OneDriveUserExperienceVersion]::Version1
$Farm.Update()
$Farm = Get-SPFarm
$Farm.OneDriveUserExperienceVersion =
[Microsoft.SharePoint.Administration.OneDriveUserExperienceVersion]::Version2
$Farm.Update()
Search
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Configure enterprise search Learn how to configure enterprise search in SharePoint Server.
Administer search Learn how to manage the search schema and the search
topology in SharePoint Server.
Search center scenarios Learn how to develop Search Center scenarios in SharePoint
Server.
Plan search in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Best practices for organizing content for Learn how to organize SharePoint
search in SharePoint Server Server content and metadata to make
the content easier to find.
Understanding result sources for search Use a result source in SharePoint Server
in SharePoint Server to specify a provider to get search
results from, and optionally to narrow a
search to a subset of those results.
Overview of the search schema in Learn how the search schema is used to
SharePoint Server build up the search index. The search
schema contains the mapping from
crawled properties to managed
properties and the settings on the
managed properties.
CONTENT DESCRIPTION
Plan to transform queries and order Learn how to transform user queries to
results in SharePoint Server provide more relevant SharePoint
Server search results and to improve
the way search results are displayed.
Content processing component Transforms the crawled items and sends them to the index
component. This component also maps crawled properties to
managed properties.
Analytics processing component Carries out search analytics and usage analytics.
Index component Receives the processed items from the content processing
component and writes them to the search index. This
component also handles incoming queries, retrieves
information from the search index and sends back the result
set to the query processing component.
Query processing component Analyzes incoming queries. This helps optimize precision,
recall and relevance. The queries are sent to the index
component, which returns a set of search results for the
query.
Search administration component Runs the system processes for search, and adds and initializes
new instances of search components.
Search databases
See also
Manage the search topology in SharePoint Server
Plan enterprise search architecture in SharePoint
Server
6/7/2019 • 20 minutes to read • Edit Online
Although these sample search architectures use virtual machines, you can use both physical servers and virtual
machines according to the strategy of the overall SharePoint Server solution of your search architecture.
Small search farm
We've estimated that this search architecture can crawl 50 documents per second, and serve in the order of 10
queries per second. If you have up to 20 million items in a SharePoint Server 2016 farm, the small search farm
will probably be the most suitable farm for you. With a crawl rate of 50 documents per second, it takes search 110
hours to crawl 20 million items in the first full crawl.
Make sure that each host server has enough disk space for the base installation of the Windows Server operating
system and for the SharePoint Server program files. The host server also needs free hard disk space for
diagnostics such as logging, debugging, and creating memory dumps, for daily operations, and for the page file.
Normally, 80 GB of disk space is enough for the Windows Server operating system and for the SharePoint Server
program files.
Add storage for the SQL log space for each database server. If you don't set the database server to back up the
databases often, the SQL log space uses lots of storage. For more information about how to plan SQL databases,
see Storage and SQL Server capacity planning and configuration (SharePoint Server) .
The minimum storage that the analytics reporting database requires can vary. This is because the amount of
storage depends on how users interact with SharePoint Server. When users interact frequently, there usually are
more events to store. Check the amount of storage your current search architecture uses for the analytics
database, and assign at least this amount for your redesigned topology.
Minimum hardware resources for the small search farm
This table shows the minimum amount of hardware resources that each application server or database server
needs.
NETWORK
SERVER ON HOST STORAGE RAM PROCESSOR 1 BANDWIDTH
1The number of CPU cores is specified here, not the number of CPU threads.
2With SharePoint Server 2013 the minimum amount of resources needed are 500 GB storage, 16 GB RAM, and
four CPU cores.
3With SharePoint Server 2016 you can also use 250 GB storage, 16 GB RAM, and four CPU cores, but then each
index component can only hold 10 million items and the search farm only supports the same volume of content
as a SharePoint Server 2013 search farm.
Minimum hardware resources for the medium search farm
This table shows the minimum amount of hardware resources that each application server or database server
needs.
NETWORK
SERVER ON HOST STORAGE RAM PROCESSOR 1 BANDWIDTH
1The number of CPU cores is specified here, not the number of CPU threads.
2With SharePoint Server 2013 the minimum amount of resources needed are 500 GB storage, 16 GB RAM, and
four CPU cores.
3With SharePoint Server 2016 you can also use 250 GB storage, 16 GB RAM, and four CPU cores, but then each
index component can only hold 10 million items and the search farm only supports the same volume of content
as a SharePoint Server 2013 search farm.
Minimum hardware resources for the large search farm
This table shows the minimum amount of hardware resources that each application server or database server
needs.
NETWORK
SERVER ON HOST STORAGE RAM PROCESSOR 1 BANDWIDTH
1The number of CPU cores is specified here, not the number of CPU threads.
2With SharePoint Server 2013 the minimum amount of resources needed are 500 GB storage, 16 GB RAM, and
four CPU cores.
3With SharePoint Server 2016 you can also use 250 GB storage, 16 GB RAM, and four CPU cores, but then each
index component can only hold 10 million items and the search farm only supports the same volume of content
as a SharePoint Server 2013 search farm.
Minimum hardware resources for the extra large search farm
This table shows the minimum amount of hardware resources that each application server or database server
needs. You can only build this sample farm with SharePoint Server 2016.
NETWORK
SERVER ON HOST STORAGE RAM PROCESSOR 1 BANDWIDTH
1The number of CPU cores is specified here, not the number of CPU threads.
Plan storage performance
The speed of the storage affects the search performance. Make sure that the storage you have is fast enough to
handle the traffic from the search components and databases. Disk speed is measured in I/O operations per
second (IOPS ).
The way you decide to distribute data from the search components and from the operating system across your
storage, has an impact on search performance. It's a good idea to:
Split the Windows Server operating system files, the SharePoint Server program files, and diagnostics logs
across three separate storage volumes or partitions with normal performance.
Store the search component data on a separate storage volume or partition with high performance.
NOTE
You can set a custom location for search component data when you install SharePoint Server on a host. Any search
component on the host that needs to store data, stores it in this location. To change this location later, you have to
reinstall SharePoint Server on that host.
Choose storage
For an overview of storage architectures and disk types, see Storage and SQL Server capacity planning and
configuration (SharePoint Server). The servers that host the index or analytics processing components, or search
databases, require storage that can maintain low latency, while providing sufficient I/O operations per second
(IOPS ). The following tables show how many IOPS each of these search components and databases require.
If you deploy shared storage like SAN/NAS, the peak disk load of one search component typically coincides with
the peak disk load of another search component. To get the number of IOPS search requires from the shared
storage, you need to add up the IOPS requirement of each of these components.
Search component IOPS requirements
Index component Uses storage when merging 300 IOPS for 64 KB random Yes
the index and when reads.
handling and responding to 100 IOPS for 256 KB
queries. random writes.
200 MB/s for sequential
reads.
200 MB/s for sequential
writes.
USE OF SEPARATE STORAGE
COMPONENT NAME COMPONENT DETAILS IOPS REQUIREMENTS VOLUME/PARTITION
Crawl database Medium to high IOPS 10 IOPS per 1 document per second
(DPS) crawl rate.
You don't need to set up the whole search architecture, or install SharePoint Server. It's enough to set up a test
environment that produces a realistic workload for the storage I/O subsystem.
Let's consider the case for local storage. For example, if host A in the medium search farm uses a local disk, you
need to install the two virtual machines and run the disk operation tests on both virtual machines at the same
time.
You need a different set-up for shared storage. If for example the workload from all the index components in the
medium search farm plus other unrelated workloads share the same storage, you need to:
1. Install the eight virtual machines in host A, B, C, and D, and set up the sources of the unrelated workloads.
2. Make sure that the unrelated workload is applied to the shared storage at the same time as you run
simultaneous disk operation tests on all the virtual machines in host A, B, D, and D.
Create a test file
1. Create a 1 GB test file by using the command sqlio.exe -t32 -s1 -b256 1g . This command creates a file
named "1g".
2. Save the test file on the storage device that you want to test. For example: on the hard disk of Host A in the
medium farm.
3. Concatenate the test file to a sufficiently large test file. For example: 256 GB, with the command
copy 1g+1g+1g+…+1g testfile .
4. Restart the server. This will ensure that caching does not skew the test results.
Run tests
The sample results in the table below show a deployment where at least 50 percent of the disk subsystem capacity
was in use before adding the test file.
The disk controller and the spindles of the disk strongly influence these results.
If you test on empty disks, you'll get elevated results because the test file will be in the most optimal tracks across
all spindles (short stroking). This can increase performance by up to two or three times. You'll get unrealistically
high results if you test a hard disk that optimizes away accesses on uninitialized storage space, or storage
containing all zeros, for example dynamic VHD/VHDX files. In this case, use a very large test file that contains real
data, rather than generating a synthetic test file using SQLIO commands.
Choose content that represents your production content well. If you choose content that's only there for test
purposes, make sure you've got different types of items, not just one item that you've duplicated many times. The
reason for this is that the query processor will spend time detecting duplicated items, which will affect search
performance, and your results won't be representative of a production environment.
Set up one or more content sources to crawl the content. Verify that you have the required user account and
network access.
Choose terms and phrases to test query performance
The number of results you get for a query is called the recall.
To test query performance, you'll first need to create a set of terms and phrases to use as queries. Alternatively,
collect queries from an existing installation. Make sure that the set contains terms and phrases that have low recall
and high recall, and that the terms and phrases are relevant to your environment.
Examples
If you search for a product number in a product catalog, it's likely that there's only one number for one
product. Therefore, you'll get your search results fast. This is low recall.
If you search for a common term like "presentation" on a company intranet, it's likely that you'll get many
results, and it may take longer to get them. This is high recall.
If, for example, your content is related to human resources, use search terms that relate to this area.
Measure search performance
SharePoint Server collects search performance measurements in the Crawl Health Reports and Query Health
Reports. You can find these reports in Central Administration, under Search Administration.
It's a good idea to measure search performance first with a synthetic load, and then with a small set of live users,
and live content. When you use live users and live content, you can observe how the search architecture is
performing. If your content increases faster than you intended, it might be worth considering using the next size
search architecture. Or, if your users are more active than anticipated, then we suggest that you increase the
amount of storage space of the analytics database.
Scale enterprise search in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
VOLUME OF CONTENT (SHAREPOINT 2016) SAMPLE SEARCH ARCHITECTURE VOLUME OF CONTENT (SHAREPOINT 2013)
Although these sample search architectures use virtual machines, you can use both physical servers and virtual
machines according to the strategy of the overall SharePoint Server solution of your search architecture.
Small search farm
We've estimated that this search architecture can crawl 50 documents per second, and serve in the order of 10
queries per second. If you have up to 20 million items in a SharePoint Server 2016 farm, the small search farm will
probably be the most suitable farm for you. With a crawl rate of 50 documents per second, it takes search 110
hours to crawl 20 million items in the first full crawl.
When you originally planned your search architecture, you decided to use physical servers or virtual machines, or
a mix. Consider whether that decision still is valid. For example, if you move from the medium to the large sample
search architecture, you might find it easier to manage the increased number of servers when you use virtual
machines. Note also that although a virtual environment is easier to manage, its performance level can sometimes
be slightly lower than that of a physical environment. A physical server can host more search components on the
same server than a virtual server. You'll find useful guidance in Overview of farm virtualization and architectures
for SharePoint 2013.
The small, medium, large, or extra large search architecture samples run on virtual machines, but they can also run
on physical servers. In the sample farm architectures, just move the search components from the virtual machines
to the host server and take away the virtual machines. Each physical server can host up to four index components,
but only one of each type of the other search components. If you for example change the medium sample search
architecture to use physical servers, you'll find that you have two content processing components on Host E. The
solution is to take away one of the content processing components. This works because crawling, processing of
content, and processing of analytics depend on the amount of resources that are available, not the number of
content processing components.
Each search component and search database requires a minimum amount of hardware resources from the host
server to perform well. But, the more hardware resources you have, the better the performance of your search
architecture will be. So it's a good idea to have more than the minimum amount of hardware resources. The
resources each search component requires depends on the workload, mostly determined by the crawl rate, the
query rate, and the number of indexed items.
For example, when hosting virtual machines on Windows Server 2008 R2 Service Pack 1 (SP1), you can't use
more than four CPU cores per virtual machine. With Windows Server 2012 or newer, you use eight or more CPU
cores per virtual machine. Then you can scale out with more CPU cores for each virtual machine instead of scaling
up with more virtual machines. Set up servers or virtual machines that host the same search components, with the
same hardware resources. Let's use the index component as an example. When you host index partitions on virtual
machines, the virtual machine with the weakest performance determines the performance of the overall search
architecture.
General storage resources
Make sure that each host server has enough disk space for the base installation of the Windows Server operating
system and for the SharePoint Server program files. The host server also needs free hard disk space for
diagnostics such as logging, debugging, and creating memory dumps, for daily operations, and for the page file.
Normally, 80 GB of disk space is enough for the Windows Server operating system and for the SharePoint Server
program files.
Add storage for the SQL log space for each database server. If you don't set the database server to back up the
databases often, the SQL log space uses lots of storage. For more information about how to plan SQL databases,
see Storage and SQL Server capacity planning and configuration (SharePoint Server).
The minimum storage that the analytics reporting database requires can vary. This is because the amount of
storage depends on how users interact with SharePoint Server. When users interact frequently, there usually are
more events to store. Check the amount of storage your current search architecture uses for the analytics database,
and assign at least this amount for your redesigned topology.
Minimum hardware resources for the small search farm
This table shows the minimum amount of hardware resources that each application server or database server
needs.
NETWORK
SERVER ON HOST STORAGE RAM PROCESSOR 1 BANDWIDTH
1The number of CPU cores is specified here, not the number of CPU threads.
2With SharePoint Server 2013 the minimum amount of resources needed are 500 GB storage, 16 GB RAM, and
four CPU cores.
3With SharePoint Server 2016 you can also use 250 GB storage, 16 GB RAM, and four CPU cores, but then each
index component can only hold 10 million items and the search farm only supports the same volume of content as
a SharePoint Server 2013 search farm.
Minimum hardware resources for the medium search farm
This table shows the minimum amount of hardware resources that each application server or database server
needs.
NETWORK
SERVER ON HOST STORAGE RAM PROCESSOR 1 BANDWIDTH
1The number of CPU cores is specified here, not the number of CPU threads.
2With SharePoint Server 2013 the minimum amount of resources needed are 500 GB storage, 16 GB RAM, and
four CPU cores.
3With SharePoint Server 2016 you can also use 250 GB storage, 16 GB RAM, and four CPU cores, but then each
index component can only hold 10 million items and the search farm only supports the same volume of content as
a SharePoint Server 2013 search farm.
Minimum hardware resources for the large search farm
This table shows the minimum amount of hardware resources that each application server or database server
needs.
NETWORK
SERVER ON HOST STORAGE RAM PROCESSOR 1 BANDWIDTH
2With SharePoint Server 2013 the minimum amount of resources needed are 500 GB RAM, 16 GB RAM, and four
CPU cores.
3With SharePoint Server 2016 you can also use 250 GB storage, 16 GB RAM, and four CPU cores, but then each
index component can only hold 10 million items and the search farm only supports the same volume of content as
a SharePoint Server 2013 search farm.
Minimum hardware resources for the extra large search farm
This table shows the minimum amount of hardware resources that each application server or database server
needs. You can only build this sample farm with SharePoint Server 2016.
NETWORK
SERVER ON HOST STORAGE RAM PROCESSOR 1 BANDWIDTH
1The number of CPU cores is specified here, not the number of CPU threads.
Plan storage performance
The speed of the storage affects the search performance. Make sure that the storage you have is fast enough to
handle the traffic from the search components and databases. Disk speed is measured in I/O operations per
second (IOPS ).
The way that you decide to distribute data from the search components and from the operating system across your
storage, affects search performance. It's a good idea to:
Split the Windows Server operating system files, the SharePoint Server program files, and diagnostic logs
across three separate storage volumes or partitions with normal performance.
Store the search component data on a separate storage volume or partition. For index components, this
storage must also have high performance.
NOTE
You can set a custom location for search component data when you install SharePoint Server on a host. Any search
component on the host that needs to store data, stores it in this location. To change this location later, you have to
reinstall SharePoint Server.
For an overview of storage architectures and disk types, see Storage and SQL Server capacity planning and
configuration (SharePoint Server 2013). The servers that host the index, analytics processing, and the search
administration components, or search databases, require storage that can maintain low latency, while providing
sufficient I/O operations per second (IOPS ). The following tables show how many IOPS each of these search
components and databases require.
If you deploy shared storage like SAN/NAS, the peak disk load of one search component typically coincides with
the peak disk load of another search component. To get the number of IOPS search requires from the shared
storage, you need to add up the IOPS requirement of each of these components.
Search component IOPS requirements
Index component Uses storage when merging 300 IOPS for 64 KB random Yes
the index and when handling reads.
and responding to queries. 100 IOPS for 256 KB
random writes.
200 MB/s for sequential
reads.
200 MB/s for sequential
writes.
Crawl database Medium to high IOPS 10 IOPS per 1 document per second
(DPS) crawl rate.
If you aren't familiar with high availability strategies, here's an article that will get you started: Create a high
availability architecture and strategy for SharePoint Server. When you host redundant search components and
databases on separate fault domains, an outage in one part of the farm doesn't take down the complete service.
But, search performance will degrade because the search components can't share the load any longer. To reduce
the possibility of losing a single server it's a good idea to improve local redundancy. For each host server in your
search architecture:
Use RAID storage on each server.
Install multiple redundant network connections on each server.
Install multiple redundant power supplies with independent wiring or an uninterruptible power supply
(UPS ) for each server.
All of the sample search architectures host redundant search components on independent servers. In the sample
search architectures, the rightmost host in each host pair is redundant. Here's the large search architecture with
outlined redundant hosts:
Redesign enterprise search topology for specific
performance requirements in SharePoint
6/7/2019 • 25 minutes to read • Edit Online
Index component Use one index partition for each 20 million 1 indexed items.
Each partition contains one or more replicas of the partition.
All partitions must have the same number of replicas. An
index component represents one index replica. So, if you want
two replicas of the index then you'll need twice as many index
components as index partitions.
For example, a redundant index with 80 million2 items requires
four partitions. Eight index components represent the four
partitions when using two replicas for each partition.
SEARCH COMPONENT OR DATABASE GUIDELINE
Crawl database Use one crawl database for each 20 million items in the
content corpus. For example, an index with 100 million items
requires five crawl databases.
If the increased amount of indexed items implies a higher
crawl rate, you also need more IOPS resources to serve the
crawl databases. If your crawl rate is one document per
second then the crawl database needs about 10 IOPS.
Link database Use one link database for each 60 million items in the content
corpus. For example, an index with 100 million items requires
two link databases.
If the added content implies a higher crawl rate, you might
need more IOPS resources to serve the link databases.
Analytics reporting database How many analytics reporting databases you need, depends
on how the search environment uses analytics, and how often.
In general, add an analytics reporting database when the
analytics performance starts decreasing. For example, when
the nightly update of the database starts to take more time.
This might happen when the database reaches a size of 250
GB, or 20 million rows in total, or when the number of views
per day reaches 500,000 unique items.
110million items with SharePoint Server 2013, or with SharePoint Server 2016 running with less resources than
500 GB storage, 32 GB RAM, and eight CPU cores.
240million items with SharePoint Server 2013, or with SharePoint Server 2016 running with less resources than
500 GB storage, 32 GB RAM, and eight CPU cores.
How to increase the ingestion rate and the freshness of results
There are some situations where you might need to increase the ingestion rate. One example is if your
environment requires very fresh results and the content volume is close to the upper item limit for your search
architecture, or the content changes often. Content might change often if people used to archive files on a team
site, but now they store their files on OneDrive for Business while they work on them. Search indexes all the
changes people make to their files.
It's useful to understand which factors influence how quickly search can ingest items:
How quickly search can crawl items. This depends on:
The speed of the connection between the crawl components and the content sources.
The type and average size of the items to crawl.
The performance of the SQL server hosting the crawl databases.
The amount of CPU and memory resources that the crawl components have.
How much content processing each item requires before indexing.
How many partitions the index has. More partitions lets search spread the load of indexing.
Here's what to do:
1. Check the freshness of the results in your farm by looking at the age distribution of the crawled items. In the
SharePoint Central Administration website, go to Crawl Health Reports and select Crawl Freshness.
What age distribution that's acceptable for your farm depends on your business requirements. Here's an
example: If the Crawl Freshness page shows that it takes four hours to index 90% of the content, but your
requirement is 30 minutes, then increase the ingestion rate.
2. On the Crawl Freshness page, identify in which periods of the day that results aren't fresh enough.
3. Follow the guidelines to increase the ingestion speed in these time periods.
GUIDELINE
Check the crawl schedule, and identify which content sources that search crawls in the time periods where
freshness is low. If the freshness is low for a specific content source, consider the following:
Increase the speed of the connection between the server hosting the crawl component and that content
source. It's the crawl rate, downloading items from content sources, and passing items to the content
processing component that drives the need for network bandwidth for the crawl component.
If the content source is SharePoint, that farm might need more, and dedicated, crawl targets. Read about
crawl targets in Manage crawl load (SharePoint 2010).
Improve the performance of the content database. Learn how in Best practices for SQL Server in a
SharePoint Server farm.
Increase processing resources for crawling
If the crawl component often uses 100% of the processor resources, consider adding another crawl component or
adding more processor resources to the servers hosting crawl components. It's the crawl rate, discovery of links,
and management of crawling that drives the need for processor resources. Normally, crawling is fast enough when
you use two crawl components in search architectures like the small and medium sample search architectures that
Microsoft has estimated. Search architectures like the large and extra-large samples might need more than two
crawl components.
Increase processing resources for the crawl database
Check whether the SQL servers hosting crawl databases have enough resources. Read how to do this in Best
practices for SQL Server in a SharePoint Server farm.
If all the crawl databases use a lot of processor resources, consider adding more processor resources to the SQL
server hosting the databases or add another SQL server with the same number of crawl databases as the existing
SQL servers. If you for example have two SQL servers that each has three crawl databases, add another SQL
server with three crawl databases.
If only one or a few crawl databases use a lot of processor resources, this means that the load is uneven across the
crawl databases. Consider rebalancing the content across all crawl databases. Note that during rebalancing search
pauses crawling, so results are less fresh while rebalancing and until crawling has caught up with the changes that
took place during the pause. You trigger rebalancing with the Balance button on the Databases page. In Search
Administration, go to Crawl Log and select Databases.
Increase processing and memory resources for content processing
If the content processing component uses close to 100% of the CPU resources, consider adding more content
processing components, or adding more CPU resources to the servers hosting content processing component.
If you notice that memory restarts often, consider increasing the amount of memory on the servers hosting
content processing components. 2 GB working memory per CPU core is a good rule of thumb.
Increase the number of index partitions
Check the content processing activity. You find this by going to Search Administration, selecting Crawl Health
Report and then selecting Content Processing Activity. If indexing is the activity that takes most time, consider
dividing the index into more partitions. More index partitions lets search spread the load of indexing.
If you add more partitions on a running installation, the index repartitions itself. It can take several hours, or days,
for the index to repartition. How long time it takes depends on the state of the farm when repartitioning begins.
How to reduce query latency and increase query throughput
How many queries search can serve per second is known as query throughput. Query throughput depends on the
time search uses to process a query and any time the query waits because a processing resource isn't available.
The sum of the processing and waiting time is known as query latency. Reducing query latency increases query
throughput. To reduce query latency, follow one or both of these guidelines:
GUIDELINE
Consider adding more partitions to the index. More partitions mean fewer items in each partition. Fewer items
mean that each partition responds faster to queries. But too many partitions aren't good either. Because the query
processing component has to merge the responses from each partition to produce an answer to a query, a merge
takes more time when the index has more partitions. All partitions must have the same number of replicas.
When you add more partitions on a running installation, the index repartitions itself. It can take several hours, or
days, for the index to repartition. How long time it takes depends on the state of the farm when repartitioning
begins.
Reduce the waiting time for queries
GUIDELINES
Make crawling, content processing, query processing, analytics processing, and search administration redundant
Your index is redundant if it has two or more index replicas per index partition. If a server hosting an index replica
fails, this might reduce performance but search can still serve queries and index items. But if the environment
requires the same performance at all times, search needs more redundant index components. For example: You
designed your search topology with two replicas per partition to reduce the waiting time for queries and your
environment requires a short waiting time for queries all the time. Increase the number of index replicas per
partition.
All partitions must have the same number of replicas. An index component represents one index replica. So, if you
want two replicas of the index then you'll need twice as many index components as index partitions. For example,
with SharePoint Server 2016a redundant index with 80 million items requires four partitions. Eight index
components represent the four partitions when using two replicas for each partition.
If you add index components as replicas to existing partitions on a running installation, search automatically seeds
the new replicas with data from the index partition. It can take several hours before the new replicas are
operational.
Make crawling, content processing, query processing, analytics processing, and search administration redundant
Let's use the crawl component as an example. If you need to take down one of the servers hosting a crawl
component for maintenance, this might reduce the freshness of results but search can still crawl all the content. But
if the environment requires the same freshness of results all the time, search needs more redundant crawl
components. For example: You designed your search topology with three crawl components and you want the
same freshness of results even if two crawl component servers fail. Add two more crawl components.
The search administration component is an exception to this principle. One search administration component has
enough capacity for any size search topology. So, two search administration components are enough for
redundancy.
Content processing components balance the load among each other, so redundant content processing components
increase the capacity to process items.
Make search databases redundant
To make your search databases redundant, use the high availability alternatives that SQL server offers (see Create
a high availability architecture and strategy for SharePoint Server).
For example, it might not be a good idea to put a crawl and analytics processing component on the same server
because they both use a lot of network bandwidth. But, if the physical server or virtual machine has enough
network capacity, the components won't compete.
Another example is the extra-large search architecture sample that Microsoft has estimated. Here we've put the
crawl and search administration components on separate virtual machines. This is good for the speed of crawling
because the two components otherwise might compete for processor resources.
Use failure domains
Assign redundant search components to hosts in separate failure domains.
1With SharePoint Server 2013 the minimum amount of resources are 500 GB storage, 16 GB RAM, and four CPU
cores.
2You can use 16
GB RAM and four CPU cores with SharePoint Server 2016, but then each index component can
maximum hold 10 million items (instead of 20 million items).
Minimum resources for the analytics processing component
These are the minimum resources a server or virtual machine must have to host one analytics processing
component:
If the server hosts one analytics processing component and one or more bulk processing components, increase
memory to 16 GB.
Minimum resources for the crawl, content processing, query processing, and search administration component
These are the minimum resources a server or virtual machine must have to host one of these components:
If the server hosts two or more of these components, increase memory to 16 GB.
The query processing component requires good network bandwidth. It's the number of index partitions and the
size of queries and results that drive this need for network bandwidth. For example, 20 queries per second per
query processing component (20 QPS/QPC ) and an index with 20 index partitions results in 200 Mbps incoming
traffic and 100 Mbps outgoing traffic for the server or virtual machine hosting the query processing component.
Minimum resources for search databases
These are the minimum resources a server or virtual machine must have to host one or more search databases:
The storage that the 8 GB for small deployments. 64-bit, 4 cores. 2 Gbps
analytics reporting database
requires varies with how the 16 GB for medium
search environment uses deployments
analytics, and how often.
Use the current amount of
storage for the analytics
reporting database as a
guideline.
NOTE
You can set a custom location for search component data when you install SharePoint Server 2016 on a host. Any
search component on the host that needs to store data, stores it in this location. To change this location later, you
have to reinstall SharePoint Server 2016.
For an overview of storage architectures and disk types, see Storage and SQL Server capacity planning and
configuration (SharePoint Server 2016). The servers that host the index, analytics processing, and the search
administration components, or search databases, require storage that can maintain low latency, while providing
sufficient I/O operations per second (IOPS ). The following tables show how many IOPS each of these search
components and databases require.
If you deploy shared storage like SAN/NAS, the peak disk load of one search component typically coincides with
the peak disk load of another search component. To get the number of IOPS search requires from the shared
storage, you need to add up the IOPS requirement of each of these components.
Search component IOPS requirements
Index component Uses storage when merging 300 IOPS for 64 KB random Yes
the index and when handling reads.
and responding to queries. 100 IOPS for 256 KB
random writes.
200 MB/s for sequential
reads.
200 MB/s for sequential
writes.
Crawl database Medium to high IOPS 10 IOPS per 1 document per second
(DPS) crawl rate.
All of the sample search architectures host redundant search components on independent servers. In the sample
search architectures, the rightmost host in each host pair is redundant. Here's the large search architecture with
outlined redundant hosts:
Scale search for Internet sites in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
Introduction
This article lists the minimum requirements and gives guidance about how and when to scale out search
topologies for Internet sites.
For examples of topologies, see the technical diagram Internet sites search architectures for SharePoint Server
2016.
For an overview and a description of search components and the overall search architecture, see Overview of
search architecture in SharePoint Server and the technical diagram Search architectures for SharePoint Server
2016.
NOTE
The medium search topology example is optimized for physical hardware, but you can deploy it on virtual machines as well.
Index component 48 GB for each server in the 500 GB additional disk **All components:**64-bit, 4
farm that hosts an index space, preferably a separate cores minimum, 8 cores
component, a query disk volume/partition. recommended.
processing component and
the Web front end.
Crawl component Content See the requirements listed 80 GB for system drive.
processing component for the analytics processing
component.
Cache The query and its results are cached with Windows Server
AppFabric, in key-value pairs: the query being the key and
the results being the value. For each query, there is an
approximate 50% cache ratio. This means that if you have a
usage pattern of 200 queries per second, about 100 queries
are sent to the search index and the other 100 queries are
cached. The results from the cache have lower query latency
than those that you retrieve from the search index. For
example, results for front-page queries that are often run are
likely to be cached.
Anonymous access With anonymous access, users do not have to use credentials
to log on to a SharePoint Internet site. Anonymous queries
are cached, so they are cheaper because of lower query
latency. You must enable anonymous access in two locations:
on the web front-end and on the site.
See also
Manage the search topology in SharePoint Server
Change the default search topology in SharePoint Server
Manage search components in SharePoint Server
Manage the index component in SharePoint Server
Best practices for organizing content for search in
SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
http://Europe http://sales
http://Asia http://sales/Europe
http://sales/Asia
URLs and other metadata of files, such as file names, are analyzed linguistically by the search system. If you use
natural language for URLs and for metadata, the search system can more easily understand what information is in
the site or file and give it an appropriate ranking in the results. It is much easier for the search system (and users)
to understand a URL and file name like http://sales/Europe/presentations/phones.ppt than it is to make sense of
http://slseur/p_phones.ppt.
Encourage users to enter rich and consistent metadata for their sites
and content
Metadata is data that provides additional information about one or more aspects of sites and content, such as who
created the content or site, when was it created, and what the purpose of the content or the site is. Consistent and
rich metadata increases the quality of the content itself, and it also enables the search system to more easily
discover relationships between content, and to provide more targeted and relevant search results.
These are some examples of important metadata that you should encourage users to provide:
Title of a document
Description of a site
The author(s) of a document
The date the content was created
For some document types, such as PowerPoint and Word, the search system extracts additional metadata such as
headings and subheadings from inside the content, and uses this information to return the right search results and
to provide rich document summaries and previews.
To provide the right search results for people, it is also important that My Sites and user profile data is entered so
that this information can be used as metadata by the search system.
SharePoint sites SharePoint sites from the same farm or different SharePoint
Server farms.
Web sites Other web content in your organization that is not located in
SharePoint sites.
Exchange public folders Exchange 2007 and Exchange Server 2010 public folders.
Custom repository Content sources that can only be crawled after a custom
connector is installed and registered.
FOR THIS KIND OF CONTENT SOURCE IF THIS PERTAINS USE THIS CRAWL SETTING OPTION
SharePoint sites You want to include the content that is Crawl only the SharePoint site of each
on the site itself and you do not want start address.
to include the content that is on
subsites, or you want to crawl the
content that is on subsites on a
different schedule.
SharePoint sites You want to include the content on the Crawl everything under the host name
site itself. of each start address.
-or-
Web sites Content available on linked sites is Crawl only within the server of each
unlikely to be relevant. start address.
Web sites Relevant content is located on only the Crawl only the first page of each start
first page. address.
Web sites You want to limit how deep to crawl Custom — Specify the number of
the links on the start addresses. pages deep and number of server hops
to crawl.
File shares Content available in the subfolders is Crawl only the folder of each start
Exchange public folders unlikely to be relevant. address.
File shares Content in the subfolders is likely to be Crawl the folder and subfolders of each
Exchange public folders relevant. start address.
Business data All applications that are registered in Crawl the whole Business Data Catalog
the Business Data Catalog metadata metadata store.
store contain relevant content.
FOR THIS KIND OF CONTENT SOURCE IF THIS PERTAINS USE THIS CRAWL SETTING OPTION
Business data Not all applications that are registered Crawl selected applications.
in the BDC metadata store contain
relevant content.
-or-
Plan connectors
The crawler uses connectors (known as "protocol handlers" in earlier versions of SharePoint Server) to acquire
and index content. For the most commonly-used protocols, SharePoint Server provides and automatically uses
the appropriate connectors. To crawl content that requires a connector that is not provided by default, you must
first install a third-party connector or build a custom connector. For a list of connectors that are installed by
default, see Default connectors in SharePoint Server (also applies to SharePoint Server).
Other considerations when planning content sources
For content repositories that are of the same type, such as SharePoint sites, your decision about whether to use
one or more content sources depends largely upon administrative considerations. To make administration easier,
organize content sources in such a way that updating content sources, crawl rules, and crawl schedules is
convenient for administrators.
You can't crawl the same start addresses by using multiple content sources in the same Search service
application. For example, if you use a particular content source to crawl a site collection and all its subsites,
you cannot use a different content source to crawl one of those subsites separately on a different schedule.
Administrators often update content sources. Changing a content source requires a full crawl for that
content source. Therefore, consider creating separate content sources so that you can run multiple full
crawls at the same time if necessary, and so that a full crawl for any particular content source is less time-
consuming.
Plan crawl rules to optimize crawls
Crawl rules apply to all content sources in the Search service application. You can apply crawl rules to a particular
URL or set of URLs to do the following things:
Avoid crawling irrelevant content by excluding one or more URLs. This also helps reduce the use of server
resources and network traffic.
Crawl links on the URL without crawling the URL itself. This option is useful for sites that have links of
relevant content when the page that contains the links does not contain relevant information.
Enable complex URLs to be crawled. This option directs the system to crawl URLs that contain a query
parameter specified with a question mark. Depending upon the site, these URLs might not include
relevant content. Because complex URLs can often redirect to irrelevant sites, it is a good idea to enable
this option only on sites where you know that the content available from complex URLs is relevant.
Enable content on SharePoint sites to be crawled as HTTP pages. This option enables the Search system to
crawl SharePoint sites that are behind a firewall or in scenarios in which the site being crawled restricts
access to the Web service that is used by the crawler (a crawl component in the search topology).
Specify whether to use the default content access account, a different content access account, or a client
certificate for crawling the specified URL.
Because crawling content consumes resources and bandwidth, it is better to include a smaller amount of content
that you know is relevant than a larger amount of content that might be irrelevant. After the initial deployment,
you can review the query and crawl logs and adjust content sources and crawl rules to be more relevant and
include more content.
Plan crawler authentication
When the crawler accesses the start addresses that are listed in content sources, the crawler must be
authenticated by, and granted access to, the servers that host that content. By default, the system uses the default
content access account. Or, you can use crawl rules to specify a different content access account to use when
crawling particular content. Whether you use the default content access account or a different content access
account specified by a crawl rule, the content access account that you use must have at least read permissions on
all content that is crawled. If the content access account does not have read permissions, the content is not
crawled, is not indexed, and therefore is not available to queries.
We recommend that the account that you specify as the default content access account has access to most of
your crawled content. Only use other content access accounts when security considerations require separate
content access accounts.
For each content source that you plan, determine the start addresses that cannot be accessed by the default
content access account, and then plan to add crawl rules for those start addresses.
IMPORTANT
Ensure that the domain account that is used for the default content access account or any other content access account is
not the same domain account that is used by an application pool associated with any Web application that you crawl.
Doing so can cause unpublished content in SharePoint sites and minor versions of files (that is, history) in SharePoint sites
to be crawled and indexed.
Another important consideration is that the crawler must use the same authentication protocol as the host server.
By default, the crawler authenticates by using NTLM. You can configure the crawler to use a different
authentication protocol, if it is necessary.
If you are using claims-based authentication, make sure that Windows authentication is enabled on any Web
applications to be crawled.
NOTE
You can extend the initial collection of file formats that SharePoint Server can parse by adding third-party filter-based
format handlers, known as iFilters. A third party iFilter can override a built-in format handler.
When you plan to include content in the search index from content repositories that have file types that are not
on the Manage File Types page, review the following:
To crawl the file type, add the file type to the Manage File Types page.
To parse the file type:
If SharePoint Server does not have a format handler for the format, install a third-party filter-based
format handler for the file format on each server that hosts a content processing component in the
Search service application.
Enable parsing of the file format and file name extension on each server that hosts a content
processing component in the Search service application
For more information, see Add or remove a file type from the search index in SharePoint Server.
Plan to use (custom) entity extractors
You can configure the search system to look for "entities" in unstructured content, such as in the body text or the
title of a document. These entities can be words or phrases, such as product names. To specify which entities to
look for, you can create and deploy your own dictionaries.
The extracted entities are stored in the search index as separate managed properties, which are automatically
configured to be searchable, queryable, retrievable, sortable and refinable. You can use those properties in search
refiners, for example, to help users filter their search results.
For companies, you can use the pre-populated company extraction dictionary that SharePoint Server provides.
In addition, you can deploy several types of custom entity extractors in the form of custom entity extraction
dictionaries. You deploy these dictionaries using Microsoft PowerShell. The entries in these dictionaries (single or
multiple words) will be matched on words or parts of words in the content in a case-sensitive or case-insensitive
way. For more information, see Create and deploy custom entity extractors in SharePoint Server.
Word Exact Extraction Case-sensitive, maximum 1 dictionary. For example, the entry
"anchor" would match "anchor", but not "Anchor" or
"Anchorage".
Word Part Exact Extraction Case-sensitive, maximum 1 dictionary. For example, the entry
"anchor" would match "anchor" and within "anchorage", but
not "Anchor".
OpenSearch 1.0/1.1 An external search engine or feed that uses the OpenSearch
protocol, such as Bing
NOTE
On the Add/Edit Result Source page, when you select one of the protocols shown in the preceding table, you must also fill
in other related fields on the page to fully specify the result source.
See also
Understanding result sources for search in SharePoint Server
Configure result sources for search in SharePoint Server
Manage crawling in SharePoint Server
Default connectors in SharePoint Server
Default crawled file name extensions and parsed file types in SharePoint Server
Search connector framework in SharePoint 2013
Overview of the search schema in SharePoint Server
6/7/2019 • 13 minutes to read • Edit Online
NOTE
You can't view or change the site collection search schema in Central Administration. To view or make changes in the search
schema for a site collection, you have to use Site Collection Administration.
FULL CRAWL OR
REINDEX SHAREPOINT
LIST/LIBRARY
MANAGED PROPERTY REQUIRED AFTER
SETTING WHAT IT DOES EXAMPLE AVAILABLE IN CHANGING SETTING
Allow multiple values Allows multiple values If this is the "author" Central Yes
of the same type in managed property, Administration
this managed and a document has
property. multiple authors,
each author name will
be stored as a
separate value in the
managed property.
FULL CRAWL OR
REINDEX SHAREPOINT
LIST/LIBRARY
MANAGED PROPERTY REQUIRED AFTER
SETTING WHAT IT DOES EXAMPLE AVAILABLE IN CHANGING SETTING
IMPORTANT: If you
select Yes - active or
Yes - latent, you must
also make the
managed property
Queryable.
Sortable Yes - active: Enables Use for large result Central From disabled to
sorting the result set sets that cannot be Administration enabled (if not
based on the sorted and retrieved already set to
property before the at the same time. Refinable)
result set is returned.
Select Complete
Matching for search
to return exact
matches instead.
To make results
better for users, map
the crawled property
for the product
identifier to a new
managed property,
“ProductID”, with
language neutral
tokenization enabled.
Instruct users to
search for product
identifiers against the
new managed
property, like this:
ProductID:”11.132-8”.
FULL CRAWL OR
REINDEX SHAREPOINT
LIST/LIBRARY
MANAGED PROPERTY REQUIRED AFTER
SETTING WHAT IT DOES EXAMPLE AVAILABLE IN CHANGING SETTING
See also
Manage the search schema in SharePoint Server
Overview of crawled and managed properties in SharePoint Server
Plan crawling and federation in SharePoint Server
Understanding result sources for search in SharePoint
Server
6/7/2019 • 8 minutes to read • Edit Online
NOTE
The modern search experience in SharePoint Server 2019 gets its results from the default result source. If you change the
default result source it impacts both the classic and modern search experiences.
The following table shows the result sources that are used by the four search experiences that are available on a
default enterprise Search Center results page. Each search experience uses a different result source.
Search experiences and corresponding result sources
Conversations Conversations
THIS RESULT SOURCE SPECIFIES THESE ITEMS IN THE LOCAL SHAREPOINT INDEX
Items matching a content type Items that match a content type that the incoming query
specifies
Items matching a tag Documents or list items that match a managed metadata
term that the incoming query specifies
Items related to current user Documents or list items that are related to the user in a way
that the query template specifies
Local People Results People items from the profile database of the User Profile
service application
Local Reports and Data Results Excel, Office Data Connection (ODC), or Report Definition
Language (RDL) items, or items in a report library
Local SharePoint Results All items from the local SharePoint search index except People
items
Pages
Recently changed items Documents and list items sorted by Modified date
Recommendations Documents and list items that you recommend for the
incoming query
THIS RESULT SOURCE SPECIFIES THESE ITEMS IN THE LOCAL SHAREPOINT INDEX
From the Manage Result Sources page, you can create other result sources in either of the following two ways:
You can click New Result Source. For more information, see Configure result sources for search in
SharePoint Server.
You can point to the arrow next to an existing result source, click Copy, and then modify the copy as
necessary and save it with a new name.
A RESULT SOURCE THAT SPECIFIES THIS PROTOCOL GETS SEARCH RESULTS FROM THIS SEARCH PROVIDER
Remote SharePoint The search index of a Search service hosted in another farm
A result source that uses a protocol other than "Local SharePoint" must also specify a URL from which to get
search results, as shown in the following table.
Result source URLs
A RESULT SOURCE THAT USES THIS PROTOCOL MUST SPECIFY THIS URL
Remote SharePoint The address of the root site collection of the remote
SharePoint Server farm
OpenSearch 1.0/1.1 The URL of the RSS feed of a search provider that uses the
OpenSearch protocol
See also
Query variables in SharePoint Server
Default connectors in SharePoint Server
Transforming queries in result sources
About result sources and federation
Plan to transform queries and order results in
SharePoint Server
6/7/2019 • 11 minutes to read • Edit Online
{searchTerms} The query that the user typed, as changed by the most
recent transform.
See Query variables in SharePoint Server for an overview of all the available query variables.
When a query transform replaces the incoming query, it uses a query template . A query template is a query
that includes query variables, for example "{searchTerms} contenttype:picture".
If you, for example, want to create a Pictures search vertical that only returns pictures in the search results, you
could configure a query transform that uses the query template "{searchTerms} contenttype:picture" to add
"contenttype:picture" to all queries. If a user then types the query "moon" in the Pictures vertical, the transform
replaces the query variable "{searchTerms}" with "moon" and changes the query to "moon contenttype:picture".
You can configure query transforms in three places:
In a Web Part
In a query rule
In the result source
A user query is transformed first by the Web Part, then by any query rules that apply, and finally by the result
source. When you configure a transform in a result source, you know that the transform changes will not be
discarded or overridden, because the result source transforms the query last.
Query matches keyword exactly Apply the query rule when the query You specify "picture; pic" as the
exactly matches a word or phrase that keywords. The query rule will apply
you specify. when users type the query "picture" or
"pic" in a search box. The rule will not
apply if a user types "pictures" or
"sunny picture".
Query contains action term Apply the query rule when the query If a query contains the phrase
contains a term in the form of a single "download", the user is probably not
word or phrase that indicates that the looking for items that contain the word
user is trying to do something. The "download", but is probably trying to
term must be at the beginning or end download something.
of the query and might be a verb, a
command, or a filter.
Query matches dictionary exactly Apply the query rule when the query
exactly matches a dictionary entry. This
entry can be a term in the term store,
or an entry in the people names
dictionary.
Query more common in source Apply the query rule if the user's query You can create a query rule that checks
is more commonly performed against a if a query is more commonly
different result source than the current performed in a Video vertical. It will
one. This condition uses an analysis of make video results more prominent if
queries that users entered in the it is.
various result sources.
Result type commonly clicked Apply the query rule if the query often If this is a query where people often
ends in users clicking results of a click the result type "pictures", it may
particular result type. When you create be appropriate to provide picture-
a new result type, you can indicate that related results in a result block.
these clicks should be recorded to be
used in query rules.
Advanced query text match Apply the query rule if the query To match all phone numbers that are
matches a regular expression. It also in the format nnn-nnn-nnnn, you
allows you to use variations of the specify the regular expression "(?
keyword, dictionary and action term (\d{3}))?-?(\d{3})-(\d{4})".
conditions explained earlier, but with
more advanced control.
The final step is to specify which actions the query rule should trigger when it is applied. Optionally, you can
specify the start and end date for a query rule to be active.
The following table shows the available query rule actions.
Add promoted results Show promoted results (known as Best For the query "sick leave", you can for
Bets in earlier versions of SharePoint instance add a link to a Human
Server) above ranked results. Resources site above all ranked results.
Promoted results are best used when
an item is not indexed or if it has a
poor document summary. In other
cases, consider changing the ranking of
the results.
QUERY RULE ACTION DESCRIPTION EXAMPLE
Add result blocks Add a block of results that contains a For a query that contains "Contoso
small subset of results that are related sales report", a query rule could use a
to a query in a specific way. You can taxonomy dictionary to recognize
promote a result block, or you can "Contoso" as a customer, and then
rank it with other search results. display a result block with results
about "Contoso" from your customer
The query transform specified for the relationship management (CRM)
result block transforms a copy of the system.
original query.
Change ranked results by changing the Add a query transform that changes For a query that contains "download
query the original query. For example, the toolbox", a query rule could recognize
transform can promote or demote the word "download" as an action term
certain results. and boost search results that point to
a particular download site on your
Changing the ranking of search results, intranet.
such as boosting appropriate results
by their site or URL, is a common
alternative to adding promoted results.
Changing ranked results by changing
the query has the advantage that the
results are security trimmed and
refinable. Also, the search results will
disappear if the document is no longer
available. You can change the sorting
order of the search results dynamically,
based on several variables such as file
extension or specific keywords. You can
either promote or demote results, and
you can specify how much the results
should be promoted or demoted.
See also
Manage query rules in SharePoint Server
Configure result sources for search in SharePoint Server
Manage the Search Center in SharePoint Server
Disaster recovery best practices and strategies for
SharePoint search
6/7/2019 • 26 minutes to read • Edit Online
Introduction
This article bridges the gap between documentation that provides a roadmap for implementing a disaster recovery
strategy and documentation that gives you the specific commands to configure disaster recovery for the
SharePoint ServerSearch Service Application (SSA). We describe several typical disaster recovery scenarios and
examine the benefits and limitations of each approach. It's unrealistic to think that these scenarios are a perfect fit
for your organization, but you can use them as a guide for a DR strategy that meets your organization's specific
requirements.
Disaster recovery for SharePoint Server and its supporting technologies is a complex topic, and there are many
sources of information dedicated to explaining the planning needed to help ensure that your business objectives
are met if there is an event that activates your disaster recovery plan.
As a best practice, we recommend that you start by clearly identifying and quantifying Recovery Time Objectives
(RTOs) and Recovery Point Objectives (RPOs) for your organization. RTO, the time that is required to recover from
a disaster, and RPO, the data measured in time that you can lose from the same disaster, are key metrics for
disaster recovery planning. These two business-driven metrics set the stage for the following:
Backup and restore procedures, media, and storage
Location where you recover to
Size and complexity of your recovery solution
You can't develop an effective recovery strategy and evaluate technical solutions without these benchmarks.
IMPORTANT
Focus on business continuity and IT recovery requirements, instead of the required steps to create a DR strategy.
Although the scope of this article is disaster recovery for SharePoint Server search, we recommend that you read
Choose a disaster recovery strategy for SharePoint Server in preparation for developing a disaster recovery
strategy.
Index partitions
You can divide the index into discrete portions, each holding a
separate part of the index.
Index replicas
Query processing component Analyzes and processes search queries and results.
Administration component Runs system processes that are required for search. There can
be more than one search administration component per
Search service application, but only one is active at a time.
Content processing component Carries out various processes on the crawled items, such as
document parsing and property mapping.
Analytics processing component Carries out search analytics and usage analytics.
Search administration database Stores the search configuration data. There is only one search
administration database per search service application.
Crawl database Stores the crawl history and manages crawl operations.
There are multiple ways to distribute search components to provide a highly available and highly scalable search
topology, as shown in the following diagram. In this diagram, search components are deployed on different
application servers to provide redundancy. In addition, the application servers are deployed on different
virtualization host servers, which provides another level of fault tolerance and provides scalability.
For more information about distributing search components on farm servers, see Plan enterprise search
architecture in SharePoint Server 2016 and search technical diagrams at Search in SharePoint Server 2016.
To appreciate the complexities of developing a search disaster recovery strategy, you must understand how
documents are referenced within the Search Service Application index and databases. It is this referencing system
that currently makes it impossible to use any form of replication or log shipping technology to copy the search
indexes between SharePoint Server farms.
You can make a configuration change to a search item, such as Query Rules or Result Sources, from the list under
Site Collection Administration or Search, and the result will be the same. However, the location where a change is
stored directly affects disaster recovery. All of the changes made in a site collection or a web application, the
change will only be stored in the Search Service Application (SSA) administration database. Unless this database is
restored from a backup to the disaster recovery farm, then configuration changes won't be available in the
recovered environment.
Another new feature in SharePoint Server Search is the ReIndex Now capability that allows administrators at the
Site Collection, Web, and List levels to request a reindex of the container during the next crawl. This feature is
managed completely within the content database, and therefore an administrator requesting this within the DR
farm will trigger the same event in the Production farm when the next crawl runs on the DR farm.
Search analytics-driven user recommendations
In SharePoint Server Search the processing of search and usage analytics is handled by a component called the
Analytics processor. This component has the following responsibilities:
Handles the processing of Search Analytic information
Processes usage analytics
Provides relational information that the content processor uses to support the search recommendations
feature
Provides statistical information about document popularity (for example, page visits and clicks) that the
content processor uses to improve relevancy and ranking calculations
To read more on the individual analytics processes, see Overview of analytics processing in SharePoint Server for
detailed information.
The processed information is stored in the Search Index and also by the Reporting and Links databases. Therefore,
the only method capable of making sure that this processed information is replicated to the DR farm in a
synchronized state is a full Search Service Application backup and restore.
Service application backup and restore improvements
The approach that satisfies all of the DR requirements for capturing configuration and index data is service
application backup and restore. These operations were invested in significantly to reduce the RTO and RPO
compared to earlier versions of SharePoint. Support for changing the number of threads used in the backup and
restore processes plus improvements in supporting both full and differential backup and restore operations are all
key gains in this area.
When adopting the approach of a full Search service application backup and restore as the DR strategy, overall
RPO is governed by two things. The time since the last full service application backup is the RPO, and the time that
is required to actually carry out a service application restore is the RTO. Both of these times are likely to increase in
duration as the indexed content in the Search service application increases, so careful management of the
expectation for service restoration in the event of a disaster being declared is needed. We recommended
conducting frequent test restores as part of your service continuity management exercises to make sure that any
SLA against required RTO and RPO can still be met. The following table summarizes the backup and restore
options for the Search service application.
OPTION LIMITATIONS
Crawl the read-only databases in the DR farm. No site collection or web level search configuration changes
are replicated to the DR farm.
Performa dual-crawl production farm. No site collection or web-level search configuration changes
are replicated to the DR farm.
Restore the Search Administration database on the DR farm Analytics-driven search index updates are not restored to the
and re-create the service. DR farm. This is because the index will be empty when the
service application is created, and a full crawl will be needed.
Do a full SSA backup and restore. No limitations on search index fidelity but restoring a large
service application may take serveral hours and impact the
RTO during a failover.
Here's an example:
Backup-SPFarm -Directory \\server\searchbackup - BackupMethod Full -Item "Farm\Shared Services\Shared Services
Applications\Contoso Search Service Application"
This example will take a full backup of the Search service application named Contoso Search Service Application
and store the backup files in the location \server\searchbackup.
NOTE
The BackupMethod switch will only apply to the search databases. In all cases, the search indexes are fully backed up
regardless of the option chosen.
You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in the
Readiness section. You can view the status for the current backup job in the lower part of the page in the Backup
section. The status page updates every 30 seconds automatically. You can manually update the status details by
clicking Refresh. Backup and recovery are timer service jobs. Therefore, it might take several seconds for the
backup to start. If you receive any errors, you can review them in the Failure Message column of the Backup and
Restore Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you
specified for storing the backup file.
Restoring the search service application
To restore a SharePoint Server Search service application, the backup must have completed successfully, and if
backups are taken frequently, then the ID of the specific backup to be restored is needed. This ID can be easily
obtained in several ways. The simplest is to open the Backup and Restore History page on the production farm
where the backup was taken and enter the Backup Directory Location. This provides a list of all the entries in the
backup and restore manifest file (psbrtoc.xml). In the following screen shot, a backup ID of {149fc816-8927-4a32-
9437-6e05c2869ab7} can be easily seen.
The alternative to using the backup and restore history page is to directly open the backup and restore manifest
and examine it for the desired entry. Because the size of this file will grow with every backup and restore
performed, examining this file may not be the optimum approach—especially if there is a high frequency of backup
and restore operations.
The following example shows typical entries in spbrtoc.xml, and you can see that the backup ID can easily be
identified.
Another available method is to use the Get-SPBackupHistory cmdlet, which can also provide the same information
as the spbrtoc.xml file.
The next two examples show how to perform the restore operation using the Restore-SPFarm cmdlet.
Restore-SPFarm -Directory <BackupFolder> -Item "<ServiceApplicationName>" -RestoreMethod Overwrite [-BackupId
<GUID>]
Restore-SPFarm -Directory \\server\searchbackup - Item "Farm\Shared Services\Shared Services
Applications\Contoso Search Service Application" -RestoreMethod New -BackupID "149fc816-8927-4a32-9437-
6e05c2869ab7"
NOTE
If no backup ID is provided, then the most recent available backup from the directory is used.
The RestoreMethod you use determines how the process will flow after it runs the Restore-SPFarm cmdlet.
If the new option is chosen, then the administrator running the cmdlet is prompted to provide a location on the
new farm for each component and database in the backup. This can be especially useful if the server farm topology
and naming convention in the DR farm does not exactly match production, which is a frequently encountered
scenario. If the Search service application is being restored to a farm that was built with matching names and
server topology, then the overwrite option can be used. Typically this option is only used when restoring to the
same farm that is the source of the backup.
NOTE
To use the overwrite option, there has to have been at least one restore using the new option. If this is not the case, an
existing Search service application that uses identical configuration and naming must be available on the DR farm.
When restoring a search service application, it will be automatically paused during and after the restore. To resume
the service application after the restore finishes, use the following PowerShell command.
$ssa = Get-SPEnterpriseSearchServiceApplication <SearchServiceApplicationName> $ssa.ForceResume($ssa.IsPaused())
Also of particular note to the administrator is the process that is used to restore a Search service application that
has multiple replicas per partition. The restore process will only restore to one of the replicas within each partition,
and a background task will handle the replication of the partition information to all other replicas for each partition.
Search indexing and querying is online and functional during this process, but the administration pages for the
Search service application may well show the replicas as degraded until this operation is complete.
Combined disaster recovery approach
As already mentioned, with service application backup and restore being the only supported approach to
maintaining a full fidelity DR solution, it becomes especially challenging to achieve a low RPO/RTO for search.
Time to back up and time to restore can become extended over time as the indexed corpus becomes larger. This
could lead to a much longer than desired RPO and RTO.
One approach that can be employed to overcome the challenges of achieving low RPO/RTO is to adopt a two-
pronged approach to the solution. The following list shows this solution:
Use crawling of read-only content databases, or dual-crawl the production site to maintain an acceptable
level of search index freshness in the DR farm.
Take Search service application backups, and either periodically restore them to the DR farm or have them
available in case the primary site is not recoverable.
If crawling read-only databases in the DR farm is the preferred choice, then you must consider the fact that
changes in the production farm won't be replicated to the recovery farm. As we mentioned, this includes the search
service analytics updates to the index and changes to configuration items such as result sources, query rules, and
schema modifications. If you adopt a combined approach, then it's very important to understand all the
implications and put in place a suitable strategy. Currently, there is no supported way to circumvent the loss of the
analytics updates, but steps can be taken to work around updates to configuration changes. You could try actions
similar to the following examples.
Ensure that all custom result sources, query rules, and search schema changes regarded as business critical are
made at the search service application level in Central Administration and not within site collections or subsites.
For example, consider a corporate intranet portal that has a dependency on specific query rules to manage the
content on the home page. These rules would be created on the production farm and manually replicated to the
DR farm to help make sure that this configuration is available. Similarly, custom mappings of crawled properties to
managed properties must be implemented at the service application level in both farms.
It is possible to capture the site-level and web-level search configuration items and export them to an XML file by
using PowerShell. For example, the next PowerShell example will export configuration items from the site
"http://intranet.contoso.com" to an XML file that is named intranetcontosocom.xml. This approach was published
to the SharePoint community and is used with their permission. You can view this blog post at Importing and
Exporting Search Configuration Settings in SharePoint 2013
Add-PSSnapin Microsoft.SharePoint.PowerShell-ea 0
[reflection.assembly]::LoadWithPartialName("Microsoft.SharePoint.Client") | Out-Null
[reflection.assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.search") | Out-Null
$context = New-Object Microsoft.SharePoint.Client.ClientContext("http://intranet.contoso.com")
$searchConfigurationPortability = New-Object
Microsoft.SharePoint.Client.Search.Portability.searchconfigurationportability($context)
$owner = New-Object Microsoft.SharePoint.Client.Search.Administration.searchobjectowner($context,"SPSite")
$value = $searchConfigurationPortability.ExportSearchConfiguration($owner)
$context.ExecuteQuery()
[xml]$schema = $value.Value
$schema.OuterXml | Out-File intranetcontosocom.xml -Encoding UTF8
NOTE
In the previous example, we export the configuration from SPSite. You can use the SearchObjectLevel enumeration to
obtain these settings: SSA, SPSiteSubscription, SPSite, and SPWeb.
The next example shows how to import the settings that you obtain from another environment.
[reflection.assembly]::LoadWithPartialName("Microsoft.SharePoint.Client") | Out-Null
[reflection.assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.search") | Out-Null
$context = New-Object Microsoft.SharePoint.Client.ClientContext("http://dr.contoso.com")
$searchConfigurationPortability = New-Object
Microsoft.SharePoint.Client.Search.Portability.searchconfigurationportability($context)
$owner = New-Object Microsoft.SharePoint.Client.Search.Administration.searchobjectowner($context,"SPSite")
[xml]$schema = gc .\schema.xml
$searchConfigurationPortability.ImportSearchConfiguration($owner,$schema.OuterXml)
$context.ExecuteQuery()
You can customize these examples to develop a search configuration export/import process that supports your
requirements for a combined disaster recovery solution.
When crawling read-only content databases in the DR farm, the site map table in the SharePoint configuration
database will not be updated to register newly created sites in the production farm. This means that those sites plus
the content within them will not be indexed during full or incremental crawls. To overcome this, it is important to
periodically run the following PowerShell command that will refresh the site map on the DR farm for all content
databases on the given web application.
Get-SPContentDatabase -WebApplication https://intranet.contoso.com | %
{$_.refreshsitesinconfigurationdatabase()}
By crawling the read-only databases and updating the site map periodically, a high level of index freshness can be
maintained in the DR farm. The second stage of the combined approach is what to do with the Search service
application backups. There are two real choices here, shown in the following list but note that the selected choice
will depend on the needs of the business.
If the business can operate successfully and meet its primary functions without having full fidelity search—
that is, the core configuration elements in the search admin service application and the ability to maintain a
high search index freshness allow the business to function in the DR site—then they may never restore the
service application into DR. Restoring the search service application may only be required if it becomes
clear that the primary site will not be available for a long time. This means that a failback to the primary site
is not possible, and therefore restoring the search service application fully is needed to bring all business
functions that depend on search back online. A specific time period could be selected to trigger the restore.
If there will be a requirement to maintain as much full fidelity search as possible at the DR site if there is
failover, then periodic backup and restore processes could be performed. Possible scenarios are daily or
weekly backup and restore procedures that are used together with read-only database crawling to maintain
freshness as close as possible to 100 percent. The problem is when the search index is so large that it takes
many hours to complete the restore, therefore introducing some risk to the RTO/RPO objectives.
This combined approach is clearly more complex than a simple backup and restore, but the benefits outweigh the
challenges if the business needs meet the requirements to implement such a solution.
Additional resources
For additional information, we recommend that you use the following resources.
Back up Search service applications in SharePoint Server
Restore Search service applications in SharePoint Server
In addition to the options that are provided in these articles and in this paper, there are other methods that you can
use to back up and restore the search service application in SharePoint Server. These methods are more fine
grained and involve independently restoring the search indexes and search databases to a new farm. We haven't
covered these steps, but if you are considering a scripted approach, we recommend that you start by reviewing the
following resources.
Get-SPEnterpriseSearchServiceApplicationBackupStore
Restore-SPEnterpriseSearchServiceApplication
Restore-SPEnterpriseSearchServiceApplicationIndex
Back up and restore a search service application in SharePoint 2013 using VSS . .
Overview of search result ranking in SharePoint
Server
6/7/2019 • 14 minutes to read • Edit Online
General purpose Default Search Model Default ranking model for the Search
service application. This ranking model
ranks most search results, such as the
search results for queries on the result
source "Local SharePoint Results". This
model is used for the search verticals
Everything, Videos and
Conversations.
RANKING MODEL TYPE RANKING MODEL NAME DESCRIPTION
General purpose Search Ranking Model with Two Linear This ranking model is a copy of the
Stages Default Search Model with the
exception that stage two is a linear
stage instead of a neural net stage. We
recommend that you use a copy of this
model as the base model if you want to
create a custom ranking model.
General purpose O15 MainResultsDefaultRankingModel Ranking model that was used as the
default ranking model for the Search
service application before the
SharePoint Server 2013 cumulative
update of August 2013. The cumulative
update introduces some improvements
to the Default Search Model. This
ranking model was added for backward
compatibility.
General purpose O14 Default Search Model Ranking model that was used as the
default ranking model for the Search
service application in SharePoint Server
2010 and Search Server 2010. This
ranking model was added for backward
compatibility.
General purpose Search Model With Boosted Minspan Ranking model that puts a higher
weight on proximity features than the
Default Search Model. Proximity
features in the ranking model look at
each of the query terms and determine
how close to one another these query
terms occur in the items. Proximity is
only considered in the managed
properties Body and Title.
General purpose Search Model Without Minspan Default Search Model without proximity
features.
People search People Search application ranking Default ranking model for people
model search. This ranking model ranks search
results for people. People search is
based on user profile information from
My Sites that are kept in the User
Profile service application.
People search People Search expertise ranking model Ranking model for people search that
puts a higher weight on expertise.
Expertise is calculated based on how
few levels the person is from the top
position within an organization.
RANKING MODEL TYPE RANKING MODEL NAME DESCRIPTION
People search People Search expertise social distance Ranking model for people search based
ranking model on expertise with a higher weight on
social distance. Social distance is the
relationship, as defined by their
position in the organization, between
the user who typed the query and the
people who are listed in the search
results.
People search People Search name ranking model Ranking model for people name search.
People search People Search name social distance Ranking model for people name search
ranking model that puts a higher weight on social
distance.
People search People Search social distance model Ranking model for people search that
puts a higher weight on social distance.
Special purpose Catalog ranking model Ranking model for internet facing
websites. This ranking model ranks
search results for websites that use
cross-site publishing and that have a
product catalog associated with the
SharePoint Server site collection.
Special purpose Popularity ranking model Ranking model for popularity based
search. This ranking model ranks
SharePoint Server content based on the
number of times an item that is stored
in SharePoint Server has been accessed.
Special purpose Site suggestion ranking model Ranking model for social suggestions.
Items that other users have clicked will
get a higher ranking.
Content These are the words contained in the items. For items that are
text based, such as documents, this is typically most of the
text. For other types of items, such as videos, there is little or
no content.
Metadata The metadata associated with items such as title, author, URL
and creation date. Metadata is automatically extracted from
most types of items.
File type Some file types can be considered more important for ranking
than others. For example, Word and PowerPoint results are
typically more important than Excel results.
Result contains keyword Matches if the result contains the keywords anywhere in its
contents, including meta-data.
Title contains keyword Matches if the result title contains the specified keywords or
phrases.
CHANGE RANKING WHEN: DESCRIPTION
Title matches keyword Matches if the result title exactly matches the specified
keywords or phrases.
URL starts with Matches if the result URL starts with the specified URL.
URL exactly matches Matches if the result URL exactly matches the specified URL.
Content type is Matches if the result is of the content type that you specify.
File extension matches Matches if the result has the specified file extension.
Result has the tag Matches if the result has the specified taxonomy tag as part
of its meta-data.
For more information, see Plan to transform queries and order results in SharePoint Server and Manage query
rules in SharePoint Server.
1 Title 0.3610
RELATIVE CONTRIBUTION WEIGHT TO
EXAMPLE OF A MANAGED PROPERTY IN RANKING (DEFAULT SEARCH MODEL AND
CONTEX T THIS CONTEX T DEFAULT FULL-TEX T INDEX)
2 Filename 0.1512
5 Author 0.1581
7 Body 0.0194
For example, you create a new managed property of the type string that contains about ten words or less. You
consider this new managed property to be about as important as the existing managed property Title. In that
case, you should map the new managed property to context 1.
Another example. You create a managed property of the type string that contains lots of words, for example a
description of something. You should map this new managed property to context 7 because it is similar to the
managed property Body, both in length as well as in importance.
IMPORTANT
Map managed properties with similar importance and size (in words) to the same context.
After changing the context of a managed property, it is important to monitor the search results, as the change
may not have the expected or desired consequences. It will take some time before the changes appear in the
search results, because the content has to be re-indexed before changes to the search schema are picked up. If
you have already crawled one or more content sources that include content that contains the managed property
that you changed the context of, you have to do a full re-crawl of those content sources before you can see any
changes in the ranking.
You can change the context of a searchable managed property in the Advanced Searchable Settings, using the
search schema feature in the Search service application. See Overview of the search schema in SharePoint Server
and Manage the search schema in SharePoint Server for more information.
If you create a custom ranking model, this influences all the queries using that ranking model. You should test the
effect of the custom ranking model on many queries.
You can read more about how to create, deploy and use a custom ranking model in the article Customizing
ranking models to improve relevance in SharePoint 2013 on MSDN.
NOTE
If you want to create a custom ranking model for the default search results, use a copy of the Search Ranking Model with
Two Linear Stages as the base model for your custom ranking model, it will be easier to re-tune and customize your
ranking model.
See also
Plan to transform queries and order results in SharePoint Server
Overview of the search schema in SharePoint Server
Create a custom ranking model by using the Ranking Model Tuning App
Overview of analytics processing in SharePoint
Server
6/7/2019 • 8 minutes to read • Edit Online
ANALYSIS DESCRIPTION
ANALYSIS DESCRIPTION
Anchor text processing Anchor text processing analyzes how items in the content
corpus are interlinked. It also includes the anchor texts
associated with the links in the analysis. The Analytics
Processing Component uses the results of the analysis to add
rank points to the items in the search index.
Click Distance The Click Distance analysis calculates the number of clicks
between an authoritative page and the items in the search
index. An authoritative page can be a top level site, for
example http://www.contoso.com, or other pages that are
viewed as important. You can define Authorative pages in
Central Administration.
Search Clicks The Search Clicks analysis uses information about which items
users click in search results to boost or demote items in the
search index. The analysis calculates a new ranking of items
compared to the base relevance.
Social Tags The Social Tags analysis analyses social tags, which are words
or phrases that users can apply to content to categorize
information in ways that are meaningful to them.
Search Reports The Search Reports analysis aggregates data and stores the
data in the Analytics reporting database where it's used to
generate these search reports:
Number of queries
Top queries
Abandoned queries
No result queries
Deep Links The Deep Links analysis uses information about what people
actually click in the search results to calculate what the most
important sub-pages on a site are. These pages are displayed
in the search results as important shortcuts for the site, and
users can access the relevant sub-pages directly from the
search results.
Usage analytics
Usage analytics is a set of analyses that receive information about user actions, or usage events, such as clicks or
viewed items, on the SharePoint Server site. Usage analytics combines this information with information about
crawled content from the Search analyses, and processes the information. Information about recommendations
and usage events is added to the search index. Statistics on the different usage events is added to the search index
and sent to the Analytics reporting database.
A default set of usage events is defined out of the box. The default events are always registered and analyzed by
SharePoint Server. You can also configure custom event types. For more information about the default usage
events, see The usage events used by Usage analytics.
Analyses in usage analytics
ANALYSIS DESCRIPTION
Usage counts The Usage counts analysis analyzes events, such as viewed or
clicked items. The analysis calculates how many times an item
is opened overall , not just from the search result page, but
also, for example, when a document is opened from Word or
clicked in a SharePoint Server library.
The analysis calculates both recent events and all time events,
for all defined event types. By default, recent events is set to
the last 14 days, but you can set it between 1 and 14 days
(on-premises). The statistics data is aggregated on site level,
on site collection level, and on tenant level (SPO).
Activity ranking The Activity ranking analysis uses the activity tracking of
usage events (the event rate) to influence search relevancy.
Items that have high usage activity (clicks or views) typically
get a higher activity rank score than less popular items.
The analysis looks for trends in item activity. If you only count
the number of events, older items will typically "win" in
relevancy, because the older documents have had more time
to collect activity. The activity tracking helps newer
documents that have high usage activity get a higher rank.
NOTE
Unique Users shows the number of unique users per day, while Unique Users per month shows SUM(UU/Day) for
the month.
Most Popular Items Shows ranking per usage event for all items in a library or list, for example the most
viewed items in the library or list. The ranking can be sorted by Recent or Ever.
IMPORTANT
Local legal restrictions might apply when you enable cookies on sites that have anonymous users.
To enable usage cookies for a SharePoint web application, see Edit general settings on a web application in
SharePoint Server. This article also applies to SharePoint Server 2016.
Configure enterprise search in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
Create and configure a Search service application in The Search service application crawls content and provides
SharePoint Server search results. You can either create it as part of a new
deployment of SharePoint Server, or as needed.
Create a Search Center site in SharePoint Server The Search Center is one classic search interface where users
submit search queries and view search results.
Deploy people search in SharePoint Server In classic search, People search lets users get information
about people in the organization and get links to the
documents that they have authored.
Create and configure a Search service application in
SharePoint Server
6/7/2019 • 9 minutes to read • Edit Online
Search service Windows user credentials for the This setting applies to all Search service
SharePoint Server Search service, which applications in the farm. You can
is a Windows service change this account at any time by
clicking Configure service accounts in
the Security section on the Central
Administration home page.
Search Admin Web Service application Windows user credentials For each of these accounts, you can use
pool the same credentials that you specified
for the Search service. Or, you can
Search Query and Site Settings Web assign different credentials to each
Service application pool account according to the principle of
least-privilege administration.
ACCOUNT DESCRIPTION NOTES
Default content access Windows user credentials for the Search We recommend that you specify a
service application to use to access separate account for the default
content when crawling content access account according to
the principle of least-privilege
administration.
The accounts that you use for the Search service, the Search Admin Web Service application pool, and the Search
Query and Site Settings Web Service application pool must be registered as managed accounts in SharePoint
Server so that they are available when you create the Search service application. Use the following procedure to
register each of these accounts as a managed account.
To register a managed account
1. On the Central Administration home page, in the Quick Launch, click Security.
2. On the Security page, in the General Security section, click Configure managed accounts.
3. On the Managed Accounts page, click Register Managed Account.
4. On the Register Managed Account page, in the Account Registration section, type the user name and
password that you want to use as credentials for the service account.
5. If you want SharePoint Server to manage password changes for this account, select the Enable automatic
password change check box and configure the parameters for automatic password change.
6. Click OK.
NOTE
Each Search service application has its own search topology. If you create more than one Search service application in a
farm, we recommend that you allocate dedicated servers for the search topology of each Search service application.
Deploying several Search service applications to the same servers will significantly increase the resource requirements (CPU
and memory) on those servers.
Use the following procedure to create a Search service application or a cloud Search service application.
To create a Search service application
1. Verify that the user account that is performing this procedure is a member of the Farm Administrators
group for the farm for which you want to create the service application.
2. On the Central Administration home page, in the Application Management section, click Manage
service applications.
3. On the Manage Service Applications page, on the ribbon, click New, and then click Search Service
Application.
4. On the Create New Search Service Application page, do the following:
Accept the default value for Service Application name, or type a new name for the Search service
application.
To make this a cloud Search service application, in the Search Service Application type section,
checkmark the Cloud Search Service Application box. Otherwise, leave the box unchecked.
In the Search Service Account list, select the managed account that you registered in the previous
procedure to run the Search service.
In the Application Pool for Search Admin Web Service section, do the following:
Select the Create new application pool option, and then specify a name for the application pool in
the Application pool name text box.
In the Select a security account for this application pool section, select the Configurable
option, and then from the list select the account that you registered to run the application pool for
the Search Admin Web Service.
In the Application Pool for Search Query and Site Settings Web Service section, do the following:
Choose the Create new application pool option, and then specify a name for the application pool
in the Application pool name text box.
In the Select a security account for this application pool section, select the Configurable
option, and then from the list select the account that you registered to run the application pool for
the Search Query and Site Settings Web Service.
5. Click OK.
See also
Create a Search Center site in SharePoint Server
Create a Search Center site in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
Related Topics
Create and configure a Search service application in SharePoint Server 2016
Manage the Search Center in SharePoint Server
Deploy people search in SharePoint Server
6/7/2019 • 11 minutes to read • Edit Online
When a user enters a search query in the search box and then clicks one of the search-vertical links, the Search
system returns search results that correspond to that search vertical only. For example, if the user enters Microsoft
Azure in the search box and then selects the People search-vertical link, the Search system returns only search
results that are people in your organization who are involved with Microsoft Azure.
This article describes the prerequisites that you must complete to make people search possible, and addresses
other considerations related to making people search work.
NOTE
You should not clear the Do not allow Basic Authentication check box unless you are using SSL to encrypt the
website traffic. For more information, see Plan for user authentication methods in SharePoint Server.
To remove the profile store URL from the preconfigured content source
1. Verify that the user account that is performing this procedure is an administrator for the Search service
application.
2. In Central Administration, in the Application Management section, click Manage service applications.
3. On the Manage Service Applications page, click Search Service Application.
4. On the Search Administration page, in the Quick Launch, in the Crawling section, click Content
Sources.
5. On the Manage Content Sources page, click the link to the preconfigured content source ( Local
SharePoint sites).
6. In the Start Addresses section, remove the URL for the profile store (sps3:// My_Site_host_URL or sps3s://
My_Site_host_URL, where My_Site_host_URL is the URL for the web application where you deployed the
My Sites site collection).
7. Click OK.
Use the following procedure to create a content source that specifies how to crawl the profile store. For
more information, see Add, edit, or delete a content source in SharePoint Server.
To create a content source that specifies how to crawl the profile store
1. Verify that the user account that is performing this procedure is an administrator for the Search service
application.
2. In Central Administration, in the Application Management section, click Manage service applications.
3. On the Manage Service Applications page, click Search Service Application.
4. On the Search Administration page, in the Quick Launch, in the Crawling section, click Content
Sources.
5. On the Manage Content Sources page, click New Content Source.
6. On the Add Content Source page, in the Name section, type a name for this content source.
7. In the Content Source Type section, ensure that SharePoint Sites is selected.
8. In the Start Addresses section, type the start address in the form sps3:// My_Site_host_URL, where
My_Site_host_URL is the URL for the web application where you deployed the My Sites site collection.
If the web application where you deployed the My Sites site collection uses SSL, then type the start address
in the form sps3s:// My_Site_host_URL.
9. In the Crawl Settings section, leave the default value of Crawl everything under the host name for
each start address.
10. In the Crawl Schedules section, do the following:
Select Enable Continuous Crawls or Enable Incremental Crawls.
A continuous crawl automatically provides maximum freshness for the content source without an
incremental crawl schedule. For more information, see Manage continuous crawls in SharePoint Server.
If you select Enable Incremental Crawls, create an incremental crawl schedule.
Optionally create a schedule for full crawls.
11. If you selected Enable Incremental Crawls, in the Content Source Priority section, select the priority for
this content source.
NOTE
The Content Source Priority section does not appear when you specify the content source type as SharePoint
Sites and you select Enable Continuous Crawls.
IMPORTANT
For a test environment, we recommend that you do not synchronize the profile store to a directory service or other external
data source that is in a production environment. Instead, create a copy of the directory service and synchronize the copy
with the profile store.
Use the following procedure to view the user profiles in the User Profile service application.
To view a list of user profiles in the User Profile service application
1. Verify that the user account that is performing this procedure is an administrator for the User Profile service
application.
2. In Central Administration, in the Application Management section, click Manage service applications.
3. On the Manage Service Applications page, click the User Profile service application.
4. On the Manage Profile Service page, in the People section, click Manage User Profiles.
5. On the Manage User Profiles page, in the Find profiles box, type the name of the domain of which the
users are members.
Do not type the fully qualified domain name. For example, if users are members of the Contoso.com
domain, type Contoso in the Find profiles box.
6. Click Find.
Add information to My Sites
My Sites keep information in the User Profile service application databases. The User Profile service application
stores much of the information that appears in results for people search. People search results become more
useful as users add more information to their My Sites.
The first time that a user accesses their My Site, also known as their personal site, a My Site is created for them
and a profile is automatically added to the User Profile service application.
To add information to a user's My Site, log on as a user for whom a user profile was created in the User Profile
service application, and then go to that user's My Site. In the user's My Site, you can provide information about the
user's expertise and interests. To see how the information that you added affects the people search results that
appear, perform a crawl of the profile store, and then search on the user's name.
NOTE
We recommend that you crawl the profile store and wait about two hours after the crawl finishes before you start the first
crawl of the preconfigured content source (that is, local SharePoint sites). After the crawl of the profile store finishes, the
search system generates a list to standardize people's names. This is so that when a person's name has different forms in
search results, the results are displayed in a single group corresponding to one name. For example, all documents authored
by Anne Weiler or A. Weiler or alias AnneW can be displayed in the search results in a result block that is labeled "Documents
by Anne Weiler". Similarly, all documents authored by any of those identities can be displayed under the heading "Anne
Weiler" in the refinement panel if "Author" is one of the categories there.
For information about how to view the status of a crawl, see Start, pause, resume, or stop a crawl for a content
source.
See also
Administer the User Profile service in SharePoint Server
Overview of profile synchronization in SharePoint Server 2013
Manage user profile synchronization in SharePoint Server
Plan for My Sites in SharePoint Server
Create and configure a Search service application in SharePoint Server 2016
Manage crawling in SharePoint Server
Add, edit, or delete a content source in SharePoint Server
Administer search in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
NOTE
If there are no other Web Parts on a page, search results will be sent to the search results page as specified
on the Search Settings page.
To send queries to a custom search results page, select Send queries to a custom results page URL, and
then type the URL of the custom search results page.
NOTE
You can't send queries to a custom search results page that uses a friendly URL.
5. In the Web Part tool pane, in the Properties for Search Box section, expand the Query Suggestions section,
and then do the following:
To disable query suggestions, clear the Show suggestions check box.
To specify additional properties for query suggestions, change the values in the following fields:
Number of query suggestions: How many query suggestions to display.
Minimum number of characters: How many characters the user must type before query
suggestions are displayed.
Suggestions delay (in milliseconds): How many milliseconds elapse before query suggestions
are displayed.
Number of personal favorites: How many query suggestions are displayed to the user under the
text Are you looking for these again? in the search results. These suggestions are based on search
results that the user has clicked previously. To disable personal favorite results, clear the Show
personal favorite results check box.
To turn on people name suggestions, select Show people name suggestions.
6. In the Web Part tool pane, in the Properties for Search Box section, expand the Settings section, and then do
the following:
To show a link to a search preference page, select Show preferences link.
To show a link to an advanced search page, select Show advanced link, and then in the Advanced search
page URL box, type the URL of the advanced search page that you want to link to.
To apply another display template, in the Search box control Display Template list, select the display
template that you want to apply to the Web Part.
Select the Make the search box have focus when the page is loaded check box to make it possible for
users to immediately type a query in the search box when the page is loaded without first having to click the
search box. By default, this is selected.
See also
How to change the text that is displayed in the Search Box Web Part in SharePoint Server 2013
Configure properties of the Search Results Web Part
in SharePoint Server
6/7/2019 • 13 minutes to read • Edit Online
NOTE
Sorting of search results is case sensitive.
IMPORTANT
If your result source contains sorting, you should not specify sorting in the Search Results Web Part. This is because
the sorting in the result source overrides the sorting that you specify in the Search Results Web Part.
9. Select Rank to sort by relevance rank. You can then specify which ranking model to use or specify dynamic
ordering rules.
(Optional) Select which ranking model to use for sorting in the Ranking Model list.
Under Dynamic ordering, you can specify additional ranking by adding rules that will change the
order of results when certain conditions apply. Click Add dynamic ordering rule, and then specify
conditional rules.
10. On the SETTINGS tab, specify the settings that are listed in the following list.
Query Rules
Select whether to use Query Rules or not.
URL Rewriting
Select if the URL rewrite to the item details page should continue to be relative for each catalog item as
defined when you set up the catalog connection. This option is only meaningful for sites that use managed
navigation and have connected to a catalog that uses anonymous access for the catalog pages. If you select
Don't rewrite URLs, the URLs for catalog items are pointed directly to the library item of the connected
catalog.
Loading Behavior
Select when the search results returned by the Search Results Web Part appear on the web page. The
default option is Async option: Issue query from the browser. Queries will be issued from the end-users
browser after the complete page is received (asynchronous). If you select the synchronous option, Sync
option: Issue query from the server, queries are issued from the server, and the search results are
included in the page response that is sent back from SharePoint (synchronous). Synchronous loading
makes search vulnerable to cross-site request forgery attacks and you should only chose this option after
carefully considering whether this vulnerability can be exploited, learn more.
9. On the TEST tab, you can preview the query that is sent by the Search Results Web Part.
Query text
Shows the final query that will be run by the Search Results Web Part. It is based on the original query
template where dynamic variables are substituted with current values. Other changes to the query may be
made as part of a query rule.
Click Show more to display additional information.
Query template
Shows the content of the query template that is applied to the query.
Refined by
Shows the refiners applied to the query as defined on the REFINERS tab.
Grouped by
Shows the managed property on which search results should be grouped as defined on the REFINERS
tab.
Applied query rules
Shows which query rules are applied to the query.
The Query template variables section shows the query variables that will be applied to the query, and the
values of the variables that apply to the current page. You can type other values to test the effect they will have on
the query. Click the Test Query button to preview the search results.
You can also test how the query works for different user segment terms. Click Add user segment term to add
terms to be added to the query.
Click the Test query button to preview the search results.
Query text
Shows the final query that will be run by the Search Results Web Part. It is based on the original query
template where dynamic variables are substituted with current values. Other changes to the query may be
made as part of a query rule.
10. In the Web Part tool pane, in the Display Templates section, the default selection is Use result types to
display items. This selection will apply different display templates according to the result type of the
search result. For example, if the result type of a search result is a PDF file, the display template PDF Item
will be applied. If the result type of a search result is an image, the Picture Item display template will be
applied. To apply one display template to all result types of the search results, select Use a single template
to display items, and then select the display template that you want to apply.
11. In the Web Part tool pane, in the Settings section, in the Results Settings, to further specify how search
results should be shown, change the values in the following fields:
Number of results per page The number of search results to be displayed per page.
Show ranked results Clear the check box if you want to show only promoted blocks (such as promoted
results or personal favorites) or result controls (such as result counts) instead of the ranked results.
Show promoted results Clear the check box if you do not want to show search results that you have
promoted by using Query rules.
Show "Did you mean?" Clear the check box if you do not want to show query spelling corrections as Did
you mean suggestions. For more information about query spelling corrections, see Manage query spelling
correction in SharePoint Server.
Show personal favorites Clear the check box if you do not want to show personal favorites.
Show View Duplicates link Select the check box if you want to show a View Duplicates link.
Show link to search center Select the check box if you want to show a link to the Search Center.
12. In the Web Part tool pane, in the Settings section, in the Results control settings section, to specify how
search results should be shown, change the values in the following fields:
Show advanced link Clear the check box if you don't want to show a link to the Advanced Search page in
the Web Part.
Show result count Clear the check box if you don't want to show the number of results found in the Web
Part.
Show language dropdown Clear the check box if you don't want to show the language drop-down in the
Web Part.
Show sort dropdown Select the check box if you want to show the sort drop-down in the Web Part.
Show paging Clear the check box if you don't want to show paging in the Web Part.
Show preferences link Clear the check box if you don't want to show a link to the preferences page in the
Web Part.
Show AlertMe link Clear the check box if you don't want to show a link to the Alert Me page in the Web
Part. For more information about search alerts, see Enable search alerts in SharePoint Server.
NOTE
Disabling stemming turns it off for all languages except the following: Arabic, Estonian, Finnish, Hebrew, Hungarian, Korean,
Latvian, and Slovak.
See also
Query variables in SharePoint Server
Configure result sources for search in SharePoint Server
Plan to transform queries and order results in SharePoint Server
Blog series: How to change the way search results are displayed in SharePoint Server 2013
Configure properties of the Refinement Web Part in
SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
For example, you can add the following line to change the display name for the managed property
RefinableInt00 to Price:
"rf_RefinementTitle_RefinableInt00": "Price" .
NOTE
You can't use a page that uses a friendly URL for your search vertical.
CONTENT DESCRIPTION
Manage the search schema in SharePoint Server Learn how to use the search schema to collect content in the
search index and retrieve content from the search index.
Add or remove a file type from the search index in SharePoint Learn how to add or remove a file type from the SharePoint
Server search index by modifying the list of file types that the search
system crawls.
Delete items from the search index or from search results in Learn how to remove an item from the search index or
SharePoint Server SharePoint search results by removing the URL.
Reset the search index in SharePoint Server Learn how to reset the SharePoint search index.
Manage the search schema in SharePoint Server
6/7/2019 • 13 minutes to read • Edit Online
NOTE
The search schema applies to both the classic and the modern search experiences, except for the following settings which
don't apply to modern search:
Refinable. Modern search has built-in refiners.
Sortable. Not supported in modern search.
Custom entity extraction. Modern search has built-in refiners.
Company name extraction. Not supported in modern search.
IMPORTANT
If you want to be able to use this managed property as a refiner, you must select both Refinable and Queryable.
Queryable Disable No
Retrievable Disable No
Refinable Disable No
Sortable Disable No
Alias Add/Delete No
Add or remove a file type from the search index in
SharePoint Server
6/7/2019 • 8 minutes to read • Edit Online
$ssa = Get-SPEnterpriseSearchServiceApplication
Get-SPEnterpriseSearchFileFormat -SearchApplication $ssa
The result is a list of all file formats that the content processing component in the Search service
application referenced by `$ssa` can parse. For each file format the list shows:
$ssa = Get-SPEnterpriseSearchServiceApplication
Set-SPEnterpriseSearchFileFormatState -SearchApplication $ssa FormatID $TRUE
Where:
4. Restart the SharePoint Search Host Controller service to apply the changes:
Open a command prompt window on the server that hosts the content processing component. On the
Start menu, click All Programs, click Accessories, right-click Command Prompt and then click Run as
administrator.
To stop the SharePoint Search Host Controller, type this command: net stop spsearchhostcontroller
To restart the SharePoint Search Host Controller, type this command: net start spsearchhostcontroller
5. Verification: show the list of file name extensions and file formats that the content processing component can
parse and make sure that the file name extension is there. See View information about file formats that can be
parsed.
To disable parsing of a file format using a built-in format handler
1. Verify that the user account that is performing this procedure is an administrator for the Search service
application.
2. Start a SharePoint Management Shell on the server that hosts the content processing component.
3. At the Microsoft PowerShell command prompt, type the following commands:
$ssa = Get-SPEnterpriseSearchServiceApplication
Set-SPEnterpriseSearchFileFormatState -SearchApplication $ssa FormatID $FALSE
Where:
$FALSE disables the format handler from parsing the file type.
4. Restart the SharePoint Search Host Controller service to apply the changes:
Open a command prompt window on the server that hosts the content processing component. On the
Start menu, click All Programs, click Accessories, right-click Command Prompt and then click Run as
administrator.
To stop the SharePoint Search Host Controller, type this command: net stop spsearchhostcontroller
To restart the SharePoint Search Host Controller, type this command: net start spsearchhostcontroller
5. Verification: show the list of file name extensions and file formats that the content processing component can
parse and make sure that the file name extension is not there. See View information about file formats that can
be parsed.
To enable parsing of a file format using a third-party filter-based format handler
1. Verify that the user account that is performing this procedure is an administrator for the Search service
application.
2. Start a SharePoint Management Shell on the server that hosts the content processing component.
3. At the Microsoft PowerShell command prompt, type the following commands:
$ssa = Get-SPEnterpriseSearchServiceApplication
New-SPEnterpriseSearchFileFormat -SearchApplication $ssa FileNameExtension FileFormat
application/FileApplication
Where:
FileFormat is the format of the file type. The format is often the name of the application.
application/FileApplication is the mime type of the file type. The mime type must consist of a type and a
subtype. In this example, application is the type and FileApplication is the subtype. For example, for Word
files, the type is application and the subtype is msword. Together they form the complete mime type:
application/msword.
4. Restart the SharePoint Search Host Controller service to apply the changes:
Open a command prompt window on the server that hosts the content processing component. On the
Start menu, click All Programs, click Accessories, right-click Command Prompt and then click Run as
administrator.
To stop the SharePoint Search Host Controller, type this command: net stop spsearchhostcontroller
To restart the SharePoint Search Host Controller, type this command: net start spsearchhostcontroller
5. Verification: show the list of file name extensions and file formats that the content processing component can
parse and make sure that the file name extension is there. See View information about file formats that can be
parsed.
To disable parsing of a file format using a third-party filter-based format handler
1. Verify that the user account that is performing this procedure is an administrator for the Search service
application.
2. Start a SharePoint Management Shell on the server that hosts the content processing component.
3. At the Microsoft PowerShell command prompt, type the following commands:
$ssa = Get-SPEnterpriseSearchServiceApplication
Remove-SPEnterpriseSearchFileFormat -SearchApplication $ssa -Identity FileNameExtension
Where:
4. Restart the SharePoint Search Host Controller service to apply the changes:
Open a command prompt window on the server that hosts the content processing component. On the
Start menu, click All Programs, click Accessories, right-click Command Prompt and then click Run as
administrator.
To stop the SharePoint Search Host Controller, type this command: net stop spsearchhostcontroller
To restart the SharePoint Search Host Controller, type this command: net start spsearchhostcontroller
5. Verification: show the list of file name extensions and file formats that the content processing component can
parse and make sure that the file name extension is not there. See View information about file formats that can
be parsed.
Delete items from the search index or from search
results in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
NOTE
If your SharePoint environment is hybrid and uses cloud hybrid search, you index your on-premises content in your
search index in Office 365. See Learn about cloud hybrid search for SharePoint for guidance on deleting the metadata
of an on-premises item and deleting on-premises search results from the search index in Office 365.
For SharePoint Server 2019, removing the URL of an item affects both the classic and modern search experiences.
NOTE
After a search index reset, a full crawl won't restore all analytics features that are powered by the Analytics Processing
Component. Examples of analytics features are raising or demoting items in search results based on which search results
users have clicked, or displaying the number of times a search result has been viewed. For more information, see Overview of
analytics processing in SharePoint Server.
If you can, you should perform a backup and restore of your Search service application instead of a search index reset. These
procedures will fully restore all features that are powered by the Analytics Processing Component. For more information, see
Back up Search service applications in SharePoint Server and Restore Search service applications in SharePoint Server.
NOTE
If your SharePoint environment is hybrid and uses cloud hybrid search, you index your on-premises content in your search
index in Office 365. See Learn about cloud hybrid search for SharePoint for guidance on deleting metadata of on-premises
items from the search index in Office 365.
CONTENT DESCRIPTION
Best practices for crawling in SharePoint Server Learn how to manage crawls effectively.
Add, edit, or delete a content source in SharePoint Server Learn how to create a content source to specify what type of
content to crawl, schedules for crawling, start addresses, and
crawl priority.
Change the default account for crawling in SharePoint Server Change the user name or password of the account that the
Search service uses by default for crawling.
Start, pause, resume, or stop a crawl in SharePoint Server Learn how to start, pause, resume or stop a full or
incremental crawl of a content source.
Manage continuous crawls in SharePoint Server Learn how to enable continuous crawls of SharePoint content
to help keep the search index and search results as fresh as
possible.
Manage crawl rules in SharePoint Server Learn how to specify a content access account, create crawl
rules to include or exclude directories, and prioritize crawl
rules.
Configure and use the Exchange connector for SharePoint Learn how to create a crawl rule and add a content source to
Server crawl Exchange Server public folders.
Configure and use the Documentum connector in SharePoint Learn how to install and configure the Microsoft SharePoint
Server Indexing Connector for Documentum.
Configure and use the Lotus Notes connector for SharePoint Learn about the administrative roles, required software, user
Server accounts, and processes that are required to install and
operate the Lotus Notes Client and the Lotus Notes
Connector to work with SharePoint Server search.
Configure time-out values for crawler connections in Change how long the SharePoint search crawler will wait for a
SharePoint Server connection to a content repository or for a response to a
connection attempt.
Configure the crawler in case of SSL certificate warnings in Specify whether a SharePoint crawler will crawl a site if there
SharePoint Server is a problem with the site's Secure Sockets Layer (SSL)
certificate.
Configure proxy server settings for Search in SharePoint Specify a proxy server to send requests to crawl content or
Server query federated content repositories.
See also
Search in SharePoint Server
Add, edit, or delete a content source in SharePoint
Server
6/7/2019 • 2 minutes to read • Edit Online
Changing a content source requires a full crawl for that content source.
NOTE
For a content source that is of type SharePoint Server sites, you can enable continuous crawls. For more
information, see Manage continuous crawls in SharePoint Server.
8. To set the priority of this content source, in the Content Source Priority section, on the Priority list,
select Normal or High.
9. Click OK.
See also
Create and configure a Search service application in SharePoint Server 2016
Manage crawl rules in SharePoint Server
Start, pause, resume, or stop a crawl in SharePoint
Server
6/7/2019 • 3 minutes to read • Edit Online
NOTE
Pausing a crawl has the disadvantage that references to crawl components can remain in the
MSSCrawlComponentsState table in the search administration database. This can cause a problem if you want to
remove any crawl components (say, because you want to remove a server that hosts those components from the
farm). However, when you stop a crawl, references to crawl components in the MSSCrawlComponentsState table
are deleted. Therefore, if you want to remove crawl components, it is better to stop crawls than to pause crawls.
For more information about removing crawl components, see Best practices for crawling in SharePoint Server.
Stop Crawl. You must click OK to confirm that you want to stop the crawl. The value in the Status
column changes to Idle for the selected content source.
NOTE
If you stop a full or incremental crawl that is in progress (for example, so that you can change the search topology),
the next time a crawl occurs for that content source, the Search system automatically performs a full crawl.
$SSA = Get-SPEnterpriseSearchServiceApplication
$SPContentSources = $SSA | Get-SPEnterpriseSearchCrawlContentSource | WHERE {$_.Type -eq "SharePoint"}
foreach ($cs in $SPContentSources)
{
$cs.EnableContinuousCrawls = $false
$cs.Update()
}
4. Verification: On the Search_Service_Application_Name: Manage Content Sources page, verify that the
Status column has changed to Idle for all content sources. This might take some time, because all URLs that
remain in the crawl queue are still crawled after you disable continuous crawls.
$ssa = Get-SPEnterpriseSearchServiceApplication
$ssa.SetProperty("ContinuousCrawlInterval",n)
Where:
n is the regular interval in minutes at which you want to continuous crawls to start. The default interval is
every 15 minutes. The shortest interval that you can set is 1 minute.
> [!NOTE]
> If you reduce the interval, you increase the load on SharePoint Server and the crawler. Make sure that you
plan and scale out for this increased consumption of resources accordingly.
See also
Plan crawling and federation in SharePoint Server
Set-SPEnterpriseSearchCrawlContentSource
Manage crawl rules in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
NOTE
This option is not available unless the Include all items in this path option is selected in the Crawl Configuration
section.
To use the default content access account, select Use the default content access account.
If you want to use a different account, select Specify a different content access account and then in the
Account box, type the user account name that can access the paths that are defined in this crawl rule.
Next, in the Password and Confirm Password boxes, type the password for this user account. To prevent
basic authentication from being used, select the Do not allow Basic Authentication check box. The
server attempts to use NTLM authentication. If NTLM authentication fails, the server attempts to use basic
authentication unless the Do not allow Basic Authentication check box is selected.
To use a client certificate for authentication, select Specify client certificate, expand the Certificate
menu, and then select a certificate.
To use form credentials for authentication, select Specify form credentials, type the form URL (the
location of the page that accepts credentials information) in the Form URL box, and then click Enter
Credentials. When the logon prompt from the remote server opens in a new window, type the form
credentials with which you want to log on. You are prompted if the logon was successful. If the logon was
successful, the credentials that are required for authentication are stored on the remote site.
To use cookies, select Use cookie for crawling, and then select Obtain cookie from a URL to obtain a
cookie from a website or server. Or, select Specify cookie for crawlingto import a cookie from your local
file system or a file share. You can optionally specify error pages in the Error pages (semi-colon
delimited) box.
To allow anonymous access, select Anonymous access.
9. Click OK.
NOTE
When creating a crawl rule, the URL that you type inside the Path box should be in the following form:
_<protocol>://hostname/*_where <protocol> is the protocol that you want to use (typically http or https), and
hostname is the NetBIOS or fully qualified domain name of the server that is running Exchange Server.
7. In the Crawl Configuration section, select Include all items in this path.
8. In the Specify Authentication section, select the type of crawl authentication to use. This section is
available only if Include all items in this path is selected.
9. Click OK.
Where _\<protocol\>_ can be http or https, and _host name_ is the NetBIOS or fully qualified domain name
(FQDN) of the server that is running Exchange Server.
Where _\<protocol\>_ can be http or https, _host name_ is the NetBIOS or FQDN of the server that is running
Exchange Server, and _subfolder_ is the name of the specific subfolder that you want to crawl.
For example, if you want to crawl all subfolders in the public folder on a server that is named exch-01 and that is in
the Contoso domain, and that server does not use SSL, you could type either http://exch-01/public or http://exch-
01.contoso.com. To crawl only a specific subfolder named Bob in the same public folder, type http://exch-
01/public/bob or http://exch-01.contoso.com/bob.
NOTE
For performance reasons, you cannot add the same start addresses to multiple content sources.
9. In the Crawl Settings section, select the crawling behavior that you want.
10. In the Crawl Schedules section, you can choose to specify when to start full and incremental crawls:
To create a full crawl schedule, click the Create Schedule link below the Full Crawl list.
To create an incremental crawl schedule, click the Create schedule link below the Incremental Crawl list.
11. Click OK.
To add content sources for Exchange Server 2007 SP2 and Exchange 2010 public folders
1. Verify that the user account that is performing this procedure is an administrator for the Search service
application.
2. Open a web browser and go to the Outlook Web Access webpage for the Exchange Server that contains the
public folders that you want to crawl.
3. Log on to Outlook Web Access using any user account that has Read permissions on the public folders that
you want to crawl.
4. Go to the public folder that you want to crawl, right-click the folder, and then select Open in New Window.
5. When the new window opens, go to the address bar and copy the complete URL. This is the Outlook Web
Access public folder address.
6. On the SharePoint Central Administration home page, in the Application Management section, click
Manage service applications.
7. On the Manage Service Applications page, click the Search service application.
8. On the Search Administration page, in the Crawling section, click Content Sources.
9. Click New Content Source.
10. On the Add Content Source page, in the Name box, type a name for the new content source.
11. In the Content Source Type section, select Exchange Public Folders.
12. In the Start Addresses section, paste the Outlook Web Access public folder address that you copied in step
5.
13. In the Crawl Settings section, select the crawling behavior that you want.
14. In the Crawl Schedules section, you can choose to specify when to start full and incremental crawls:
To create a full crawl schedule, click the Create Schedule link below the Full Crawl list.
To create an incremental crawl schedule, click the Create schedule link below the Incremental Crawl list.
15. Click OK.
Configure and use the Documentum connector in
SharePoint Server
7/15/2019 • 22 minutes to read • Edit Online
Overview
The following steps provide a high-level overview of the tasks that are involved to install and configure the
Indexing Connector for Documentum for use with SharePoint Server.
1. Preparation
1. Ensure that your system meets the system prerequisites and requirements in the section Before you begin.
2. Download the SharePoint Server 2016 Indexing Connector for Documentum from the Microsoft Download
Center.
3. Decide which Documentum content access account to use for crawling.
4. Prepare the SharePoint servers that host a crawl component. On each server:
Set the DFS Productivity Layer .NET assemblies.
Edit the machine.config file to set the Documentum bindings.
2. Install the Indexing Connector for Documentum
1. Install the Indexing Connector for Documentum on each SharePoint server in the farm that hosts a crawl
component.
2. Register the Indexing Connector for Documentum to the Search service application by using Microsoft
PowerShell.
3. Configure the Indexing Connector for Documentum
Configure the Indexing Connector for Documentum on each SharePoint server in the farm that hosts a crawl
component by using the Indexing Connector for Documentum PowerShell cmdlet. Choose one of the following
configurations:
Support crawling EMC Claims You enable automatic user Configure the Indexing
Documentum Trusted mapping by configuring a Connector for Documentum
Content Services (TCS) separate Security Trimmer to support TCS and
content or regular Sync Service and pre- and automatic user mapping
Documentum content with post-trimmers.
automatic user mapping.
CONFIGURATION ACL TRANSLATION DESCRIPTION SEE THIS SECTION
Support crawling UserMappingTable You manually create a user Configure the Indexing
Documentum content and mapping table in SQL Server Connector for Documentum
use a manually created user to specify how the using a user mapping table
mapping table. Documentum users are
mapped to Active Directory
Domain Services (AD DS) or
Active Directory service
users. You configure the
connector by specifying in
which database you have
created the user mapping
table by using Microsoft
PowerShell.
Support crawling NoSecurity All users will be able to see Using the
Documentum content all Documentum search SPEnterpriseSearchDCTMCo
without security trimming results. This can be useful if nnectorConfig cmdlet
the search results. you have a public
Documentum repository
that everyone can access,
for example.
4. Configure a Documentum crawl rule and content source in the Search service application by using Central
Administration
1. Create a crawl rule for Documentum.
2. Create a Documentum content source
3. Perform a full crawl.
Emc.Documentum.FS.DataModel.Core.dll
Emc.Documentum.FS.DataModel.Shared.dll
Emc.Documentum.FS.runtime.dll
Emc.Documentum.FS.Services.Core.dll
2. On each server that hosts a crawl component, log on with an account that is a member of the
Administrators group on that server and deploy the DFS Productivity Layer .NET assemblies to the global
assembly cache %windir%\assembly .
NOTE
You can drag and drop the four DLLs into the global assembly cache ( %windir%\assembly ) to deploy them, but
you might have to turn off User Account Control to do this.
The following procedure explains how to edit the machine.config file on each SharePoint server that hosts a crawl
component to include WCF settings for the DFS Productivity Layer. This is done to make sure that the DFS
Productivity Layer .NET assemblies function correctly.
The WCF settings that you are about to set in Edit the machine.config file allow a maximum of 30 megabytes (MB )
per Documentum content object (the document file plus its metadata) transferred. The administrator can increase
maxReceivedMessageSize in DfsDefaultService binding for larger content.
Edit the machine.config file
1. On each server that hosts a crawl component, open the machine.config file. This file is located in the
directory %windir%\Microsoft.NET\Framework64\v4.0.30319\Config .
2. Copy the following XML snippet to the <configuration> element:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="DfsAgentService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="10000000" maxBufferPoolSize="10000000" maxReceivedMessageSize="10000000"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="DfsContextRegistryService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="10000000" maxBufferPoolSize="10000000" maxReceivedMessageSize="10000000"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="DfsDefaultService" closeTimeout="00:01:00" openTimeout="00:10:00" receiveTimeout="00:20:00"
sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="10000000" maxBufferPoolSize="10000000" maxReceivedMessageSize="30000000" messageEncoding="Text"
textEncoding="utf-8" transferMode="StreamedResponse" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="1048576"
maxNameTableCharCount="16384"/>
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
Where:
<name of your Search service application> is the name of the Search service application that you are
registering the connector to.
<%CommonProgramFiles%\Microsoft Shared\Web Server
Extensions\15\CONFIG\SearchConnectors\Documentum\MODEL.xml> is the path of the Indexing
Connector for Documentum model file. The default location is given in this example.
Where:
<MyWebTopServer:PortOfMyWebTopServer> is the name and the port number of the DFS Web Top
Server you are using.
<MyRepository n> is the name of Documentum repository that you want to crawl.
<DFSWebServices n>:<30000> is the name and the port number of the Documentum Web Services
server that hosts the Documentum repository that you want to crawl.
3. Restart the OSearch15 service. This must be done before you create a content source for Documentum.
IMPORTANT: Do not use the Services on Server page on the SharePoint Central Administration website
to restart this service. Doing so resets the search index, which requires you to do a full crawl of all content
to rebuild the index.
Verify that the user account that is performing this procedure is an administrator for the server that hosts
the crawl component.
Open a Command Prompt window.
To stop the OSearch15 service, type this command: net stop osearch15
To start the OSearch15 service, type this command: net start osearch15
To set up the Security Trimming Sync Service
1. Open the file Microsoft.Office.Server.Search.Connector.Documentum.TrimmerSync.exe.config. This file is
stored in the folder where you have installed the Indexing Connector for Documentum connector. The
default location is
%CommonProgramFiles%\Microsoft Shared\Web Server Extensions\15\CONFIG\SearchConnectors\Documentum
2. Using the same information that you provided when you configured the Indexing Connector for
Documentum, edit the configuration file as follows.
In the Emc.Documentum section, in the ModuleInfo element, do the following:
In the host attribute, type the host name of the Documentum server.
In the port attribute, type the port number of the Documentum server.
In the Data Source: Documentum Settings section, in the Repositories element, do the following:
In the repository id attribute, type the Documentum repository id.
In the name attribute, type the name of the Documentum repository.
In the login attribute, type the Documentum login name. Use the same login name as the
Documentum content access account. This should be a user who has elevated user permissions on
the Documentum Content Server.
In the dfs attribute, type the location of the Documentum Foundation Services (DFS ) by providing
the URI for the DFS.
(Optional) If your Documentum connection requires SSL/HTTPS, you have to change the security mode.
In the Data Source: Documentum Settings section, subsection Documentum, in the
basicHttpBinding element, set the security mode attribute from None to Transport for the
following bindings:
DfsAgentService
DfsContextRegistryService
DfsDefaultService
In the Data Source: Documentum Settings section, subsection Documentum, in the
netNamedPipeBinding element, set the security mode attribute from None to Transport for the
following bindings:
localNamedPipeBinding
3. Save and close the file.
4. Copy the DFS Productivity Layer .NET assemblies to the server running the Security Trimming Sync
Service.
Locate the following DFS Productivity Layer .NET assemblies and verify that the version number is
6.7.2000.36 for all files. When extracted to the default path, these files are located in the
%local%\emc-dfs-sdk-6.7\emc-dfs-sdk-6.7\lib\dotnet directory.
Emc.Documentum.FS.DataModel.Core.dll
Emc.Documentum.FS.DataModel.Shared.dll
Emc.Documentum.FS.runtime.dll
Emc.Documentum.FS.Services.Core.dll
On the server that hosts the Security Trimming Sync Service, log on with an account that is a member of
the Administrators group on that server and deploy the DFS Productivity Layer .NET assemblies to the
global assembly cache %windir%\assembly .
NOTE
You can drag and drop the four DLLs into the global assembly cache ( %windir%\assembly ) to deploy them, but
you might have to turn off User Account Control to do this.
5. Configure authentication for the Security Trimming Sync Service and install the service.
Verify that the user account that is performing this procedure is a member of the Farm Administrators
group.
Open a Command Prompt window on each server that hosts a query processing component.
Type the following command:
Microsoft.Office.Server.Search.Connector.Documentum.TrimmerSync.exe -p
When prompted, enter the password for the account that you provided in the login attribute. Use the same
login name as the Documentum content access account. The password will now automatically be encrypted
and added to the Security Trimming Sync Service config file.
Install the Security Trimming Sync Service. Type the following command:
Microsoft.Office.Server.Search.Connector.Documentum.TrimmerSync.exe -i
6. Start the Security Trimming Sync Service.
Open Windows Server Manager.
Expand the Configuration menu and click Services.
Right-click the SharePoint Documentum Security Sync service and then click Properties. In the LogOn
tab, select This account and provide the account details and credentials for the account that runs the
SharePoint services. Click OK.
Right-click the SharePoint Documentum Security Sync service and then click Start.
Verify that the Status column changes to Started.
7. Verify that the service is running and that the security sync is completed.
Run the command Microsoft.Office.Server.Search.Connector.Documentum.TrimmerSync.exe -d to
write the Security Trimming Sync Service memory to a text file.
Verify that the Security Trimming Sync Service connects to the Documentum server. Read the file
DCTMSecuritySync.log that is located in the directory
<Microsoft Office Server path>\15.0\Data\Office Server\Applications\Search\Nodes
Verify that the membership information from the Documentum server is written to the file
DCTMSecuritySync_Dump.txt that is located in the directory
<Microsoft Office Server path>\15.0\Data\Office Server\Applications\Search\Nodes
Before you can add the pre- and post- security trimmers, you must add one simple crawl rule for Documentum.
Later, you can further specify or expand the crawl rules.
Create a simple crawl rule for Documentum
1. Verify that the user account that is performing this procedure is an administrator for the Search service
application.
2. On the SharePoint Central Administration home page, in the Application Management section, click
Manage Service Applications.
3. On the Manage Service Applications page, click the Search service application for which you want to create
a crawl rule.
4. On the Search Administration page, in the Crawling section, click Crawl Rules.
5. On the Manage Crawl Rules page, click New Crawl Rule.
6. On the Add Crawl Rule page, specify the following information to create a crawl rule:
In Path box, type dctm://*.
In Crawl Configuration section, select Include all items in this path, and then select Crawl complex
URLs (URLs that contain a question mark - ?).
In the Specify Authentication section, select Specify a different content access account, and then
type the Documentum content access account and password in the appropriate boxes.
Make sure that the Do not allow Basic Authentication check box is cleared.
7. Click OK to add the crawl rule.
To add the Indexing Connector for Documentum pre - and post-security trimmers
1. Start a SharePoint Management Shell on each server that hosts a query processing component.
2. At the Microsoft PowerShell command prompt, type the following command(s):
Where:
<name of your Search service application> is the name of the Search service application.
3. Restart the SharePoint Search Host Controller.
Open a Command Prompt window.
To stop the SharePoint Search Host Controller, type this command: net stop spsearchhostcontroller
To start the SharePoint Search Host Controller, type this command: net start spsearchhostcontroller
4. Continue with Create a Documentum content source.
NTCredential nvarchar (255) NOT NULL Windows domain user account that
searches Documentum contents in
SharePoint Server 2016.
Alternatively, you can manually create the user mapping table using SQL Server Management Studio or an
equivalent tool. If you create the table manually, make sure that you use the same schema as defined in the script.
Next, populate the user mapping table with Documentum/Windows NT credential pairs. The table in the previous
step shows what kind of input is expected.
Example:
A Documentum repository user Dan Park has a logon that is linked to the Finance repository. Dan's Windows
domain user account is Contoso\dpark. In this case, the user mapping table entry for Dan should be:
DCTMCredentialDomain ''
DCTMCredentialRepository Finance
DCTMCredentialLogonName dpark
NTCredential Contoso\dpark
NOTE
If any cells have no value assigned, they cannot be null or empty. You must assign the following empty string value: '' . >
For each Documentum group there must be a Windows NT group in the user mapping table and they must both contain
the same user information.
Finally, grant the OSearch15 account read access to the user mapping table.
To configure the connector using a user mapping table
1. Start a SharePoint Management Shell on each server that hosts a crawl component.
2. At the Microsoft PowerShell command prompt, type the following command(s):
Where:
<MyWebTopServer:PortOfMyWebTopServer> is the name and the port number of the DFS Web Top
Server you are using.
<YourDatabaseServerName> is the name of the database server on which you created the user mapping
table.
<YourDatabaseInstanceName> is the name of the database instance of the database server on which you
created the user mapping table.
<YourMappingDatabaseName> is the name of the database in which you created the user mapping table.
<YourMappingTableName> is the name of the user mapping table that you created.
<MyRepository n> is the name of Documentum repository that you want to crawl.
<DFSWebServices n>:<30000> is the name and port number of the Documentum Web Services server
that hosts the Documentum repository that you want to crawl.
3. Restart the OSearch15 service. The server administrator of the server that hosts the crawl component must
restart the OSearch15 service before a content source can be created for Documentum.
IMPORTANT
Do not use the Services on Server page on the SharePoint Central Administration website to restart this service.
Doing so resets the search index, which requires you to do a full crawl of all content to rebuild the index.
Verify that the user account that is performing this procedure is an administrator for the server that hosts
the crawl component.
Open a Command Prompt window.
To stop the OSearch15 service, type this command: net stop osearch15
To start the OSearch15 service, type this command: net start osearch15
Continue with Create a crawl rule for Documentum and then continue with Create a Documentum content source.
$ssa = Get-SPEnterpriseSearchServiceApplication
New-SPEnterpriseSearchMetadataCategory -Name "Documentum Connector" -SearchApplication $ssa -PropSet
"34972762-7E3F-4f4f-AE5C-5ABBA92EC530" -DiscoverNewProperties $true
NOTE
You can create multiple crawl rules for Documentum to include or exclude Documentum content.
You can use different crawl rules to specify different content access accounts for different Documentum content. For
example, you have two repositories and two content access accounts for each repository. The Documentum content
access account specified in a crawl rule will only be applied to Documentum content covered by the path in that
crawl rule. If you use the Security Trimming Sync Service, you must set up this service for each Documentum server.
TYPE OF DOCUMENTUM OBJECT SYNTAX FOR THE PATH OR THE START ADDRESS
<clientapphostname> is the host name of your Documentum client application such as Webtop or DA. The
<clientapphostname> configured here must be the same as the one that is used in the content source. <repository
name> , <cabinet name> , and <folder name> are case-sensitive.
The Set-SPEnterpriseSearchDCTMConnectorConfig cmdlet accepts three parameter sets. You use the Shared
parameter set to change the configuration settings that affect all the Documentum repositories that you crawl. You
use the Repository parameter set to change the configuration settings that affect only a specific repository. You use
the Remove parameter set to remove a specific repository from the connector configuration.
The following table shows which parameters are mandatory and which are optional.
See also
Supported and unsupported Documentum object types and properties in SharePoint Server
Configure and use the Lotus Notes connector for
SharePoint Server
6/7/2019 • 16 minutes to read • Edit Online
Prerequisites
The following sections list the required administrative roles, software and user accounts.
Required administrative roles
The following administrative roles are required to prepare any server that hosts a crawl component to crawl Lotus
Notes content that is hosted by one or more Lotus Domino databases:
Administrator of the Lotus Domino server that you want to crawl.
Server administrator of the server that hosts a crawl component that you want to use to crawl Lotus Notes
content.
Service application administrator for the Search service application.
Required software
The following software is required:
Lotus C++ API Toolkit for Notes.
Lotus Notes client application, available for purchase from IBM.
Lotus Notes Domino Server, available for purchase from IBM.
The following table shows combinations of versions of the Lotus Notes Domino server and Lotus Notes client that
the Lotus Notes Connector works with.
This server version With client 6.x With client 7.x With client 8.x
NOTE
Only the user account that is assigned to the OSearch15 service can be used to crawl Lotus Domino databases. You cannot
use the default content access account or a crawl rule to specify a different user account to crawl Lotus Domino databases.
The following table summarizes the user accounts that are required to crawl Lotus Domino databases.
Windows domain user account The user account that is assigned to the Contoso\User1, where Contoso is the
OSearch15 service must also be a domain name and User1 is the name of
member of the Administrators group the Windows domain user account.
on the server that hosts the crawl
component.
More information about this mappings table is provided later in this article, see Configure security mappings.
NOTE
By default, program files are stored in the <SystemDrive>:\Program Files (x86)\lotus\notes\ folder and data files are
stored in the <SystemDrive>:\Program Files (x86)\lotus\notes\data\ folder, where <SystemDrive> is the drive on
which Lotus Notes is installed.
8. On the Custom Setup page, select the program features that you want to install on the local hard disk drive,
and then click Next.
The table below shows the features and sub-features that are required by the Lotus Notes connector.
9. On the Ready to Install the Program page, if you do not want Lotus Notes to be the default email program,
clear the selection Make Notes my default email program.
10. Click Install.
The Installing Lotus Notes page shows the status of the installation.
11. On the Install Wizard Completed page, click Finish.
Features and sub-features required by the Lotus Notes connector
FEATURE SUBFEATURE
NOTE
If you are not prompted for a Domino certificate, click Previous, and ensure that you have entered the correct
information.
9. If a dialog box appears that informs you that you are not authorized to access the specified directory, click
OK to close the dialog box. This error is expected if the account that you are logged on with does not have
access to the email folder on the Domino server.
10. On the Instant Messaging Setup page, cancel the selection Setup instant messaging.
11. Click Next.
12. On the Additional Services page, click Next.
13. In the Lotus Notes message box, click OK.
The Lotus Notes Welcome screen appears.
Leave the Lotus Notes client application open. You will need it for the next procedure.
Verify access to the Lotus Domino database that you want to crawl
Follow this procedure to verify that the certificate that you installed has access to the database that you want to
crawl.
To verify access
1. Verify that the user account that is performing this procedure is a member of the Administrators group on
the server that hosts the crawl component and has at least Manager permissions on the Domino server.
2. In Lotus Notes, click File, point to Database, and then click Open.
3. In the Open Database dialog box, select the Lotus Domino server that you want to connect to from the
Server list.
4. In the Database list, select the database that you want to connect to, and then click Open.
The documents that are contained by the database that you selected are displayed in the Document Name
section. This means that the server that hosts the crawl component as the necessary permissions to crawl
these documents.
5. Repeat steps 1 to 3 for each additional database that you want to verify access to.
6. On the File menu, click Exit Notes.
ITEM DESCRIPTION
Mappings database name Name of the Lotus Domino database that maps Lotus Notes
user IDs to Windows domain user accounts.
Lotus Notes field name Name of the field in the Lotus Domino database file that
stores Lotus Notes user IDs.
Windows user field name Name of the field in the Lotus Domino database file that
stores Windows user names.
Form name Name of the form that stores the Lotus Notes field name
and Windows user field name fields.
View name Name of the view for the form that stores the Lotus Notes
user IDs to Windows user name mappings.
IMPORTANT
After the server that hosts the crawl component restarts, do not open the Lotus Notes client application again. This is
because the Lotus Notes client application might lock files that could cause the following procedures and crawling Lotus
Domino databases to fail.
Register Lotus Notes with the server that hosts the crawl component
Following this procedure to register Lotus Notes with the operating system of the server that hosts the crawl
component.
To register Lotus Notes
1. Verify that the user account that is performing this procedure is a member of the Administrators group on
the server that hosts the crawl component.
2. Run Notessetup.exe on the server that hosts the crawl component by using the same credentials that are
used to provision the Lotus Notes Connector.
3. On the server that hosts the crawl component, in Windows Explorer, go to the <SystemDrive>:\Program
Files\Microsoft Office Servers\15\Bin\1033 folder, where <SystemDrive> is the drive on which Microsoft
SharePoint Server is installed.
4. Double-click NotesSetup.exe.
5. On the Welcome to the Lotus Notes Index Setup Wizard page, click Next.
6. In the Register Lotus Notes for use with SharePoint Server dialog box, do the following:
In the Location of the notes.ini file box, ensure that the correct path of the Notes.ini file is specified. The
default path of this file is <SystemDrive>:\Program Files (x86)\lotus\notes\notes.ini, where <SystemDrive>
is the drive on which Lotus Notes is installed.
In the Location of the Lotus Notes install directory box, ensure that the correct path of the Lotus Notes
installation directory is specified. By default, the path of this directory is <SystemDrive>:\Program Files
(x86)\lotus\notes.
In the Password box, type the password for the user name that is associated with the Domino certificate.
In the Confirm Password box, retype the password for the user name that is associated with the Domino
certificate.
7. We recommend that you leave the Ignore Lotus Notes security while building the index box cleared.
This allows the crawl to include all Lotus Notes documents in the search index without restriction. Security
for these documents and objects is determined by the mappings table and provides security data without
excluding documents from the index.
8. Click Next.
9. On the Specify Lotus Notes Owner Field to Windows User Name Mapping page, do the following:
In the Lotus Notes server name box, type the NetBIOS name or IP address of the Domino server.
In the Lotus Notes database file name box, type the file name of the Lotus Domino database that maps
the Lotus Notes user IDs to Windows domain user accounts. Ensure that you include the .nsf file name
extension with this name, for example, Mappings.nsf.
In the View name box, type the view name of the Lotus Domino database that stores the Lotus Notes user
IDs to Windows user name mappings.
In the Lotus Notes field name column title box, type the name of the column in the Lotus Notes
database file that is used to store Lotus Notes user IDs.
In the Windows user name column title box, type the name of the column in the Lotus Notes database
file that is used to store the Windows user accounts.
10. Click Next.
11. On the Completing the Lotus Notes Index Setup Wizard page, click Finish.
IMPORTANT
Do not use the Services on Server page on the SharePoint Central Administration website to restart this service. Doing so
resets the search index, which requires you to do a full crawl of all content to rebuild the index.
See also
Manage crawling in SharePoint Server
Configure time-out values for crawler connections in
SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
See also
Manage crawling in SharePoint Server
Configure the crawler in case of SSL certificate
warnings in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
See also
Concepts
Manage crawling in SharePoint Server
Configure proxy server settings for Search in
SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
Select Do not connect by using a proxy server if you do not want to use a proxy server for crawling or
federation.
Select Use the proxy server specified if you want to use a proxy server for crawling or federation, and
then do the following:
In the Address box, type the URL of the proxy server.
In the Port box, if the proxy server is not using the default port, type the port number that the proxy
server is using.
Select the Bypass proxy server for local (intranet) addresses check box if you do not want the
crawler to use the proxy server when crawling within the intranet.
In the Do not use proxy server for addresses beginning with box, type the appropriate
addresses. Separate the addresses by using semicolons.
Select the Use these proxy settings for access to federated sites check box if you want the
search system to use the proxy server when it queries external content repositories.
6. In the Search Proxy Setting dialog box, click OK.
See also
Manage crawling in SharePoint Server
Plan crawling and federation in SharePoint Server
Best practices for crawling in SharePoint Server
6/7/2019 • 18 minutes to read • Edit Online
Use continuous crawls to help ensure that search results are fresh
Enable continuous crawls is a crawl schedule option that you can select when you add or edit a content source
of type SharePoint Sites. A continuous crawl crawls content that was added, changed, or deleted since the last
crawl. A continuous crawl starts at predefined time intervals. The default interval is every 15 minutes, but you can
set continuous crawls to occur at shorter intervals by using Microsoft PowerShell. Because continuous crawls
occur so often, they help ensure search-index freshness, even for SharePoint Server content that is frequently
updated. Also, while an incremental or full crawl is delayed by multiple crawl attempts that are returning an error
for a particular item, a continuous crawl can be crawling other content and contributing to index freshness,
because a continuous crawl doesn't process or retry items that repeatedly return errors. Such errors are retried
during a "clean-up" incremental crawl, which automatically runs every four hours for content sources that have
continuous crawl enabled. Items that continue to return errors during the incremental crawl will be retried during
future incremental crawls, but will not be picked up by the continuous crawls until the errors are resolved.
A single continuous crawl includes all content sources in a Search service application for which continuous crawls
are enabled. Similarly, the continuous crawl interval applies to all content sources in the Search service
application for which continuous crawls are enabled. For more information, see Manage continuous crawls in
SharePoint Server.
Continuous crawls increase the load on the crawler and on crawl targets. Make sure that you plan and scale out
accordingly for this increased consumption of resources. For each large content source for which you enable
continuous crawls, we recommend that you configure one or more front-end web servers as dedicated targets for
crawling. For more information, see Manage crawl load (SharePoint Server 2010).
Now, say that you crawl the default zone, https://contoso. When users perform queries from
https://contoso/searchresults.aspx, URLs of results from WebApp1 will all be relative to https://contoso, and
therefore will be of the form https://contoso/ path/ result.aspx.
Similarly, when queries originate from the Extranet zone—in this case, https://fabrikam/searchresults.aspx—
results from WebApp1 will all be relative to https://fabrikam, and therefore will be of the form https://fabrikam/
path/ result.aspx.
In both of the previous cases, because of the zone consistency between the query location and the search-result
URLs, users will readily be able to view and open search results, without having to change to the different security
context of a different zone.
However, now instead say that you crawl a non-default zone such as the Intranet zone, http://fabrikam. In this
case, for queries from any zone, URLs of results from WebApp1 will always be relative to the non-default zone
that was crawled. That is, a query from https://contoso/searchresults.aspx, https://fabrikam/searchresults.aspx, or
http://fabrikam/searchresults.aspx will yield search-result URLs that begin with the non-default zone that was
crawled, and therefore will be of the form http://fabrikam/ path/ result.aspx. This can cause unexpected or
problematic behavior such as the following:
When users try to open search results, they might be prompted for credentials that they don't have. For
example, forms-based authenticated users in the Extranet zone might not have Windows authentication
credentials.
The results from WebApp1 will use HTTP, but users might be searching from the Extranet zone at
https://fabrikam/searchresults.aspx. This might have security implications because the results will not use
secure sockets layer (SSL ) encryption.
Refinements might not filter correctly, because they filter on the public URL for the default zone instead of
the URL that was crawled. This is because URL -based properties in the index will be relative to the non-
default URL that was crawled.
Slow response time from crawled servers Provide more CPU and RAM and faster disk I/O
Content processing Provide more content processing components, and more CPU
resources for each content processing component
Slow processing by the index components Add I/O resources for servers that host index components
Make sure no crawls are active before you change the search topology
We recommend that you confirm that no crawls are in progress before you initiate a change to the search
topology. Otherwise, it is possible that the topology change will not occur smoothly.
If necessary, you can manually pause or stop full or incremental crawls, and you can disable continuous crawls.
For more information, see the following articles:
Start, pause, resume, or stop a crawl in SharePoint Server
Manage continuous crawls in SharePoint Server
NOTE
Pausing a crawl has the disadvantage that references to crawl components can remain in the MSSCrawlComponentsState
table in the search administration database. This can cause a problem if you want to remove any crawl components (say,
because you want to remove a server that hosts those components from the farm). However, when you stop a crawl,
references to crawl components in the MSSCrawlComponentsState table are deleted. Therefore, if you want to remove crawl
components, it is better to stop crawls than to pause crawls.
To confirm that no crawls are in progress, on the Search_service_application_name: Manage Content Sources
page, make sure that the value in the Status field for each content source is either Idle or Paused. (When a crawl
is completed, or when you stop a crawl, the value in the Status field for the content source will change to Idle.)
Remove crawl components from a crawl host before you remove the
host from a farm
When a server hosts a crawl component, removing the server from the farm can make it impossible for the
Search system to crawl content. Therefore, before you remove a crawl host from a farm, we strongly recommend
that you do the following:
1. Make sure that no crawls are active.
For more information, see the previous section, Make sure no crawls are active before you change the
search topology.
2. Remove or relocate crawl components that are on that host.
For more information, see the following resources:
Manage the search topology in SharePoint Server
Change the default search topology in SharePoint Server
Remove a search component or Move a search component in Manage search components in SharePoint
Server
Remove a server from a farm in SharePoint Server 2016
SP2010: Removing/Re-joining Server to a Farm Can Break Search
Test crawl and query functionality after you change the crawl
configuration or apply updates
We recommend that you test the crawl and query functionality in the server farm after you make configuration
changes or apply updates. The following procedure is an example of an easy way to perform such a test.
To test the crawl and query functionality
1. Verify that the user account that performs this procedure is an administrator for the Search service
application that you want to configure.
2. Create a content source that you will use temporarily just for this test.
In the new content source, in the Start Addresses section, in the Type start addresses below (one per
line) box, specify a start address that contains several items that are not already in the index — for
example, several TXT files that are on a file share. For more information, see Add, edit, or delete a content
source in SharePoint Server.
3. Start a full crawl for that content source.
For more information, see Start, pause, resume, or stop a crawl in SharePoint Server. When the crawl is
complete, on the Search_service_application_name: Manage Content Sources page, the value in the Status
column for the content source will be Idle. (To update the Status column, refresh the Manage Content
Sources page by clicking Refresh.)
4. When the crawl is complete, go to the Search Center and perform search queries to find those files.
If your deployment does not already have a Search Center, see Create a Search Center site in SharePoint
Server.
5. After you finish testing, delete the temporary content source.
This removes the items specified by that content source from the search index so that they do not appear in
search results after you finish testing.
CONTENT DESCRIPTION
Manage query spelling correction in SharePoint Server Learn how to include single words in or exclude single words
from query spelling corrections to help correct spelling errors
in queries in the classic search experience.
Manage query suggestions in SharePoint Server Query suggestions are phrases that you want the search
system to suggest to users as they start typing a query. This
article explains how to switch query suggestions on or off for
the classic search experience. It also explains how you can add
phrases to the automatic query suggestions, and how you can
add phrases that should not be used as query suggestions.
Create and deploy a thesaurus in SharePoint Server Learn how to create and deploy a thesaurus to expand queries
with synonyms in the classic search experience.
Configure authoritative pages in SharePoint Server Learn how to specify authoritative pages and non-
authoritative URLs and sites. Classic search uses the list of
authoritative pages to calculate the ranking of results.
Manage query rules in SharePoint Server Learn how to improve search results in the classic search
experience by creating and managing query rules.
Configure result sources for search in SharePoint Server Result sources limit searches in the classic search experience to
certain content or to a subset of search results. Learn how to
create and manage result sources.
Create and deploy custom entity extractors in SharePoint Learn to create custom entity extractors and how to use them
Server to set up custom refiners in the classic search experience.
Create one or more custom entity extraction dictionaries and
connect them to managed properties.
Manage company name extraction in SharePoint Server Learn how to include company names to be extracted from
content for search results in the classic search experience, or
how to exclude company names from being extracted.
Customize search result types in SharePoint Server Create and configure custom search result types so that users
can readily distinguish and preview different kinds of items in
a list of search results in the classic search experience.
Create a custom ranking model by using the Ranking Model If the standard ranking models don't satisfy the relevance
Tuning App requirements you have, you can create a custom ranking
model. With the Ranking Model Tuning App, you can do this
more easily than before.
CONTENT DESCRIPTION
Configure trust for search between two SharePoint Server Configure a SharePoint Server content farm that receives
farms search queries to trust the SharePoint Server farm that sends
the queries.
Manage query spelling correction in SharePoint
Server
6/7/2019 • 3 minutes to read • Edit Online
IMPORTANT
You can only include or exclude single words.
For more information about linguistic search features for different languages see Linguistic search features in
SharePoint Server.
IMPORTANT
Create a separate term for each query spelling correction exclusion. Do not create subterms for terms in the Query Spelling
Exclusions list. Term hierarchies will be ignored in this context.
IMPORTANT
Create a separate term for each query spelling correction inclusion. Do not create subterms for terms in the Query Spelling
Inclusions list. Term hierarchies will be ignored in this context.
Edit terms
You can edit the names of terms in the Query Spelling Exclusions and Query Spelling Inclusions lists.
To edit terms
1. On the Site Settings: Term Store Management Tool page, click the arrow to expand the Search
Dictionaries menu.
2. Depending on which list the term is in, click either Query Spelling Exclusions or Query Spelling
Inclusions.
3. Double-click the term that you want to edit.
4. Type the new name for the term.
5. Click anywhere on the page to save the edited term.
See also
Linguistic search features in SharePoint Server
Set-SPEnterpriseSearchQuerySpellingCorrection
Get-SPEnterpriseSearchQuerySpellingCorrection
Manage query suggestions in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
When you import a text file with phrases for query suggestions, you overwrite any existing manual query
suggestions in the search system. The automatic query suggestions are not overwritten. If you want to edit
existing manual query suggestions or add new ones, you should first export the existing query suggestions to a
text file, and then update and re-import that file.
To add phrases that should always be used as query suggestions
1. Verify that the user account that is performing this procedure is an administrator for the Search service
application.
2. Open the Query Suggestion Settings page.
On the home page of the SharePoint Central Administration website, in the Application Management
section, click Manage service applications.
On the Manage Service Applications page, click the Search service application.
On the Search Administration Page, in the Queries and Results section, click Query Suggestions. The
Query Suggestion Settings page opens.
3. In the Language for suggestion phrases section, select the processing language for the query
suggestions that you always want to suggest.
4. In the Always suggest phrases section, click Import from text file. Browse to the file that you want to
import and click OK.
5. Click Save Settings.
NOTE
If you want to edit existing manual query suggestions or add new ones, click Export to file, update the text file and then re-
import it. To remove all manual query suggestions, upload an empty text file.
NOTE
If you want to edit existing manual query suggestions or add new ones, click Export to text file, update the text file and
then re-import it. To remove all manual query suggestions, upload an empty text file.
NOTE
You can only deploy one thesaurus per SharePoint Server farm.
Create a thesaurus
To define the entries in your thesaurus, you enter terms and their corresponding synonyms in a comma separated
(.csv) file. Optionally, you can also specify in which language the query should be written for a synonym to apply.
If you want to define more than one synonym for one key, you have to create multiple entries in the thesaurus.
Also, if you want the synonym to work both ways, for example, if you want the term "IE" to also return search
results for "Internet Explorer" and you want the term "Internet Explorer" to also return results for "IE", you have to
create two thesaurus entries.
To create your thesaurus terms, you can use alphabetical Unicode characters such as a, ø, ü or é. Your terms can
also include underscores (_), hyphens (-) and straight apostrophes ('). Your terms can't include non-alphabetical
Unicode characters, such as hashtag (#), forward slash (/), back slash () , punctuation (.) or question mark (?). You
also can't use abbreviations that include non-alphabetical Unicode characters, such as E.K.G or d\r.
The matching between the thesaurus keys and query terms is not case sensitive. When a query term matches a
thesaurus key, the query is expanded with the synonym(s) for that key and the search results will contain results
for the original query term as well as for the synonym.
To create a thesaurus
1. Create a .csv file with the columns Key, Synonym and Language. Make sure you use a comma as the column
separator. If the file contains non-ASCII characters such as diacritics, you must encode it in UTF -8. Save the file
to a location that is accessible from the server from which you will run the Microsoft PowerShell cmdlet to
deploy the thesaurus.
In the Key column, enter the term (single or multiple words) that you want to trigger a synonym for when
the term occurs in a query. Make sure there are no leading or trailing spaces around the terms.
In the Synonym column, enter the synonym (single or multiple words) that you want to add to the query if
the term specified in the Key column occurs in a query. Synonyms consisting of multiple words will be
added as phrases to the query.
In the optional Language column, enter the abbreviation for the language for which the synonym should
apply. See the table in Linguistic search features in SharePoint Server for an overview of available
languages and their code. If you leave this column empty, the query is expanded with the synonym
regardless of the query language. Make sure there are no leading or trailing spaces around the language
codes.
A thesaurus is commonly used to expand acronyms. But you can also use a thesaurus to automatically include
variations of a search term into the query for specific terminology used in your organization. An example
thesaurus file input could look like this: Key,Synonym,Language IE,Internet Explorer Internet Explorer,IE UN,United
Nations,en UN,Vereinte Nationen,de BAM,billing and account management billing and account
management,billing and accounts
Deploy a thesaurus
You create and maintain the thesaurus file in a file external to SharePoint Server before you import it into
SharePoint Server to make the synonyms available to the search system. You can't export a thesaurus from
SharePoint Server. If you want to make changes to your synonyms, you have to update the thesaurus file and then
redeploy it.
NOTE
When you redeploy a thesaurus file, the existing thesaurus will be overwritten with the information from the updated
thesaurus file.
$searchApp = Get-SPEnterpriseSearchServiceApplication
Import-SPEnterpriseSearchThesaurus -SearchApplication $searchApp -Filename <Path>
Where:
<Path> specifies the full UNC path of the .csv file (the thesaurus) to be imported.
See also
Linguistic search features in SharePoint Server
Import-SPEnterpriseSearchThesaurus
Configure authoritative pages in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
NOTE
A query rule also affects the modern search experience in SharePoint Server 2019 when:
The action in the rule is to promote an individual result towards the top of search results.
The rule is defined for the default result source.
The rule is defined at the Search service application level.
Users only see such a promoted result in the modern search experience when:
They’ve searched for results across all of SharePoint.
The search results page is filtered to All result types (default view).
Search service application Search service application administrator All site collections in web applications
that consume the Search service
application
Site collection Site collection administrator All sites in the site collection
To add or edit a query rule, you must go to the Manage query rules page. Depending on the level at which you
are creating the query rule, use one of the following procedures to go to the Manage query rules page.
To go to the Manage query rules page for a Search service application
1. Verify that the user account that performs this procedure is an administrator for the Search service
application.
2. In Central Administration, in the Application Management section, click Manage service
applications.
3. Click the Search service application to which you want to add query rules.
4. On the Search Administration page for the Search service application, in the Quick Launch, in the Queries
and Results section, click Query Rules.
To go to the Manage query rules page for a site collection
1. Verify that the user account that performs this procedure is a site collection administrator.
2. On the Settings menu for the site collection, click Site Settings.
3. On the Site Settings page, in the Site Collection Administration section, click Search Query Rules.
To go to the Manage query rules page for a site
1. Verify that the user account that performs this procedure is a member of the Owners group for the site.
2. On the Settings menu for the site, click Site Settings.
3. On the Site Settings page, in the Site Administration section, click Query Rules.
Query Matches Keyword Select this option if you In the Query exactly You type "picture; pic" in the
Exactly want the query rule to fire matches one of these Query contains one of
when a query exactly phrases text box, type one these phrases box. The
matches a word or phrase or more phrases separated query rule will fire when a
that you specify. by semicolons. user types "picture" or "pic"
in a search box. The rule will
not fire if a user types
"pictures" or "sunny picture."
QUERY CONDITION DESCRIPTION CONFIGURATION EXAMPLE
Query Contains Action Select this option if you The action term can be one You type the word
Term want the query rule to fire of several phrases that you "download" in the Action
when a query contains a enter. Alternatively the term is one of these
term that indicates action term can be an entry phrases text box. When a
something that the user in a dictionary, where you user types "download
wants to do. The term must import the term. Contoso Electronics
be at the beginning or end datasheet" in a search box,
of the query. the user is probably not
searching for a document
that contains the words
"download," "Contoso,"
"Electronics," and
"datasheet." Instead, the
user is probably trying to
download a Contoso
Electronics datasheet. When
a user types "download
Contoso Electronics
datasheet" in a search box,
the query rule fires, and
only the words "Contoso,"
"Electronics," and
"datasheet" are passed to
the search index.
Query Matches Select this option if you From the ** Query contains A word that a user types in
Dictionary Exactly want the query rule to fire an entry in this dictionary ** a search box matches an
when the query exactly menu, select a dictionary. To entry in the pre-configured
matches a dictionary entry. specify a different dictionary, People Names dictionary.
click Import from
taxonomy, and then from
the Import from
taxonomy dialog box,
select a term from a term
set, and then click Save.
Query More Common in Select this option if you In the Query is more In the Query is more
Source want the query rule to fire if likely to be used in this likely to be used in this
the query was frequently source menu, select a result source menu, you select
issued by users on a source. Local Video Results. The
different result source that query rule will fire if a user
you specify. types the word "training" in
a search box and that word
was frequently typed in a
search box in the Videos
vertical.
Result Type Commonly Select this option if you In the Commonly clicked In the Commonly clicked
Clicked want the query rule to fire if results match result type results match result type
other users frequently menu, select a result type. box, you select SharePoint
clicked a particular result MicroBlog post. If users
type after they typed the frequently click a microblog
same query. post in search results, then
in the Actions section, you
might want to configure the
most recent microblog post
as the first promoted result,
and the next most recent
microblog post as the
second promoted result.
QUERY CONDITION DESCRIPTION CONFIGURATION EXAMPLE
Advanced Query Text Select this option if you To match all phone numbers To match all phone numbers
Match want to use a regular that are in a certain format, that are in the format nnn-
expression, a phrase, or a you specify a regular nnn-nnnn, you specify the
dictionary entry that will expression in the Query regular expression "(?
cause the query rule to fire. matches this regular (\d{3}))?-?(\d{3})-(\d{4})".
expression box.
NOTE
Query rules that you created for this site collection are listed in the Defined for this site collection section.
See also
Concepts
Plan to transform queries and order results in SharePoint Server
Overview of search result ranking in SharePoint Server
Query variables in SharePoint Server
Configure result sources for search in SharePoint
Server
6/7/2019 • 7 minutes to read • Edit Online
Search service application Search service application All site collections in web applications
administrator that consume the Search service
application
Site collection Site collection administrator All sites in the site collection
IMPORTANT
To use the Remote SharePoint protocol to get search results in one SharePoint Server on-premises farm from the
index of another SharePoint Server on-premises farm, you must configure the farm that receives the queries to
trust the farm that sends the queries. For information about how to do this, see Configure trust for search
between two SharePoint Server farms.
OpenSearch provides results from a search engine that uses the OpenSearch 1.0/1.1 protocol.
Exchange provides results from Exchange Server through a SharePoint Server eDiscovery Center. Click
Use AutoDiscover to have the search system find an Exchange Server endpoint automatically, or type
the URL of the Exchange web service to retrieve results from — for example,
https://contoso.com/ews/exchange.asmx.
NOTE
The Exchange protocol only enables you to discover Exchange Server content, and only from a SharePoint Server
eDiscovery Center. For more information, see Configure communication between SharePoint Server and Exchange
Server . > The Exchange Web Services Managed API must be installed on the computer on which the search
service is running. For more information, see Optional software supported in SharePoint Server 2016 in Hardware
and software requirements for SharePoint Server 2016.
4. In the previous step, if you selected either Local SharePoint or Remote SharePoint for the protocol,
then in the Type section, select SharePoint Search Results to search the whole index, or select People
Search Results to enable query processing that is specific to people search.
5. If you selected Remote SharePoint for the protocol, then in the Remote Service URL section, type the
address of the root site collection of the remote SharePoint farm.
6. If you selected OpenSearch 1.0/1.1 for the protocol, then in the Source URL section, type the URL of
the OpenSearch source.
7. If you selected Exchange for the protocol, then in the Exchange Source URL section, type the URL of
the Exchange web service — for example, https://contoso.com/ews/exchange.asmx.
8. In the Query Transform section, do one of the following:
Leave the default query transform ( searchTerms) as is. In this case, the query will be unchanged since
the previous transform.
Type a different query transform in the text box. For more information, see Understanding query
transforms.
Use the Query Builder to configure a query transform by doing the following:
Click Launch Query Builder.
In the Build Your Query dialog box, optionally build the query by specifying filters, sorting, and
testing on the tabs as shown in the following tables.
On the BASICS tab
Keyword filter You can use keyword filters to add pre-defined query
variables to the query transform. You can select pre-defined
query variables from the drop-down list, and then add them
to the query by clicking Add keyword filter.
Property filter You can use property filters to query the content of
managed properties that are set to queryable in the search
schema.
Sort results In the Sort by menu, you can select a managed property
from the list of managed properties that are set as sortable
in the search schema, and then select Descending or
Ascending. To sort by relevance, that is, to use a ranking
model, select Rank. You can click Add sort level to specify a
property for a secondary level of sorting for search results.
Note that sorting of search results is case sensitive.
Ranking Model If you selected Rank from the Sort by list, you can select the
ranking model to use for sorting.
Dynamic ordering You can click Add dynamic ordering rule to specify
additional ranking by adding rules that change the order of
results within the result block when certain conditions are
satisfied.
Query template You can view the query as it is defined in the BASICS tab or
in the text box in the Query transform section on the Add
Result Source page.
Query template variables You can test the query template by specifying values for the
query variables.
Finally, on the Add Result Source page, in the Credentials Information section, select the authentication type
that you want for users to connect to the result source.
NOTE
The modern search experience in SharePoint Server 2019 gets results from the default result source. If you change the
default result source it impacts both the classic and modern search experiences.
See also
Query variables in SharePoint Server
Create and deploy custom entity extractors in
SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
$searchApp = Get-SPEnterpriseSearchServiceApplication
Import-SPEnterpriseSearchCustomExtractionDictionary -SearchApplication $searchApp -Filename <Path> -
DictionaryName <Dictionary name>
Where:
<Path> specifies the full UNC path of the .csv file (the custom extraction dictionary) to be imported.
<Dictionary name> is the name of the type of the custom extraction dictionary.
Depending on which type of dictionary you are importing, enter one of the following:
- Microsoft.UserDictionaries.EntityExtraction.Custom.ExactWord.1
- Microsoft.UserDictionaries.EntityExtraction.Custom.ExactWordPart.1
See also
Import-SPEnterpriseSearchCustomExtractionDictionary
Manage company name extraction in SharePoint
Server
6/7/2019 • 3 minutes to read • Edit Online
Edit terms
You can edit the names of terms in the Company Exclusions and Company Inclusions lists.
To edit terms
1. On the Site Settings: Term Store Management Tool page, click the arrow to expand the Search
Dictionaries menu.
2. Depending on which list the term is in, click either Company Exclusions or Company Inclusions.
3. Double-click the term that you want to edit.
4. Type the new name for the term.
5. Click anywhere on the page to save the edited term.
Customize search result types in SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
TIP
When you create a result type, we recommend that you use the copy method, so that the settings in an existing
result type can help guide you through the configuration process.
3. On the Add Result Type page, in the General Information section, in the Give it a name text box, type a
name for the new result type.
4. On the Add Result Type page, in the Conditions section, do the following:
In the Which source should results match? drop-down list, select a result source such as All Sources or
Documents.
For any given search result, this condition will be met if the search result is from the result source that you
selected from this drop-down list.
(Optional) In the What types of content should match? drop-down list, do the following:
Select a type of content, such as Microsoft Word.
NOTE
If you do not select a type of content, all results from the result source that you specified (in the Which source
should results match? section) will match this result type.
As many times as appropriate, click Add Value and select another type of content.
5. (Optional) On the Add Result Type page, expand the Show more conditions section, and then do the
following:
In the Which custom properties should match? section, the items in the Select a property drop-down
list are retrievable managed properties. Select a property that you want the search system to perform a
match on, such as Author.
In the second drop-down list, specify the operator, such as Equals any of.
In the text box, specify the value against which the search system should search for a match.
Separate multiple values with semicolons. Alternatively, as many times as appropriate, click Add Value and
type another value in the new text box that appears.
For example, if you select the Author property and you select the operator Equals any of, then if you
specify multiple values such as Kara and Silas, the condition will be "author equals Kara or Silas".
To add another property to match, click Add Property.
6. On the Add Result Type page, in the Actions section, do the following:
In the What should these results look like? drop-down list, click a display template such as Office
Document Item or PDF Item.
Display templates for search results are in the Search folder in the master page gallery for the site
collection. The Display template URL box automatically displays the URL of the display template that
corresponds to the display template that you selected.
Select the Optimize for frequent use check box if you expect this result type to appear frequently in
search results.
See also
Concepts
Result types and display templates that are used to display search results in SharePoint Server
Display template reference in SharePoint Server
Create a custom ranking model by using the Ranking
Model Tuning App
6/7/2019 • 12 minutes to read • Edit Online
IMPORTANT
Creating a custom ranking model is rather complex, and you should not take this lightly. For a good result, expect to invest
time on tasks such as judging a considerable number of queries.
Install the app and prepare the SharePoint farm to allow apps by using the same standard processes as for
all SharePoint Server apps: Install and manage apps for SharePoint.
To use the app, you must be a Search service application administrator.
Follow these main steps to create a custom ranking model. Expect to go back and forth between the different steps
as you fine-tune your model.
1. Step 1: Copy an existing ranking model and give it a name
2. Step 2: Add a judgment set
3. Step 3: Judge the results for the queries in the set
4. Step 4: Add rank features and tune the weight
5. Step 5: Evaluate the changes
6. Step 6: Publish the ranking model
OPTION DESCRIPTION
OPTION DESCRIPTION
Import judged queries If you already have a set of queries and labels for documents
returned for the queries, you can import them. Choose the file
to upload, and then click Import queries.
The import file must be of type XML with the following
schema:
<QuerySet Name="testRM - JudgementSet"><Query
QueryString="query1" ><Judgements><Document
Url="docUrl1" Label="Excellent" /><Document
Url="docUrl2" Label="Good" /><Document Url="docUrl3"
Label="Fair" /><Document Url="docUrl4" Label="Bad"
/></Judgements></Query></QuerySet>
You can use four labels to indicate how desirable a result is for
a query: Excellent, Good, Fair, and Bad.
Add sampled queries If search has been active on the site, you can have the app
pick a random set of queries from the existing query logs. The
app will choose the queries that are more popular.
Specify the number of queries to sample in the box, and click
Add queries.
Add queries manually Type queries directly in the app, one query per line, and then
click Add queries.
You can add all queries this way, or you can manually add
more queries to an existing set of queries.
2. If you imported judged queries with labels, click Done to save the judgment set. If you added queries from the
query log or manually, you can start judging the queries, see step 3.
To ensure that the relevance metrics are reliable indicators for how good the ranking model is for a particular site,
make sure that:
There are sufficient queries in the judgment set. The more queries, and the more judged documents in the
top 10 for these queries, the better.
There is a representative mix from the range of queries you expect to have.
NOTE
If you imported already judged queries in the previous step, results already have a rating, and you can skip this step.
1. On the Edit judgment set page, for each query, click the query text and choose Judge results.
2. On the Evaluate query page, you see two sets of results side by side: Results with base model and
Results with current model. Before you make any changes to your new ranking model, the two result sets
will be the same.
For each result, evaluate the result and give it a rating (label) by choosing the number of stars, from one to
five. The one star option, "Broken link," can be used for documents you can't access.
After you've made the first round of changes to the ranking model, you can compare two result sets side by
side in this view. Compare the current ranking model with the base model or with the last saved version of
the new model. This way you can evaluate the effect of the different customizations you've made.
3. When you've rated the results for a query, click Next query to continue through the judgment set.
4. Click Done to save the set.
When you've gone through and evaluated the queries in the judgment set, you'll see the judgment coverage for
that set. After you've made changes to the model, you can see how much relevance has improved with the new
ranking model for the different judgment sets.
Judgment coverage The percentage of document URLs in the current top ten that
have been rated.
NOTE: Relevance metrics are only reliable when the judgment
coverage is high. To increase coverage, judge more of the
results for the query.
Relevance vs. Base ranking After you've made changes to the ranking model, this figure
shows how much relevance has improved for the query with
the new ranking model compared to the base model. If the
score is 0.00%, there's no difference between the two models
for that query. If the score is negative, relevance has
decreased.
Vs. Saved model The app keeps a draft version of the ranking model while you
work on it. You can compare the current draft version to the
last saved version of the new ranking model.
This figure shows how much relevance has improved or
decreased with the current draft of the model compared to
the last saved version.
The metric of relevance used in the app is "Discounted Cumulative Gain" calculated for the top five results.
NOTE
You can only choose managed properties that have already been created and configured. Managing managed properties,
such as creating new ones or setting them to be searchable or sortable, is out of scope for this app.
Suggested feature based on judged queries The app can suggest features to add when feature vectors
have been extracted for a sufficient number of judged
documents. Suggestions will be rank features that have a
strong correlation (negative or positive) with the relevance
jugdements provided by the automated tuning. This option is
only available after you have run automated tuning on this
ranking model at least once. See more about automated
tuning later in this article.
Searchable text managed property Choose a managed property to be used in the search result
ranking calculations.
If you select that proximity of query terms in the property
value is important, you can later enter a Proximity weight for
the feature. The app uses the variants isExact=1 and
isDiscounted=1.
Sortable property with a specific value Also called bucketed static rank feature. Choose a managed
property, and enter the default value for the property.
Having value: This number is the specific bucket that is being
tuned.
Ranking feature from the base model Use this option to tune the weight of existing features.
Choose between existing rank features.
3. Click Add feature. Repeat steps to add more features to customize. The selected rank features are shown on
the Edit ranking model page.
You can also remove features from the model.
Read more about rank features and aggregation of rank features in Customizing ranking models to improve
relevance in SharePoint.
Step 4b: Tune the weights
Initially, new features have a zero weight, except existing rank features from the base model. To give rank features a
different weigth, you can use automated tuning or manual tuning.
Automated tuning:
With automated tuning, the judgments provided for your judgment set are used to automatically set the weight of
features in a way that attempts to maximize relevance. The auto-tune option is available when you have at least 10
queries with at least 10 judgments each. The more judgments you have, the more reliable the automatic tuning will
be.
On the Automated tuning tab, click the Autotune weights button.
NOTE
The autotune option includes a considerable amount of computation, and may take around 5 minutes for a judgment
set of 10 queries.
Manual tuning:
With manual tuning, you can set or change weights of individual rank features. Avoid very large values (negative
or positive).
1. On the Manual tuning tab, set or change the weight for a feature by entering or changing a value in the
Weight box.
2. Click Save weights to run evaluation on all judgment sets associated with this model.
3. Evaluate changes, see step 5.
IMPORTANT
When you create a custom ranking model, this influences all the queries using that ranking model. Test the effect of the
custom ranking model on many queries.
Type queries in the Sample query box below the Manual tuning list to see the results for a specific query.
You can compare results with the base model or the last saved model to the left, and results with the current
model to the right. You can also add queries to a judgment set from this page if you want to.
You can also evaluate the effect of a particular setting by running an evaluation on a judgment set. In the list
of judgment sets under Judge queries, click the arrow to the right of the set, and choose Evaluate
relevance from the menu.
NOTE
Changing the weight of a rank feature will affect the ordering of results, hopefully to provide improved relevance. As a result
of the re-ordering, new documents that are not yet judged may enter the top 10 results for a query. If this happens, the
judgment coverage value will go down for a judgment set, and you may have to provide additional judgments.
When you are done adding, removing, and tuning features, save your changes. The new custom ranking model
is shown in the list of available ranking models that you started off with. It is marked as Not base model.
NOTE
After you create the result source, you expose the search results that it provides by using it in a Web Part or a query-rule
action. In this way, users of the farm that is sending search queries can see results from the farm that is receiving the queries.
For more information, see Understanding result sources for search in SharePoint Server.
This article describes how to perform the first procedure in the list above: how to configure the farm that receives
search queries to trust the farm that sends the queries.
For brevity in this article, the following terms are used:
In order for SendingFarm to be able to get search results from the search index in ReceivingFarm, the farms must
have the following characteristics:
Each farm is a SharePoint Server on-premises deployment.
User profiles in the two farms are synchronized. For more information, see Server-to-server authentication
and user profiles in SharePoint Server.
NOTE
Because SharePoint Server runs as websites in Internet Information Services (IIS), administrators and users depend on the
accessibility features that browsers provide. SharePoint Server supports the accessibility features of supported browsers. For
more information, see the following resources:
Plan browser support
Accessibility for SharePoint 2013
Accessibility features in SharePoint 2013
Keyboard shortcuts
Touch
Where:
> [!IMPORTANT]
> Web applications that include server-to-server authentication endpoints for incoming server-to-server
requests, or that make outgoing server-to-server requests, should be configured to use Secure Sockets Layer
(SSL). For information about how to configure a web application to use SSL, see [Create claims-based web
applications in SharePoint Server](/previous-versions/office/sharepoint-server-2010/ee806885(v=office.14)).
For information about how to configure HTTP support for server-to-server requests, see [Configure server-to-
server authentication between SharePoint Server farms](/sharepoint/security-for-sharepoint-server/security-
for-sharepoint-server#HTTP) in [Configure server-to-server authentication in SharePoint Server]
(/sharepoint/security-for-sharepoint-server/security-for-sharepoint-server).
5. On a server in ReceivingFarm, at a PowerShell command prompt, run the following commands to enable all
web applications in ReceivingFarm to return search results to SendingFarm:
Where:
6. Repeat the previous step (step 5) for each web application in ReceivingFarm that hosts content that you want to
search.
See also
Authentication overview for SharePoint Server
Plan for server-to-server authentication in SharePoint Server
Plan for server-to-server authentication in SharePoint Server
Configure server-to-server authentication in SharePoint Server
Setting Up an oAuth Trust Between Farms in SharePoint 2013
Getting a Full Result Set from a Remote SharePoint Index in SharePoint 2013
An Introduction to JavaScript Object Notation (JSON ) in JavaScript and .NET
Manage the search topology in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Change the default search topology in SharePoint Server Learn how to change from the default search topology with
an empty search index to a new search topology using
Windows PowerShell.
Manage search components in SharePoint Server Learn how to use Microsoft PowerShell to manage search
components in an existing search topology that has content
in the search index. Use these procedures to scale out or
scale down the search topology of the Search service
application.
Manage the index component in SharePoint Server Learn how and when to use Microsoft PowerShell to scale
out the search index by adding an index component to
create an additional index replica or index partition.
Manage a paused Search service application in SharePoint Learn why the Search service application is paused and what
Server you can do to resume it.
Change the default search topology in SharePoint
Server
6/7/2019 • 6 minutes to read • Edit Online
VIRTUAL MACHINE A (ON VIRTUAL MACHINE B (ON VIRTUAL MACHINE C (ON VIRTUAL MACHINE D (ON
PHYSICAL APPLICATION PHYSICAL APPLICATION PHYSICAL APPLICATION PHYSICAL APPLICATION
SERVER X) SERVER X) SERVER Y) SERVER Y)
MYSERVER1.EXAMPLE.COM MYSERVER2.EXAMPLE.COM MYSERVER3.EXAMPLE.COM MYSERVER4.EXAMPLE.COM
1. Ensure that no crawls have been started and that the search index is empty on the server that hosts Central
Administration.
Verify that the user account that is performing this procedure is an administrator for the Search service
application.
In Central Administration, in the Application Management section, click Manage Service
Applications.
On the Manage Service Applications page, in the list of service applications, click the Search service
application.
Verify that the search index is empty. On the Search Administration page, under System Status, verify
that Searchable items displays "0".
Cau t i on
If there are items in the SharePoint Server search index, do not continue with this procedure.
Verify that no crawls have been started. On the Search Administration page, under Crawling, click
Content Sources. On the Manage Content Sources page, verify that the Status column for any existing
content source displays Idle.
2. Start a SharePoint Management Shell on one of the servers in the farm.
3. Specify the new servers you want to add search components to, start a search service instance (ssi) on
these servers and create references to the search service instances. In this procedure we have used the
example host names "myserver< n >" for the servers as listed in the Target search topology table. At the
Windows PowerShell command prompt, type the following command(s):
$hostA = Get-SPEnterpriseSearchServiceInstance -Identity "myserver1"
$hostB = Get-SPEnterpriseSearchServiceInstance -Identity "myserver2"
$hostC = Get-SPEnterpriseSearchServiceInstance -Identity "myserver3"
$hostD = Get-SPEnterpriseSearchServiceInstance -Identity "myserver4"
Start-SPEnterpriseSearchServiceInstance -Identity $hostA
Start-SPEnterpriseSearchServiceInstance -Identity $hostB
Start-SPEnterpriseSearchServiceInstance -Identity $hostC
Start-SPEnterpriseSearchServiceInstance -Identity $hostD
4. Wait until all the search service instances are running. At the Windows PowerShell command prompt, type the
following commands until the commands return the state "Online" for each of the search service instances:
5. Create a new search topology and a reference to the new search topology. At the Windows PowerShell
command prompt, type the following command(s):
$ssa = Get-SPEnterpriseSearchServiceApplication
$newTopology = New-SPEnterpriseSearchTopology -SearchApplication $ssa
6. Add all the search components to the new search topology. The following Windows PowerShell commands
will create the search components of the new topology and assign them to the new servers. In this small
enterprise search topology there is one index partition, index partition 0. This is indicated with the parameter
-IndexPartition in the command New-SPEnterpriseSearchIndexComponent . The index partition has one index
replica on virtual machine B and one index replica on virtual machine D. Each index replica will contain the
exact same search index and is hosted on a different physical server to achieve fault tolerance. At the Windows
PowerShell command prompt, type the following command(s):
7. Activate the new search topology. At the Windows PowerShell command prompt, type the following
command:
8. Verify that the new search topology is active. At the Windows PowerShell command prompt, type the
following command:
Get-SPEnterpriseSearchTopology -SearchApplication $ssa
The command returns an overview of active and inactive topologies, in this example:
TopologyId : fce8507d-61c6-4498-8038-4fd2d0a62c6e
CreationDate : 1/30/2016 2:52:00 AM
State : Inactive
ComponentCount : 6
TopologyId : b63d48b2-df5c-41be-a7f4-9abaee483611
CreationDate : 1/30/2016 4:30:00 AM
State : Active
ComponentCount : 12
The previous topology, the default topology in this example, is listed as inactive. The new active topology
from this example will have a component count of twelve.
9. Verify that all components of the new search topology are running correctly. At the Windows PowerShell
command prompt, type the following command:
This command should return a list of all the active search components. The state of the active search
components should be displayed as **Active**.
Manage search components in SharePoint Server
6/7/2019 • 9 minutes to read • Edit Online
IMPORTANT
The procedures in this article use Microsoft PowerShell. You can run the Microsoft PowerShell commands on any server in
the farm. However, if you are performing multiple search topology procedures you should use the same SharePoint
Management Shell for all Microsoft PowerShell commands so that you can share Microsoft PowerShell object references
between commands.
Where:
$ <host n> specifies the PowerShell object reference for the search service instance.
<Server name> specifies the server on which you want to add an index component. The input must be a
valid GUID, in the form 12345678-90ab-cdef-1234-567890bcdefgh ; a valid name of a server (for example,
myserver1 ); or an instance of a valid SearchServiceInstance object.
For example:
You use the references _($\<host n\>)_ to specify the target server when you add search components.
4. Wait until all the search service instances are running. For each of the search service instances, at the
Microsoft PowerShell command prompt, type the following command until the command returns the status
Online:
For example:
$ssa = Get-SPEnterpriseSearchServiceApplication
$active = Get-SPEnterpriseSearchTopology -Active -SearchApplication $ssa
$active
The command returns information about the active topology, for example:
TopologyId : 2d7bb046-1ad4-43a9-9984-754c4551a3ec CreationDate : 1/25/2016 3:06:00 AM State : Active
ComponentCount : 6
$ssa = Get-SPEnterpriseSearchServiceApplication
$active = Get-SPEnterpriseSearchTopology -SearchApplication $ssa -Active
Get-SPEnterpriseSearchComponent -SearchTopology $active
The command returns a list of search components in the active search topology and their properties.
$ssa = Get-SPEnterpriseSearchServiceApplication
$active = Get-SPEnterpriseSearchTopology -SearchApplication $ssa -Active
$clone = New-SPEnterpriseSearchTopology -SearchApplication $ssa -Clone -SearchTopology $active
The command creates a clone search topology that can be referenced with _$clone_ if you continue to use the
same SharePoint Management Shell to add or remove search components and to activate the search topology.
4. (Optional) If you have to remove search components from the search topology, you have to retrieve the
search component Id. At the Microsoft PowerShell command prompt, type the following command(s):
The command returns a list of search components in the cloned search topology and their properties, including
the search component Id.
NOTE
The procedure to add an index component is different. For more information, see Manage the index component in
SharePoint Server .
Where:
<SearchComponent> is the name of the search component type that you are adding.
$clone is the cloned topology that you are changing. See Clone the active search topology.
$<host n> is the PowerShell object reference to the running search service instance on the server that you
want to add the search component to. See Start a search service instance on a server .
For example, the following command adds a content processing component to the clone topology on the server
identified by the search service instance reference $hostA.
4. Verify that the new search component was added to the clone topology. At the Microsoft PowerShell
command prompt, type the command:
NOTE
The procedure to remove an index component is different. For more information, see Manage the index component in
SharePoint Server.
Where:
<Search component id> is the Id of the search component that you want to remove. Use the search
component Id from the clone topology. To retrieve the search component Id, see step 4 in Clone the active
search topology.
$clone is the cloned topology that you are changing. See Clone the active search topology.
5. When prompted, confirm that you want to remove the search component.
Move a search component
If you want to move a search component from one server to another, we recommend that you add a new search
component to the search topology before you remove the old search component.
To move a search component
1. Clone the active search topology. See Clone the active search topology.
2. Add a new search component to the server that you eventually want the search component to be hosted
on. See Add a search component.
3. Activate the search topology. This topology will have one superfluous search component. See Activate a
search topology.
4. Make sure that the current active topology is healthy. View the status of the search topology in the Search
Administration page in Central Administration or run the Windows PowerShell cmdlet
Get-SPEnterpriseSearchStatus .
5. Clone the search topology again. See Clone the active search topology.
6. Remove the superfluous search component. See Remove a search component.
7. Activate the search topology again. See Activate a search topology.
Where:
$clone is the cloned topology that you are changing. See Clone the active search topology.
4. Verify that your new topology is active. At the Windows PowerShell command prompt, type the following
command(s):
The command returns an overview of active and inactive topologies, for example:
TopologyId : fce8507d-61c6-4498-8038-4fd2d0a62c6e
CreationDate : 1/30/2016 2:52:00 AM
State : Inactive
ComponentCount : 6
TopologyId : b63d48b2-df5c-41be-a7f4-9abaee483611
CreationDate : 1/30/2016 4:30:00 AM
State : Active
ComponentCount : 7
You will see that the component count of the active topology reflects the changes that you have made.
Manage the index component in SharePoint Server
6/7/2019 • 15 minutes to read • Edit Online
IMPORTANT
This procedure uses Microsoft PowerShell. You can run the Microsoft PowerShell commands on any server in the farm.
However, you should use the same SharePoint Management Shell for all Microsoft PowerShell commands in this procedure
so that you can share Microsoft PowerShell object references between commands.
To add an index replica
1. Verify that the user account that is performing this procedure is a member of the Farm Administrators
group.
2. Start a SharePoint Management Shell on one of the servers in the farm.
3. Start a search service instance on the server that you want to create the index replica on and create a
reference to the search service instance Id. At the Microsoft PowerShell command prompt, type the
following command(s):
Where:
$<host n> specifies the PowerShell object reference for the search service instance.
<Server name> specifies the server on which you want to add an index component. The input must
be a valid GUID, in the form 12345678-90ab-cdef-1234-567890bcdefgh ; a valid name of a server (for
example, myserver1 ); or an instance of a valid SearchServiceInstance object.
For example:
4. Wait until the search service instance is running. At the Microsoft PowerShell command prompt, type the
following command until the command returns the status Online:
5. Clone the active search topology. At the Microsoft PowerShell command prompt, type the following
command(s):
$ssa = Get-SPEnterpriseSearchServiceApplication
$active = Get-SPEnterpriseSearchTopology -SearchApplication $ssa -Active
$clone = New-SPEnterpriseSearchTopology -SearchApplication $ssa -Clone -SearchTopology $active
6. Add a new index component and associate it with a partition. At the Windows PowerShell command
prompt, type the following command(s):
Where:
$clone is the cloned topology that you are changing.
$<host n> is the PowerShell object reference to the running search service instance on the server
that you want to add the index replica to.
<Index partition number> is the number of the existing index partition that you are creating a
replica of. For example, to create an index replica of index partition 0, choose "0" as the parameter
value.
For example:
7. Activate the clone topology. At the Microsoft PowerShell command prompt, type the following
command(s):
8. Verify that your new topology is active and that the index component representing the new index replica is
added. At the Microsoft PowerShell command prompt, type the following command(s):
9. Monitor the distribution of the existing index to the new replica. The added index replica will have the state
Degraded until the distribution is finished. At the Microsoft PowerShell command prompt, type the
following command(s):
Repeat this command until all search components, including the new index component, output the state
Active. For a large search index, this could take several hours.
Make sure that there is sufficient disk space available on the server where you will be adding the index
partition.
Cau t i on
The Search service application is paused during index repartitioning and cannot crawl or index content. Also,
users will not be able to run queries.
To add an index partition
1. Verify that the user account that is performing this procedure is a member of the Farm Administrators
group.
2. Start a SharePoint Management Shell on one of the servers in the farm.
3. Start a search service instance on all the servers where you want to add an index replica for the new index
partition. You create a PowerShell object reference to the search service instance that is used later in the
procedure. For each server, at the Microsoft PowerShell command prompt, type the following
command(s):
Where:
<host n> specifies the PowerShell object reference for the search service instance.
<Server name> specifies the server on which you want to add an index component. The input must
be a valid GUID, in the form 12345678-90ab-cdef-1234-567890bcdefgh ; a valid name of a server (for
example, myserver1 ); or an instance of a valid SearchServiceInstance object.
For example:
4. Wait until the search service instances are running. For each server, at the Microsoft PowerShell command
prompt, type the following command until the command returns the status Online:
5. Clone the active search topology. At the Microsoft PowerShell command prompt, type the following
command(s):
$ssa = Get-SPEnterpriseSearchServiceApplication
$active = Get-SPEnterpriseSearchTopology -SearchApplication $ssa -Active
$clone = New-SPEnterpriseSearchTopology -SearchApplication $ssa -Clone -SearchTopology $active
The command creates a clone search topology that can be referenced with $clone and returns information
about the clone topology. Make a note of the topology Id of the cloned topology, in case you have to cancel
the repartitioning process.
6. Add a new index partition by adding one or more index components and associate them with the new
index partition. We recommend that you create the same number of index replicas for the new index
partition as you have for the existing partitions. For each new index component, at the Windows
PowerShell command prompt, type the following command(s):
Where:
$clone is the cloned topology that you are changing.
$<host n> specifies the PowerShell object reference for the search service instance.
<Index partition number> is the number of the index partition that you are creating. By default, you
have one index partition, which is called index partition 0. If you want to create a new index
partition, enter the IndexPartition parameter value 1, followed by 2, then 3 and so forth.
For example, if you have an existing index partition 0 with index replicas on Host A and Host B, and you
want to add a new index partition with index replicas on Host C and Host D:
7. Verify that the Search service application is running. At the Microsoft PowerShell command prompt, type
the following command(s):
$ssa.IsPaused() -ne 0
If this command returns False, the Search service application is running. Continue with step 9.
If this command returns True, the Search service application is paused. Continue with step 8.
8. If the Search service application is paused, find out why and if you have to wait for any operation to
complete before you can continue with step 9. See Manage a paused Search service application in
SharePoint Server for more information.
9. Start the activation of the clone topology. This will start the activation of the topology that includes the new
index replicas associated with the new index partition. This will start the index repartitioning process.
IMPORTANT
The Search service application is paused during index repartitioning and cannot crawl or index content. Also, users
will not be able to run queries. You will not be able to access the Windows PowerShell console where the activation
command runs.
NOTE
The Search Administration page in Central Administration does not show that the Search service application has
been paused for index repartitioning. However, because all query processing components are suspended when you
pause the Search service application for repartitioning, the Search administration page will show errors for the
query processing components during this process.
$ssa.PauseForIndexRepartitioning()
Set-SPEnterpriseSearchTopology -Identity $clone
10. Monitor the progress of the index repartitioning process. You can only monitor the progress of the
repartitioning process on the primary index components of the existing topology. The following steps
show you how to find the primary index components.
NOTE
You will not be able to run any commands in the existing SharePoint Management Shell until the topology
activation, including the index repartitioning process, is finished. Run the following commands in a second
SharePoint Management Shell.
$ssa = Get-SPEnterpriseSearchServiceApplication
Get-SPEnterpriseSearchStatus -SearchApplication $ssa -Text
The command returns a list of index components and their properties. Make a note of the names of the
primary index component(s). These are the index components that have the property Primary: True.
For example, the output could look like this. In this example, IndexComponent2 is the primary index
component:
Name : IndexComponent1
State : Active
Primary : False
Partition : 0
Host : MyMachine1
Name : Cell:IndexComponent1-SPd32cdffb08a2I.0.0
State : Active
Primary : False
Partition : 0
Name : IndexComponent2
State : Active
Primary : True
Partition : 0
Host : MyMachine2
Name : Cell:IndexComponent2-SPd32cdffb08a2I.1.0
State : Active
Primary : True
Partition : 0
11. For each primary index component, monitor the index repartitioning progress. At the Windows
PowerShell command prompt of the second SharePoint Management Shell, type the following
command(s):
Where:
<Index component name> is the name of the primary index component that you want to monitor the
progress of, for instance IndexComponent2.
Monitor the output of the command for each primary index component. The output of the command
contains progress information about the repartitioning of the index.
During the initial phase of the index repartitioning process, the output will look something like this:
Name Message
---- -------
repartition_component_state[SP...] Pending
The index partitions are split during the main phase of the index repartitioning process. During this phase,
the output will look something like this:
Name Message
---- -------
index splitting: current fusion progress[SP...] <Percentage value>
index splitting: splitting state [SP...] Index splitter running fusion, building: <Folder>
repartition_component_state [SP...] Splitting
The percentage value in the output indicates the approximate progress of the repartitioning process.
Repeat this command for all primary index components until the output of the commands no longer
returns any values. That means that the index repartitioning process has completed and that the
repartitioned index will now be replicated and distributed over the servers. This could take several hours.
12. Monitor the progress of the distribution of the index to the new index replicas. To do this, verify that your
new topology is active, and that all search components are healthy. At the Windows PowerShell command
prompt of the second SharePoint Management Shell, type the following command(s):
During the distribution of the index to the new index replicas, the added index replicas will return the state
Degraded. The distribution is finished when all index components return the state Active in the output.
This could take several hours.
NOTE
The query processing components are suspended because you have paused the Search service application for index
repartitioning. In the output, the query processing components will be listed with the state Unknown.
13. In the SharePoint Management Shell that you used to start the topology activation process, verify that the
search topology activation command has completed.
14. (Optional) Restart the SharePoint Search Host Controller service on all the servers that hosted index
components (representing a primary index replica or any other index replica) prior to the repartitioning.
Perform this step to get a correct document count and free up memory after repartitioning the search
index. If you decide not to perform this step, it will take a few days and some indexing iterations for the
memory usage to be gradually reduced and the document count (as returned by PowerShell cmdlets and
in the Search Administration page in Central Administration) to be correct.
NOTE
To avoid query outages, ensure that at least one index component returns the state Running for each index
partition before you restart the SharePoint Search Host Controller service.
IMPORTANT
Do not use the Services on Server page on the SharePoint Server Central Administration Web site to restart this
service.
To restart the SharePoint Search Host Controller, open a command prompt window on each of the
servers that host index components for existing index partitions.
To stop the SharePoint Search Host Controller, type this command: net stop
spsearchhostcontroller
To restart the SharePoint Search Host Controller, type this command: net start
spsearchhostcontroller
15. Resume the Search service application. At the Windows PowerShell command prompt, type the following
command(s):
$ssa.ResumeAfterIndexRepartitioning()
Where:
<Id of the activating topology> is the identity (GUID ) of the clone topology that you wrote down when
you cloned the search topology.
3. Cancel the topology activation. At the Windows PowerShell command prompt, type the following
command(s):
$activating.CancelTopologyActivation()
$ssa.IsPaused() -ne 0
($ssa.IsPaused() -band 0x01) -ne A change in the number of crawl Wait until the topology change
0 components or crawl databases is in completes.
progress.
($ssa.IsPaused() -band 0x02) -ne A backup or restore procedure is in Wait until the backup or restore
0 progress. completes. After the procedure
completes, run the command
$ssa.ForceResume(0x02) to verify.
For more information, see Restore
Search service applications in
SharePoint Server.
($ssa.IsPaused() -band 0x04) -ne A backup of the Volume Shadow Copy Wait until the backup completes. After
0 Service (VSS) is in progress. the VSS backup completes, run the
command $ssa.ForceResume(0x02)
to verify.
IF THE COMMAND RETURNS TRUE, THE
SEARCH SERVICE APPLICATION IS PAUSED
COMMAND FOR THIS REASON: ACTION
($ssa.IsPaused() -band 0x08) -ne One or more servers in the search Wait until the servers are available
0 topology that host query components again.
are offline.
($ssa.IsPaused() -band 0x20) -ne One or more crawl databases in the Wait until the operation completes.
0 search topology are being rebalanced.
($ssa.IsPaused() -band 0x40) -ne One or more link databases in the Wait until the operation completes.
0 search topology are being rebalanced.
($ssa.IsPaused() -band 0x80) -ne An administrator has manually paused If you know the reason, you can resume
0 the Search service application. the Search service application. Run the
command $ssa.resume() to resume
the Search service application.
($ssa.IsPaused() -band 0x100) -ne The search index is being deleted. Wait until the search index is deleted.
0
($ssa.IsPaused() -band 0x200) -ne The search index is being repartitioned. Wait until the operation completes. For
0 more information, see Manage the
index component in SharePoint Server.
After you've waited until the operation completes, at the Microsoft PowerShell command prompt, type the
following command to make sure that the Search service application is running:
$ssa.IsPaused() -ne 0
Crawl log
The crawl log tracks information about the status of crawled content. This log lets you determine whether crawled
content was successfully added to the index, whether it was excluded because of a crawl rule, or whether indexing
failed because of an error. The crawl log also contains information such as the time of the last successful crawl and
whether any crawl rules were applied. You can use the crawl log to diagnose problems with the search experience.
To view the crawl log
1. Verify that the user account that is performing this procedure is an administrator of the Search service
application, or has Read permissions to it.
2. In Central Administration, under Application Management, click Manage service applications.
3. On the Service Applications page, click the Search service application.
4. On the Search Administration page, in the Quick Launch, in the Diagnostics section, click Crawl Log.
5. On the Crawl Log - Content Source page, click the view that you want.
Crawl log views
The following table shows the different views that you can select to see the status of crawled content.
Overview of crawl log views
VIEW DESCRIPTION
You can also see the average time that it took to complete a
crawl of a content source for the last crawl, for the last 24
hours, for the last 7 days and for the last 30 days. You can
view the developments of the crawl duration, and see whether
a particular content source is getting smaller or larger in size.
This view also shows the crawl rate and the repository latency.
Error Breakdown Provides summaries of errors per content source or per host
name. The MSSCrawlURLReport table in the crawl database
provides the data for this view. You can filter by content
source or by host.
Databases Lets you view the state of the crawl databases used by this
Search service application.
VIEW DESCRIPTION
URL View Lets you search the crawl logs by content source, URL, or host
name, and view details of all items in the index. The
MSSCrawlURLReport table in the crawl database provides the
data for this view. You can filter the results by setting the
Status, Message, Start Time, and End Time fields.
Note that the URL View only shows the Display URL. If items
have the same Display URL (for example for a folder or views)
but different Access URLs, the same Display URL displays
several times in the URL View. You can query the Crawl
database directly to see which items have the same Display
URL.
The following table shows which additional columns are available in the Content Source, Host Name and Crawl
History views. These columns show information about crawled items.
Overview of additional columns in the Content Source, Host Name and Crawl History views
ITEM DESCRIPTION
Warnings Items might not have been successfully crawled and might
not be searchable.
Deletes Items that were removed from the index and are no longer
searchable.
Not Modified Items were not changed between crawls. This column only
shows in the Crawl History view.
Security Update The security settings of items were crawled because they were
changed. This column only shows in the Crawl History view.
Security Errors The security update of items caused an error. This column only
shows in the Crawl History view.
Usage reports
You can use the usage reports and the search reports provided on the View Usage Reports page to view usage
data that was collected about this site collection.
To view usage reports
1. Verify that the user account that is performing this procedure is an administrator of or has Read
permissions to the Search service application.
2. In Central Administration, under Application Management, click Manage service applications.
3. On the Service Applications page, click the Search service application.
4. On the Search Administration page, in the Quick Launch, in the Diagnostics section, click Usage Reports.
5. On the View Usage Reports page, click the usage or search reports view that you want view.
The following table shows the different usage reports and search reports that you can select.
Overview of usage report or search report
Number of Queries This report shows the number of search queries performed.
Use this report to identify search query volume trends and to
determine times of high and low search activity.
Top Queries by Day This report shows the most popular search queries. Use this
report to understand what types of information visitors are
seeking.
Top Queries by Month This report shows the most popular search queries. Use this
report to understand what types of information visitors are
seeking.
Abandoned Queries by Day This report shows popular search queries that received low
click-through. Use this report to identify search queries that
might create user dissatisfaction and to improve the
discoverability of content. Then, consider using query rules to
improve the query's results.
Abandoned Queries by Month This report shows popular search queries that received low
click-through. Use this report to identify search queries that
might create user dissatisfaction and to improve the
discoverability of content. Then, consider using query rules to
improve the query's results.
No Result Queries by Day This report shows popular search queries that returned no
results. Use this report to identify search queries that might
create user dissatisfaction and to improve the discoverability
of content. Then, consider using query rules to improve the
query's results.
No Result Queries by Month This report shows popular search queries that returned no
results. Use this report to identify search queries that might
create user dissatisfaction and to improve the discoverability
of content. Then, consider using query rules to improve the
query's results.
Query Rule Usage by Day This report shows how often query rules trigger, how many
dictionary terms they use, and how often users click their
promoted results. Use this report to see how useful your
query rules and promoted results are to users.
Query Rule Usage by Month This report shows how often query rules trigger, how many
dictionary terms they use, and how often users click their
promoted results. Use this report to see how useful your
query rules and promoted results are to users.
Enable search alerts in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
Query rules. These include result blocks, promoted results, and Result sources, result types, search schema, ranking model
user segments.
NOTE
Customized search settings that SharePoint Server created and enabled before the import failed remain enabled.
If the import fails, remove the condition that caused the failure and reimport the search configuration file. For
example, if the Notes column states that there is already a query rule with the same name as the query rule that
you are trying to import, then you should remove that query rule either from the target or from the import file, and
then reimport the file.
Invalid characters causing the import to fail
If managed properties or aliases contain any of the listed characters, the import of the customized search schema
that contains these properties will fail.
CHARACTER NAME
space
: colon
; semicolon
, comma
( opening parenthesis
) closing parenthesis
[ opening bracket
] closing bracket
{ opening brace
} closing brace
% percent
$ dollar sign
_ underscore
+ plus sign
! exclamation point
* asterisk
= equal sign
& ampersand
? question mark
@ at sign
# number sign
\ backslash
~ tilde
| pipe
` grave accent
^ caret
In this section
Set up a Search Center
How to change the way search results are displayed
Create and import a thesaurus
Create and import query suggestions
Changing the ranking of search results
Set up a Search Center in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
And this is what our content publishing Search Center looks like after we set it up to meet our needs. Here, we
have searched for "relevance," just as an example.
You can see that we get results that show articles that we've published, and you can also see that we have added
refiners that are meaningful to us, such as Writer and Editor . We also added several search pages, or search
verticals, such as Art and Interop . In this series, we'll show you how you can add search verticals and refiners to
your Search Center, but before we start the practicalities, here are some considerations to help you plan your
Search Center.
What kind of content and information is located on your intranet?
When you think about your intranet, is there content that people probably want to search differently or separate
from other content?
As an example, in our content publishing Search Center we have a separate search vertical to search through the
illustrations, or "Art" files, that we use in our articles. So when we want to see whether we already have any
illustrations of a server farm, we type "server farm" as our query in the search box. On the search results page, we
can click "Art" to view only the art results for that query.
Is the content tagged with good and consistent metadata?
Setting up your Search Center is much easier if content is well organized and consistently tagged with good
metadata. It's often well worth investing time in content quality before you crawl it so that people can more easily
find what they're looking for in the Search Center.
In our content publishing Search Center, we work with SharePoint lists. Each content item that we publish, such as
an article or an art file, has its own entry on the list. We've made sure that all the entries are consistently tagged
with metadata that is important to us, for example to help us determine which product variants an article applies
to. For our articles we also have rules around the titles and short descriptions we use. We're capturing these
metadata in site columns and site column values, and we have set up our Search Center so that we can easily use
these values to refine on search results and quickly find exactly the information we're looking for.
Who works with the intranet content?
Some content can benefit from being searched separately or differently than other content. Likewise, it is useful to
think about the categories of people who search and how their interests differ. For example, if you work in Human
Resources and you search for "vacation," you're probably looking for content related to the company's rules and
regulations around holidays. If you don't work in HR and you search for "vacation," you probably want to find a
SharePoint site where you can log when you're away or use a tool to request a day off.
You can create search verticals in the Search Center to display subsets of the search results that are of particular
interest for certain groups of people, such as teams or departments. Or, you can create separate Search Centers. It
all depends on the people who use the intranet in your organization: think about what they are searching for and
how you can make it easier for them to find it.
Store most of the content in SharePoint
It's an advantage if the content in your intranet is stored in SharePoint Server, because the SharePoint content
source differs from all other types of content sources for search.
Site collection administrators have many configuration and management options for content that is stored in
SharePoint Server, such as adding new managed properties and editing existing ones. If you add a new managed
property or make certain changes to it, you have to recrawl the content. This is where it helps to have content in
SharePoint: you can reindex individual SharePoint lists and libraries without having to crawl all SharePoint content.
Also, the SharePoint content source is the only source that you can crawl continuously. When the content changes,
a continuous crawl will detect the change and you don't have to wait until the next incremental or full crawl
finishes.
1. Our content is stored in SharePoint lists and libraries. We use site columns to store metadata about each
item.
2. When we crawl the content and the metadata, the information is processed and added to the search index.
3. In the search index, managed properties represent the content and metadata that we crawled.
4. The queries that we enter in our Search Center are sent to the search index, where the system tries to find
matching results.
5. Any matching results are displayed in the Search Result Web Part in the Search Center.
In this series, we'll show you how you can set up your own Search Center by using examples from our own
experience with the Search Center for content publishers. This series includes the following articles:
How to create a Search Center Site Collection and enable crawling of your content in SharePoint Server
How to configure the Search Results Web Part to use a new result source in SharePoint Server
Plan to use refiners on a search results page in SharePoint Server
How to add refiners to your search results page in SharePoint Server
How to add a custom search vertical to your search results page in SharePoint Server
TIP
A related series, How to change the way search results are displayed in SharePoint Server, enhances the example Search
Center developed in this series. In this related series, we show you how you can change the appearance of your search
results.
How to create a Search Center Site Collection and
enable crawling of your content in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
4. Optionally, you can verify that your items are added to the search index by clicking Crawl Log.
In this scenario, 157,297 items appear in the search index.
$ssa = Get-SPEnterpriseSearchServiceApplication
$ssa.SetProperty("ContinuousCrawlInterval", 1)
So, by enabling continuous crawls, your search index is automatically updated with the latest changes. But, there
are some types of changes where continuous crawls are insufficient to update the search index, for example, if you
enable managed properties as refiners (we'll show you how to do this in a later article). For these changes to be
updated in the search index, you have two options:
Do a full crawl.
Do something called reindexing .
The reason there are two options is because people who work with content (let's call them content managers) are
not likely to have Search service application administration level rights. That is, they don't have access to Central
Administration where they can start a full crawl. But, content managers are likely to have Site Owner rights, and
Site Owners can do reindexing.
How to reindex a list
Here are the steps to mark a list or library for reindexing:
1. On your list or library, click the LIST or LIBRARY tab --> List Settings or Library Settings -->
Advanced Settings.
2. On the Advanced Settings page, click Reindex List or Reindex Document Library.
Search service application administrator To all site collections within the farm
To save space, we'll only show you how to create a result source as a Site collection administrator.
1. Go to Site settings --> Search Result Sources.
2. On the Manage Result Sources page, click New Result Source.
3. On the Add Result Source page, enter a Name. Select values for Protocol and Type, and then click
Launch Query Builder. This opens a dialog box.
In our scenario, we named the result source Articles , and kept the default values for Protocol and Type.
4. In the Build Your Query dialog box, define the result source.
Remember, in our scenario we only wanted search results to come from a particular site within the farm.
Therefore, in the Query text field we added the following:
{searchTerms?} In our result source, we wanted to include the words that users type inside the query box
when then search for something. Obviously we have no way to know what users will type. Therefore, we
added the {searchTerms?} query variable. By the way, you can tell it is a query variable because it is
enclosed in braces (for more information, see Query variables in SharePoint Server). When a user enters a
query, this query variable is replaced by the words the user has typed in the query box. The question mark
at the end of the variable means that if no words are entered in the query box, the variable should be
ignored.
(contentclass:sts_listitem) This means that only list items will be included in the result source.
path:http://<path> This is the path of the site from where we wanted search results to come from.
5. Test that the result source is working correctly by clicking the TEST tab, and then Show more.
6. In the {searchTerms} field, enter Query words to simulate a query entered by a user, and then click Test
query.
In our scenario, we entered search configuration .
Notice that 52 results were returned. (I will tell you why this is kind of cool in the next section…).
7. Click OK to close the dialog box, and then Save.
So now that we have a result source for the Search Center, we can move on to configuring the Search Results Web
Part to use the new result source.
How to configure the Search Results Web Part to use a new result
source
By default, the Search Results Web Part is used on the search results page. To configure the Search Result Web
Part, you have to navigate to the search results page. Here's what you have to do:
1. On your Search Center home page (the default URL to this page is <site>/Pages/default.aspx ), enter a
query in the search box, and press Enter.
In our scenario, we entered search configuration .
When you press Enter, you'll be taken to the to the search results page (the default URL to this page is
<site>/Pages/results.aspx ).
In our scenario, 1,051 search results were returned.
Remember, by default you'll get search results from the complete SharePoint Server farm. The following
steps explain how to change this so only search results from your newly-created result source are returned:
2. On the search results page, click the Settings menu --> Edit Page.
3. In the Search Results Web Part, click the Web Part Menu, and then click Edit Web Part.
4. In the Web Part tool pane, click Change query. This opens a dialog box.
5. In the dialog box, from the Select a query menu, select your newly-created result source.
In our scenario, we selected the Articles (Site Collection) result source.
6. Click OK in the dialog box, click OK in the Web Part Tool pane, and then save the page. To verify that the
configuration is working, enter a query.
In our scenario, we entered search configuration .
52 results were returned, which is the same number of items that were returned when we tested the query
in the result source configuration. Pretty cool, huh?
Now that the Search Results Web Part displays the search results we are interested in, the next task is to make it
easier for users to filter these search results by using refiners.
Next article in this series
Plan to use refiners on a search results page in SharePoint Server
Plan to use refiners on a search results page in
SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
There's a reason why you can do this from two places. If you are working with content (let's say you're a content
manager), you're unlikely to have Search service application administration level rights, that is, you won't have
access to Central Administration. But, you are very likely to have Site collection administrator permissions.
The previous article of this series ( How to configure the Search Results Web Part to use a new result source)
explained how content managers can easily add content to the search index without having to pester Search
service application administrators. So now that everyone's happy, we don't want to jeopardize this happiness by
making content managers dependent on a Search service application administrator to enable refiners.
This article only describes the procedure as it can be performed by a Site collection administrator (content
manager). For information on how Search service application administrators can make a managed property
refinable, see Enable automatically created managed properties as refiners in SharePoint Central Administration.
Luckily, there are many "empty" managed properties that are enabled as refiners by default. In this context,
"empty" means that a crawled property is not mapped to it. This means that Site collection administrators can
map a crawled property to one of these refiner-enabled managed properties without having to depend on a
Search service application administrator.
The table below provides an overview of the managed properties that are enabled as refiners by default.
MANAGED PROPERTY NAME DATA TYPE FOR MAPPING DISPLAY FORMAT FOR REFINER VALUES
In our Search Center scenario, we had already identified the refiners that we wanted to use. For each of these
refiners, we defined which refinable managed property we would use:
Manager RefinableString01
Editor RefinableString03
So now that we have a plan for which refiners to use, the next task is to do the actual refiner configuration.
Next article in this series
How to add refiners to your search results page in SharePoint Server
How to add refiners to your search results page in
SharePoint Server
6/7/2019 • 7 minutes to read • Edit Online
Manager RefinableString01
Editor RefinableString03
The procedure for mapping a crawled property to a refinable managed property is the same for all refiners. The
following example procedure explains how we mapped the crawled property that represents Internal Writer to the
RefinableString01 refinable managed property.
1. On your Search Center, on the Site Settings page, select Search Schema.
2. In the Managed property field, type the name of the refinable managed property to which you want to
map a crawled property, and then click the arrow button.
In our scenario, we typed RefinableString01 .
5. In the Crawled property selection dialog box, use the Search for crawled property name field to
search for the crawled property that you want to map to this refinable managed property.
In our scenario, we knew we wanted to use the site column called Internal Writer . Crawled properties don't
contain spaces. Therefore, we entered InternalWriter .
If you have questions here, your confusion is understandable. This part is somewhat tricky. There are
actually two crawled properties, which might seem strange, considering that we have only one Internal
Writer site column. So which crawled property should we choose to map to the refinable managed
property?
Let's take a closer look at what's going on. The difference between the two crawled properties is the prefix.
One has an ows_q_USER_ prefix, and the other has ows_ .
IMPORTANT
When mapping a crawled property to a refinable managed property, select the crawled property with the ows_
prefix.
If you want more information about the naming convention for crawled and managed properties, see From
site column to managed property - What's up with that?.
6. Select the crawled property with the ows_ prefix, and then click OK.
In our scenario, we selected ows_Internal_Writer .
On the Edit Managed Property page, notice that the crawled property is added to the Mappings to
crawled property field.
It's important to understand that the alias that you enter here is not the refiner name that will be shown on
your search results page. This alias is meant to make your life a bit easier when you're configuring refiners
in the Refinement Web Part (see procedure below ). Remember, you can't change the name of the
refinable managed property. Therefore, when you do the configuration, you'll have to deal with many
refinable managed properties that have similar names, RefinableString01 , RefinableString02 and so on So,
the alias is a good reminder of which value that you mapped to the property.
8. To finish the mapping, click OK.
The following screen shots show the final result after repeating the steps from the procedure above for the
remaining four refiners.
4. In the Selected refiners section, select the refiners that you don't want to display on your search results
page, and then click Remove.
In our scenario, we removed all the default refiners.
5. In the Available refiners section, scroll down and select a refinable managed property.
In our scenario, we selected RefinableString1. This is the refinable managed property that is mapped to the
crawled property ows_Internal_Writer . Notice that sample values are shown (a good sign that we're on the
right path), together with the alias InternalWriter .
6. Click Add.
This moves the RefinableString01 property over to the Selected refiners section. When a refiner is moved
over to the Selected refiners section, additional configuration options are shown. They will be explained in
steps 10 and 11.
7. Repeat steps 5 and 6 to add all the refiners you want to use on your search results page.
In our scenario, we added the five refinable managed properties that we configured in the previous section.
8. To preview the refiners, click Preview Refiners.
9. To change the display order of refiners, select the refiner you want to move, and then click the Move up or
Move down button.
In our scenario, we selected RefinableString04 (notice the Alias name), and selected Move up until it was
the first property in the Selected refiners section.
10. To enable users to select multiple refiner values, from the Display template menu, select Multi-value
Refinement Item.
We clicked Preview refiners again, and verified that the ContentType refiner (RefinableString04) was
displayed first, and that it had check boxes that would enable users to select multiple refiner values.
We repeated this step for the refiners RefinableString01 , RefinableString02 , and RefinableString03 .
The RefinableDate01 refiner represents Requested publish date . By default, the refiner values are shown in
a list, which makes it difficult for users to see the date range.
To display the refiner values in a more user-friendly way, in the Refinement configuration dialog box,
from the Display template menu, we selected Slider with bar graph. In the Dates section, we selected
Last day, week, month, six months and year.
When we now previewed our refiners, the values for the Requested Publish Date refiner ( RefinableDate01 )
were perfectly displayed as a graph.
But, there was more thing that we needed to improve: the refiner display names. RefinableString01 ,
RefinableString02 , and so on do not make much sense to users.
11. To change the refiner display name, in the Display name field, enter the name that you want to be
displayed for each refiner.
In our scenario, for the RefinableString04 refiner, we entered Content Type .
Repeat this step for all your refinable managed properties.
12. To save the configurations, click OK in the Refinement configuration dialog box, and then OK in the Web
Part tool pane.
13. Save the page.
In our scenario, the five refiners were now correctly displayed on the search results page.
But, there was one small detail that would make the refiners even better. Right now users couldn't see numeric
details for the refiner values. For example, we could see names of writers that had written articles that had to do
with search configuration . However, we couldn't see how many articles they had written.
When you click IMAGES, you are using a search vertical. Bing has five search verticals: WEB, Images, VIDEOS
Maps, and NEWS.
A search vertical filters search results so only a certain type of search results are displayed. When we clicked the
IMAGES search vertical, the search results were filtered so only images were displayed.
When users click one of these search verticals, it will in fact move to a new page. For example, the default search
results page, the Everything search vertical, uses the results.aspx page.
When a user clicks on the People search vertical, they navigate to the peopleresults.aspx page.
The following are the default pages that are used for the four search verticals:
Everything results
People peopleresults
Conversations conversationresults
Videos videoresults
To view these pages, from the Site settings menu, select Site contents --> Pages.
Remember, {searchTerms?}(contentclass:sts_listitem) path:http://<path> was the query text of the Article result
source that we created earlier. To this, we added AND ContentType:Art
In our lists, we use the site column Content Type to specify the different media files. For example, all images have
the value Art for Content Type .
So, by adding AND ContentType:Art to the query text, only list items that have the value Art for Content Type will
be returned in search results.
Here are the three new result sources we created.
Now that we had three new result sources, we could move on to creating the custom search verticals.
5. Click Create.
Your new page is displayed in your Pages library.
Now that you have a page for your custom search vertical, you can begin to create the actual search
vertical. Here's what you should do:
6. On the Site Settings page, click Search Settings.
7. On the Search Settings page, in the Configure Search Navigation section, click Add Link.
8. In the Navigation Link dialog box, in the Title field, enter the search vertical title. This text will appear as
the "tab" name on your search results page.
In our scenario, we entered Art .
9. In the URL field, select Browse and select a page for your search vertical.
In our scenario, we selected the art page we just created.
What you can do after you have successfully set up a Search Center
When you have successfully set up a Search Center, the first thing that you should do is congratulate yourself on a
job well done! Nice job!
But, the job usually doesn't end here. To make the Search Center even more user-friendly, you can change the way
search results are displayed, for example to display information that is specific to your company or business. You
can read about how to do that in series How to change the way search results are displayed in SharePoint Server.
How to change the way search results are displayed
in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
to this:
In this series, we'll cover:
Understanding how search results are displayed in SharePoint Server
Understanding how item display templates and hit highlighting work in SharePoint Server
How to create a new result type in SharePoint Server
How to display values from custom managed properties in search results - option 1 in SharePoint Server
How to display values from custom managed properties in search results - option 2 in SharePoint Server
How to display values from custom managed properties in the hover panel in SharePoint Server
How to add a custom action to the hover panel in SharePoint Server
How to change the text that is displayed in the Search Box Web Part in SharePoint Server
How to change the order in which search results are displayed in SharePoint Server
1. Content is stored in lists and libraries. Site columns are used to store values, or in other words information,
about each item in a list or library.
2. When lists and libraries are crawled, site columns and the site column values are added to the search index.
3. In the search index, site columns are "transformed" into managed properties. Site column values are
"transformed" into managed property values.
4. On a search page, a user enters a query in a Search Box Web Part. The query is sent to the search index.
5. Search results are sent from the search index to a search results page, and displayed in a Search Results
Web Part. The Search Results Web Part uses display templates that specify which managed property values
should be displayed.
Here's how to understand this high level representation in the context of Microsoft's internal Search Center.
1. A Microsoft writer creates a list item for an article she'll be writing. Site columns, such as Title , Content
Summary , and Technical Subject , are used to store values, or in other words, information, about the article.
2. The list is marked for continuous crawl. This means the list will be crawled at a set interval, for example,
every minute.
You can see the crawl schedule in List Settings --> Catalog Setting.
3. From Site Settings --> Search Schema you can search for managed properties.
In this scenario, there's a managed property named ContentSummaryOWSMTXT , and another one named
owstaxIdTechnicalSubject . They represent the site columns Content Summary and Technical Subject . For
more information about the "transformation" of site columns into managed properties, see From site
column to managed property - What's up with that?.
4. On a search page, a user enters a query, for example customize search results .
5. On a search results page, search results are displayed in a Search Results Web Part. The Web Part uses
display templates that specify that the values from the managed properties ContentSummaryOWSMTXT
and owstaxIdTechnicalSubject should be displayed in the search results (the display templates also specify
many other things, but for now, let's just concentrate on the values of these two managed properties). The
second search result is the list item created in step 1. We can see that the values from the managed
properties ContentSummaryOWSMTXT and owstaxIdTechnicalSubject are displayed in the search result.
You can also see details such as a small icon next to each search result on the page. These icons represent the site
to which the article is published, such as Office.com and TechNet. The search result also contains the words
"Technical Subject" in front of the value search . Later in this series, you'll learn how to add the icons and the
words. But first, let's explore more details about how search results are displayed.
Next article in this series
Understanding how search results are displayed in SharePoint Server
See also
Concepts
Overview of search architecture in SharePoint Server
Understanding how classic search results are
displayed in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
By hovering over the first search result, more information about the result is displayed.
By hovering over the fourth result, the information that is displayed differs from what you saw when you hovered
over the first result.
What's going on here, and what's making the search results display so differently? That is the subject of this
article.
To view or edit a display template, use the HTML file. SharePoint automatically transforms the HTML file into an
associated JavaScript file when you upload it. Because the two files are associated, any changes that you make to
the HTML file will automatically update the associated JavaScript file.
Details about how display templates work will be provided later in this series. For now, let's move on to result
types.
Let's start with the first connection. To see the connection between a result type and an item display
template, go to Site Settings --> Result Types. Select to view a result type, for example Microsoft
PowerPoint.
On the Result Type page, in the Display template URL section, there's a URL that points to a file that is
named Item_PowerPoint.js.
This URL is a reference to an item display template. This means that all search results that belong to the
Microsoft PowerPoint result type will be displayed by using the Item_PowerPoint.js display template.
If you look in the Master Page Gallery, you'll see the Item_PowerPoint.js file and the associated
Item_PowerPoint.html file.
Now for the second connection: to see the connection between an item display template and a hover panel
display template, open Item_PowerPoint.html. You'll see a reference to a hover panel display template, in
this case, Item_PowerPoint_HoverPanel.js.
In the Master Page Gallery, you'll find the Item_PowerPoint_HoverPanel.js file and the associated
Item_PowerPoint_HoverPanel.html file.
So now you know why there are so many search display templates. It's because four display templates are
connected to each result type.
For an overview of the connection between the default result types, item display templates, and hover
panel display templates, see Result types and display templates that are used to display search results in
SharePoint Server.
That was straight forward, however, we're not completely through yet. In addition to the display templates
that are connected to a result type, there are display templates that are used by all result types.
About display templates that are used by all result types for classic
search
To recap:
1. Each result type contains a reference to an item display template.
2. Each item display template contains a reference to a hover panel display template.
and then we have to add:
3. Each item display template contains a reference to a common item display template.
4. Each hover panel display template contains references to three common hover panel display templates.
These common display templates are located in the same Master Page Gallery folder as the display
templates that are specific to individual result types.
Each item display template points to the common item display template. The following screen shot shows
how the item display template that was used for the Microsoft Excel result type points to the common
display template Item_CommonItem_Body .
Each hover panel display template points to three common hover panel display templates. The following
screen shot shows how the hover display template that is used for the Microsoft Excel result type points
to the three common hover panel display templates.
If all these references are a bit confusing, don't worry. Upcoming articles in this series will use examples
that will make it easier to understand. At this point, it's important to know how result types are used to
categorize different types of search results, and how result types are connected to different display
templates.
You'll see that the radio button Use result types to display items is selected by default. This means that search
results will be displayed based on the result type that they belong to. That's it!
So now you know about the mechanics of how search results are displayed. The next article in this series, we'll
goes into detail about the item display template, and also explains the magic of hit highlighting.
Next article in this series
Understanding how item display templates and hit highlighting work in SharePoint Server
Understanding how item display templates and hit
highlighting work in the classic search experience in
SharePoint Server
6/7/2019 • 8 minutes to read • Edit Online
NOTE
Because we have mapped a network drive, we can open the file in our favorite HTML editor, for example, Notepad++.
About the <title> tag
The top of the display template has a <title> tag. The text in this tag is what will be shown when you do
configurations in the SharePoint UI, for example, when you configure a result type.
The following screen shot shows how the text from the <title> tag in the item display template, Excel Item, is
shown in the configuration of the Microsoft Excel result type.
The following screen shot shows the default ManagedPropertyMapping element for the Excel Item display
template.
Notice that the display template reference name is the same as the managed property name, for example
'Title':'Title' or 'FileType':'FileType' . Even though this might seem a bit confusing at first, having identical
names will make it easier to maintain the file.
By default, the managed properties that are included in this element vary slightly for the different item display
templates. But, there are two managed properties that are included in all display templates:
HitHighlightedProperties and HitHilightedSummary . We'll explore these two properties in the "How hit
highlighting works - it is magic!" section of this topic.
About the <body> tag
Inside the <body> tag, there is a <div> tag with an ID. By default, the ID for this <div> tag matches the name of
the file. In our case, this is Item_Excel.
Any HTML or code that the display template should use to display search results is included inside this <div> tag.
In this <div> tag there are one or more blocks that begin with <!--#_ and end with _#-->. JavaScript code is used
inside these blocks, and HTML outside the blocks. You can also use these blocks to control the HTML with
conditional statements. We'll show you how you can do this in a later article.
About the hover panel display template variable
We have to consider one variable that's used inside this block: var hoverUrl. In Understanding how search results
are displayed in SharePoint Server, we covered how each item display template contains a reference to a hover
panel display template. The variable var hoverUrl contains this reference.
The following screen shot shows how var hoverUrl points to the Item_Excel_HoverPanel hover panel display
template.
About the icon that shows in search results
I also want to mention the value ctx.CurrentItem.csr_Icon. This value points to the icon that should be displayed
next to each search result, for example the Excel icon.
The following screen shot shows how the value ctx.CurrentItem.csr_Icon points to an icon.
Later in this series, we'll look at how you can change this value so that it points to a custom icon.
About the reference to the common item display template
Toward the end of the <div>, a very important line of code is included: #=ctx.RenderBody (ctx )=#. In
Understanding how search results are displayed in SharePoint Server, we looked at how this is a reference to the
item display template that's used by all result types.
The following screen shot shows how #=ctx.RenderBody (ctx )=# is used in the Item_Excel display template.
About hit highlighting
Even if you have never heard of hit highlighting before, you've seen the feature in action, even though you might
not have given it much thought.
The hit highlighting feature takes the words a user has entered in a search box and displays them in bold in the
search results. That way, users can easily scan search results to see the context in which their query words are
found. For example, the following screen shot shows that "result type" was entered in the search box. In the search
results, "result" and "type" are displayed in bold.
As was previously explained in the "About the ManagedPropertyMapping element" section of this topic, the
ManagedPropertyMapping element in the item display template contains the managed properties that can be
used to display search results. Based on this, you can understand why "About configuring result types " is
displayed. It is because "About configuring result types" is the value of Title in the list item, and Title is one of the
managed properties found in the ManagedPropertyMapping element in the display template. The words "result
type" are displayed in bold (hit highlighted) because Title is one of the hit highlighted listed in the Search Results
Web Part.
But why is "CSH_Configure_ result_types… "displayed in the search results? In the list item we can see that this is
the value for Project/File Name, but the managed property for that site column is not included in the
ManagedPropertyMapping element in display template. Neither is it listed as one of the hit highlighted
properties in the Search Results Web Part. So why is this value displayed?
About the "magical summary" property
If you guessed hit highlighting, you are correct. In addition to the default properties that you saw in the Hit-
highlighted properties (JSON ) section of the Search Results Web Part, there is a property that contains a
summary for each item. This is almost like a magical property, because it stores a summary of each item in the
search index. This summary is created under the SharePoint hood, so you don't have to worry about that. What's
important is that when I searched for "result type," a match was found in both the Title and this "magical
summary" property.
If you are now thinking, hang on! I understand that the value for Title is displayed because Title is one of the
managed properties found in the in the ManagedPropertyMapping element display template. But I don't see
any "magical summary" property in the ManagedPropertyMapping element of the display template. So how
can the value be displayed?
Well, that is where the two properties HitHighlightedProperties and HitHilightedSummary are useful. The diagram
below does not represent how SharePoint actually handles these properties. However you can think about it in the
following way:
1. The managed properties that are listed in the Hit-highlighted properties (JSON ) section of the Search
Results Web Part and the "magical summary" property are passed to the HitHighlightedProperties
property.
2. All values of the HitHighlightedProperties property are passed to the HitHighlightedSummary property.
3. A truncated version of the values in HitHighlightedSummary is displayed in the Search Results Web Part.
If you look closely at the search results, you'll notice that many search results are displayed with three dots at the
end.
These dots indicate that these are values from the HitHighlightedSummary property.
If you only want to display a minimum amount of information for each search result, you can rely on the hit
highlighting magic and probably be OK with the default way search results are displayed. But, if you want custom
information to be displayed for each search result, you'll have to do some customization.
In the next article you'll learn the first step in customizing search results: creating a new result type.
Next article in this series
How to display values from custom managed properties in search results - option 1 in SharePoint Server
How to create a new result type for classic search in
SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
CATEGORY DEFINITION
After we had defined the categories, we needed to distinguish the categories from one another. Items in our list
contain a site column named Distribution Channel . This site column contains the value of the platform to which an
article is published, for example TechNet Library .
We decided that we would use values from the Distribution Channel site column to distinguish the categories from
one another.
With these decisions in hand, we set out to create new result types for each category. The procedure for creating a
new result type is identical for all categories. So, to save space, we'll only look at how TechNet content result type
was created.
By refreshing Windows Explorer, we saw that SharePoint Server had automatically created an associated
JavaScript file.
To save space, we'll only look at how to create a result type as a Site collection administrator.
1. Go to Site settings --> Search Result Types.
Instead of creating a new result type from scratch, we can make life a bit easier by copying an existing result
type and changing it to fit our new result type. If we do this, we must be sure to copy a result type that
closely resembles the new result type we want to create.
2. On the Manage Result Types page, from the result type menu field, select Copy.
In our scenario, we wanted to customize search results for SharePoint list items. Therefore, we copied the
SharePoint List Item result type.
3. On the Add Result Type page, here are the steps to follow:
In the Give it a name field, enter a name for the new result type.
In our scenario, we entered TechNet content .
From the Which source should results match menu, select the result source that we have used to
configure the query in our Search Result Web Part.
In the What types of content should match? You can skip this rule to match all content menu, all the
default result type are listed.
In our scenario, we chose Select a value.
Click Show more conditions.
This opens a menu where we can specify the result type based on managed property values.
In our scenario, all list items contain a site column called Distribution Channel . As we saw at the beginning,
this site column contains the publication platform value, for example TechNet Library . We used values from
this site column to specify which list items should belong to our new result type.
From the Which custom properties should match menu, we selected DistributionChannelOWSCHCS .
DistributionChannelOWSCHCS is the managed property that represents the Distribution Channel site
column. In the fields below, we entered all the values that should specify the new TechNet content result
type.
From the What should these results look like menu, select the display template that should be used by
this result type.
In our scenario, we selected the newly-created TechNet content display template.
Click Save.
The newly-created result type is now listed on the Managed Result Types page.
In our scenario, we could see that the TechNet content result type was created.
So now that we have a new result type, the next task is to change the display template that is associated
with this result type. There is more than one way to do this. Therefore in the next two articles of this series,
we'll explain two different options.
Next article in this series
How to display values from custom managed properties in search results - option 1 in SharePoint Server
How to display values from custom managed
properties in classic search results - option 1 in
SharePoint Server
6/7/2019 • 7 minutes to read • Edit Online
2. Open the item display template that is referenced from the result type for which you want to display a
custom icon.
In our Search Center scenario, we also removed the if statement: if (ctx.CurrentItem.IsContainer ) .
3. On a search page, enter a query that will trigger the new result type.
4. In our Search Center scenario, we entered "result type." Search results that are TechNet publications now
have a custom icon next to them. Great!
So users of our Search Center could now easily distinguish the search results that were published on TechNet.
But, we also wanted to add information from custom site columns so that users could see important information
about each search result without having to click it.
In Understanding how search results are displayed in SharePoint Server we explained that site columns are
"transformed" into managed properties during crawl. We also explained that only managed properties that are
listed in an item display template can be displayed in search results. So, to display custom information in your
search results, you must have to add managed properties to an item display template. Hence, the next thing that
you should do is find the managed property name that corresponds to the custom site column that you want to
use.
How to find a managed property name
Before you start to search for a managed property name, it's important that you know a bit about the naming
convention for managed properties. For more information about this, see About the naming convention for
automatically created crawled and managed properties.
Depending on your permission level, you can search for managed properties from three places:
Search service application administrator Central Administration --> Managed Service Application -->
Search Service Application --> Search Schema
Site collection administrator Site Settings --> Search Schema (in the Site Collection
Administration section)
Site collection owner Site Settings --> Schema (in the Search section)
2. On the Managed Properties page, in the Managed property field, type the name of the site column that
you want to find the managed property name of. Remember that managed property names don't contain
spaces. Therefore, if your site column name contains a space, leave it out.
In our Search Center scenario, we wanted to find the managed property name for the site column Content
Summary . We entered ContentSummary in the Managed property field, and clicked the green arrow
icon.
One search result was returned: ContentSummaryOWSMTXT .
Because the Content Summary site column is of type Multiple lines of text , we knew this was the
managed property name we wanted to use.
3. Repeat the steps of this procedure to find the names of all of the managed properties that you want to
display in your search results.
Now that you have found the names of the managed properties that you want to show in your search results, the
next step is to change the item display template.
![Add MPs](../media/OTCSP_AddMPs.png)
3. Inside the second <div> tag in the <body>, use the following syntax to add code that will display the value of
the custom managed property:
In our Search Center scenario, we added the following to the item display template:
NOTE
You don't have to do this step if you are using SharePoint Online. Go to Site settings --> Search Result Types.
Notice that a Property Sync alert is displayed.
This alert is displayed because we added managed properties to an item display template (what we did in
step 2). To update the result types with the newly added managed properties, click Update.
IMPORTANT
If you don't do this update, the newly added managed properties won't display in your search results.
After we made this change, when users entered a query in our Search Center, both the value of
ContentSummaryOWSMTXT and the value for owstaxIdTechnicalSubject were displayed in the search
results.
Even though two custom properties were now displayed in the search results, the result wasn't completely
right. For example, we wanted to display the two custom properties between the title and the link, and not
below the link as was currently the case.
To better understand why the search results were displayed the way that they were, let's take a closer look at the
customized item display template:
By working a bit more on the styling, you could have a good enough result. But, by deleting the reference to
_#=ctx.RenderBody(ctx)=#_ ,the Item_CommonItem_Body display template is no longer used to display results.
The Item_CommonItem_Body display template contains some functionality that will automatically improve the
relevancy of your classic search results. So, before you delete the _#=ctx.RenderBody(ctx)=#_ reference, you
should consider whether automatically improved relevancy is something that the users of your search site would
benefit from.
IMPORTANT
If you want your classic search results to receive automatically improved relevancy based on the click behavior of users, do
not delete the reference to _#=ctx.RenderBody(ctx)=#_ from the item display template.
In the next article, we'll explain how you can keep this reference, display custom properties between the title and
link in the classic search results, and also apply hit highlighting to your custom properties.
Next article in this series
How to display values from custom managed properties in search results - option 2 in SharePoint Server
How to display values from custom managed
properties in classic search results - option 2 in
SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
Strategy for killing three birds with one stone - search results version
First, let's state what we want to achieve:
Display values from two custom managed properties.
Apply hit highlighting to the two custom managed properties.
Get automatically improved relevancy for our classic search results.
Before we look at details about how to achieve these goals, let's look at the strategy we want to follow. If this gets a
bit complex, please try to hang in there. Hopefully it'll be clear by the end.
First, remember how we can think about hit highlighting:
1. The managed properties that are listed in the Hit-highlighted properties (JSON ) section of the Search
Results Web Part and the "magical summary" property are passed to the HitHighlightedProperties
property.
2. All values of the HitHighlightedProperties property are passed to the HitHighlightedSummary property.
3. A truncated version of the values in HitHighlightedSummary is displayed in the Search Results Web Part
with three dots at the end.
Also remember that each item display template contains a reference to the Item_CommonItem_Body display
template, and that this template contains an onlick method that will result in automatically improved relevance
based on the end-user's click behavior.
So our strategy is this: create variables in the item display template that will be passed on and rendered by the
Item_CommonItem_Body display template.
Specifically, that means that we have to do the following:
Add the custom managed properties that we want to display in our classic search results to the Hit-
highlighted properties in the Search Results Web Part.
Add the custom managed properties to an item display template.
In the item display template, create a variable that will be used by the property HitHighlightedSummary to
display our two custom managed properties with hit highlighting.
In the item display template, leave the reference _#=ctx.RenderBody(ctx)=#_ so that the
Item_ComonItem_Body display template will render the search result. This makes sure that we get
automatically improved relevancy.
OK, now let's take it step-by-step, with examples of how we did this for our Search Center scenario.
4. In the Hit-highlighted properties (JSON ) field, use the following format to add the custom managed
properties that you want to add hit highlighting to:
"<Managed property name>"
In our Search Center scenario, we wanted to apply hit highlighting to the ContentSummaryOWSMTXT and
the owstaxIdTechnicalSubject managed properties.
5. Select Apply to save the changes. This will close the Display Templates section.
6. Select Display Templates to reopen the section, and select Use result types to display items.
7. Click OK and save the page.
Next, you have to add the custom managed properties to an item display template. Here's what you should
do:
8. Open the item display template that belongs to the result type for which you want to customize search
results.
In our Search Center scenario, this was TechNet content .
9. In the item display template, in the ManagedPropertyMapping tag, use the following syntax to add the
custom managed properties that you want to display:
In our Search Center scenario, we wanted the values from the managed properties ContentSummaryOWSMTXT
and owstaxIdTechnicalSubject to be displayed in the search result. To make the file easier to maintain, we named
the current item properties the same as the managed properties.
Next, you have to create variables in the item display template that will be used and rendered by the
Item_Common_Item_Body display template. Here's what you should do:
10. Because you have no guarantee that the values of your custom properties will contain any of the entered
query words, that is, hit highlighting won't be used, you have to create variables that guarantee that that the
value of your custom properties will be displayed regardless of hit highlighting.
The following screen shots show how we created two such variables for our custom properties
ContentSummaryOWSMTXT and owstaxIdTechnicalSubject .
11. In addition, we added a similar variable for the Title property. If you don't add this, the search results won't
be rendered.
12. The last step that you have to do in the item display template is to create a variable that will override the
HitHighlightedSummary property used to display the values.
NOTE
You don't have to do this step if you are using SharePoint Online. Go to Site settings --> Search Result Types.
Notice that a Property Sync alert is displayed.
This alert is displayed because we added managed properties to an item display template (what we did in
step 9). To update the result types with the newly added managed properties, choose Update.
IMPORTANT
If you don't do this update, the newly added managed properties won't display in your search results.
After we made these changes, when users entered a query in the Search Center, the search result included:
1. A custom icon
2. The value of Title with hit highlighting
3. The value of ContentSummaryOWSMTXT with hit highlighting
4. The value of owstaxIdTechnicalSubject (The query words did not match the property value, but because of
the variable that we created in step 10, the value is displayed.)
5. A link to the item in the list
We wanted to make one little change to how the value for owstaxIdTechnicalSubject was displayed. We wanted to
give users a bit more context as to what this value represents. Therefore, we decided to add the text "Technical
Subject:" before the value. Also, because this value is not always present for all list items, we decided it should only
display when a value was present.
To do this, we made a change to the variable that overrides the HitHighlightedSummary property:
Notice that we added a slightly different color to the text "Technical Subject:". With this addition, the final search
result is displayed as follows:
In How to create a new result type in SharePoint Server, we had decided we wanted 6 different result types. After
creating the TechNet content result type and display template, it was very easy to copy this work over to the other
5 result types.
And here's the result:
So now that we have changed the way classic search results are displayed, the next step is to change the values
that are displayed in the hover panel.
Next article in this series
How to display values from custom managed properties in the hover panel in SharePoint Server
How to display values from custom managed
properties in the hover panel in SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
This may seem confusing now, but we'll show you all the the steps that are required in the next two sections. So
let's get started!
We wanted to use the Item_Default_HoverPanel hover panel display template as a basis when we added custom
properties to our hover panel. Therefore, in our mapped network drive, we copied the Item_Default_HoverPanel
display template
We only had to rename the HTML file, because the name of the associated JavaScript file was automatically
updated.
In the TechNet content display template, we changed the reference in var hoverUrl so that it pointed to the newly
copied and renamed TechNet_Content_HoverPanel display template.
In our Search Center scenario, we added four managed properties to the TechNet content item display template.
![Added MPs](../media/OTCSP_AddedMPs.png)
3. NOTE
You do not have to do this step if you are using SharePoint Online.
Go to Site settings --> Search Result Types. Notice that a Property Sync alert is displayed.
This alert is displayed because we have added new managed properties to an item display template (we did
this in step 2). To update the result types with the newly added managed properties, choose Update.
IMPORTANT
If you don't do the update, the newly added managed properties won't display in your hover panel.
4. Open the hover panel display template that you want to change, and use HTML to add the custom
properties that you want to display.
In our Search Center scenario, we opened the TechNet_Content_HoverPanel . The following screen shot
shows how we added our four custom properties.
But, we are not completely through yet. The values for Internal Writer and Submission Contact were displayed
differently. The screen shot might not show it clearly, but hopefully you can see that the value for Internal Writer
was displayed well, but the value for Submission Contact was very long and contained an ugly GUID.
Both these values come from a site column of type Person or Group. The difference is that in the site column
settings, Internal Writer is configured to show Name, whereas Submission Contact is configured to show Name
(with presence).
To make Submission Contact display correctly, we copied the HP.GetAuthorsHtml method that is used by the
Item_CommonHoverPanel_Body display template to display authors.
And now the hover panel was starting to look really good.
But to make the hover panel even more helpful, we wanted to add an action to the bottom of the hover panel. will
show how to do this this.
Next article in this series
How to add a custom action to the hover panel in SharePoint Server
How to add a custom action to the hover panel in
SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
To enable our visitors to do something with the search results, without having to leave the search results page, we
can add a custom action.
In our Search Center scenario, we wanted to add a custom action that opens the published article. For example, for
the search result "Customize search result types in SharePoint Server", we wanted to add an action that opens this
link:<need fwlink? /SharePoint/search/customize-search-result-types>
Because this URL is maintained in the list, we can add a custom action to the hover panel that will open the link.
How to display values from custom managed properties in the hover panel in SharePoint Server showed how the
hover panel actions are rendered by the Item_Common_HoverPanel_Actions display template. So, to add a
custom action, you have to edit this file.
But, similar to what we did when we added a custom property to the hover panel, you have to add the managed
property that you want to use in your custom action to the item display template.
Confused? Well, this is not easy. It takes a while to understand how things were connected. Let's go through it
step-by-step.
Here are the steps to add a custom action to the hover panel:
1. Find the managed property name of the site column that you want to use. How to display values from
custom managed properties in classic search results - option 1 in SharePoint Server showed how to do this.
2. In your mapped network drive, open an item display template. In the item display template, in the
ManagedPropertyMapping tag, use the following syntax to add the custom managed property:
In our Search Center scenario, we added the custom property we wanted to use to the TechNet content display
template.
3. NOTE
You don't have do this step if you are using SharePoint Online.
Go to Site settings --> Search Result Types. Notice that a Property Sync alert is displayed.
This alert is displayed because we have added a new managed property to an item display template (what
we did in step 2). To update the result types with the newly added managed properties, choose Update.
IMPORTANT
If you don't do the update, the newly added managed properties won't display in your hover panel.
4. Open the Item_Common_HoverPanel_Actions display template. See how the default actions are created,
and use JavaScript and HTML to add your custom action.
In our Search Center scenario, we looked at how the OPEN action ( #= editHmtl =# ) is created. Based on
that, we created a new action: #= viewHtml =#. The following screen shot shows what we did.
By doing a new search and hovering over a search result, we saw that our new custom action was displayed.
Nice!
So now that you know how to change the way your classic search results are displayed, there is one more thing we
should look at, and that is how you can change the text that is displayed in the Search Box Web Part.
Next article in this series
How to change the text that is displayed in the Search Box Web Part in SharePoint Server
How to change the text that is displayed in the
Search Box Web Part in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
How to change the text that is displayed in the Search Box Web Part
The following screen shot shows the default text that is displayed in the Search Box Web Part.
How to create a query rule that will change the order in which search
results are displayed
Depending on your permission level, you can create a query rule on three levels:
Search service application administrator To all site collections within the farm
To save space, we'll only show you how to create a query rule as a Site collection administrator.
1. Go to Site Settings --> Search Query Rules.
2. On the Manage Query Rules page, from the Select a Result Source menu, select the result source to
which the query rule should be applied.
5. In the Query Conditions section, specify the conditions that will trigger the query rule.
In our Search Center scenario, we wanted the query rule to be triggered every time that a user entered a
query. In other words, we didn't want the query rule to be triggered by a specific condition. Therefore, we
selected Remove Condition.
6. In the Actions section, specify what you want the query rule to do when it is triggered.
In our Search Center scenario, we selected Change ranked results by changing the query. This opened
a dialog box where we could define what we wanted the query rule to do.
7. We wanted to change the order of search result. Therefore, in the Build Your Query dialog box, we selected
the SORTING tab.
From the Sort by menu, we selected Rank.
From the Dynamic ordering section, we selected Add dynamic ordering rule.
When we now entered a search in the Search Center, we could see that articles were displayed at the top of the
search results list, and images were displayed at the bottom. Nice!
How do I know that the query rule's been applied?
In our Search Center scenario, we could easily verify that the query rule we created was being applied. But, if you
are uncertain about whether your query rule is being applied, the Search Results Web Part can give you an
answer.
Here are the steps to verify that a query rule is being applied:
1. On your search results page, select to edit the Search Results Web Part.
2. In the Web Part tool pane, select Change query.
3. In the Build Your Query dialog box, select the TEST tab, and then Show more.
4. In the {searchboxquery} field enter a query that you know should cause the query rule to be triggered,
and then select Test query.
In our Search Center scenario, we could verify that our query rule was working by looking at the following:
1. In the field Applied query rules, the name of our query rule, Demote art, was shown.
2. In the Query text section, XRANK was applied to ContentType:Art .
In the classic search experience of SharePoint Server we can easily create and upload a thesaurus that contains
synonyms for search phrases and acronyms. In this article, we'll use a simple example to show how to do this.
Suppose you have two documents in a library:
A Word document titled "Coffee"
A PowerPoint document titled "Cup of Joe"
When you search for coffee , the Word document is returned.
When you search for cup of joe , the PowerPoint document is returned.
For both documents to be returned when you search for either coffee or cup of joe , we can create a thesaurus.
4. On a new line in the text editor, enter a term or a phrase, a synonym for that term or phrase and a two letter
language code. Use commas to separate the phrases, for example Coffee,Cup of Joe,en .
This means that when users search for "Coffee", search results for both "Coffee" and "Cup of Joe" will be
returned.
5. Repeat step 3, but switch the order of Key and Synonym .
This means that when users search for "Cup of Joe," search results for both "Cup of Joe" and "Coffee" will
be returned.
6. Save the file as .csv with UTF-8 encoding.
Now that we've created our thesaurus, the next task is to import it to SharePoint Server.
1. On the server where SharePoint Server is installed, open a SharePoint Management Shell.
2. At the command prompt, enter the following command:
$searchApp = Get-SPEnterpriseSearchServiceApplication
Import-SPEnterpriseSearchThesaurus -SearchApplication $searchApp -Filename <Path>
That's it!
IMPORTANT
When you import a thesaurus, the existing thesaurus will be overwritten. If you want to add new phrases to our thesaurus,
you should add them to the thesaurus file we have already imported. You can't export a thesaurus file. Therefore, you should
maintain our thesaurus file in an external system, for example on a file share.
To verify that you thesaurus is working the way that you want it to, search for phrases from the thesaurus. In this
example scenario, two files were returned for both "coffee" and "cup of joe."
See also
Concepts
Create and deploy a thesaurus in SharePoint Server
Create and import query suggestions for the classic
search experience in SharePoint Server
6/19/2019 • 2 minutes to read • Edit Online
SharePoint Server automatically creates a query suggestion when users have clicked a search result for a query at
least six times. For example, if users have entered the query word "coffee" and then clicked on a search result six
times, then "coffee" automatically becomes a query suggestion. We can also create query spelling suggestions
manually. In this article, we'll use a simple example to show how to do this.
In this article, you'll learn:
How to create a query suggestions file
How to import a query suggestions file to SharePoint Server
How to import a query suggestions file to SharePoint Server
How to verify that your query suggestions are working
Now that you have a query suggestions file, the next task is to import it to SharePoint Server.
How to import a query suggestions file to SharePoint Online
1. From the Office 365 Admin menu, select SharePoint.
4. In the Language for suggestions phrases section, select the language of your query suggestions. In the
Always suggest phrases section, select Import from text file.
5. In the Text file that has phrases section, select Choose File, and import your query suggestions file.
IMPORTANT
When you import query suggestions, existing query suggestions are overwritten. If you haven't previously imported any
query suggestions, you have nothing to worry about. Automatically created query suggestions will not be overwritten when
you import new ones. But, if you want to import additional query suggestions, you should export the existing query
suggestions file, update it, and then reimport it.
3. On the Import phrases for query suggestions page, select Browse, and import your query suggestions
file.
IMPORTANT
When you import query suggestions, existing query suggestions are overwritten. If you haven't previously imported any
query suggestions, you have nothing to worry about. Automatically created query suggestions won't be overwritten when
you import new ones. But, if you want to import additional query suggestions, you should export the existing query
suggestions file, update it, and then reimport it.
See also
Concepts
Manage query suggestions in SharePoint Server
Other Resources
Customize query suggestions in SharePoint search
Changing the ranking of classic search results in
SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
Offload your users' personal storage to SharePoint Online with hybrid OneDrive for Business. Maximize the reach
of Search to get search results from both SharePoint Server and SharePoint Online. Extend access to Microsoft
Business Connectivity Services data and applications to the cloud. The following articles describe the currently
supported SharePoint hybrid options and configurations and will help you decide which hybrid solution you
should use to meet your business goals.
When you're done exploring, plan your hybrid deployment.
CONTENT DESCRIPTION
The building blocks of Office 365 hybrid This chalk talk video covers the major components of Office
365 hybrid. If you're considering a hybrid solution, watch this
video to learn more about how all the pieces fit together.
Minimum public update levels for SharePoint hybrid features Learn which SharePoint Server updates are required to enable
the various hybrid features.
SharePoint hybrid sites and search Learn about the available hybrid features related to sites and
search that can help create a cohesive user experience
between SharePoint Server and SharePoint Online.
Learn about cloud hybrid search for SharePoint Learn about cloud hybrid search, its advantages, and what
search experiences are available for your users.
Learn about hybrid federated search for SharePoint Learn about the different scenarios available for hybrid
federated search and what search experiences they enable for
your users.
Hybrid picker in the SharePoint Online admin center Learn about the hybrid picker configuration wizard and which
hybrid scenarios it enables.
See also
Concepts
Hybrid for SharePoint Server
The building blocks of Office 365 hybrid
6/7/2019 • 2 minutes to read • Edit Online
NOTE
Hybrid extranet B2B collaboration sites have no on-premises components and thus have no PU requirements.
With SharePoint hybrid features, you can consolidate search results between SharePoint Server and Office 365,
consolidate user profiles in Office 365, and offload your users' personal storage to the cloud. Except as noted, the
hybrid features discussed in this article are available for both SharePoint Server 2013 and SharePoint Server
2016.
NON-HYBRID HYBRID
OneDrive for Business OneDrive for Business is available in OneDrive links are provided in
Office 365 but there is no link to it from SharePoint Server which direct users to
SharePoint Server. If you've deployed OneDrive for Business in Office 365.
MySites, users may have a second (See Plan hybrid OneDrive for Business
OneDrive for Business in SharePoint for detailed information.)
Server.
Site following The followed sites list in Office 365 Followed sites from both locations are
tracks followed SharePoint Online sites. consolidated in the SharePoint Online
If you've deployed MySites, a second followed sites list. SharePoint Server
followed sites list in SharePoint Server links to the followed sites list redirect
tracks followed SharePoint Server sites. users to the SharePoint Online followed
sites list.
(See Hybrid site following for detailed
information.)
Document following If you've deployed MySites, the Hybrid document following is not
followed documents list in SharePoint available. If you use hybrid OneDrive
Server tracks followed SharePoint for Business, the SharePoint Server
Server documents. followed documents list will be hidden
from users. (Note that if you configure
hybrid search and you have Delve, you
can favorite SharePoint Server
documents.)
NON-HYBRID HYBRID
Profiles Users have separate profiles in Profiles exist in both locations, but
SharePoint Server and in Office 365. SharePoint Server links to users' profiles
redirect profiles in Office 365.
(See Plan hybrid profiles for detailed
information.)
Extensible app launcher Users see a different app launcher in There are still separate app launchers,
Office 365 and in SharePoint Server. but the SharePoint Server app launcher
includes several tiles from Office 365.
(See The extensible hybrid app launcher
for detailed information.)
Hybrid self-service site creation Users see separate self-service site Users going to the default SharePoint
creation experiences in SharePoint Server site creation page are redirected
Server and SharePoint Online, as to the SharePoint Online Group
configured by the administrator. Creation page, allowing them to create
sites in SharePoint Online.
(See Hybrid self-service site creation for
detailed information.)
Search Separate search indexes and search Search results between the two
centers for SharePoint Server and Office locations are combined in one of two
365. Users must search from ways. Cloud hybrid search crawls on-
SharePoint Server to find items stored premises content and indexes it in the
there and they must search form Office search index in Office 365. Users can
365 to find items stored there. search the Office 365 index from either
location. Hybrid federated search
combines search results from each
search index in a single search center.
(See Hybrid search in SharePoint for
detailed information.)
What is redirection?
Many of the SharePoint hybrid features make use of a technique called redirection. With redirection, when users
attempt to access a service in SharePoint Server using site navigation, they are automatically redirected to the
equivalent service in Office 365.
For example, in a non-hybrid environment, when a user clicks OneDrive on a SharePoint Server site, they are
taken to their SharePoint Server OneDrive for Business location. With hybrid OneDrive for Business, when a user
clicks OneDrive, they are taken to OneDrive for Business in Office 365.
Hybrid OneDrive for Business, hybrid site following, and hybrid profiles all use redirection to send users from on-
premises SharePoint Server to the equivalent service in Office 365. The on-premises SharePoint Server services
continue to function in the background and are accessible by users if they've bookmarked the URL.
When redirection is used, existing data in SharePoint Server is not automatically migrated to the equivalent Office
365 service. Documents in OneDrive for Business and user profile information have to be manually migrated for
each user, and SharePoint Server followed sites will have to be re-followed.
Site following X
Profiles X X
*In SharePoint Server 2016, the extensible app launcher is part of hybrid sites features. In SharePoint Server
2013, it requires the July 2016 PU and is enabled separately from hybrid sites features by using Windows
PowerShell.
With hybrid federated search, search results come from two indexes. A search center in for example SharePoint
Online in Office 365 displays and ranks results in two result blocks. SharePoint Online displays and ranks search
results from Office 365 content, but uses the ranking from SharePoint Server 2013 for search results from on-
premises content and displays these search results in the order that they arrive.
See also
Concepts
Plan hybrid federated search for SharePoint Server
Other Resources
Learn about cloud hybrid search for SharePoint
Plan cloud hybrid search for SharePoint
Learn about hybrid federated search for SharePoint
Learn about cloud hybrid search for SharePoint
6/7/2019 • 9 minutes to read • Edit Online
A search center displays and ranks results from the Office 365 search index in one result block and calculates
search relevance ranking and refiners for all your results, regardless of whether the results come from on-
premises or Office 365 content.
It's the metadata for the content that's indexed, and this metadata is encrypted when it's transferred to the search
index in Office 365, so the on-premises content remains secure. If you've synchronized Active Directory (AD )
between your on-premises network (Windows Server Active Directory) and your Office 365 tenant (Windows
Azure Active Directory), Office 365 alters the document permissions that refer to on-premises users, so they refer
to the corresponding Office 365 users. Users only see search results for content they have access to.
Learn more:
What are the benefits
Which search experiences can you offer with cloud hybrid search?
Where do you manage cloud hybrid search?
How does cloud hybrid search work?
Which search experiences can you offer with cloud hybrid search?
When you've set up cloud hybrid search and a full crawl of the on-premises content has completed, the search
center in Office 365 automatically shows hybrid results from your Office 365 index.
Other searches
Search verticals - Search verticals narrow search results to a specific set of content, for example to show only
videos. If you currently use a search vertical in a search center in SharePoint Server, you have to recreate it in your
search center in SharePoint Online in Office 365.
Site search - Your existing search in document libraries in SharePoint Server stops returning results when you
move your search index to Office 365. Search is fastest when users use search centers that are in the same
environment as the search index, so searching from an Office 365 search center gives a better experience. If your
users need results from the Office 365 search index in on-premises SharePoint sites, such as in existing Team Sites
in SharePoint Server 2010 or SharePoint Server 2013, you can set up search in SharePoint Server to show hybrid
results from your Office 365 index. Because SharePoint Online in Office 365 processes your queries, your users
have to use the query syntax that SharePoint Online supports. Learn more in Show results from Office 365 in on-
premises SharePoint with cloud hybrid search.
eDiscovery search - You might have to set up eDiscovery separately in SharePoint Server and in SharePoint
Online in Office 365.
Cross-site publishing search - Cross-site publishing isn't available with cloud hybrid search.
Display options for search results
Previews - When a user hovers over a search result that comes from Office 365, information about the content as
well as a preview of the content is displayed. Information about the content from search results that come from
on-premises is displayed automatically, but you have to set up display of previews for this content.
Custom security trimming - Custom security trimming isn't available with cloud hybrid search because
SharePoint Online in Office 365 doesn't support custom security trimming.
Search features that work differently with cloud hybrid search
Best bets - Best bets is a SharePoint Server 2010 feature. Use query rules in SharePoint Online in Office 365
instead.
Custom search scopes - Custom search scopes is a SharePoint Server 2010 feature. Use result sources in
SharePoint Online in Office 365 instead.
Promotion/demotion of search results - Promotion/demotion of search results is a SharePoint Server 2010
feature. Use result sources in SharePoint Online in Office 365 instead.
Removal of on-premises search results - In Central Administration in SharePoint Server you can select a
Search service application and use the option "Index reset" to remove all content from the search index. This
option does not work for cloud hybrid search because there is no direct communication between the cloud Search
service application in SharePoint Server 2013 or SharePoint Server 2016 and the search index in Office 365. If
you only want to remove some on-premises metadata from the Office 365 search index, remove that on-premises
content source, or create a crawl rule that doesn't crawl the URL of a file. If you need to remove all metadata from
on-premises content from the search index in Office 365, open a ticket with Microsoft Support.
Usage reports - Usage reports are based on information about the crawled content and user actions on the
SharePoint site. The cloud Search service application in SharePoint Server 2013 or SharePoint Server 2016
doesn't communicate with the usage analytics in SharePoint Online, so usage reports in SharePoint Online don't
contain information about user actions on sites in SharePoint Server 2013 or SharePoint Server 2016.
Search features that aren't available with cloud hybrid search
Multi-tenancy on a SharePoint Server 2013 or SharePointServer 2016 farm - One SharePoint Server 2013
or SharePoint Server 2016 farm can only attach to one tenant in SharePoint Online in Office 365, therefore
SharePoint Online can't preserve the tenant isolation in a multi-tenant SharePoint Server 2013 or SharePoint
Server 2016 farm.
Custom entity extraction - Custom entity extraction isn't available with cloud hybrid search because SharePoint
Online in Office 365 doesn't support custom entity extraction.
Content enrichment web service - The content enrichment web service call-out is not available with cloud
hybrid search because SharePoint Online in Office 365 doesn't support custom enrichment web service.
Thesaurus - Thesauruses aren't available with cloud hybrid search because SharePoint Online in Office 365
doesn't support thesauruses.
On-premises content (1) is crawled by the crawler in the cloud SSA (2) and pushed to the search index in
Office 365 (3).
Users enter a query (4) in the SharePoint Online Search Center, the query is sent to the search index in
Office 365 (3), and results are returned to the SharePoint Online Search Center (4).
If necessary, you can set up site search in SharePoint Server 2013 or SharePoint Server 2016 to get search
results from your search index in Office 365. Users enter a query in an on-premises site search box (5) and
the query is sent via the server with the cloud SSA (2) to the search index in Office 365 (3). Results are
returned via the server with the cloud SSA (2) to the on-premises site search box (5).
See also
Concepts
Configure cloud hybrid search - roadmap
Other Resources
Plan cloud hybrid search for SharePoint
Hybrid search in SharePoint
Learn about hybrid federated search for SharePoint
6/7/2019 • 4 minutes to read • Edit Online
The Search Centers display results from the environments in two separate result blocks. Each Search Center
displays and ranks search results from its own environment and uses ranking from the other environment for the
other environment's search results. Let's use the Search Center in SharePoint Online in Office 365 as an example.
This Search Center displays and ranks search results from the search index in Office 365, but for search results
from the search index in SharePoint Server this Search Center uses the ranking from SharePoint Server and
displays these search results in the order that they arrive.
If you've synchronized Active Directory (AD ) between your on-premises network (Windows Server Active
Directory) and your Office 365 tenant (Windows Azure Active Directory), Office 365 alters the document
permissions that refer to on-premises users, so they refer to the corresponding Office 365 users, and the other
way around. Users only see search results for content they have access to.
Show search results from SharePoint Online in a Search Center in SharePoint Server. This is the simplest scenario
to set up because an outbound connection doesn't require a reverse proxy device.
Hybrid federated search results in SharePoint Online
Show search results from SharePoint Server in a Search Center in SharePoint Online. This scenario requires a
reverse proxy device, see Display hybrid federated search results in SharePoint Online.
Hybrid federated search from both SharePoint Server and SharePoint Online
Show search results from both environments in Search Centers both in SharePoint Online and SharePoint Server.
This scenario requires a reverse proxy device, see Display hybrid federated search results in SharePoint Server
and Display hybrid federated search results in SharePoint Online.
IMPORTANT
If you have some on-premises content that's highly sensitive and shouldn't be indexed outside your on-premises network
due to regulatory or legal or geopolitical constraints, there are several approaches to achieve this such as using crawler
exclusion rules or a separate Search service application for that content.
IMPORTANT
The Hybrid Picker wizard must be launched from an on-premises server with SharePoint Server 2013 or SharePoint Server
2016 installed. Launch it in the environment you want to use for your SharePoint hybrid.
TIP
If the Hybrid Picker is run a second time with an enabled feature unchecked, this will not cause the feature to be uninstalled.
Any additional selections will be installed and previously installed features will remain.
For all options, the hybrid picker configures a server-to-server trust between your SharePoint Server farm and
Office 365.
Note that the hybrid picker does not uninstall features. If you run the hybrid picker and deselect a feature that you
previously installed, it will remain installed.
To get started configuring hybrid features for your environment, choose from the following:
Configure hybrid OneDrive for Business - roadmap
Configure hybrid sites features - roadmap
Configure cloud hybrid search - roadmap
Configure hybrid SharePoint taxonomy and hybrid content types
See also
Other Resources
You receive the error "Value cannot be null. Parameter name: My site URL or team site URL from Discovery
Service is null or empty" when you use the SharePoint Hybrid Picker
Plan SharePoint Server hybrid
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Plan hybrid SharePoint taxonomy and hybrid content types Learn about how hybrid taxonomy and content types give
you a single taxonomy and set of content types that you can
share between SharePoint Server and SharePoint Online.
Plan hybrid OneDrive for Business Use this article to plan for using OneDrive for Business in
SharePoint Online for your users' personal storage.
Plan cloud hybrid search for SharePoint Learn how to plan for cloud hybrid search.
Plan hybrid profiles Learn about hybrid profiles and your options for tying in
external profile information.
The extensible hybrid app launcher Learn how the hybrid extensible app launcher can bring Office
365 tiles to SharePoint Server.
Hybrid site following Learn how hybrid site following give you a single followed
sites list for SharePoint Server and SharePoint Online.
Plan server-to-server authentication Use this article to plan for server-to-server authentication,
which is required for all hybrid scenarios except hybrid
OneDrive for Business.
Plan hybrid federated search for SharePoint Server Learn how to plan for hybrid federated search in SharePoint
Server.
Plan connectivity from Office 365 to SharePoint Server Learn how to plan for connectivity from SharePoint Online to
SharePoint Server through a reverse proxy device.
Plan hybrid SharePoint taxonomy and hybrid
content types
6/7/2019 • 3 minutes to read • Edit Online
IMPORTANT
Farm Administrators can modify Term Groups on-premises. These changes will not replicate to SharePoint Online. It is
important that Farm Administrators be notified to not make changes on-premises.
You also have the option of installing hybrid content types. This feature propagates updates to your SharePoint
Online content types to your SharePoint Server site collections.
Prerequisites
Hybrid SharePoint taxonomy and hybrid content types are available in SharePoint Server 2013 and SharePoint
Server 2016 with the following SharePoint updates:
Hybrid taxonomy requires the November 2016 public update or later.
Hybrid content types requires the June 2017 public update or later.
Configuration of both features uses the Hybrid Picker in the SharePoint Online admin center, which also has a
number of prerequisites. Be sure to read Hybrid picker in the SharePoint Online admin center as you plan your
hybrid SharePoint taxonomy rollout.
The functionality and configuration procedures are the same for both versions of SharePoint Server.
As with all hybrid scenarios, hybrid SharePoint taxonomy and hybrid content types both rely on your user
accounts being synchronized between SharePoint Server and SharePoint Online, though users whose accounts
are not synchronized can still use the replicated and local term sets on-premises.
Get set up
To get started configuring hybrid SharePoint taxonomy and hybrid content types, be sure you've reviewed the
prerequisites for the Hybrid Picker, and then read Configure hybrid SharePoint taxonomy and hybrid content
types.
See also
Other Resources
TechNet Forums - Hybrid Taxonomy
Plan hybrid OneDrive for Business
6/7/2019 • 2 minutes to read • Edit Online
How it works
With hybrid OneDrive for Business your users can:
Store personal files they are working on in the cloud, and access these files even when they aren't signed
in to your corporate network.
Access these files on devices such as iPhones, Windows Phones, tablets, and so on.
Share and collaborate on documents with others in your organization or with external users by using
guest links.
As an IT pro, you can:
Provide cloud storage for your users.
Add storage for your users in the cloud in 25-100 gigabytes (GB ) increments, as needed.
Continue to provide SharePoint features as usual in your on-premises farm.
Things to keep in mind
To avoid user confusion, keep the following in mind when you turn on hybrid OneDrive for Business:
When you turn on this feature, your users will be directed to OneDrive for Business in Office 365 when
they click OneDrive in SharePoint Server. Be sure to plan to migrate your users' content from their old
SharePoint Server OneDrive for Business to the new one in Office 365.
Because there's no direct link between OneDrive for Business in SharePoint Server and OneDrive for
Business in Office 365, users' Shared with me lists in Office 365 won't display documents that have been
shared with them from on-premises SharePoint Server.
Getting started
In SharePoint Server 2013 and SharePoint Server 2016, hybrid OneDrive for Business is available as part of
several hybrid option bundles. See Hybrid sites features and OneDrive for Business for details.
Hybrid OneDrive for Business is also available with SharePoint Server 2010. See Configure hybrid OneDrive for
Business in SharePoint Server 2010 for details.
Plan cloud hybrid search for SharePoint
6/7/2019 • 14 minutes to read • Edit Online
1The number of CPU cores is specified here, not the number of CPU threads.
In addition to the above:
Make sure that each host server has enough disk space for the base installation of the Windows Server
operating system and for the SharePoint Server program files. The host server also needs free hard disk
space for diagnostics such as logging, debugging, and creating memory dumps, for daily operations, and
for the page file. Normally, 80 GB of disk space is enough for the Windows Server operating system and
for the SharePoint Server program files.
Add storage for the SQL log space for each database server. If you don't set the database server to back up
the databases often, the SQL log space uses lots of storage. For more information about how to plan SQL
databases, see Storage and SQL Server capacity planning and configuration (SharePoint Server).
Plan storage performance for cloud hybrid search
The way you decide to distribute data from the search components and from the operating system across your
storage, has an impact on search performance. It's a good idea to:
Split the Windows Server operating system files, the SharePoint Server program files, and diagnostics logs
across three separate storage volumes or partitions with normal performance.
Store the search component data on a separate storage volume or partition with high performance.
TIP
You can set a custom location for search component data when you install SharePoint Server on a host. Any search
component on the host that needs to store data, stores it in this location. To change this location later, you have to reinstall
SharePoint Server on that host.
Make sure that the storage you have is fast enough to handle the traffic from the search components and
databases. The crawl database is the only component in the search architecture for cloud hybrid search with IOPS
requirements. The crawl database requires medium to high IOPS, and the typical load on a I/O subsystem is 10
IOPS per 1 document per second (DPS ) crawl rate.
Learn about the search topology for cloud hybrid search
The search topology of the cloud SSA consists of the same types of search components and databases as the
search topology of a standard SSA in SharePoint Server 2013 or SharePoint Server 2016. But there are some
differences.
Unused search components and databases in cloud hybrid search - In cloud hybrid search, it's Office 365
that processes the content, stores the index, and processes analytics. The cloud SSA doesn't use its own content
processing component, index component, analytics processing component, links database, or analytics database.
These components and databases are idle.
Interaction between search components and databases in cloud hybrid search - Search components and
databases interact differently in the search topology of the cloud SSA compared to the search topology of a
standard SSA:
1. The crawl component gets content from your on-premises farm and sends this content to the search index
in Office 365. It uses connectors to interact with the content sources, and uses the crawl database to store
both temporary and historical information about the items it crawls, just like a regular crawl component.
2. The search administration component runs system processes that are essential to search, just as for a
standard SSA.
3. We recommend running all searches from Office 365, as cloud hybrid search is optimized for this. But, you
can set up site search in SharePoint Server to get search results from your search index in Office 365. If you
set up search in an on-premises site collection to query your Office 365 index, this query processing
component passes queries from the search box to the Office 365 index, and results from the Office 365
index to the search box.
Plan content sources for the cloud Search service application (cloud SSA) in SharePoint Server that cover
all on-premises content except the sensitive content. The metadata for the crawled content is added the
search index in Office 365.
Plan enterprise search in SharePoint Server to crawl the sensitive, on-premises content, see Plan search in
SharePoint Server. Plan content sources for the SSA that cover the sensitive content. The metadata from
the crawled, sensitive content is added to the search index in SharePoint Server.
If your users need results from the Office 365 search index in on-premises SharePoint sites, plan hybrid
federated search from SharePoint Server to display search results from the search index in SharePoint
Server and from the search index in Office 365, see Plan hybrid federated search for SharePoint Server.
1. On-premises content. During crawl, metadata from this content is added to the Office 365 search index.
2. Office 365 content. During crawl, metadata from this content is added to the Office 365 search index.
3. Default (or existing) Office 365 Search Center. You create a custom result source for this Search Center,
which limits search results to show only Office 365 content. .
4. New Office 365 Search Center, where you validate and tune how hybrid search results are shown. This
Search Center uses the default result source and shows search results from both on-premises and Office
365 content. You set up access so only testers and administrators have access to this site.
NOTE
Although you can keep the original search experience unchanged while tuning, you can't keep the original Office Delve
experience unchanged. When metadata from on-premises content is in the Office 365 search index, Delve will display this
content.
Related Topics
Learn about cloud hybrid search for SharePoint
Configure cloud hybrid search - roadmap
Hybrid search in SharePoint
Plan hybrid profiles
6/11/2019 • 2 minutes to read • Edit Online
See also
Other Resources
About user profiles in SharePoint Online
The extensible hybrid app launcher
6/7/2019 • 2 minutes to read • Edit Online
If your existing web application is not configured to use Integrated Windows authentication using NTLM, you
must either create a web application or extend your existing web application and configure it to use Integrated
Windows authentication using NTLM.
If you have to create a new web application to configure for hybrid functionality, you have two choices:
Extend an existing web application to connect to an existing content database. This creates a new
website in Internet Information Services (IIS ) with a unique URL and authentication configuration. The
extended web application can be used to access the same site collections and content as the original web
application by using the new URL.
This is the best choice if you want users to go to an enterprise search portal in an existing site collection to
use hybrid search.
Create a new web application and a new content database. This creates a new web application that
has a new, empty content database in which you can create a new site collection with an enterprise search
portal.
This is the best choice if you want users to go to an enterprise search portal in a new site collection to use
hybrid search.
Integrated Windows authentication using NTLM is required to allow the SharePoint Authentication service to pass
user claims to SharePoint Online using OAuth.
Plan hybrid federated search for SharePoint Server
6/7/2019 • 10 minutes to read • Edit Online
IMPORTANT
If there is content in SharePoint Server that you don't want users of SharePoint Online to be able to view due to regulatory
or legal or geopolitical constraints, then you should not set up any hybrid federated search in SharePoint Online that could
return results that include that SharePoint Server content. For more information, see Delete items from the search index or
from search results in SharePoint Server.
See also
Concepts
Configure hybrid federated search from SharePoint Server to SharePoint Online - roadmap
Configure hybrid federated search from SharePoint Online to SharePoint Server - roadmap
Plan connectivity from Office 365 to SharePoint
Server
6/7/2019 • 13 minutes to read • Edit Online
For security reasons, store the worksheet and the build log in a security-enhanced place, such as a secured file
share or SharePoint document library, and grant permissions only to administrators who are involved in the
deployment process and must know this information.
IMPORTANT
If you configure internal URLs to access a web application during the deployment process, make sure that you also
create A records for those URLs in the intranet DNS forward lookup zone, and record them on the worksheet.
TIP
Regardless of how many hybrid solutions that you plan to configure, you typically will use only one primary web
application. You don't have to create extra primary web applications for each additional hybrid solution.
Both the primary web application and a single site collection within the primary web application must be
configured to accept inbound connections from SharePoint Online.
The SharePoint administrator associates the services and connection objects that are needed to support the
hybrid solutions that are being deployed with the primary web application. Outbound connections can be made
from any on-premises SharePoint Server web application by using the feature-specific configurations.
A SharePoint Server web application is composed of an Internet Information Services (IIS ) website that acts as a
logical unit for the site collections that you create. Each web application is represented by a different IIS website
that has a unique or shared application pool, that has a unique public URL, and that can also be configured to use
up to five internal URLs using Alternate Access Mapping (AAM ). A given web application is associated with a
single content database and is configured to use a specific authentication method to connect to the database.
Multiple web applications can be configured to use different authentication methods, and optionally AAMs, to
provide access to a single content database.
A web application's public URL is always used as the root URL in all links to sites and content accessed through
the web application. Consider a web application with the public URL https://spexternal.adventureworks.com
that has an internal URL https://sharepoint configured in AAM. When you browse to the internal URL
https://sharepoint, SharePoint Server returns the website with the URL https://spexternal.adventureworks.com,
and all links within the site will have URLs based on that path.
Alternate access mapping (AAM ) is needed only when you are configuring inbound connectivity using a path-
based site collection with a public URL that is different than the external URL. AAM lets you associate the
external URL with the internal URL of a SharePoint site inside your organization. This enables SharePoint Server
to route requests for internal URLs configured in AAM to the corresponding primary web application.
For more information about claims-based web applications, see Create claims-based web applications in
SharePoint Server.
For more information about how to extend a web application, see Extend claims-based web applications in
SharePoint.
For more information about site collections, see Overview of sites and site collections in SharePoint Server.
Choose a site collection strategy
Before you decide to use an existing web application or create a new one, you must understand the configuration
requirements that the web application and site collection must meet to support hybrid functionality. Use the
information in this section to determine your strategy for creating a new web application and site collection or to
determine whether a site collection in an existing web application can be used in your hybrid environment.
The following figure shows the decision flow for determining your site collection strategy.
Requirements for hybrid web applications
Web applications used for hybrid functionality must meet all these requirements:
The public URL of the web application must be identical to the External URL.
The OAuth protocol provides user authorization in SharePoint hybrid solutions. The Host request header
in all SharePoint Online communications to SharePoint on-premises contains the URL to which the
request was originally sent. To authenticate inbound requests from SharePoint Online, the on-premises
SharePoint Authentication service must be able to match this URL in all traffic from SharePoint Online to
the public URL of the primary web application. This is the External URL. One advantage of using a host-
named site collection for SharePoint hybrid environments is that you can configure a host-named site
collection to use the same URL as the External URL. This eliminates the need to configure Alternate
Access Mapping.
The web application must be configured to use Integrated Windows authentication using
NTLM.
Integrated Windows authentication using NTLM is required for web applications that are deployed in
scenarios that support server-to-server authentication and app authentication. For more information, see
Plan for server-to-server authentication in SharePoint Server.
NOTE
Although this is a web application requirement, it is listed here because it applies only to environments that
have host-named site collections.
Your on-premises DNS server has to be configured with split DNS. You need to create a forward
lookup zone for the Public Internet domain that you used for your public URL and an A (host)
record in the forward lookup zone that has the IP address of the SharePoint Server server and the
host name of your External URL.
IMPORTANT
The reverse proxy device must be able to resolve host names in this forward lookup zone to relay inbound
requests to the SharePoint Server farm.
Path-based site collections
If the public URL is identical to the External URL:
Your on-premises DNS server must be configured with split DNS. You need to create a forward
lookup zone for the Public Internet domain you used for your public URL and an A record in the
forward lookup zone that has the IP address of the SharePoint Server server and the host name of
your External URL.
IMPORTANT
The reverse proxy device must be able to resolve host names in this forward lookup zone to relay inbound
requests to the SharePoint Server farm.
This is an easy way to configure a web application for a SharePoint hybrid. The goal is to match the
Public URL field of the new web application to the URL of the public-facing endpoint on the
reverse proxy, which is also known as the External URL.
If the public URL is different from the External URL:
You need to configure an alternate access mapping (AAM ) to relay inbound requests from
SharePoint Online.
Extend the primary web application and use the External URL as the Public URL. Then create an
Internal URL (via Add Internal URLs) in the same security zone as the extended web application
to use as a bridging URL. You will also configure the reverse proxy device to relay inbound requests
from SharePoint Online to this bridging URL.
Remember, alternate access mapping (AAM ) is needed only when you are configuring inbound
connectivity using a path-based site collection with a public URL that is different than the external
URL.
NOTE
Remember that the External URL is the URL of the Internet-facing endpoint of the reverse proxy device.
If you decide to create a new web application, we will direct you on how to do this when you are configuring the
hybrid topology.
NOTE
If you choose to help secure your on-premises SharePoint farm with SSL, you will also need an SSL certificate for the
primary web application. There are no hybrid-specific considerations for this certificate, so you can follow the general best
practices for configuring SharePoint Server with SSL.
NOTE
"Secure Channel" is not a class of certificate; we use the term as a way to differentiate this particular certificate from other
SSL certificates used in the environment.
IMPORTANT
Wildcard certificates can secure only a single level of a DNS namespace. For example, if your external URL is
https://spexternal.public.adventureworks.com, the subject of your wildcard certificate must be
*.public.adventureworks.com, not *.adventureworks.com.
In scenarios where SharePoint Online is configured to request information from SharePoint Server, an SSL
certificate is required to do the following:
Encrypt traffic over the security channel.
Enable the reverse proxy device to authenticate inbound connections using Certificate Authentication.
Allow SharePoint Online to identify and trust the external endpoint.
During deployment, you'll install the SSL certificate both on the reverse proxy device and in a SharePoint Online
Secure Store target application. You will configure this when you configure the hybrid environment
infrastructure.
Get a Secure Channel SSL certificate
Get a Secure Channel SSL wildcard or SAN (Subject Alternative Name) certificate for your on-premises public
domain from a well-known certificate authority, such as DigiCert, VeriSign, Thawte, or GeoTrust.
NOTE
This certificate must support multiple names and must be at least 2048 bits. > The Subject or Subject Name field of the
certificate must contain a wildcard entry of the domain name in the External URL. For example, if your external URL is
https://spexternal.public.adventureworks.com, the subject of your wildcard certificate should be
*.public.adventureworks.com. > Certificates typically expire at one-year intervals. So it's important to plan in advance for
certificate renewals to avoid service interruptions. SharePoint Administrators should schedule a reminder for certificate
replacement that gives you enough lead-in time to prevent a work stoppage.
Next steps
At this point, you should have completed filling out the required worksheet for inbound connectivity and be
ready to start the configuration process. Your next step is to choose a configuration roadmap.
Install and configure SharePoint Server hybrid
6/7/2019 • 2 minutes to read • Edit Online
Certificate requirements
The default STS certificate in the SharePoint farm is used by the hybrid picker to establish the token signing trust
when configuring hybrid workloads. Using the inbuilt STS certificate is the recommended approach when
configuring hybrid workloads. If however, you intend to use a publicly signed certificate instead of the inbuilt STS
one then you must replace the inbuilt certificate with your own following the provided guidance.
For more information, see Replace the STS certificate.
Certificate requirements
This section describes the certificates you'll need to configure a inbound connectivity from Office 365 to
SharePoint Server.
About the Secure Channel SSL certificate
This certificate provides authentication and encryption between the reverse proxy device and Office 365. It must
be either a wildcard or a SAN certificate and be issued by a public root certification authority. For more
information, see About Secure Channel SSL certificates and Get a Secure Channel SSL certificate.
About the on-premises SharePoint SSL certificate
If you'll configure your primary web application to use SSL (which is the web application on the on-premises
SharePoint farm that's configured for hybrid), you'll have to bind an SSL certificate to the primary web application.
If this web application already exists and is configured for SSL, you're ready to go. Otherwise you have to either
obtain or create one for this purpose. For production environments, this certificate should be issued by a public
certification authority (CA). For test and development environments, it can be a self-signed certificate.
For more information, see Plan SSL certificates.
Supported reverse proxy devices
The following table lists the currently supported reverse proxy devices for SharePoint Server hybrid deployments.
This list will be updated as new devices are tested for supportability.
Windows Server 2012 R2 with Web Configure Web Application Proxy for a Web Application Proxy (WA-P) is a
Application Proxy (WA-P) hybrid environment Remote Access service in Windows
Server 2012 R2 that publishes web
applications that users can interact with
from many devices.
> [!IMPORTANT]> To use Web
Application Proxy as a reverse proxy
device in a hybrid SharePoint Server
environment, you must also deploy AD
FS in Windows Server 2012 R2. Earlier
versions of Windows don't support
Web Application Proxy
Forefront Threat Management Gateway Configure Forefront TMG for a hybrid Forefront TMG 2010 is a
(TMG) 2010 environment comprehensive, secure, web gateway
solution that provides secure reverse
proxy functionality.
Note that Forefront TMG 2010 is no
longer sold by Microsoft but will be
supported through 4/14/2020. For
more information, see Microsoft
Support Lifecycle information for
Forefront TMG 2010.
F5 BIG-IP Enabling SharePoint 2013 Hybrid This is external content that's managed
Search with the BIG-IP by F5 Networks.
TIP
No ports other than TCP 443 have to be opened on the external reverse proxy endpoint to support hybrid
connectivity.
NOTE
This table does not include service accounts, which may have specific requirements for service applications and features in
certain SharePoint Server hybrid solutions. For more information about the requirements for each supported solution, see
the solution configuration articles at Configure a hybrid solution for SharePoint Server.
Global Administrator Office 365 and Azure Active Directory Use an Office 365 work account that
has been assigned to the Global
Administrator role for Office 365
configuration tasks such as configuring
SharePoint Online features, running
Azure AD and SharePoint Online
PowerShell commands, and testing
SharePoint Online.
CONTENT DESCRIPTION
Configure hybrid OneDrive for Business - roadmap With hybrid OneDrive for Business, users will be redirected
to OneDrive for Business in Office 365 when they click the
OneDrive link in SharePoint Server.
Configure hybrid sites features - roadmap With hybrid sites features, you can integrate parts of your
site navigation between SharePoint Server and Office 365 for
enterprises.
Configure cloud hybrid search - roadmap With cloud hybrid search, you have a single search index in
Office 365 for enterprises with content from SharePoint
Server and SharePoint Online.
Configure hybrid federated search from SharePoint Server to With outbound hybrid search, users will be able to see
SharePoint Online - roadmap search results from Office 365 for enterprises when they
perform a search in SharePoint Server.
Configure hybrid federated search from SharePoint Online With inbound hybrid search, users will be able to see search
to SharePoint Server - roadmap results from SharePoint Server when they perform a search
in Office 365 for enterprises.
Configure hybrid Business Connectivity Services - roadmap With hybrid Business Connectivity Services (BCS), you can
leverage your existing BCS solutions to allow connections to
your SharePoint Server data sources from SharePoint Online.
See also
Concepts
Plan SharePoint Server hybrid
Configure hybrid OneDrive for Business - roadmap
6/7/2019 • 2 minutes to read • Edit Online
STEP DESCRIPTION
1. Configure Office 365 for SharePoint hybrid Configure your Office 365 tenant for a hybrid environment,
including registering your domain, configuring UPN suffixes,
and synchronizing your user accounts.
2. Set up SharePoint services for hybrid environments Configure the needed SharePoint services for hybrid search,
including User Profiles, MySites, and the Application
Management service.
3. (SharePoint Server 2013 only)Install Service Pack 1 Be sure you've installed at least Service Pack 1 on your
for SharePoint Server 2013 SharePoint Server 2013 farm or the OneDrive for Business
redirect option will not be available.
4. Redirect OneDrive for Business users to Office 365 Configure hybrid OneDrive for Business in the SharePoint
Central Administration website.
5. Quick test Check to make sure OneDrive for Business is being redirected
to Office 365:
Log in to a SharePoint Server as a regular user. (Be sure you're
a member of the correct audience if you used audiences.)
Click OneDrive in the app launcher.
The URL in the browser address bar should change from that
of your on-premises farm, to the personal site URL of
SharePoint Online.
See also
Concepts
Hardware and software requirements for SharePoint hybrid
Accounts needed for hybrid configuration and testing
Configure hybrid sites features - roadmap
6/7/2019 • 2 minutes to read • Edit Online
STEP DESCRIPTION
1. Configure Office 365 for SharePoint hybrid Configure your Office 365 for enterprises tenant for a hybrid
environment, including registering your domain, configuring
UPN suffixes, and synchronizing your user accounts.
2. Set up SharePoint services for hybrid environments Configure the needed SharePoint services for hybrid search,
including User Profiles, MySites, and the Application
Management service.
3. (SharePoint Server 2013 only) Install the September Install the September 2015 PU or higher for SharePoint
PU for SharePoint Server 2013 Server 2013. (We recommend installing the latest PU.)
3. Run Hybrid Picker Configure hybrid sites features by running the Hybrid Picker
in Office 365.
4. Quick test Check to make sure hybrid sites features are working:
Log in to a SharePoint Server as a regular user. (Be sure you're
a member of the correct audience if you used audiences.)
Click the Follow link at the top of the page.
You should see a small pop-up under Follow letting you
know that you're following the site. Click this pop-up and
notice that it navigates to your personal site, and the list of
sites you're following in SharePoint Online.
install-SPFeature SuiteNav
For each site collection where you want to use the feature, run the following cmdlet:
Video demonstration
This video shows a walkthrough of configuring sites features.
Video: Configure hybrid sites features
See also
Concepts
Hardware and software requirements for SharePoint hybrid
Accounts needed for hybrid configuration and testing
Configure cloud hybrid search - roadmap
6/7/2019 • 17 minutes to read • Edit Online
NOTE
If you are an Office 365 Dedicated customer, setting up cloud hybrid search requires engagement of SharePoint Service
Engineering staff. Contact your Microsoft Service Delivery Manager for assistance. If you aren't sure what type of customer
you are, you can safely disregard this note.
Step Description
1. Configure Office 365 for SharePoint hybrid Configure your Office 365 tenant for a hybrid environment,
including registering your domain, configuring UPN suffixes,
and synchronizing your on-premises user accounts with
Office 365.
2. Create a cloud Search service application in Run the Hybrid Picker wizard on the application farm that
SharePoint Server hosts the SharePoint ServerCentral Administration website.
Alternatively, run the CreateCloudSSA.ps1 PowerShellscript
3. Connect your cloud Search service application to If you used the Hybrid Picker wizard to create a cloud Search
your Office 365 tenant service application, skip this step. The Hybrid Picker
automatically connected your environments.
Otherwise, run the Onboard-CloudHybridSearch.ps1
PowerShell script to onboard your cloud SSA and Office 365
tenant to cloud hybrid search. The script sets up the cloud
SSA to interact with the Office 365 tenant and also sets up
server-to-server authentication.
4. Set up search architecture in SharePoint Server for This step is optional. If you planned a search architecture
cloud hybrid search that's different from the default one, set up the planned
search architecture.
5. Create a content source for cloud hybrid search to We recommend adding a small file share first, you can add
crawl more on-premises content later.
6. Set up a separate Search Center in Office 365 to Keep the existing search experience unchanged by setting up
validate hybrid search results a separate Search Center in Office 365 so you can validate
and tune the new search experience there.
7. Start a full crawl of on-premises content for cloud When the crawl completes, your on-premises content shows
hybrid search up in the search results in your validation Search Center in
Office 365 and in Office Delve.
8. Verify that cloud hybrid search works Go to your Search Center in SharePoint Online in Office 365
and enter this query: "IsExternalContent:true". The results you
get should show content from the on-premises content
source that you've crawled.
9. Tune cloud hybrid search Set up and tune the search experiences you've planned for
your users.
10. Remove the validation Search Center and expose all Set your Search Center and any site search in Office 365 to
users to hybrid search results. use the default result source and set up the default result
source with the search experiences that you've tuned. Your
on-premises content shows up in the search results in your
Search Center in Office 365, site search in Office 365, and in
Office Delve.
NOTE
If your organization restricts computers from connecting to the internet, you need to allow access to the endpoints
(FQDNs) that cloud hybrid search uses. Include the endpoints in your outbound allow lists. The endpoints are listed in the
SharePoint Online section of the article Office 365 URLs and IP address ranges and are marked for use with Hybrid Search.
Use the Hybrid Picker to connect your SharePoint Server and Office 365 environments and create the cloud
Search service application.
On the application server that hosts the SharePoint ServerCentral Administration website:
1. Log on to the console as a farm administrator.
2. Connect to Office 365 as a global administrator.
3. Navigate to https://go.microsoft.com/fwlink/?linkid=867176 to download, install, and start the Hybrid
Picker wizard.
4. Follow the prompts in the Hybrid Picker and select the hybrid search feature.
The Hybrid Picker lets you choose between a cloud SSA with the default search architecture on the application
server that hosts the SharePoint Server Central Administration website, or a cloud SSA with a search architecture
on two application servers (supports high availability)
The Hybrid Picker saves you time because it also connects the cloud SSA to your Office 365 tenant (step 3).
Alternative methods for creating a cloud Search service application
You can also create the cloud SSA as follows:
You can download the CreateCloudSSA.ps1 Powershell script from the Microsoft Download Center and
run it. The script lets you choose between a cloud SSA with the default search architecture on the
application server that hosts the SharePoint Server Central Administration website, or a cloud SSA with a
search architecture on two application servers (supports high availability).
You can use the SharePoint Central Administration website, just like you would for an SSA. With this
method you get a cloud SSA and the default search architecture installed on the application server that
hosts the SharePoint Server Central Administration website.
To create a cloud SSA by running the CreateCloudSSA.ps1 PowerShell script, follow the instructions below.
NOTE
When you installed SharePoint Server, the user account from which you ran the installation was granted the appropriate
permissions to run Windows PowerShell cmdlets.
On the application server that hosts the SharePoint ServerCentral Administration website , follow these steps:
1. Make sure you're using the same user account as when you installed SharePoint Server. This account is
granted the appropriate permissions to run Window Powershell cmdlets.
2. Start the Windows Powershell console with administrator privileges: Click Start, type PowerShell, and
then right-click Windows PowerShell and select Run as administrator.
3. Run the CreateCloudSSA.ps1 PowerShell script.
4. When prompted, type:
The host name of the search server in SharePoint Server.
If you've planned highly available search, the host name of the second search server.
The Search service account in this format: domain\username.
A name of your choice for the cloud SSA.
The name of the database server in SharePoint Server
5. Verify that you see the message that the cloud SSA was successfully created.
Can I make my own Windows PowerShell script for creating a cloud SSA?
If you want to make your own PowerShell script for creating a cloud SSA, first study the CreateCloudSSA.ps1
PowerShell script we've provided. Notice that the difference between creating a cloud SSA and an SSA is the
value of the property CloudIndex. You set CloudIndex: true when you create a cloud SSA (you can't change
this value later). When CloudIndex is true, crawled metadata is not added to the on-premises search index.
However, this doesn't mean that the metadata is added to the Office 365 search index, you have to onboard the
cloud SSA to cloud hybrid search for that to happen (see Connect your cloud Search service application to your
Office 365 tenant). Ensure that your PowerShell script:
Tests that the Search service account is a managed account, and makes it a managed account if it isn't.
Includes -CloudIndex $true as an argument when it uses the New -SPEnterpriseSearchServiceApplication
PowerShell cmdlet.
This section guides you how to onboard your cloud SSA and Office 365 tenant to cloud hybrid search and covers:
Connecting your cloud SSA and your Office 365 tenant - When your cloud SSA and your Office 365
tenant are correctly connected, the cloud hybrid search solution is ready to add crawled metadata from on-
premises content to the search index in Office 365. When you've onboarded your cloud SSA, check to see
that your cloud SSA has the value 1 for the property IsHybrid. You check by running this PowerShell
command: $ssa.GetProperty("CloudIndex").
Configuring server-to-server authentication - Server-to-server authentication allows servers to access
and request resources from one another on behalf of users.
On the application server that hosts the SharePoint ServerCentral Administration website, follow these steps:
1. Ensure that the date and time of the server is synchronized with the other servers in the SharePoint Server
farm.
2. Download and install the Microsoft Online Services Sign-In Assistant for IT Professionals RTW from the
Microsoft Download Center.
3. Download and install the latest version of the Azure Active Directory Module for Windows PowerShell
from the PowerShell Gallery.
4. Download the OnBoard-CloudHybridSearch.ps1 PowerShell script from the Microsoft Download Center.
5. If your environment is Office 365 Business, Office 365 Enterprise, Office 365 Education, Office 365
operated by 21Vianet, Office 365 Germany, or Office 365 US Government Defense, open an elevated
PowerShell prompt, and run the OnBoard-CloudHybridSearch.ps1 PowerShell script as follows:
Import-Module MSOnline
**SPOTenantPortalUrl** is the URL of your company's or organization's SharePoint Online portal, and **
CloudSsaID ** is the name of the cloud SSA that you created earlier.
6. If your environment is Office 365 US Government Communication, open an elevated PowerShell prompt, and
run the OnBoard-CloudHybridSearch.ps1 PowerShell script as follows:
Import-Module MSOnline
**SPOTenantPortalUrl** is the URL of your company's or organization's SharePoint Online portal, and **
CloudSsaID ** is the name of the cloud SSA that you created earlier.
7. When prompted, type the global admin credentials for your Office 365 tenant.
Related Topics
Learn about cloud hybrid search for SharePoint
Plan cloud hybrid search for SharePoint
Cloud hybrid search service (CSSA)-FAQ
8/2/2019 • 28 minutes to read • Edit Online
Quite frequently, we receive questions regarding Cloud hybrid search service application, Hybrid and its
supportability around various use cases. The goal of this post is to collate and have a home for these questions for
ease of reference.
What are the current supported Hybrid features in SharePoint?
Hybrid is not limited to search/Cloud hybrid search service application (CloudSSA) anymore. Below is a
consolidated list of Hybrid features along with Microsoft Official reference to configure the same.
1. Hybrid OneDrive for Business
2. Hybrid Sites Features
3. Hybrid App Launcher
4. Hybrid Extranet Business-to-Business sites
5. Hybrid Auditing (Works only in SharePoint 2016)
6. Hybrid Taxonomy and Content Types
7. Hybrid self-service site creation (Hybrid self-service site creation is available in SharePoint Server 2013 with
the March 2017 PU. November 2017 CU adds this to 2016)
8. Hybrid Search [Query federation]
9. Cloud Hybrid search(CloudSSA)
10. Business connectivity services
Is there an automated wizard that can help configure Hybrid in my environment?
Yes, you can leverage the Hybrid picker in SharePoint Online admin center for hybrid configurations. This wizard
automates certain configuration steps required to connect on-premises SharePoint Server environment with
SharePoint Online in Office 365. You can read more about the Hybrid picker here.
Can I leverage SharePoint Hybrid picker to perform a clean -up of Hybrid environment or deactivate the
Hybrid features that was activated by picker?
The picker automates certain configuration steps to configure Hybrid between On-premises SharePoint Server
with SharePoint Online. This is not designed to undo the changes once the wizard completes. Example, Hybrid
Picker creates a Server-to-Server (S2S )/OAuth trust between the SharePoint Online and SharePoint On-premises
farm. Once this is configured, re-running the wizard does not clean up the trust. You can refer to the official
guidance here that mentions the Server-to-Server trust: "Note that the hybrid picker does not uninstall features. If
you run the hybrid picker and deselect a feature that you previously installed, it will remain installed."
I plan to configure cloud hybrid search with high availability (HA ) topologies. Is there a script available to
configure the same?
If you plan to configure cloud hybrid search with HA topologies in either SharePoint 2013/2016, you can configure
it with hybrid picker. Hybrid picker has automated certain configuration steps needed to connect your on-premises
SharePoint Server environment with SharePoint Online in Office 365 for cloud hybrid search. (Learn more)
What is hybrid federated search and how is it different from cloud hybrid search?
Hybrid federated search and Cloud hybrid search are the two Hybrid experiences that a search administrator can
choose while configuring hybrid search with Office365.
With hybrid federated search solution for SharePoint, the results are federated from your search index in
SharePoint Server 2013/2016 as well as index in Office 365. SharePoint on-premise crawls on-premises content
and SharePoint Online crawls SharePoint Online corpus. Post hybrid configurations, when authenticated users
submit a query in a search center, a real time query would be fired against both indexes and authorized users will
get search results from the Office 365 search index as well as from the SharePoint On-premises 2013/2016 search
index. However, the results are separate and distinct from one another often displayed in separate search verticals
or result blocks.
Cloud hybrid search service application for SharePoint 2013/2016 is a crawl-based solution. All crawled content,
including on-premises content, is processed by Office365 search engine and resides in search index in Office 365.
When authenticated users submits a query in SharePoint Online search center, they get search results from Office
365 search index, thus see items both from on-premises and Office 365 content. If you want to get the same
experience in on-premises SharePoint 2013/2016 search center, you need to configure a remote result source in
the on-premises farm to fetch results from Office365 index.
What are the supported topologies in Hybrid federated search?
There are three topology types for Hybrid federated search.
Hybrid infrastructure setup (server to server (S2S ) authentication) is a must for any of the below scenarios to work.
Outbound: In an outbound scenario, a remote result source will only be configured in the on-premise SharePoint
2013/2016 farm. Outbound can be defined as the ability to only query from the on-premise farm to SharePoint
Online search(SPO ) farm. Results will be displayed in the on-premise search center in separate search verticals
(one for SPO results, another for SharePoint on premise). If outbound is configured, then querying from
SharePoint Online (SPO ) search center will not return any search results from the on-premises SharePoint
2013/2016 farm.
Inbound: In an inbound scenario, a remote result source will only be configured in the SharePoint Online (SPO )
search center. Inbound can be defined as the ability to query only from SPO farm to on-premise farm. Results will
be displayed in the SPO search center in separate search verticals (one for SPO results, another for SharePoint on
premise). There are additional certificate and reverse proxy requirements in addition to the outbound
configurations mentioned above. The blog here outlines the requirement.
Two way: A combination of the above two (outbound and inbound) is a two way hybrid federated search. Two way
is typically the desired state of hybrid federated search deployment in an organization, where result sources are
created in both SharePoint Online as well as SharePoint 2013/2016 farm. When queried from either of the search
centers, users see a set of search verticals with results from SharePoint Online and another from on-premise
SharePoint 2013/2016 farm.
What are the some of the tested and documented reverse proxies for Hybrid?
In Hybrid federated search, the reverse proxy must be able to:
Support client certificate authentication with a wildcard or SAN certificate.
Support pass-through authentication for OAuth 2.0.
Accept unsolicited inbound traffic on TCP port 443 (HTTPS ).
Bind a wildcard or SAN SSL certificate to a published endpoint.
Relay traffic to an on-premises SharePoint Server 2013 or 2016 farm or load balancer without rewriting any
packet headers.
As described in this article, below is a list of tested reverse proxy solution.
SUPPORTED REVERSE PROXY DEVICES CONFIGURATION ARTICLE
Windows Server 2012 R2 with Web Application Proxy (WA-P) Configure Web Application Proxy for a hybrid environment
Forefront Threat Management Gateway (TMG) 2010 Configure Forefront TMG for a hybrid environment
When should I deploy cloud hybrid search or hybrid federated search? Are there any recommendations ?
The recommendation is to choose Cloud hybrid search for these benefits as per TechNet guidelines.
Your users get unified search results, search relevance ranking, and refiners even if your organization has a
hybrid deployment with content both on-premises and in Office 365.
Your users automatically get the newest SharePoint Online search experience without your organization
having to update your existing SharePoint servers.
Your users can use cloud capabilities such as Office Delve also for your on-premises content.
You no longer have to worry about the size of your search index, because your search index is in Office 365.
This means that the footprint of your SharePoint Server 2013/2016 search farm is smaller, and your total
cost of ownership for search is lower.
You don't need to upgrade any of your existing installations of SharePoint to have enterprise search in the
cloud because SharePoint Server 2013/2016 supports crawling of existing SharePoint Server 2007,
SharePoint Server 2010, and SharePoint Server 2013 content farms.
You no longer have to migrate your search farm to a newer version of SharePoint because this happens
automatically in Office 365.
If you have some on-premises content that's highly sensitive and shouldn't be indexed outside your on-premises
network, then hybrid federated search may be the way to go. Note: Authenticated user queries will be routed in
real time to two separate indices (SharePoint Online index and SharePoint on-premise) and results will be
displayed in separate search verticals.
Can Hybrid Search results be displayed in a SharePoint 2010 search center?
Out of box, there is no way to configure Server to Server authentication in a SharePoint 2010 environment. Cloud
hybrid search service application can only be installed in SharePoint 2013/2016 environment. The
recommendation is ideally to upgrade the SharePoint 2010 farm to SharePoint 2013 and or SharePoint 2016
following the upgrade guidelines. However, if there is a business requirement to remain on SharePoint 2010, then
there is a workaround through which you will be able to display results. You need to publish search service
application from SharePoint 2013 and consume from SharePoint 2010 farm. Whichever hybrid search model you
deploy (cloud hybrid search service application or federated hybrid search), consuming the same from SharePoint
2010 farm will show authenticated users search results from Office365. Note: The search center site in SharePoint
2010 must be Enterprise search center.
What are supported topologies while publishing/consuming Cloud hybrid search service application?
Publishing/consuming of Cloud search service application follows the exact same support matrix as any other
service application within SharePoint. The following table lists the supported options:
PUBLISHED CLOUDSSA VERSION CAN BE CONSUMED BY
What is user rehydration and why does it play a key role in hybrid setup with Office365?
Server-to-server authentication (S2S ) allows servers (ex. SharePoint 2013/2016) to access and request resources
from one another on behalf of users. This is a key requirement for Hybrid search to work. For example, in a Cloud
hybrid search service farm when a user queries for an item in a SharePoint 2013 search center, the query needs to
be routed to SharePoint Online farm (as the index is in SPO farm). The user identity needs to be re-hydrated and
then an ACL match has to happen, and only after that a set of results that the user has permission to would be
returned in search results. To do so, it's a must that the following tasks can be accomplished:
Resolve the request to a specific SharePoint user.
Determine the set of role claims that are associated with the user, a process known as rehydrating the user's
identity.
When a request is made to obtain a resource from another server (ex. SharePoint 2013/2016), the claims from the
incoming security token is leveraged to resolve it to a specific SharePoint user. By default, SharePoint Server 2013
uses the built-in User Profile service application to resolve the identity. A match of the set of claims is done against
some user attributes for locating the corresponding user profile. The match is performed against one of the
following attributes:
Windows Security Identifier (SID )
Simple Mail Transfer Protocol (SMTP ) address
User principal name (UPN )
Session Initiation Protocol (SIP ) address
Therefore, it's recommended that at least one of these user attributes must be current in user profiles both in
SharePoint On-premises as well as in SharePoint Online.
What is the List of attributes that are synced by the Azure Active Directory Sync tool
The article here has the list of attributes that are synchronized out of the box by the Azure Active Directory Sync
tool.
Search service application in my On premises SharePoint 2013/2016 farm is partitioned. Can I configure
hybrid query federation?
Office 365 doesn't support incoming Hybrid Search queries when the on-premises Search Service Application
Proxy is deployed in partitioned mode. Outbound search fails when the Search Service Application or the proxy is
partitioned. This is because the search query passes a partitionID (tenantID ) to the search query processor, which
fails because this is a GUID and therefore unique. The unique partitionID will not be found in the O365 search
index and so no search query can be scoped to that ID. Security trimming will not allow results from one ID to be
passed to another ID. Search admins need to fix/rebuild their Service Application to be fully supported. This KB
article describes the errors and some workarounds.
What content sources can you crawl using Cloud hybrid search service application?
All SharePoint 2013/SharePoint 2016 content sources are supported.
My SharePoint topology consists of multiple SharePoint farms (i.e., Content farm, Service Farm ). What is
the preferred farm to configure Cloud hybrid search service application?
In a content/service SharePoint scenario, assuming Search is in the service farm, CloudSSA should ideally be
configured in the service farm. For implementation details, refer to this link. https://technet.microsoft.com/en-
us/library/ff621100(v=office.16).aspx
Is ADFS/Single-sign -on mandatory to configure server-to-server authentication or Cloud hybrid search
service application?
ADFS/Single-sign is not a mandatory pre-requisite to configure server-to-server authentication or Cloud hybrid
search service application. Below is an overview of features that need to be configured between Office 365 and
SharePoint Server 2016 /2013 to configure a hybrid environment.
1. Sign up for Office 365.
2. Register your domain with Office 365.
3. Synchronize accounts with Office 365.
4. Assign licenses to your users.
5. Create cloud hybrid search service application.
6. Onboard cloud hybrid search service application.
Can I connect multiple Cloud hybrid search service applications (CloudSSA ) to the same Office365 tenant?
Companies have SharePoint Farms across different geographical locations. Having CloudSSA across geographical
locations and connecting them to the same Office365 tenant is supported. CloudSSA provides the ability to crawl
and parse on-premises content, and process and index it in single Office 365 tenant that these CloudSSA farms are
connected to.
However, it is important to note that each CloudSSA farm must only crawl unique content (i.e., crawling the same
source content from multiple CloudSSA farms connected to the same Office365 tenant is not supported).
Pro Tip: The name of the content source in SharePoint on-premises is included in the managed property
"ContentSource". If you name the content sources in your different farms uniquely, you can identify the content
source by name in queries. If you use the default "Local SharePoint Sites," you will have to find another way to
segregate your content.
Is it supported to run multiple Cloud hybrid search service applications on the same farm? Or is it supported
to host a farm that has both regular search service application as well as Cloud hybrid search service
application sharing farm hardware?
Separate farms should be used to host individual Cloud search service applications (CSSA) to avoid resource
consumption and possible unexpected behaviors. However, it is a supported configuration to operate two search
service applications (SSA) on the same farm if only one of the SSAs is a Cloud hybrid search service application.
You also need to ensure that the servers in the farm only host components from one SSA. If the Cloud hybrid
search service application and the regular search service application components do not share hardware between
any components, only then it's supported that machines in the farm can be used to host both SSAs.
What are the supported topologies for document collaboration using Exchange Server 2016, Office Online
Server (OOS ), and SharePoint Server?
The following are documented and supported topologies:
Exchange On-Premises + SharePoint On-Premises
Exchange On-Premises + SharePoint Online
Exchange Online + SharePoint Online.
Can we deploy Cloud hybrid search service application in an environment that has multiple forests?
Cloud hybrid search service application works in an environment that has multiple forests. You need to ensure that
the accounts across these forests are synched to Office365. Azure AD Connect sync should take care of this
situation. When you have multiple forests, all forests must be reachable by a single Azure AD Connect sync server.
You don't have to join the server to a domain. If necessary, to reach all forests, you can place the server in a
perimeter network. The articles below discuss this configuration.
Topologies for Azure AD Connect
Implement-support-for-multiple-forests
When Cloud hybrid search service application crawls On Premises content, do crawled properties from
SharePoint on -premises propagate to SharePoint Online?
Following the crawl of content via Cloud hybrid search service application, crawled properties from SharePoint
2013/2016 on-premises propagate to SharePoint online search schema. The crawled properties in on-premises
should be a part of default propset. You also need to ensure that you are looking up the crawl properties in
SharePoint Online search schema using the correct account. (By 'correct account', I mean an account in on-
premises Active directory having rights in SharePoint On Premises as well synched to Office365 Azure AD in your
tenant.) For example, if you can look up using the content access account of your On premises Cloud hybrid search
service application farm, you should definitely see the Crawl Properties in SharePoint Online search schema.
Can Cloud hybrid search service application be onboarded in a farm that has already been configured for
provider hosted apps?
This question primarily revolves around the following use cases:
You have a SharePoint 2013 or SharePoint 2016 farm where you plan to implement provider-hosted add-
ins and/or associate with workflow manager.
You have a SharePoint 2013 or SharePoint 2016 farm that already has provider-hosted add-ins and/or
leverages workflow manager.
Hybrid features/Cloud search service application (CSSA) can be implemented on same SharePoint farm as
mentioned above. When you try to establish a S2S trust via the CSSA onboarding script or Hybrid picker, the
authentication realm of the on premises Farm is updated to match the Office 365 tenant context id. Within the
script, we set it using Set-SPAuthenticationRealm. Once the authentication realm is changed, existing SharePoint
Add-ins fail to authenticate; users will get a HTTP 401 when they are redirected to the add-ins. You can read more
about the problem as well and fix in our post here. Note: If you configure Hybrid using Hybrid picker from
SharePoint tenant admin, then the wizard takes care of the fix.
What are the out-of-box Cloud hybrid search service application crawl limits? Also, can I request additional
index quota for my tenant?
The maximum number of on-premises items crawled by Cloud hybrid search service that can be indexed in Office
365 is 20 million. For each 1 TB of storage space a tenant has in Office 365, one can index 1 million items of on-
premises content in tenant's search index. Once the limit on how many items can indexed is reached, the on-
premises farm hosting Cloud search service application will start seeing errors while crawling new items. Below is
a snippet of the error from ULS logs from a SharePoint 2016 farm:
mssearch.exe (0x5304 ) 0x97D0 SharePoint Server Search Crawler:Azure Plugin a9sz7 Verbose
AzureServiceProxy::SubmitDocuments: submit returned : Forbidden, docid : 4653596 DocIDString : sts4s://
SharePoint Server Search Crawler:Azure Plugin ayg2m High AzureServiceProxy::SubmitDocuments: submit failed
for the document: HTTP status: Forbidden
If Cloud search service application is hosted in a SharePoint 2013 environment, the uls tag tracking the error
would be amnz2 and amoeu.
You need to request an increase in the available quota to fix the issue. To increase the maximum items that can be
indexed beyond 20 million, you need to contact Microsoft Support (see here).
My Office365 tenant is configured for Hybrid. Can I query for only on -premises items that have been
crawled using Cloud hybrid search service application?
The Hybrid Cloud SSA exposes a new managed property IsExternalContent. When crawling on premises
content, this property is automatically populated with the value 1. You can leverage the managed property
"IsExternalContent" and search for the value 1 for content that is crawled on-premises. The querystring for this
example is constructed as follows
http://<searchcenter url>/Pages/results.aspx?k=IsExternalContent:1
You can test for the online content only by stipulating NOT IsExternalContent:1 as follows:
http://<searchcentre url>/Pages/results.aspx?k=(NOT IsExternalContent:1)
What would be the People crawl experience if you are crawling On -premise profile store using Cloud hybrid
search service application?
By default, all people in the SharePoint Online SPO User Profile application will be indexed by the SharePoint
online search service. If you additionally crawl people using the on-premises cloud search service application, you
will generate an additional set of people content items in the Office 365 Search index. Since these would have two
different DocID's, both will be returned in search results when queried for a person - one will have url pointing to
users mysite in SPO and another pointing to SharePoint On-premises. This will be confusing to end users as
searching for a person will return multiple results per person.
There are two ways to approach this problem today:
Make O365 User Profile service the primary source of user information and let Office 365 Search take care
of the indexing and presentation. With this approach, you do not need to crawl people on-premises.
Crawl the on-premises people profile store in addition to O365 crawling the tenant profile store. This will
result in the described scenario of duplicate search results for each person; however, you can use query
transformation to decide which results you want to display, even providing the ability for end users to
choose between the different result sources at query time.
To utilise the on-premises profile store as the primary people search source, you should follow these steps:
1. Create a new result source or copy the existing people results source.
2. Edit the new result source and modify the Query Transformation box to include the Managed Property
IsExternalContent as follows:
{?{searchTerms} ContentClass=urn:content-class:SPSPeople IsExternalcontent:1}
3. Create a new search results page and configure the Core Search Results web part to consume this new
search result source.
4. Complete the implementation by adding the new page to the search navigation settings. This will add the
new page as a search vertical within the search center.
To utilise the Office 365 profile store as the primary people search source, you should follow the same steps but
using a slightly different query transformation at step two, as follows:
{?{searchTerms} ContentClass=urn:content-class:SPSPeople NOT IsExternalcontent:1}
Note: The difference in the two transform is the insertion of NOT before the managed property to force the
exclusion of External content i.e Non O365 People Results.
I only see preview of Office documents in search results if the content resides in SharePoint Online. Office
documents that reside in SharePoint On -premises do not show previews. Is this expected?
To enable previews for on-premises content, you need to set up an on-premises Office Web Apps Server and
configure SharePoint Server 2013 to use it (or Office Online Server for SharePoint 2016). The guidelines are
documented here. The behavior is a little different with site/webpage previews (aspx). When searching from
SharePoint Online, you will see previews of aspx pages for the pages in SharePoint Online farm and not for the
aspx pages from SharePoint On-Premises. Currently, the site and web page hover templates check that the result
item has the same host name as the current host. This is by design.
Can Perfmon be leveraged to look at crawl statistics for Cloud hybrid search service application? If yes, what
are the Perfmon counters?
There are Preform counters that have been introduced for Cloud hybrid search service application. To get a list of
all counters, you can run the following command in powershell:
((Get-Counter -ListSet "Search Gatherer Azure Plugin - SharePointServerSearch").counter
What is the recommended number of crawl databases for Cloud hybrid search service application?
Use one crawl database for each 20 million items in the content corpus. You can refer to this article for further
details.
I am using Cloud hybrid search service application (CSSA ) to crawl content. In my CSSA, I see all 6
components of the search topology. Which ones are hosted locally? For example, is there a local index?
No!! Cloud hybrid search service application is a crawler. The crawl component gets content from your on-
premises farm and sends this content to the search index in Office 365. It uses connectors to interact with the
content sources and uses the crawl database to store both temporary and historical information about the items it
crawls, just like a regular crawl component.
What is pushed by Cloud hybrid search service application to Office365 SPO endpoint during a crawl?
Cloud hybrid search service application identifies the document that has changed in SharePoint. Crawler picks up
the document and parses it, extracting a structured view of the content and removing unnecessary markup.
Crawler sends the encrypted content to the Indexing API associated with the SharePoint Online content farm.
Encrypted batch submission happens, which consists of ACLs, keywords, metadata, destination tenant info, etc. The
following types of operations can be submitted from the crawler:
1. Insert: Creates or overwrites a document's content and access control list.
2. Security update: Overwrites an existing document's access control list.
3. Delete: Deletes all content for a document.
From cloud hybrid search service application farm's ULS logs, you can track the submission of items including the
crawled properties. To do so, you need to enable VerboseEx for [SharePoint Server Search] "Crawler:Azure Plugin"
categories.
What size Cloud hybrid search service architecture do I need?
Search architecture for Cloud hybrid search service application consists of search components and databases.
Ideally, you need to plan the number of crawl components for your topology, which servers to host the
components and databases on, and the hardware required for each server. When you set up a Cloud hybrid search
service application, all components of the search service application are set up and need to be online.
The grey components as shown in this TechNet article are inactive in cloud hybrid search, but they still need to be
placed on servers as recommended in the article.
Index
Deploying additional crawlers will provide high availability for the crawler function. Adding query processors will
also provide high availability when the on-premises farm is configured to send search queries to Office 365.
Content processing is performed in the Office 365 service, so there is no requirement for additional content
processors on-premises. Regardless of the number of items crawled by the Cloud Search Service Application, there
is no requirement for additional index components. The index is stored in the Office 365 search farms, which saves
a significant amount of on-premises capacity and capital outlay for large corpora. You must scale the on-premises
crawl databases to match the number of items crawled because the Cloud Search Service Application must
maintain an up-to-date crawl log of the items crawled. Scaling-out employs the same processes as a regular Search
Service Application; follow the steps at
https://technet.microsoft.com/library/jj862356(v=office.15).aspx#Topology_ExampleDefaultSmall. If you need to
tune crawling, follow the recommendation in Redesign enterprise search topology for specific performance
requirements in SharePoint 2016. The same guidelines apply for Cloud hybrid search service application.
What are the Highly Available (HA ) and Disaster Recovery (DR ) recommendations for Cloud hybrid search
service application?
It is recommended that for HA, at least two servers are configured in the same SharePoint on-premises farm and
each machine hosts all the search roles. Additional servers can be used, but if at least two of each component are
present, the CloudSSA can be considered Highly Available.
For disaster recovery, a second Cloud hybrid search service application can be built in the Disaster Recovery farm.
You need to ensure that Cloud hybrid search service application must not crawl the same content as the primary
farm unless a failover is initiated. In the event of failover, the Disaster Recovery farm can immediately serve search
results from the same Office 365 search index.
Can users query for items secured with SAML claims if crawled by a Cloud search service application?
Items secured with SAML claims when crawled using Cloud Search Service application will not show up in search
results. This does not work as those identities cannot be interpreted during the ACL mapping process in the Cloud
search service application. As of today, we do not have a way to map an on premises SAML identity to an Office
365 user, which is a core requirement for ACL mapping to work. This is by design. For such supportability
questions, a request can be submitted at https://sharepoint.uservoice.com for evaluation.
On premises environment Cloud search service application crawls site collection secured with NT
Authority\Authenticated users. How does this translate to ACL mapping in SharePoint Online?
The SIDs/SID claims in incoming ACLs are translated in SPO when a cloud hybrid search service application is
used to crawl on-premises content. User security identifiers (SID ) are mapped to passport unique ID (PUID ).
Similarly, group SIDs are mapped to Object IDs. NT AUTHORITY\Authenticated Users and Everyone (the built-in
SIDSs S -1-5-11 and S -1-1-0) are translated to "Everyone except external users" in SPO (i.e., all users in tenant
except the external ones that have been invited to share by email). Cloud search service application only support
Windows identity that has been synced to AAD. If customer is not using Windows identity and wants to Crawl
using Cloud SSA, a workaround can be to add Everyone claim to the source content to ensure that users are able
to search for that Content.
Result Type Rules are configured at the site collection. Where do I configure Result Type Rules and Display
Templates when using Cloud hybrid search?
The awesome blog post from our friend MVP Matthew McDermott highlights what to configure & where. Also,
thank you Matt for providing some of your valuable comments for this post.
Can I view Popularity trend reports in SPO for content crawled with Cloud search service application?
Popularity trends works based out of analytics. Usage Analytics reporting isn't operational under a Cloud search
service application as of today. Usage analysis uses view events created on the farm where the actual content
resides. When you configure CloudSSA to crawl content from an on-premises SharePoint farm, the view events
are not passed on to the SharePoint Online search farm. The analysis processing happens on SharePoint Online
search farm so it will not see the view events and thus will not have the possibility to update the usage reports.
Cloud hybrid search service application is crawling a SharePoint farm that has http:// prefix in the default
zone, extranet zone is https://. Query from SharePoint Online ends up showing http in the search result is
this expected behavior?
Yes, this is expected. Users will see http:// prefix in the search results. As my friend Brian explains it very nicely here
, SharePoint 2013, URL -related managed properties including Path, ParentURL and SPSiteUrl all store values
relative to the URL that was crawled. The crawler simply passes what it can gather to the Search Content Services
in the cloud. SPO search has no knowledge of the AAMs on your on-prem farm and so is unable to correctly set
the mappings you would expect to see. Thus, it's recommended to crawl the Default zone for a SharePoint 2013
Web Application.
Cloud search service application is crawling my On -Premises content. Can I remove on -premises items from
SPO?
The "urls to remove" option within SharePoint admin center (https://<tenantname>-
admin.sharepoint.com/_layouts/15/searchadmin/searchresultremoval.aspx) cannot be leveraged to remove items
from SharePoint Online index. If you want to remove specific urls, your option is to use the crawl log in the on-
premises Cloud search service application server to remove the same.
Can I run Cloud hybrid search Onboarding script when multifactor authentication (MFA )is enabled in my
tenant?
Yes, you need to ensure you have the latest version of Azure AD PowerShell. You can download it from here.
What are the firewall ports and protocols requirement to configure Cloud hybrid search service application?
The articles below outline the complete infrastructure firewall requirement for end to end connectivity with
Office365. The first blog below talks about Cloud search service application specific ports and protocols.
Ports and Protocols requirement for the Hybrid Cloud Search Service Application
Office 365 URLs and IP address ranges
Hybrid Identity Required Ports and Protocols
All Outbound requests in my network are filtered or get routed via proxy server. Is there any specific
requirement Cloud hybrid search service application to work?
You need to ensure that account running the search service (msssearch, noderunner accounts) (for crawl and
Query federation scenarios to work) in the Cloud Search Service Application farm have unrestricted outbound
internet access. If not, set system level proxy settings for these search service accounts. You can follow the steps
documented in our post here.
Cloud search service application always communicates with endpoints using port 443. Assuming there are
multiple SharePoint servers in a farm that hosts Cloud search service application components, all SharePoint
servers need to communicate to the following sites
1. *.sharepoint.com
2. https://accounts.accesscontrol.windows.net
3. https://login.windows.net/common/oauth2/authorize
4. https://sts.windows.net/*
5. https://login.microsoftonline.com
If there are dedicated Search servers in the farm topology they should be able to communicate to the following
sites as well.
1. https://provisioningapi.microsoftonline.com
2. *.search.production.us.trafficmanager.net
3. *.search.production.emea.trafficmanager.net
4. *.search.production.apac.trafficmanager.net
Where can I download Cloud hybrid search service application onboarding script?
The latest version of Windows PowerShell scripts to configure cloud hybrid search for SharePoint can be
downloaded here.
Is Cloud hybrid search service application onboarding supported for Government community cloud (GCC ) &
Office 365 operated by 21Vianet.
Yes, you can refer to our post for details.
Is it possible to perform an index reset and cleanup just the content that has been crawled via Cloud hybrid
search service application?
Yes, you can follow the steps outlined in this blog article.
Is there a forum where I can discuss and ask questions regarding issues with Cloud hybrid search?
Yes, you can submit your questions regarding Cloud search service application at the TechNet forum.
Hybrid references on TechNet
Below are some links to Hybrid articles at TechNet
Minimum public update levels for SharePoint hybrid features
SharePoint hybrid sites and search
Hybrid search in SharePoint
Learn about cloud hybrid search for SharePoint
Learn about hybrid federated search for SharePoint
Hybrid picker in the SharePoint Online admin center
Plan hybrid SharePoint taxonomy and hybrid content types
Plan hybrid OneDrive for Business
Plan cloud hybrid search for SharePoint
Plan hybrid profiles
The extensible hybrid app launcher
Hybrid site following
Hybrid self-service site creation
Configure hybrid SharePoint taxonomy and hybrid content types
Are there any eBook available to configure SharePoint Hybrid capabilities?
Yes , you can download the eBook on Configuring Microsoft SharePoint Hybrid Capabilities (ISBN
9781509302437) from this link.
Configure hybrid federated search from SharePoint
Server to SharePoint Online - roadmap
6/7/2019 • 2 minutes to read • Edit Online
STEP DESCRIPTION
1. Configure Office 365 for SharePoint hybrid Configure your Office 365 tenant for a hybrid environment,
including registering your domain, configuring UPN suffixes,
and synchronizing your user accounts.
2. Set up SharePoint services for hybrid environments Configure the needed SharePoint services for hybrid search,
including User Profiles, MySites, and the Application
Management service.
4. Display hybrid federated search results in SharePoint Configure your search service application to display search
Server results from Office 365.
See also
Concepts
Plan SharePoint Server hybrid
Configure hybrid federated search from SharePoint
Online to SharePoint Server - roadmap
6/7/2019 • 2 minutes to read • Edit Online
STEP DESCRIPTION
1. Configure Office 365 for SharePoint hybrid Configure your Office 365 tenant for a hybrid environment,
including registering your domain, configuring UPN suffixes,
and synchronizing your user accounts.
2. Set up SharePoint services for hybrid environments Configure the needed SharePoint services for hybrid search,
including User Profiles, MySites, and the Application
Management service.
4. Synchronize user profiles Run SharePoint user profile synchronization to update the
SharePoint User Profile Store with the new account UPNs that
you added when you configured Office 365. For information
about how to run profile sync, see Manage user profile
synchronization in SharePoint Server.
6. Configure a reverse proxy device for SharePoint Configure a reverse proxy device for your on-premises
Server hybrid environment.
7. Display hybrid federated search results in SharePoint Configure your search service application to display search
Online results from SharePoint Server in Office 365.
See also
Concepts
Plan SharePoint Server hybrid
Configure hybrid Business Connectivity Services -
roadmap
6/7/2019 • 2 minutes to read • Edit Online
STEP DESCRIPTION
1. Configure Office 365 for SharePoint hybrid Configure your Office 365 tenant for a hybrid environment,
including registering your domain, configuring UPN suffixes,
and synchronizing your user accounts.
2. Set up SharePoint services for hybrid environments Configure the needed SharePoint services for hybrid search,
including User Profiles, MySites, and the Application
Management service.
4. Synchronize user profiles Run SharePoint user profile synchronization to update the
SharePoint User Profile Store with the new account UPNs that
you added when you configured Office 365. For information
about how to run profile sync, see Manage user profile
synchronization in SharePoint Server.
6. Configure a reverse proxy device for SharePoint Configure a reverse proxy device for your on-premises
Server hybrid environment.
7. Deploy a Business Connectivity Services hybrid Deploy the Business Connectivity Services solution.
solution in SharePoint
See also
Concepts
Plan SharePoint Server hybrid
Configure the hybrid infrastructure
6/7/2019 • 2 minutes to read • Edit Online
5. Repeat steps 2 through 4 for each additional user account that you want to federate.
NOTE
Do not turn on the User Profile Synchronization Service. We'll do that later after we've configured the User Profile
service application.
Next, let's create a User Profile service application.
To create a User Profile service application
1. In Central Administration, under Application Management, click Manage service applications.
2. Click New, and then click User Profile Service Application.
3. Type a name for the service application in the Name box.
4. Under Application Pool, choose SharePoint Web Services Default from the Use existing
application pool list.
5. In the My Site Host URL box, type the URL of the My Site Host that you created.
6. Optionally change other settings to meet the needs of your organization. The default settings work fine for
hybrid environments.
7. Click OK.
If you're using SharePoint Server 2013, the next step is to turn on the User Profile Synchronization Service. Be
sure that you turn it on on the server that you specified as the Profile Synchronization Instance when you created
the service application.
To turn on the User Profile Synchronization Service (SharePoint Server 2013 only)
1. In Central Administration, under System Settings, click Manage services on server.
2. On the Server drop-down list, choose Change Server.
3. Choose the server that you specified as the Profile Synchronization Instance.
4. In the Service list, click Start for the User Profile Synchronization Service.
5. Type the credentials for the account shown, and click OK.
NOTE
This service can take several minutes or longer to start. Refresh the page occasionally until you see a status of
Started.
NOTE
Refresh the Manage Profile Service page to view the profile synchronization status.
That's all the configuration that you need to do for the App Management Service. Next, move on to the next step
in your roadmap.
Configure server-to-server authentication from
SharePoint Server to SharePoint Online
6/7/2019 • 13 minutes to read • Edit Online
NOTE
We recommend using the SharePoint Hybrid Picker to establish the Server-to-Server authentication between SharePoint
Server and SharePoint Online. If you are unable to use the Hybrid Picker for any reason, follow the steps in this article to
enable server-to-server authentication.
TIP
For the most reliable outcome, complete the procedures in the order they are shown in this article.
NOTE
If you configured your primary web application to use SSL, this step is not required.
To enable OAuth over HTTP, run the following commands as a farm administrator account from the SharePoint
2016 Management Shell command prompt on each web server in your SharePoint Server farm.
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
$serviceConfig.Update()
If you have enabled OAuth over HTTP for testing but want to reconfigure your environment to use SSL, you can
disable OAuth over HTTP by running the following commands as a farm administrator account from the
SharePoint 2016 Management Shell command prompt on each web server in your SharePoint Server farm.
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $false
$serviceConfig.Update()
TIP
You'll want to keep a record of your steps, the PowerShell cmdlets you run, and any errors that you might encounter. You
should capture all the contents of the PowerShell buffer when you have finished and before you close the window. This will
give you a history of the steps that you took, which will be helpful if you have to troubleshoot or explain the process to
others. This can also be useful to refresh your memory if the setup happens in stages.
Here's a high-level view of the procedures you have to complete in this section:
1. Configure the Security Token Service (STS ) in SharePoint Server:
Create a new STS certificate.
Replace the default STS certificate on each server in your SharePoint Server farm.
2. Install online service management tools on a web server in your SharePoint Server farm.
3. Configure server-to-server authentication:
Set variables you'll be using in later steps.
Upload the new on-premises STS certificate to SharePoint Online.
Add a Service Principal Name (SPN ) to Azure.
Register the SharePoint Online application principal object ID with on-premises SharePoint Server.
Configure a common authentication realm between your on-premises SharePoint Server farm and
SharePoint Online.
Configure an Azure Active Directory application proxy on-premises.
Install online service management tools and configure the Windows PowerShell window
To continue, you need to install these tools on an on-premises SharePoint Server web server:
The Microsoft Online Services Sign-In Assistant
The Azure Active Directory Module for Windows PowerShell
The SharePoint Online Management Shell
This is most easily accomplished on a web server in your SharePoint farm because it's easier to load the
Microsoft.SharePoint.PowerShell snap-in on the web servers than on servers that don't have SharePoint Server
installed.
Authentication to SharePoint Server, SharePoint Online, and Azure Active Directory requires different user
accounts. For information about how to determine which account to use, see Accounts needed for hybrid
configuration and testing.
NOTE
To make it easier to complete the steps in this section, we'll open a PowerShell Command Prompt window on a SharePoint
Server web server and add the modules and snap-ins that let you connect to SharePoint Server, SharePoint Online, and
Azure Active Directory. (We'll give you detailed steps on how to do this later in this article.) We'll then keep this window
open to use for all the remaining PowerShell steps in this article.
To install the online service management tools and configure the PowerShell window:
1. Install the online service management tools:
2. Install the Microsoft Online Services Sign-In Assistant:
Microsoft Online Services Sign-In Assistant for IT Professionals BETA (64 bit version)
(https://go.microsoft.com/fwlink/?LinkId=391943)
For additional information, see Microsoft Online Services Sign-In Assistant for IT Professionals RTW
(https://go.microsoft.com/fwlink/?LinkId=392322).
3. Install the latest version of the Azure Active Directory Module for Windows PowerShell
4. Install the SharePoint Online Management Shell:
SharePoint Online Management Shell (64 bit version) (https://go.microsoft.com/fwlink/?LinkId=392323)
For additional information, see Introduction to the SharePoint Online management shell
(https://go.microsoft.com/fwlink/?LinkId=392324).
5. Open a PowerShell window.
6. To help ensure that you don't fill the buffer and lose any of your command history, increase the buffer size
of the PowerShell window:
7. Click the upper-left corner of the PowerShell window, and then click Properties.
8. In the PowerShell Properties window, click the Layout tab.
9. Under Screen Buffer Size, set the Height field to 9999, and then click OK.
10. This step loads the modules you downloaded so you can use them in your PowerShell session. Copy the
following commands into your PowerShell session, and press Enter.
Add-PSSnapin Microsoft.SharePoint.PowerShell
Import-Module Microsoft.PowerShell.Utility
Import-Module MSOnline -force
Import-Module MSOnlineExt -force
Import-Module Microsoft.Online.SharePoint.PowerShell -force
If you need to run any of the configuration steps again later, remember to run these commands again to load
the required modules and snap-ins in PowerShell.
enable-psremoting
new-pssession
6. To log on to your SharePoint Online tenant, from the PowerShell command prompt, type the following
commands.
$cred=Get-Credential
Connect-MsolService -Credential $cred
You are prompted to log on. You need to log on using an Office 365 global administrator account.
Leave the PowerShell window open until you've completed all the steps in this article. You need it for a
variety of procedures in the following sections.
Variable Comments
$spcn The root domain name of your public domain. This value
should not be in the form of a URL; it should be the domain
name only, with no protocol.
An example is adventureworks.com.
$metadataEndpoint The URL that is used by your Azure Active Directory proxy to
connect to your Azure Active Directory tenancy.
You don't need to input a value for this variable.
Now that you identified the variables that you need to set, use these instructions to set them. Pre-populating the
most commonly used variables should help you do the remaining steps faster. These variables remain populated
as long as you don't close the PowerShell session. Be careful to provide accurate information wherever you see
angle brackets (< >), and always remove the angle brackets before you run the command. Don't alter the code
outside of the angle brackets.
NOTE
If you have to do any of these configuration steps again later, you should begin by running the following PowerShell
commands in this step to repopulate the important variables.
Copy the following variable declarations and paste them into a text editor like Notepad. Set the input values
specific to your organization. From the PowerShell command prompt you configured with the online service
management tools, run the commands.
$spcn="*.<public_root_domain_name>.com"
$spsite=Get-Spsite <principal_web_application_URL>
$site=Get-Spsite $spsite
$spoappid="00000003-0000-0ff1-ce00-000000000000"
$spocontextID = (Get-MsolCompanyInformation).ObjectID
$metadataEndpoint = "https://accounts.accesscontrol.windows.net/" + $spocontextID + "/metadata/json/1"
After you populate these variables, you can view their values by entering the variable name in the PowerShell
window. For example, entering $metadataEndpoint returns a value similar to the following:
https://accounts.accesscontrol.windows.net/00fceb75-246c-4ac4-a0ad-7124xxxxxxxx/metadata/json/1
In this step, you upload the STS certificate for your SharePoint Server farm to your SharePoint Online tenant,
which enables SharePoint Server and SharePoint Online to connect to and consume each other's service
applications.
The commands in this step add the new on-premises STS certificate (public key only) to the SharePoint Online
principal object of your Office 365 tenancy.
From the PowerShell command prompt, type the following commands.
$stsCert=(Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$binCert = $stsCert.GetRawCertData()
$credValue = [System.Convert]::ToBase64String($binCert);
New-MsolServicePrincipalCredential -AppPrincipalId $spoappid -Type asymmetric -Usage Verify -Value $credValue
Step 3: Add an SPN for your public domain name to Azure Active Directory
In this step, you add a service principal name (SPN ) to your Azure Active Directory tenant. The SPN is comprised
of the SharePoint Online principal object and your company's public DNS namespace.
Just like SPNs function in Active Directory, creating this SPN registers an object in Azure Active Directory that is
used to support mutual authentication between SharePoint Server and your SharePoint Online tenant. The basic
syntax for the SPN is:
<service type>/<instance name>
where:
<service type> is the SharePoint Online principal object, which is the same for all SharePoint Online
tenants.
<instance name> is the URL of your company's public DNS domain namespace, which is always expressed
as a wildcard, even if the Secure Channel SSL Certificate is a SAN certificate.
Here's an example:
00000003-0000-0ff1-ce00-000000000000/*.<public domain name>.com
If the common name in your certificate is sharepoint.adventureworks.com, the syntax of the SPN will look like
this:
00000003-0000-0ff1-ce00-000000000000/*.adventureworks.com
Using a wildcard value lets SharePoint Online validate connections with any host in that domain. This is useful if
you ever need to change the host name of the external endpoint (if your topology includes one) or if you want to
change your SharePoint Server web application, in the future.
To add the SPN to Azure Active Directory, enter the following commands in the Azure Active Directory Module
for Windows PowerShell command prompt.
To validate that the SPN was set, enter the following commands in the Azure Active Directory Module for
Windows PowerShell command prompt.
You should see a current list of SPNs for SharePoint Online in your Office 365 tenancy, and one of the SPNs
should include your public root domain name, prefaced by the SharePoint Online application principal ID. This
registration is a wildcard registration and should look like the following example:
00000003-0000-0ff1-ce00-000000000000/*..com
This should be the only SPN in the list that includes your public root domain name.
Step 4: Register the SharePoint Online application principal object ID with SharePoint Server
This step registers the SharePoint Online application principal object ID with the on-premises SharePoint
Application Management Service, which allows SharePoint Server to authenticate to SharePoint Online using
OAuth.
From the PowerShell command prompt, type the following commands.
To validate this step, from the PowerShell command prompt, type the $appPrincipal variable:
$appPrincipal | fl
The expected output is a description of the registered application principal with the name SharePoint Online,
which should look something like this.
Step 5: Set the SharePoint authentication realm
This step sets the authentication realm of your SharePoint Server farm to the context ID of the organization's
Office 365 tenancy.
From the PowerShell command prompt, type the following command.
To validate this step, from the PowerShell command prompt, type the following commands.
$spocontextID
Get-SPAuthenticationRealm
The output of each of these commands is the GUID that represents the context ID of the SharePoint Online
tenancy. These GUIDs should be identical.
IMPORTANT
If you have configured farm setup scripts that specify the farm authentication realm value, you should update the setup
scripts with this new value before you run them again. > For more information about the requirements for realm values in
farm setup scripts, see Plan for server-to-server authentication in SharePoint Server. Because you have now configured this
SharePoint farm to participate in the hybrid configuration, the SharePoint farm authentication realm value must always
match the tenant context identifier. If you change this value, the farm will no longer participate in hybrid functionality.
In this step, you create an Azure Active Directory proxy service in the SharePoint Server farm. This enables Azure
Active Directory as a trusted token issuer that SharePoint Server will use to sign and authenticate claims tokens
from SharePoint Online.
From the PowerShell command prompt, type the following commands.
Get-SPTrustedSecurityTokenIssuer
The output that's expected is a description of the farm's trusted token issuer, where the value of the
RegisteredIssuerName property is the following:
00000001-0000-0000-c000-000000000000@where <context ID> is the context ID of your SharePoint Online
tenancy, which is the value in the $spocontextID variable.
See also
Hybrid for SharePoint Server
Install and configure SharePoint Server hybrid
Run Hybrid Picker
6/7/2019 • 2 minutes to read • Edit Online
NOTE
If you're using a pop-up blocker with your browser, be sure to turn it off before running the hybrid picker.
Worksheet tips
Things will go a lot easier if all of the applicable information is entered on the SharePoint hybrid worksheet before
you start to configure anything. At a minimum, you need to know the following things to use this article.
Table: Decisions that should already be recorded on the SharePoint hybrid worksheet
Will you use an existing web application for hybrid or create New or existing web application row of Table 2
one?
What site collection strategy will you use? Site collection strategy row of Table 2
What's the IP address of the Internet-facing endpoint on the IP address of the external endpoint row of Table 3
reverse proxy device that the external URL is associated with?
Verify that these decisions are entered on the worksheet before you continue.
Configuration phases
In order to configure the environment infrastructure, you'll need both SharePoint Server interfaces, such as the
SharePoint Central Administration website, and the Administration pages in SharePoint Online. To prevent you
from having to switch between these interfaces more than necessary, we've organized the configuration steps into
the following phases:
Prepare your public domain
Configure SharePoint Server
Create and configure a target application for the SSL certificate in SharePoint Online
Validation and next steps
Please complete each configuration step in the order shown in this article.
IMPORTANT
It is recommended that you thoroughly document your deployment strategy and that you maintain detailed work logs
during the hybrid environment configuration process. In any complex implementation project, a detailed record of every
design decision, server configuration, procedure, and output is a very important reference for troubleshooting, support, and
awareness.
NOTE
The procedures in this section assume that you have an existing SharePoint Server farm that you intend to use for hybrid
functionality.
If you want to configure a site collection strategy by using a host-named site collection for the SharePoint hybrid
environment, complete these steps in the order shown:
1. Ensure that the web application and root site collection exist.
2. Ensure that an SSL binding exists on the primary web application.
3. Create the host-named site collection.
4. Configure split DNS.
5. Create an A record in the on-premises DNS.
For more information about site collection strategy decisions, see the Choose a site collection strategy section of
Plan connectivity from Office 365 to SharePoint Server.
Ensure that the primary web application and root site collection exist
The host-named site collection that you'll create a bit later has to be created in a web application that's configured
to use the following:
Integrated Windows Authentication with NTLM
https protocol (Secure Sockets Layer)
You also need a path-based site collection to use as the root site collection in this web application.
If the web application and root site collection don't exist, you'll have to create them. You can do this by using either
Central Administration or the SharePoint 2016 Management Shell. If they already exist, go to Ensure that an SSL
binding exists on the primary web application.
Here's an example for how to create a web application by using SharePoint 2016 Management Shell.
Where:
The name of the web application is Adventureworks Web app.
The port number of the web application is 443.
Record the port number that you chose in the Port number
of the web application row of Table 5a of the worksheet.
The new web application uses a web application pool named AdventureworksAppPool.
The web application runs as the managed account adventureworks\abarr.
The web application is created by using Windows Integrated Authentication with NTLM.
Here's an example for how to create the root site collection by using the SharePoint 2016 Management
Shell.
New-SPSite 'https://sharepoint' -Name 'Portal' -Description 'Adventureworks Root site collection' -OwnerAlias
'adventureworks\abarr' -language 1033 -Template 'STS#0'
Where:
The host name of the SharePoint farm is "sharepoint".
The primary administrator is adventureworks\abarr.
The site template uses the English language (1033).
The template (STS#0) is the Team Site template.
For more information about how to create a web application and root site collection for a host-named site
collection, see Create claims-based web applications in SharePoint Server and Host-named site collection
architecture and deployment in SharePoint Server.
Ensure that an SSL binding exists on the primary web application
Because this web application is configured to use SSL, you have to ensure that an SSL certificate is bound to the
primary web application. For production environments, this certificate should be issued by a public certification
authority (CA). For test and development environments, this can be a self-signed certificate. We call this the on-
premises SharePoint SSL certificate.
TIP
This is typically a separate certificate from the one that you'll later install on the reverse proxy device. For more information
about these certificates, see the Plan SSL certificates section of Plan connectivity from Office 365 to SharePoint Server.
After the certificate is bound to the web application, you'll be able to see this host name in the Issued To field in
the Server Certificates dialog box in Internet Information Services (IIS ). For more information, see How to Set
Up SSL on IIS 7.0.
Create the host-named site collection
After the web application and root site collection are in place, the next step is to create a host-named site collection
within the primary web application. The public URL of this site collection must be identical to the external endpoint
URL.
NOTE
Host-named site collections must be created by using the SharePoint 2016 Management Shell. You can't use Central
Administration for creating this type of site collection.
Here's an example of how to create a host-named site collection by using the SharePoint 2016
Management Shell.
Where:
https://spexternal.adventureworks.com is the URL of the host-named site collection. This URL must be
identical to the External URL.
https://sharepoint is the web application that the site collection is created in.
For more information, see Host-named site collection architecture and deployment in SharePoint Server.
Configure split DNS
You have to configure split DNS. This is a common configuration that's used to help ensure that on-premises client
computers resolve a server name to internal IP addresses, even though public DNS resolution resolves the same
service name to a completely different public IP address. This enables users to be redirected to an endpoint that
uses standard SharePoint security-enhanced mechanisms for authentication, but queries from Office 365 can be
directed through a reverse proxy configured to use certificate authentication.
For more information about how to use split DNS in a hybrid topology, see Architecture Design Recommendation
for SharePoint 2013 Hybrid Search Features. For information about how to configure a split DNS, see A faulty
split-brain DNS configuration can prevent a seamless SSO sign-in experience.
Create an A record in the on-premises DNS
The reverse proxy device must be able to resolve the internal URL of the host-named site collection. You can do
this by creating an A record in the desired on-premises DNS namespace. This doesn't have to be in the same
namespace as the reverse proxy device. However, the reverse proxy device must be able to resolve this namespace.
This A record maps the host name of the External URL to the IP address of the on-premises SharePoint farm.
Here's an example of an A record where the External URL is https://spexternal.adventureworks.com, and the IP
address of the network load balancer for the SharePoint farm is 10.0.0.13.
The External URL is recorded in the External URL row of Table
3 of the worksheet.
You have finished configuring the site collection strategy by using a host-named site collection for hybrid. Now,
skip ahead to Assign a UPN domain suffix.
Configure a site collection strategy by using a path-based web application without AAM
If you want to configure a site collection strategy by using a path-based web application without the need to create
an Alternate Access Mapping (AAM ) for the SharePoint hybrid environment, complete these steps in the order
shown:
1. Ensure that the web application exists.
2. Ensure that an SSL binding exists on the primary web application.
3. Configure split DNS.
4. Create an A record in the on-premises DNS.
NOTE
When you configure a site collection strategy without AAM, the public URL of the primary web application must be identical
to the External URL.
For more information, see the Choose a site collection strategy section of Plan connectivity from Office 365 to
SharePoint Server.
Ensure that the primary web application exists
You can use an existing web application as the primary web application, or you can create one. You should have
made this decision during planning and recorded it in the New or existing web application row of Table 2 of
the worksheet. If you haven't made this decision yet, refer to Plan connectivity from Office 365 to SharePoint
Server and decide before you go any further. Remember that when you configure a site collection strategy without
AAM, the public URL of the primary web application must be identical to the External URL.
If during planning, you decided which existing web application to use as the primary web application, its URL
should be recorded in the Primary web application URL row of Table 5b of the worksheet. If so, skip ahead to
Ensure that an SSL binding exists on the primary web application. Otherwise, to create a web application to use as
the primary web application, use the procedures in Create claims-based web applications in SharePoint Server.
In general, you should use the default settings. However, the following configuration settings are required.
Required configuration settings
LOCATION DESCRIPTION
In the IIS Web Site section, in the Port box Type the port number that you want this web application to
use—for example, 443.
In the Security Configuration section Ensure that Allow Anonymous is set to No.
In the Security Configuration section Ensure that Use Secure Sockets Layer (SSL) is set to Yes.
You'll have to bind an SSL certificate to the web application,
which we discuss more in the next section.
In the Claims Authentication Types section Select the Enable Windows Authentication check box, select
the Integrated Windows authentication check box, and in
the drop-down menu, select NTLM.
In the Public URL section, in the URL box Type the External URL—for example,
https://spexternal.adventureworks.com.
By default, SharePoint appends the port number to the
default URL that it recommends for this field. When you
replace that URL with the external URL, don't append the port
number.
To make things easier for yourself in later procedures, we recommend that you do the following.
Get the URL from the Public URL section of the Create New
Web Application page in Central Administration, and record
it in the Primary web application URL row of Table 5b of
the worksheet.
You have to ensure that an SSL certificate is bound to the primary web application. For production environments,
this certificate should be issued by a public certification authority (CA). For test and development environments,
this can be a self-signed certificate. We call this the on-premises SharePoint SSL certificate.
TIP
This is typically a separate certificate from the one that you'll later install on the reverse proxy device, but you can use the
Secure Channel SSL certificate for this if you want to. For more information about these certificates, see the Plan SSL
certificates section of Plan connectivity from Office 365 to SharePoint Server.
The host name of the web application must be in the Subject field of the SSL certificate. After the certificate is
bound to the web application, you can see this host name in the Issued To field in the Server Certificates dialog
box in Internet Information Services (IIS ). For more information, see How to Set Up SSL on IIS 7.0.
Configure split DNS
You have to configure split DNS. This is a common configuration that's used to help ensure that on-premises client
computers resolve a server name to internal IP addresses, even though public DNS resolution resolves the same
service name to a completely different public IP address. This enables users to be redirected to an endpoint that
uses standard SharePoint security-enhanced mechanisms for authentication, but queries from Office 365 can be
directed through a reverse proxy that's configured to use certificate authentication.
For more information about how to use split DNS in a hybrid topology, see Architecture Design Recommendation
for SharePoint 2013 Hybrid Search Features. For information about how to configure a split DNS, see A faulty
split-brain DNS configuration can prevent a seamless SSO sign-in experience.
Create an A record in the on-premises DNS
The reverse proxy device must be able to resolve the internal URL of the host-named site collection. You can do
this by creating an A record in the desired on-premises DNS namespace. This doesn't have to be in the same
namespace as the reverse proxy device. However, the reverse proxy device must be able to resolve this namespace.
This A record maps the host name of the External URL to the IP address of the on-premises SharePoint farm.
Here's an example of an A record where the External URL is https://spexternal.adventureworks.com and the IP
address of the network load balancer for the SharePoint farm is 10.0.0.13.
You have finished configuring the site collection strategy by using a path-based site collection without AAM for
hybrid. Now, skip ahead to Assign a UPN domain suffix.
Configure a site collection strategy by using a path-based web application with AAM
If you want to use a path-based web application with Alternate Access Mapping (AAM ) for your site collection
strategy, complete these steps in the order shown:
1. Ensure that the primary web application exists.
2. Extend the primary web application, and configure AAM.
3. Ensure that an SSL binding exists on the primary web application (if it is needed).
4. Configure AAM.
5. Create a CNAME record.
If you've already configured a different name mapping type, go to Assign a UPN domain suffix.
The following video demonstrates how a site collection strategy works with a path-based web application with
AAM.
Video: Understanding URLs and host names
This section explains how to extend your web application. Extending the web application creates a new IIS website
that you'll assign the External URL to as the public URL.
When you've completed the procedures in this section, you'll have two IIS websites. Both are connected to the
same content database. The original IIS website will be unchanged and can continue to be accessed by internal
users. The extended web application will use a different zone, such as the Internet zone, and will be configured to
use the External URL as the public URL. This extended web application is used only for servicing SharePoint
hybrid requests.
IMPORTANT
Ensure that you perform these procedures on the specific web applications that you intend to use as the primary web
application for SharePoint hybrid solutions. The URL of this web application that you have to extend is recorded in the
Primary web application URL row of Table 5c of the worksheet.
To extend the web application, use the procedures in Extend claims-based web applications in SharePoint. In
general, you should use the default settings. But, the following configuration settings are required.
Required configuration settings
LOCATION DESCRIPTION
In the IIS Web Site section, in the Port box Ensure that the value is set to the appropriate port number
for one of the following:
If you decide to extend the primary web application for
unencrypted HTTP connections, use port 80 or the HTTP
port specified by the network administrator who configures
the reverse proxy device. All inbound service connections from
the reverse proxy device to the web application's site collection
have to use HTTP.
If you decide to configure the primary web application for
encrypted HTTPS connections, use port 443 or the SSL port
specified by the network administrator who configures the
reverse proxy device. All inbound service connections from the
reverse proxy device to the web application's site collection
have to use HTTPS.
In the Security Configuration section Ensure that Allow Anonymous is set to No.
LOCATION DESCRIPTION
In the Security Configuration section Choose the appropriate value for Use Secure Sockets Layer
(SSL). If you choose No, the web application will use
unencrypted HTTP. If you choose Yes, the web application
will use encrypted HTTPS, and you must bind an SSL
certificate to the extended web application. We discuss this
certificate more in the next section.
In the Claims Authentication Types section Select the Enable Windows Authentication check box, select
the Integrated Windows authentication check box, and in
the drop-down menu, select NTLM.
In the Public URL section, in the URL box Type the External URL—for example,
https://spexternal.adventureworks.com.
Note that by default, SharePoint appends the port number to
the default URL that it recommends for this field. When you
replace that URL with the external URL, don't append the port
number.
In the Public URL section, in the Zone list Select the zone that you want to assign to this extended web
application. We recommend that you set the Zone value to
Internet if it's available.
Ensure that an SSL binding exists on the primary web application (if it's needed)
If you configured the extended web application to use SSL, you'll have to ensure that an SSL certificate is bound to
the web application that you extended in the previous section. Otherwise, if you configured the extended web
application for HTTP (unencrypted), skip ahead to Configure AAM.
For production environments, this certificate should be issued either by a public or an enterprise certification
authority (CA). For test and development environments, this can be a self-signed certificate. We call this the on-
premises SharePoint SSL certificate.
IMPORTANT
This certificate must have the bridging host name of the URL in the Subject field. For example, if the bridging URL is
https://bridge, the Subject field of the certificate must contain bridge. Therefore, this certificate can't be created by using
IIS. But you can use a certificate creation tool such as MakeCert.exe to create it. After the certificate is bound to the web
application, you can see this host name in the Issued To field in the Server Certificates dialog box in Internet Information
Services (IIS).
TIP
This is typically a separate certificate from the one that you'll later install on the reverse proxy device. For more information
about these certificates, see the Plan SSL certificates section of Plan connectivity from Office 365 to SharePoint Server.
For more information about how to set up SSL, see A guide to https and Secure Sockets Layer in SharePoint
2013.
Configure AAM
To enable SharePoint Server to dynamically translate links in requests by using the External URL, follow these
steps.
To configure AAM
1. In Central Administration, in the Quick Launch, click Application Management.
2. In the Web Applications section, click Configure alternate access mappings.
3. On the Alternate Access Mappings page, click Add Internal URLs.
4. In the Alternate Access Mapping Collection section, click the down arrow, and then click Change
Alternate Access Mapping Collection. In the dialog box that is displayed, select the primary web
application that you're configuring for hybrid.
5. In the Add Internal URL section, in the URL protocol, host and port box, type the URL you want to use as
the bridging URL. This URL must have the same protocol as the extended web application, either http or https.
For example, if you configured the extended web application by using https, the URL will resemble
https://bridge.
6. In the Zone drop-down menu, select the same zone that you used when you extended the web application.
7. Click Save.
The URL that you specified in step 5 appears in the Internal URL column of the Alternate Access
Mappings page.
Create a CNAME record
You need to create a CNAME record in the on-premises DNS. This record maps the host name of the Bridging
URL to the fully qualified domain name of the on-premises SharePoint farm. The Bridging URL is the one that you
assigned to the AAM in the previous section. The reverse proxy device must be able to query DNS to resolve the
alias to the IP address of the on-premises SharePoint farm.
Here's an example CNAME record where the host name is Bridge, based on the bridging URL, https://bridge.
To verify that the alias name you chose for your CNAME record is resolving to the SharePoint Server farm, do the
following verification step.
Verification step
1. Log on to the reverse proxy device as administrator and open a Windows command prompt.
2. Ping the alias name in the CNAME record. For example, if the alias name is Bridge, then type the following
and press Enter.
ping bridge
The command prompt should return the IP address of the SharePoint farm that's specified in the CNAME record.
If not, verify that the fully qualified domain name of the SharePoint farm is correctly specified in the CNAME
record and then repeat these verification steps.
> [!NOTE]
> If the `ping` command is blocked on the network, try using either the `tracert -4` or the `pathping -4`
command instead.
When you configure SharePoint hybrid solutions in Phase 4: Configure a hybrid solution, you'll provide the name
of the target application that you created so that SharePoint Online Search and Business Connectivity Services can
get the Secure Channel SSL certificate that's needed to authenticate with the reverse proxy device.
To create a target application to store the Secure Channel SSL certificate
1. Verify that you're logged on to Office 365 as a global administrator.
2. In the SharePoint Online Administration Center, in the navigation pane, choose secure store.
3. On the Edit tab, choose New.
4. In the Target Application Settings section, do the following:
5. In the Target Application ID box, type the name (which will be the ID ) that you want to use for the target
application—for example, we recommend that you name it SecureChannelTargetApplication. Do not
use spaces in this name.
NOTE
You create the ID in this step—you do not receive the ID from elsewhere. This ID is a unique target application name
that cannot be changed.
2. In the Display Name box, type the name that you want to use as the display name for the new target
application. For example, Secure Channel Target App.
3. In the Contact E -mail box, type the name of the primary contact for this target application.
4. In the Credential Fields section, do the following:
5. In the Field Name column, in the first row, delete any existing text that is in the box, and then type
Certificate.
6. In the Field Type column, in the first row, in the drop-down list, select Certificate.
7. In the Field Name column, in the second row, delete any existing text that is in the box, and then type
Certificate Password.
NOTE
You must follow this step only if you are importing the certificate from a certificate that contains a private key, such
as a Private Information Exchange (.pfx) file.
8. In the Field Type column, in the second row, in the drop-down list, select Certificate Password.
The credentials section should resemble the following illustration.
9. In the Target Application Administrators section, in the box, type the names of users who will have
access to manage the settings of this target application. Make sure to add any users who will test the hybrid
configuration so that they can make changes, if it's needed.
10. In the Members section, in the box, type the names of the Azure AD users and groups that you want to
enable to use hybrid solutions.
The Office 365 global administrator can create Azure AD groups. These are domain groups, not SharePoint
groups.
A list of these users, or the group they were added to, is listed
in the Federated Users row of Table 1 of the worksheet.
8. Click OK.
9. Select the check box next to the ID of the target application that you created—for example,
SecureChannelTargetApp.
3. If the certificate you're using contains a private key, such as a Private Information Exchange (.pfx) file, then in
the Certificate Password field, type the password of the certificate. Otherwise, go to step 12.
The password is recorded in the Secure Channel SSL
Certificate password row of Table 4b of the worksheet.
4. In the Confirm Certificate Password field, retype the password of the certificate.
5. Click OK.
For more information, see Configure the Secure Store Service in SharePoint Server.
In the example below, a federated user on the Internet uses the SharePoint Online search portal to search for
content in both SharePoint Online and her company's on-premises SharePoint Server server.
A federated user on the Internet searches for content that's located on her company's on-premises
server.
The following list describes the steps shown in the preceding picture.
1. From the Internet, a federated user browses to her SharePoint Online site.
2. SharePoint Online queries the search index in SharePoint Online and also sends the search query to the
external URL of the on-premises SharePoint farm which resolves to the external endpoint of the reverse
proxy device.
3. The reverse proxy device pre-authenticates the request using the Secure Channel SSL certificate and
relays the request to the URL of the primary web application.
4. The SharePoint farm service account queries the on-premises search index and security trims the search
results in the context of the user who sent the search request.
5. Security trimmed search results are returned to SharePoint Online and displayed on the search results
page. This result set includes search results from the SharePoint Online search index and search results
from the search index of the SharePoint Server farm.
NOTE
Inbound connectivity enables access to content and resources in your on-premises SharePoint Server farm from the
internet only if the user has an active, secure connection to the intranet network over VPN or DirectAccess or if the
SharePoint Server farm is configured in an extranet topology.
For a more detailed description of this process, that shows how certificates are used and authentication and
authorization work in this topology, see Poster: SharePoint 2013 Hybrid Topology: Certificate, Authentication, and
Authorization flow.
General reverse proxy requirements
In a hybrid SharePoint Server scenario, the reverse proxy must be able to:
Support client certificate authentication with a wildcard or SAN SSL certificate.
Support pass-through authentication for OAuth 2.0, including unlimited OAuth bearer token transactions.
Accept unsolicited inbound traffic on TCP port 443 (HTTPS ).
TIP
No ports other than TCP 443 need to be opened on the external reverse proxy endpoint to support hybrid
connectivity.
Azure Application Proxy Enable remote access to SharePoint Azure Application Proxy is an Azure
with Azure AD Application Proxy service that allows remote access to
services within your network without
opening firewall ports from the Internet
to your service.
Windows Server 2012 R2 with Web Configure Web Application Proxy for a Web Application Proxy (WA-P) is a
Application Proxy (WA-P) hybrid environment Remote Access service in Windows
Server 2012 R2 that publishes web
applications that users can interact with
from many devices.
> [!IMPORTANT]> To use Web
Application Proxy as a reverse proxy
device in a hybrid SharePoint Server
environment, you must also deploy AD
FS in Windows Server 2012 R2.
Forefront Threat Management Configure Forefront TMG for a hybrid Forefront TMG 2010 is a
Gateway (TMG) 2010 environment comprehensive, secure, web gateway
solution that provides secure reverse
proxy functionality.
> [!NOTE]> Forefront TMG 2010 is no
longer sold by Microsoft but will be
supported through 4/14/2020. For
more information, see Microsoft
Support Lifecycle information for TMG
2010.
SUPPORTED REVERSE PROXY DEVICES CONFIGURATION ARTICLE ADDITIONAL INFORMATION
Citrix NetScaler Citrix NetScaler and Microsoft External content managed by Citrix.
SharePoint 2013 Hybrid Deployment
Guide
See also
Concepts
Hybrid for SharePoint Server
Configure Web Application Proxy for a hybrid
environment
6/7/2019 • 5 minutes to read • Edit Online
IMPORTANT
To use Web Application Proxy as a reverse proxy device in a hybrid SharePoint Server environment, you must also deploy AD
FS in Windows Server 2012 R2.
NOTE
To install and configure the Web Application Proxy feature, you must be a local administrator on the computer where
Windows Server 2012 R2 is installed. The Windows Server 2012 R2 server running the Web Application Proxy feature can be
a member of a domain or a workgroup.
NOTE
The default service account of the Web Application Proxy Service is the local computer Network Service.
For information about how to import an SSL certificate, see Import a Certificate.
Configure the published application
NOTE
The steps in this section can be performed only by using Windows PowerShell.
To configure a published application to accept and relay requests from your SharePoint Online tenant, type the
following Microsoft PowerShell command.
Where:
<externalUrl> is the external URL for the web application. This is the public URL to which SharePoint Online
will send inbound requests for SharePoint Server content and resources.
<bridging URL> is the internal URL you configured for the primary web application in your on-premises
SharePoint Server farm. This is the URL to which Web Application Proxy will relay inbound requests from
SharePoint Online.
The bridging URL is recorded in one the following locations in
the SharePoint Hybrid worksheet:
If your primary web application is configured with a host-
named site collection , use the value in Row 1 (Primary web
application URL) of Table 5a: Primary web application
(host-named site collection).
If your primary web application is configured with a path-
based site collection , use the value in Row 1 (Primary web
application URL) of Table 5b: Primary web application
(path-based site collection without AAM).
If your primary web application is configured with a path-
based site collection with AAM , use the value in Row 5
(Primary web application URL) of Table 5c: Primary web
application (path-based site collection with AAM).
<friendly name of the published application> is a name you choose to identify the published application in
Web Application Proxy.
<certificate thumbprint> is the certificate thumbprint, as a string with no spaces, of the certificate to use for
the address specified by the ExternalUrl parameter. This value should be entered twice, once for the
ExternalCertificateThumbprint parameter and again for the ClientCertificatePreauthenticationThumbprint
parameter.
Get-WebApplicationProxyApplication |fl
BackendServerAuthenticationMode :ADFS
BackendServerAuthenticationSPN : None
BackendServerCertificateValidation : None
BackendServerUrl : https://<bridging URL>/
ClientCertificateAuthenticationBindingMode : None
DisableTranslateUrlInRequestHeaders : False
DisableTranslateUrlInResponseHeaders : False
ExternalPreauthentication : PassThrough
ID : 91CFE805-44FB-A8A6-41E9-6197448BEA72
InactiveTransactionsTimeoutSec : 300
UseOAuthAuthentication : False
PSComputerName :
Troubleshooting
Web Application Proxy logs events and errors to the Application and Remote Access Windows Server event logs.
Logging plays an important role in troubleshooting issues with connectivity and authentication between
SharePoint Server and SharePoint Online. Identifying the component that is causing a connection failure can be
challenging, and reverse proxy logs are the first place you should look for clues. Troubleshooting can involve
comparing log events from Web Application Proxy event logs, SharePoint Server ULS logs, Windows Server event
logs, and Internet Information Services (IIS ) logs on multiple servers.
For more information on troubleshooting techniques and tools for SharePoint Server hybrid environments, see
Troubleshooting hybrid environments.
See also
Concepts
Hybrid for SharePoint Server
Configure a reverse proxy device for SharePoint Server hybrid
Configure Forefront TMG for a hybrid environment
6/7/2019 • 10 minutes to read • Edit Online
[!SECURITY NOTE ] As a general best practice for edge deployments, you normally install Forefront
TMG in a separate forest (rather than in the internal forest of your corporate network), with a one-way
trust to the corporate forest. However, you can configure client certificate authentication only for users
in the domain to which the TMG server is joined, so this practice cannot be followed for hybrid
environments. > For more information on TMG network topology considerations, see Workgroup and
domain considerations.
Deploying TMG 2010 for use in a SharePoint Server hybrid environment in a back-to-back configuration is
theoretically possible but has not been tested and may not work.
TMG 2010 includes both diagnostic logging and a real-time logging interface. Logging plays an important
role in troubleshooting issues with connectivity and authentication between SharePoint Server and
SharePoint Online. Identifying the component that is causing a connection failure can be challenging, and
TMG logs are the first place you should look for clues. Troubleshooting can involve comparing log events
from TMG logs, SharePoint Server ULS logs, Windows Server event logs, and Internet Information
Services (IIS ) logs on multiple servers.
For more information on how to configure and use logging in TMG 2010, see Using diagnostic logging.
For more information on general TMG 2010 troubleshooting, see Forefront TMG Troubleshooting.
For more information on troubleshooting techniques and tools for SharePoint Server hybrid environments, see
Troubleshooting hybrid environments.
NOTE
After TMG 2010 has been installed, the friendly name of the fwsrv service is the Microsoft Forefront TMG Firewall
service.
3. Import the Secure Channel SSL certificate to the Personal certificate store of the computer account.
4. Import the Secure Channel SSL certificate to the Personal certificate store of the fwsrv service account.
For more information about how to import an SSL certificate, see Import a Certificate.
NOTE
If you use SSL, ensure that you have a valid certificate installed on the primary web application.
6. In the Internal Publishing Details dialog box, in the Internal site name text box, type the internal DNS
name of the bridging URL , and then click Next. This is the URL that the TMG server will use to relay
requests to the primary web application.
NOTE
Do not type the protocol (http:// or https://).
7. In the Use a computer name or IP address to connect to the published server box, optionally type the
IP address or the fully qualified domain name (FQDN ) of the primary web application or network load
balancer, and then click Next.
NOTE
If TMG can resolve the primary web application using the host name you provided in the previous step, you do not
have to perform this step.
8. In the Public Name Details dialog box, accept the default setting on the Accept requests for menu. In
the Public name text box, type the host name of your External URL (for example,
"sharepoint.adventureworks.com"), and then click Next. This is the host name in the external URL that
SharePoint Online will use to connect with your SharePoint Server farm.
NOTE
Do not type the protocol (http:// or https://).
See also
Concepts
Hybrid for SharePoint Server
Configure a reverse proxy device for SharePoint Server hybrid
Other Resources
Configuring Web publishing
Forefront Threat Management Gateway (TMG ) 2010
Configure a hybrid solution for SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
Configuring and deploying one or more SharePoint hybrid solutions takes place in the final phase of the
SharePoint hybrid environment deployment process and is the ultimate reason for configuring a SharePoint
hybrid environment.
Be sure you're following a roadmap when you read the articles in this section.
Configure hybrid OneDrive for Business
7/17/2019 • 5 minutes to read • Edit Online
Video demonstration
This video shows a walkthrough of configuring hybrid OneDrive for Business.
Video: Configure hybrid OneDrive for Business
NOTE
The SharePoint Migration Tool demonstrated in the video is currently in preview. It is only supported for SharePoint Server
2013. [Download the SharePoint Migration Tool]((http://spmtreleasescus.blob.core.windows.net/install/default.htm).
NOTE
Turn on the appropriate navigation bar links for the set of SharePoint Online service features that you have purchased. For
example, if you have OneDrive for Business with Office on the web, then you would turn on only the OneDrive for Business
link, and not the Sites or Newsfeed links. OneDrive for Business with Office on the web does not include the Sites and
Newsfeed features and users would see Access Denied messages if they clicked the links. You can, however, still choose to
turn on Yammer as your social network and then turn on the Yammer/Newsfeed navigation link.
See also
Other Resources
Plan for hybrid OneDrive for Business
Show results from Office 365 in on-premises
SharePoint with cloud hybrid search
6/7/2019 • 4 minutes to read • Edit Online
Create a result source that defines how to get search results from the
search index in Office 365
1. Verify that the user account that you use to perform this procedure is an administrator for the cloud SSA.
2. In the cloud search farm, in Central Administration, in the Application Management section, click
Manage service applications.
3. Click the cloud SSA to which you want to add a result source.
4. On the Search Administration page for the cloud SSA, in the Quick Launch, click Result Sources.
5. On the Manage Result Sources page, click New Result Source.
6. On the Add Result Source page, do the following:
7. In the General Information section, in the Name text box, type a name for the new result source—for
example, Office 365 search index .
8. (Optional) In the General Information section, in the Description text box, type a description of the new
result source.
This description will appear as a tooltip when the pointer rests on the result source on certain configuration
pages.
9. In the Protocol section, select Remote SharePoint.
10. In the Remote Service URL section, type the address of the root site collection in SharePoint Online that
you want to get search results from, such as https://adventure-works.sharepoint.com.
11. In the Type section, select SharePoint Search Results.
12. In the Query Transform section, keep the default setting.
13. In the Credentials Information section, select Default Authentication.
14. Click OK to save the new result source.
Set the result source as the default result source for the cloud Search
service application
1. Verify that the user account that performs this procedure is an administrator for the cloud SSA.
2. In the cloud search farm, in Central Administration, in the Application Management section, click
Manage service applications.
3. Click the cloud SSA for which you want to set the result source as default.
4. On the Search Administration page, in the Queries and Results section, click Result Sources.
5. On the Manage Result Sources page, point to the result source that you want to set as default, click the
arrow that appears, and then click Set as Default.
Related Topics
Learn about cloud hybrid search for SharePoint
Plan cloud hybrid search for SharePoint
Configure cloud hybrid search for SharePoint
Enable previews of on-premises search results in
cloud hybrid search
6/7/2019 • 3 minutes to read • Edit Online
1. In an Office 365 Search Center, a user hovers over a search result for a Word document that's stored on a
SharePoint Server on-premises content farm.
2. The request to show a preview of the document goes to the Office Online Server. You have to ensure that
the Office Online Server is accessible from where the user is. For example, if you want to support users that
are outside the corporate network, you can make the Office Online Server accessible through a reverse
proxy.
3. The Office Online Server gets the document from the content farm and renders the document in the user's
web browser.
See also
Other Resources
Learn about cloud hybrid search for SharePoint
Plan cloud hybrid search for SharePoint
Configure cloud hybrid search for SharePoint
Display hybrid federated search results in SharePoint
Server
6/7/2019 • 14 minutes to read • Edit Online
Step 1: Create a result source that defines how to get search results
from SharePoint Online
In this procedure, you create a result source in the SharePoint Server deployment. This result source is a definition
that specifies SharePoint Online as a provider to get search results from. This definition specifies each of the
following:
The SharePoint Online URL to get search results from
The protocol for getting those results
The method for authenticating against SharePoint Online
Result sources can be created at the Search service application level, the site collection level, or the site level. In
this procedure, you create the result source at the Search service application level. This will make the result source
available to any query rule that is created at the same level, and also to any query rule that is created for a site
collection or site that is in a web application that consumes the Search service application.
For more information about result sources, see the following resources:
Understanding result sources for search in SharePoint Server
Configure result sources for search in SharePoint Server
To create the result source
1. Verify that the user account that you use to perform this procedure is an administrator for the Search
service application that you want to configure.
2. In the SharePoint Server deployment, in Central Administration, in the Application Management
section, click Manage service applications.
3. Click the Search service application to which you want to add a result source.
4. On the Search Administration page for the Search service application, in the Quick Launch, click Result
Sources.
5. On the Manage Result Sources page, click New Result Source.
6. On the Add Result Source page, do the following:
In the General Information section, in the Name text box, type a name for the new result source—for
example, Get results from SharePoint Online.
(Optional) In the General Information section, in the Description text box, type a description of the new
result source.
This description will appear as a tooltip when the pointer rests on the result source on certain configuration
pages.
In the Protocol section, select Remote SharePoint.
In the Remote Service URL section, type the address of the root site collection in SharePoint Online that
you want to get search results from, such as https://adventure-works.sharepoint.com.
In the Type section, select SharePoint Search Results.
In the Query Transform section, you can use the query transform to narrow the search results to a
specified subset—for example, a subset that is from a particular SharePoint site collection or site. However,
if you are not familiar with query transforms in SharePoint Server, we recommend that you keep the
default query transform here. The default transform is {searchTerms}, which is a query variable that stands
for the query that the user typed, as it was changed by the most recent query transform. If you are familiar
with query transforms, either keep the default query transform or type a different query transform in the
text box. You can also click Launch Query Builder if you want to use Query Builder to help you configure
a different query transform. For more information about see Plan to transform queries and order results in
SharePoint Server and Query variables in SharePoint Server.
In the Credentials Information section, select Default Authentication.
Click Save to save the new result source.
For testing, we recommend that you select the Local SharePoint Results result source here. If you
do so, then by default the query rule will be applicable when a user performs a query in the
Everything search vertical in the enterprise Search Center, because that vertical uses the Local
SharePoint Results result source by default.
After you select a result source from the drop-down list, all existing query rules that apply to that
result source appear on the page. (On the Search_service_application_name: Add Query Rule page,
in the Context section, you will be able to add or remove result sources for which you want the rule
to be applicable.)
(Optional) Under the text For what context do you want to configure rules?, in the User
Segments drop-down list, select a user segment for which you want this query rule to be applicable.
User segments are based on terms that describe users in the term store of a Managed Metadata
service application. (On the Add Query Rule page, in the Context section, you will be able to add or
remove user segments for which you want the rule to be applicable.)
(Optional) Under the text For what context do you want to configure rules?, in the Topic
Categories drop-down list, select a topic category for which you want this query rule to be
applicable. Topic categories are based on terms for categories in the term store of a Managed
Metadata service application. (On the Add Query Rule page, in the Context section, you will be able
to add or remove categories for which you want the rule to be applicable.)
Click New Query Rule.
6. On the Search_service_application_name: Add Query Rule page, do the following:
In the General Information section, in the Rule Name text box, type a name for the new query
rule—for example, Show results from SharePoint Online.
If the Context section is collapsed, click the arrow next to Context to expand it.
In the Context section, under Query is performed on these sources, select All sources if you
want this query rule to be applicable for queries that users submit against any result source, or select
One of these sources, and then optionally click Add Source to add other result sources for which
you want the query rule to be applicable.
(Optional) Under Query is performed from these categories, specify the topic categories (based
on terms for topic categories in the term store of a Managed Metadata service application) to
perform the query from.
(Optional) Under Query is performed by these user segments, specify user segments (based on
terms that describe users in the term store of a Managed Metadata service application) to which you
want the query rule to apply.
In the Query Conditions section, specify conditions to control when the rule will fire, or click
Remove Condition if you want the rule to fire for any query text. For testing, we recommend that
you click Remove Condition so that the rule will fire for any query text.
In the Actions section, under Result Blocks, click Add Result Block.
(Optional) In the Block Title section, in the Title text box, change the title to the text that you want
to display above the result block on the search results page, such as Results for "{subjectTerms}"
from SharePoint Online.
In the Que ry section, enter the query you want to run. Either type it in the Configure Query text
box, or launch the Query Builder to get help configuring the query. If you are not familiar with
transforming queries in SharePoint Server, we recommend that you keep the default query here,
namely {subjectTerms}. For more information see Plan to transform queries and order results in
SharePoint Server and Query variables in SharePoint Server.
In the Query section, in the Search this Source drop-down list, select the name of the result source
that you created in the previous procedure in this article ( Step 1: Create a result source that defines
how to get search results from SharePoint Online)—for example, Get results from SharePoint
Online.
In the Query section, in the Items drop-down list, select the number of search results from
SharePoint Online that you want to show in this result block on the search results page.
For example, select 3 to display three results from SharePoint Online in this result block.
If you want to display a Show More link at the bottom of the result block, expand the Settings
section and select More link goes to the following URL, and type the URL for the link to a page
that displays more results from the SharePoint Online search index.
For example, to specify the main search results page as the page that displays more results, typically
you can type a URL of the following form (followed by "?k={subjectTerms}" to signify the user's
search query): http:// domain_name.com/sites/ Search_Center_name/pages/results.aspx?k=
{subjectTerms}.
When end users click Show More, they will see more results for the result block.
Specify the placement of the block of results from SharePoint Online relative to the results from
SharePoint Server.
Select This block is always shown above core results to display the result block at or near the
top of the first page of search results. In this case, core results are the results from the SharePoint
Server search index. This option is useful for testing, or when most of the relevant content is
located in the remote search index in the hybrid environment. If you select this option for more
than one result block, you can configure the order in which the result blocks are displayed by
ranking the associated query rules.
Select This block is ranked within core results (may not show) to display the result block
such that it is ranked by relevance compared to the core results, in which case the result block
might not appear on the first page of search results.
This is the default setting and is typically the more appropriate choice in a production
environment. As with individual results, the rank of the result block might be different when users
perform the same query later. For example, if users click search results in the result block, the
result block will be ranked higher in the search results over time. Otherwise, the result block will
be ranked lower over time.
(Optional) Specify a different URL for the group display template in the Group Display Template
URL text box.
(Optional) Specify an item display template in the Item Display Template text box,
Skip the Routing section.
Click OK to add the result block.
7. (Optional) Specify when the query rule shall be active. In the Publishing section, use the Start Date, End
Date, Review Date, and Contact fields. The start date and end date specify when the query rule will be
active.
If you specify a start date without an end date, the rule will always be active after the start date.
If you specify an end date without a start date, the rule will always be active until the end date.
If you do not specify a start date or an end date, the rule will always be active.
8. Activate the query rule by selecting Is Active in the Publishing section. When a query rule is active, it fires
whenever the query conditions are met.
9. Click Save.
After a few moments, when federated users submit queries from the SharePoint Server Search Center against a
result source that you specified in step 6c of this procedure, they will see results from both search indexes, as
shown in the following screen shot. In the screen shot, a block of three search results from SharePoint Online
appears above the search results from SharePoint Server.
NOTE
A federated user is a user whose on-premises Active Directory Domain Services (AD DS) domain account is synchronized
between SharePoint Server and SharePoint Online, and who accesses resources in both environments by authenticating with
the federation identity provider, such as Active Directory Federation Services (AD FS) 2.0.
Step 3: Try a search from the SharePoint Server 2013 Search Center
To validate your configuration for displaying search results from both SharePoint Server and SharePoint Online in
the SharePoint Server Search Center, you can log on to SharePoint Server as a federated user and try some
searches from the enterprise Search Center. Use the following procedure to validate your configuration in this
way.
IMPORTANT
If you are using single sign-on (SSO) authentication, it is important to test hybrid Search functionality by using federated
user accounts. Native Office 365 user accounts and Active Directory Domain Services (AD DS) accounts that are not
federated are not recognized by both directory services. Therefore, they cannot authenticate using SSO and cannot be
granted permissions to resources in both deployments. For more information, see Accounts needed for hybrid configuration
and testing.
1. Log on to the SharePoint Server deployment as a federated user who has been activated in SharePoint
Online and who has permissions to view the root site collection in SharePoint Online.
2. Browse to the enterprise Search Center in the SharePoint Server deployment.
3. In the enterprise Search Center, do the following:
Click a search vertical that uses a result source that you specified in step 6c of the second procedure
in this article (Step 2: Create a query rule to turn on hybrid search results in SharePoint Server
2013).
In the search box, type a test query, such as the name of your company.
Make sure that the test query should yield search results from the SharePoint Server search index
and the SharePoint Online search index.
Click the search icon, or press Enter.
4. On the search results page, you should see results from the SharePoint Server search index and a result
block of results from the SharePoint Online search index.
5. If you do not see results from both search indexes, do the following:
Verify that the search system in SharePoint Server has crawled the local content. For information
about how to view the crawl log, see Crawl log in View search diagnostics in SharePoint Server
Verify that you have configured the hybrid SharePoint environment as described in first SharePoint
Server 2016 hybrid configuration roadmaps and then Configure server-to-server authentication
from SharePoint Server to SharePoint Online.
Verify that you have configured Search features and functionality as described in this article.
Correct any errors or omissions, and try a search again.
6. If you still do not see search results from both search indexes, check the SharePoint Unified Logging
Service (ULS ) logs, also called the SharePoint trace logs.
For more information, see Overview of Unified Logging System (ULS ) Logging.
See also
Concepts
Plan hybrid federated search for SharePoint Server
Display hybrid federated search results in SharePoint Online
Display hybrid federated search results in SharePoint
Online
6/11/2019 • 17 minutes to read • Edit Online
Step 1: Create a result source that defines how to get search results
from the SharePoint Server 2013 deployment
In this procedure, you create a result source in SharePoint Online. This result source is a definition that specifies
SharePoint Server as a provider to get search results from. This definition specifies each of the following:
The protocol for getting search results from the SharePoint Server deployment.
The URL of the reverse proxy device. The reverse proxy device forwards search queries from SharePoint
Online to the SharePoint Server deployment.
The ID of the target application that stores the Secure Store SSL certificate.
Result sources can be created at the SharePoint Admin Center level, the site collection level, or the site level. In
this procedure, you create the result source at the SharePoint Admin Center level. This makes the result source
available to any query rule that is created at the same level, and also to any query rule that is created for a site
collection or site.
For more information about result sources, see Understanding result sources and Manage result sources.
1. Verify that the user account that you use to perform this procedure is a global administrator for the Office
365 subscription that you want to configure.
2. In the SharePoint Online Admin Center, in the Quick Launch, click search.
3. On the search administration page, click Manage Result Sources.
4. Click New Result Source.
5. On the page where you can create a new result source, do the following:
In the General Information section, in the Name text box, type a name for the new result source—
for example, Get results from SharePoint Server 2013.
(Optional) In the General Information section, in the Description text box, type a description of the
new result source. This description will appear as a tooltip when the pointer rests on the result
source on certain configuration pages.
In the Protocol section, select Remote SharePoint.
In the Remote Service URL section, type the address of the external endpoint of the reverse proxy
device, such as https://spexternal.adventureworks.com. The reverse proxy device routes queries that
are submitted in SharePoint Online to the SharePoint Server deployment. For more information,
see Configure a reverse proxy device for SharePoint Server hybrid. The external endpoint of the
reverse proxy device is its Internet-facing endpoint. The address of that external endpoint is called
the external URL. Get the value of the external URL from the External URL row in Table 3 of the
SharePoint hybrid worksheet that you have been maintaining, and type it in the Remote Service
URL text box.
In the Type section, select SharePoint Search Results.
In the Query Transform section you can enter a query transform to narrow the search results to a
specified subset—for example, a subset that is from a particular SharePoint site collection or site.
However, if you are not familiar with query transforms in SharePoint Server or SharePoint Online,
we recommend that you keep the default query transform that's in the text box. The default
transform is {searchTerms}, which is a query variable that stands for the query that the user typed,
as it was changed by the most recent query transform. If you are familiar with query transforms you
can change the default query transform by either typing a different query transform in the text box
or launching the Query Builder to help you configure a query transform. For more information, see
Plan to transform queries and order results in SharePoint Server and Query variables in SharePoint
Server.
If you are connecting to your organization's intranet through a reverse proxy, in the Credentials
Information section, select SSO Id and then in the Reverse proxy certificate (Secure Store Id)
text box, type the name of the target application—for example, SecureChannelTargetApp—which
stores the Windows certificate that will be used to authenticate to the reverse proxy device. Get the
name of the target application from the Target Application ID row in Table 6 of the SharePoint
hybrid worksheet that you have been maintaining, and enter it in the Reverse proxy certificate
(Secure Store Id) text box.
Click OK to save the new result source.
(Optional) Under the text For what context do you want to configure rules?, in the User
Segments drop-down list, select a user segment for which you want this query rule to be
applicable. User segments are based on terms that describe users in the term store of a Managed
Metadata service application. (On the Add Query Rule page, in the Context section, you will be able
to add or remove user segments for which you want the rule to be applicable.)
(Optional) Under the text For what context do you want to configure rules?, in the Topic
Categories drop-down list, select a topic category for which you want this query rule to be
applicable. Topic categories are based on terms for categories in the term store of a Managed
Metadata service application. (On the Add Query Rule page, in the Context section, you will be able
to add or remove categories for which you want the rule to be applicable.)
Click New Query Rule.
5. On the Add Query Rule page, do the following:
In the General Information section, in the Rule Name text box, type a name for the new query
rule—for example, Show results from SharePoint Server.
If the Context section is collapsed, click the arrow next to Context to expand it.
In the Context section, under Query is performed on these sources, select All sources if you
want this query rule to be applicable for queries that users submit against any result source, or
select One of these sources, and then optionally click Add Source to add other result sources for
which you want the query rule to be applicable.
NOTE
The result source that you selected on the Search_service_application_name: Add Query Rule page (for
example, Local SharePoint Results—see step 5a of this procedure) will be shown under One of these
sources. > When you select One of these sources, this query rule will be applicable only when a user
submits a query against one of the result sources in this list. Therefore, make sure that the result source
appears for which you want this query rule to be applicable—for example, Local SharePoint Results.
(Optional) Under Query is performed from these categories, specify the topic categories (based
on terms for topic categories in the term store of a Managed Metadata service application) to
perform the query from.
(Optional) Under Query is performed by these user segments, specify user segments (based on
terms that describe users in the term store of a Managed Metadata service application) to which you
want the query rule to apply.
In the Query Conditions section, specify conditions to control when the rule will fire, or click
Remove Condition if you want the rule to fire for any query text. For testing, we recommend that
you click Remove Condition so that the rule will fire for any query text.
In the Actions section, under Result Blocks, click Add Result Block.
(Optional) In the Block Title section, in the Title text box, change the title to the text that you want
to display above the result block on the search results page, such as Results for "{subjectTerms}"
from SharePoint Server.
In the Query section, you can enter the query you want to run. If you are not familiar with query
transforms in SharePoint Server or SharePoint Online, we recommend that you keep the default
query transform that's in the text box. The default transform is {searchTerms}. If you are familiar
with query transforms you can change the default query transform by either typing a different
query transform in the text box or launching the Query Builder to help you configure a query
transform. For more information, see Plan to transform queries and order results in SharePoint
Server and Query variables in SharePoint Server.
In the Query section, in the Search this Source drop-down list, select the name of the result source
that you created in the previous procedure in this article ( Step 1: Create a result source that defines
how to get search results from SharePoint Online)—for example, Get results from SharePoint
Server.
In the Query section, in the Items drop-down list, select the number of search results from
SharePoint Server that you want to show in this result block on the search results page. For
example, select 3 to display three results from SharePoint Server in this result block.
If you want to display a Show More link at the bottom of the result block, expand the Settings
section and select More link goes to the following URL, and type the URL for the link to a page
that displays more results from the SharePoint Server search index. For example, to specify the main
search results page as the page that displays more results, typically you can type a URL of the
following form (followed by "?k={subjectTerms}" to signify the user's search query): http://
Tenant_Name.sharepoint.com/sites/ Search_Center_Name/pages/results.aspx?k={subjectTerms}.
When end users click Show More, they will see more results for the result block.
Specify the placement of the block of results from SharePoint Server relative to the results from
SharePoint Online. Select This block is always shown above core results to display the result
block at or near the top of the first page of search results. In this case, core results are the results
from the SharePoint Online search index. This option is useful for testing, or when most of the
relevant content is located in the remote search index in the hybrid environment. If you select this
option for more than one result block, you can configure the order in which the result blocks are
displayed by ranking the associated query rules. Select This block is ranked within core results
(may not show) to display the result block such that it is ranked by relevance compared to the core
results, in which case the result block might not appear on the first page of search results. This is the
default setting and is typically the more appropriate choice in a production environment. As with
individual results, the rank of the result block might be different when users perform the same
query later. For example, if users click search results in the result block, the result block will be
ranked higher in the search results over time. Otherwise, the result block will be ranked lower over
time.
(Optional) Specify a different URL for the group display template in the Group Display Template
URL text box.
(Optional) Specify an item display template in the Item Display Template text box,
Skip the Routing section.
Click OK to add the result block.
6. (Optional) Specify when the query rule shall be active. In the Publishing section, use the Start Date, End
Date, Review Date, and Contact fields. The start date and end date specify when the query rule will be
active. If you specify a start date without an end date, the rule will always be active after the start date. If
you specify an end date without a start date, the rule will always be active until the end date. If you do not
specify a start date or an end date, the rule will always be active.
7. Activate the query rule by selecting Is Active in the Publishing section. When a query rule is active, it
fires whenever the query conditions are met.
8. Click Save.
After a few moments, when federated users submit queries from the SharePoint Online Search Center against a
result source that you specified in step 5 of this procedure, they will see results from both search indexes, as
shown in the following screen shot. In the screen shot, a block of two search results from SharePoint Server
appears above the search results from SharePoint Online.
NOTE
A federated user is a user whose on-premises Active Directory Domain Services (AD DS) domain account is synchronized
between SharePoint Server and SharePoint Online, and who accesses resources in both environments by authenticating
with the federation identity provider, such as Active Directory Federation Services (AD FS) 2.0.
1. Verify that the user account that you use to perform this procedure is a federated user who has been
activated in SharePoint Online, and who has permissions to view the root site collection there.
2. On the SharePoint Admin Center page, click search.
3. On the search administration page, click Manage Query Rules.
4. On the page for managing query rules, do the following:
In the Select a Result Source drop-down list, click the result source that you selected in step 4a of Step
2 in this article ( Step 2: Create a query rule to turn on hybrid search results in SharePoint Online )—for
example, Local SharePoint Results.
A list of query rules that are applicable to that result source appears.
In the list of query rules, click the query rule that you created according to step 2 in this article ( Step 2:
Create a query rule to turn on hybrid search results in SharePoint Online)—for example, Show results
from SharePoint Server 2013.
5. On the page for editing the query rule, in the Actions section, in the Result Blocks subsection, next to the
name of the query rule that will show results from the SharePoint Server search index (for example, Show
results from SharePoint Server 2013), click edit.
6. In the edit result block dialog box, in the Query section, click Launch Query Builder.
7. In the build your query dialog box, on the BASICS tab, do the following:
In the Select a query section, select the result source that you created according to Step 1 in this
article ( Step 1: Create a result source that defines how to get search results from the SharePoint
Server 2013 deployment)—for example, Get results from SharePoint Server.
In the Query text section, delete the default text, which is {subjectTerms}, and then type a test
query (such as the name of your company) that should yield search results from the SharePoint
Server search index.
8. Click Test query.
In the Search Result Preview pane, if your search configuration is valid and there are relevant results in
SharePoint Server, the SharePoint Online search system will display search results from SharePoint
Server. If there are problems with your configuration, the search system can display troubleshooting
information.
9. Click OK.
NOTE
To view the target of a search result that is from content in the SharePoint Server farm, a user must have at least
Read permission for the root site collection in the primary web application. (In a SharePoint hybrid environment, the
primary web application is in the SharePoint Server farm and is used to receive all connections from Office 365. For
more information about the primary web application, see Plan connectivity from Office 365 to SharePoint Server.)
5. If you do not see results from both search indexes on the search results page, do the following:
Verify that the search system in SharePoint Server has crawled the local content.
Verify that you have configured Search features and functionality as described in this article.
Correct any errors or omissions, and try a search again.
6. If you still do not see search results from both search indexes, check the SharePoint Unified Logging
Service (ULS ) logs, also called the SharePoint trace logs.
For more information, see Overview of Unified Logging System (ULS ) Logging.
See also
Concepts
Plan hybrid federated search for SharePoint Server
Configure hybrid SharePoint taxonomy and hybrid
content types
6/7/2019 • 6 minutes to read • Edit Online
Video demonstration
This video shows a walkthrough of configuring hybrid taxonomy and hybrid content types.
Video: Configure hybrid taxonomy and content types
NOTE
If you receive an HTTP 400 error when attempting to use the Copy-SPTaxonomyGroups cmdlet with correct credentials,
switch to a cloud-based global administrator instead of an Active Directory synchronized account.
$credential = Get-Credential
For example:
$credential = Get-Credential
Note that you can also simply run Copy-SPTaxonomyGroups and you will be prompted for the needed
parameters.
Copying content types
If you're planning to use hybrid content types, you can copy your SharePoint Server content types to SharePoint
Online by using the Copy-SPContentTypes cmdlet. For example:
The content types will be copied into https://contoso.sharepoint.com/sites/contentTypeHub. If this site does not
exist, it will be created for you and the Site Collection Feature Content Type Syndication Hub will be enabled. The
site URL is hard coded and cannot be changed.
$credential = Get-Credential
Stop-SPContentTypeReplication
If you wish to reenable taxonomy replication again, you must run the Hybrid Picker again.
If you simply want to reconfigure which taxonomy groups you are replicating, there's no need to stop replication.
You can just run the hybrid picker again and specify the new taxonomy groups that you want to replicate.
See also
Other Resources
TechNet Forums - Hybrid Taxonomy
Hybrid self-service site creation
6/7/2019 • 2 minutes to read • Edit Online
NOTE
If you've previously configured other hybrid features with the hybrid picker, you can go directly to the SharePoint Central
Administration website to manage hybrid self-service site creation. In this case, the hybrid connection has been made and
there's no need to run the hybrid picker again.
NOTE
While hybrid users of this web application will be redirected to SharePoint Online for self-service site creation, the
other settings on this page continue to apply to any on-premises only users.
4. Click OK.
Set up Search of OneDrive for Business in Office 365
from SharePoint Server
6/7/2019 • 16 minutes to read • Edit Online
How users will access the OneDrive for Business search vertical
A search vertical filters search results so that only a certain subset of all relevant results is displayed. SharePoint
Server provides four preconfigured search verticals: Everything, People, Conversations, and Videos. You can
see the links for these search verticals in the Search Navigation Web Part, which is below the search box on a
search-results page, as shown in the following screen capture.
When a user enters a search query in the search box and then clicks one of the search-vertical links, the Search
system returns search results that correspond to that search vertical only. For example, if the user enters Azure in
the search box and then selects the Videos search-vertical link, the Search system will return only search results
that are videos related to Azure.
In this article, in the SharePoint Server deployment, you will create a search vertical for OneDrive for Business in
Office 365. You will then add a link in the enterprise Search Center for the new search vertical. The link in the
enterprise Search Center will look something like this, depending on what you name it.
After that, when users of on-premises SharePoint Server type queries in the search box in the enterprise Search
Center and they click the OneDrive for Business search-vertical link that you created, they will get search results
only from OneDrive for Business that is in Office 365.
Step 3: Configure the Search Results Web Part to display results from
OneDrive for Business that is in Office 365
In this procedure, you configure the Search Results Web Part on the search-results page that you created in the
previous procedure in this article (Step 2). You configure the Search Results Web Part to display search results
from OneDrive for Business that is in Office 365.
To configure the Search Results Web Part to display search results from OneDrive for Business that is in
Office 365
1. Verify that the user account that you use to perform this procedure is a site collection administrator or site
owner for the enterprise Search Center.
2. Go to the page that has a list of all of the search-results pages for the enterprise Search Center.
You accessed this page in the previous procedure in this article (Step 2). To reach it again, browse to the
enterprise Search Center, and then go to Settings > Site Contents > Pages. The URL of the page might
resemble http:// host_name/sites/ Search_Center_name/Pages/Forms/AllItems.aspx.
3. Click the name of the search-results page (such as OneDriveResults) that you created, checked in, and
published in the previous procedure in this article (Step 2).
Clicking the name of the search-results page will take you to that page.
NOTE
On the search-results page, you might see the message Sorry, something went wrong, or the message Nothing
here matches your search. These are default messages that can be displayed on the search-results page when a
user search fails. These messages do not apply to the configuration that you are currently doing.
Step 4: Create a link in the Search Center for the OneDrive for Business
search vertical
In this procedure, you create the link in the SharePoint Server enterprise Search Center that users will click to get
results from OneDrive for Business that is in Office 365. After you create the link, it appears in the Search
Navigation Web Part, under the search box next to the links for the other search verticals, such as Everything and
People. The links in the Search Navigation Web Part then look something like this, depending on your particular
configuration:
To create the link for the OneDrive for Business search vertical
1. Verify that the user account that you use to perform this procedure is a site collection administrator or site
owner for the enterprise Search Center in the SharePoint Server deployment.
2. Browse to the enterprise Search Center in the SharePoint Server deployment.
The URL of the enterprise Search Center is typically of the form http:// host_name/sites/
Search_Center_name.
3. Go to Settings > Site Settings.
4. On the Site Settings page, in the Search section, click Search Settings.
Step 5: Test your configuration for using the OneDrive search vertical
to display search results from OneDrive for Business that is in Office
365
Federated users should now be able to use the new MyOneDrive search vertical to get results from OneDrive for
Business that is in Office 365. Searches that federated users perform in the new search vertical should return the
following items from OneDrive for Business that is in Office 365 that match the search query:
Items that the user has stored in OneDrive for Business in Office 365
Items in OneDrive for Business in Office 365 that are shared with the user
Items in OneDrive for Business in Office 365 that are shared with everyone
A federated user is one who has an account in the on-premises Active Directory Domain Services (AD DS )
Domain Users group that has been synchronized with Azure Active Directory by using the Azure Active Directory
Sync tool (DirSync). The account has group memberships and permissions for resources in the SharePoint Server
deployment and in Office 365, and can access resources in both environments by authenticating with the
federation identity provider, such as Active Directory Federation Services (AD FS ) 2.0.
To validate your configuration for displaying search results from OneDrive for Business that is in Office 365, you
can log on to SharePoint Server as a federated user and try some searches from the OneDrive for Business search
vertical in the enterprise Search Center. Use the following procedure to validate your configuration in this way.
To test your configuration for displaying search results from OneDrive for Business that is in Office 365
1. Log on to the SharePoint Server deployment as a federated user who has been activated in Office 365, and
who has permission to view the root site collection in SharePoint Online in Office 365.
2. Browse to the enterprise Search Center in the SharePoint Server deployment.
The URL of the enterprise Search Center might resemble http:// host_name/sites/ Search_Center_name.
3. In the enterprise Search Center, do the following:
4. In the search box, type a test search query, such as the name of your company.
Make sure that it's a query that should yield some search results from OneDrive for Business that is in
Office 365.
5. Press Enter or click the search icon, and then wait for initial search results to be displayed.
6. After the initial search results are displayed, click the link for the search vertical for OneDrive for Business
that you created earlier in this article.
7. On the search-results page, confirm that you see results from OneDrive for Business that is in Office 365.
8. If you do not see results from OneDrive for Business in Office 365 on the search-results page, do the
following:
9. Verify each of the following:
10. You configured the hybrid SharePoint environment as described in the following articles, and in the
following order:
11. Configure hybrid federated search from SharePoint Server to SharePoint Online - roadmap
12. Configure server-to-server authentication from SharePoint Server to SharePoint Online
13. You completed the procedures described in Configure hybrid OneDrive for Business.
14. You completed the previous procedures described in this article.
15. Correct any errors or omissions, and try a search again.
16. If you still do not see search results from OneDrive for Business that is in Office 365, check the SharePoint
Unified Logging Service (ULS ) logs, also called SharePoint trace logs.
For more information, see Overview of Unified Logging System (ULS ) Logging.
Deploy a Business Connectivity Services hybrid
solution in SharePoint
6/7/2019 • 4 minutes to read • Edit Online
See also
Concepts
Hybrid for SharePoint Server
Plan SharePoint Server hybrid
Install and configure SharePoint Server hybrid
Other Resources
Introducing OData: Data Access for the Web, the cloud, mobile devices, and more
Prepare your environment for the Business
Connectivity Services hybrid scenario
6/7/2019 • 10 minutes to read • Edit Online
IMPORTANT
Keep track of this name; you will use it when you create the external content type in the next procedure.
5. In the Service Address box, type the URL of the OData service endpoint that you created.
6. For this scenario, select the Use credentials stored in Sharepoint on-premises as the authentication
option, and then type the name of target application ID that holds the group to account mapping. In this
scenario, it is ODataApp that you created.
7. In the Authentication Mode drop-down list, select Impersonate Window's Identity.
8. In the Internet-facing URL box, type the external URL with the /_vti_bin/client.svc extension. For example
https://hybridexternal.sharepoint.com/_vti_bin/client.svc.
9. In the Secure Store Target Application ID box, type the ID of the target application that holds the Secure
Channel certificate. For example SecureChannelTargetApp.
10. Click Create.
Create and configure the external content type
In every BCS solution, the external content type defines the external data to SharePoint Server. It includes
descriptions of how the data is structured, how it is secured, the specific portions of the external data that you want
to interact with, and the permitted operations. When an external list or app for SharePoint or business data Web
Part makes a request for external data, the Business Data Connectivity service refers to the external content type
for the list or app or Web Part to understand how to communicate with the external data source.
In the BCS hybrid scenario, only OData sources are supported and the preferred way to make an external content
type for an OData source is to use Visual Studio 2012. Visual Studio 2012 simplifies the external content type
creation process by directly connecting to the OData source, reading it, and building the external content type XML
for you. Once created, you have to make some minor changes to the XML, such as inserting which connection
settings object to use and removing some of the boilerplate code, before you can deploy it to SharePoint Online
for use in the BCS hybrid scenario.
Before you begin, make sure you have the following:
Visual Studio 2012 installed on a computer that on your corporate network.
The OData service endpoint URL
Microsoft Office Tools for Visual Studio 2012
Once you have all of that, complete the steps in How to: Create an external content type from an OData source in
SharePoint 2013 in the MSDN Library.
When you are done creating the external content type, deploy the hybrid scenario to an external list.
See also
Concepts
Deploy a Business Connectivity Services hybrid solution in SharePoint
Overview of Business Connectivity Services security tasks in SharePoint Server
Deploy the Business Connectivity Services hybrid
scenario as an external list
6/7/2019 • 2 minutes to read • Edit Online
Import the BDCM file into the SharePoint Online BDC Metadata Store
When you import the BDC Model file into SharePoint Online, you must be logged in to the SharePoint Online
administrator site as a federated account (an account imported to Office 365 from On-Premise using Directory
Sync). This federated account should also be given Global Administrator rights in Office 365. When importing the
BDC Model to configure Hybrid BCS, certain calls are made to SharePoint Server that will require you use a
federated user account. Be aware the account must also have a populated user profile in SharePoint Server.
To import a BDCM file into the SharePoint Online BDC Metadata Store
1. Log on to your SharePoint Online tenancy by using an administrative account, and then open the
SharePoint Online Administration Center.
2. In the Quick Launch, click bcs.
3. Under business connectivity services, click Manage BDC Models and External Content Types.
4. On the Edit tab, click Import.
5. Click Browse, and then browse to the .bdcm file that you exported.
6. Leave the default selections for File Type and Advanced Settings, and then click Import. During the
import, BCS validates the XML in the model, queries the connection settings object, and connects to the on-
premises OData source.
When you import a BDCM model into the BDC metadata service, you are creating an external content type. This
external content type is available for tenant-wide use.
See also
Concepts
Deploy a Business Connectivity Services hybrid solution in SharePoint
Validate the Business Connectivity Services hybrid
scenario
6/7/2019 • 2 minutes to read • Edit Online
Account A External data displayed and editable. If the external data does not display or
Has site/list/app permissions. you cannot edit it, check the site
Is federated. permissions, your federation setup, and
Is a member of the on-premises global the membership of your on-premises
security group ( ODataGroup). global security group; for example, the
ODataGroup.
Account B External data does not display. If the external data does display and
Does not have site/list/app permissions. you can edit it, check the site/list/app
Is federated. permissions.
Is a member of the on-premises global
security group ( ODataGroup).
Account C External data does not display. If the external data does display and
Has site/list/app permissions. you can edit it, check your federation
Is not federated (is an Office 365 setup and membership of your on-
account only). premises global security group ( Odata
Cannot be added to the on-premises Group).
global security group ( ODataGroup).
ACCOUNT EXPECTED OUTCOME TROUBLESHOOTING STEP
Account D External data does not display. If the external data does display and
Has site/list/app permissions. you can edit it, check the membership
Is federated. of your on-premises global security
Is not a member of your on-premises group ( ODataGroup) and the
global security group ( ODataGroup). permissions that you set on the OData
service endpoint that you configure in
Deploy a Business Connectivity Services
hybrid solution in SharePoint
2. Open (by using In-Private browsing if possible) the SharePoint Online site that contains the external list or
app for SharePoint by using each of the accounts in turn. Be sure to completely log out and close your
browser in between tests.
3. If you don't see the expected outcome, refer to the troubleshooting step in the previous table, fix the issue,
and repeat all four tests until you achieve the expected outcome.
If you see the error message:
ResourceBudgetExceeded, sending throttled status code.
Exception=Microsoft.SharePoint.SPResourceBudgetExceededException: ResourceBudgetExceeded at
Microsoft.SharePoint.SPResourceTally.Check(Int32 value) at
Microsoft.SharePoint.SPAggregateResourceTally.Check(SPResourceKind kind, Int32 value) at
Microsoft.SharePoint.Client.SPClientServiceHost.OnBeginRequest()
You can either remove the throttling:
See also
Concepts
Deploy a Business Connectivity Services hybrid solution in SharePoint
Governance SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
IT governance in SharePoint Learn about key factors in governing a SharePoint service and
what to include in a service-level agreement.
Application management and governance in SharePoint Learn how to govern applications for SharePoint by creating a
customization policy and understanding the app model,
branding, and life-cycle management.
Information management and governance in SharePoint Learn how to plan effective information architecture to ensure
that your SharePoint solution meets your business needs.
Plan for managed metadata in SharePoint Server Learn about managed metadata, term sets, and taxonomy in
SharePoint.
How to use the Managed Solutions Gallery Learn how to use the Managed Solutions Gallery for code-
based sandbox solutions in SharePoint Server 2016,
SharePoint Server 2013, and SharePoint Server 2010.
eDiscovery and in-place holds in SharePoint Server Learn about eDiscovery across SharePoint Server 2016 and
Exchange Server 2016, or SharePoint Server 2013 and
Exchange Server 2013, and the eDiscovery Center, eDiscovery
cases, in-place holds, and exports.
Records management in SharePoint Server Learn about records management and the records
management planning process in SharePoint Server.
Document management in SharePoint Server Learn about the elements of a document management
solution and the document management planning process in
SharePoint Server.
Workflow in SharePoint Server Learn about how to use Workflows in SharePoint to model
and automate business processes.
What is governance in SharePoint?
6/7/2019 • 4 minutes to read • Edit Online
NOTE
The What is governance? poster gives a summary of this content. Download the PDF version or Visio version.
Governance team
Your governance policies should support your organization's goals and be kept up-to-date as your organization's
needs change. We recommend that you create a team from various disciplines across your organization to develop
and maintain these policies. Include people from as many of the following roles as possible:
ROLE RESPONSIBILITY
Executive stakeholders Key executives should define the overall goals of the
governance committee and periodically evaluate the success
of the implemented practices and policies.
Financial stakeholders Financial officers should make sure that governance rules and
processes help increase the return on your organization's
investment in SharePoint.
Business division leaders Business leaders represent the teams that do the primary
work of the enterprise and drive the architectural and
functional requirements of the deployment. They work with
information architects to structure the information
architecture and taxonomy standards. Business leaders also
work with IT leaders to create service-level agreements and
other support policies.
Technical specialists Technical specialists design, build, and run IT services and
solutions.
Influential information workers The members of your organization who do the day-to-day
work should help ensure that the services and information
architecture meet their needs.
Information architects or taxonomists Members of these groups design information systems and
taxonomies. Based on their analysis of the information needs
of the audience, they develop plans that support
organizational objectives and define site architecture and
navigation.
Your organization might not have all of these roles, or it might use a different name for some of these roles.
PROVIDE WHY?
Training for the products and services Training and education about SharePoint in your governance
plan helps drive adoption and reduce support costs.
Education about your governance policies Training your user community appropriately increases
compliance with your policies, increases satisfaction with your
services, and reduces support costs.
Content to support your services and policies Having good quality resources and information available helps
your users find the answers when they have questions about
a service, process, or policy.
A good search infrastructure Having a good search infrastructure helps your users find
what they need when they need it.
See also
Concepts
IT governance in SharePoint
Information management and governance in SharePoint
Application management and governance in SharePoint
Other Resources
Governance planning in SharePoint
What is governance poster (Visio format)
What is governance poster (PDF format)
IT governance in SharePoint
6/7/2019 • 5 minutes to read • Edit Online
AREA RECOMMENDATION
Security, infrastructure, and web application policies How is the system and infrastructure maintained and who has
access at what levels? What's the maximum upload size you
want to allow? Are you controlling the use of fine-grained
permissions?
Data protection (backup and recovery) Vary the level of data protection that you offer based on
service levels. Plan how often you back up the farms and how
quickly you can guarantee the data is restored.
Site policies Use site policies to help control site proliferation. A site policy
defines the life cycle of a site by specifying when the site will
be closed and when it will be deleted. When you close or
delete a site, any subsites are also closed or deleted. If an
Exchange mailbox is associated with a site, the mailbox is
deleted from Exchange Server 2013 when the site is deleted.
Quotas Quota templates define how much data can be stored in a site
collection and the maximum size of uploaded files. Associate
different quota templates with site collections at different
service levels.
Asset classification Classify sites and content by value and impact of the content
to the organization (such as high, medium, or low business
value/impact). That classification then controls other
requirements, such as encryption for high business impact
information.
Impact = Exposure
If this leaks, will it hurt my business?
Value = Availability
If this isn't available, can my business run?
Service-level agreements
Your organization should create appropriate service-level agreements for each service you provide. A good
service-level agreement should include:
The approval process, including the length of time and approvals necessary to create a site.
Costs for users or departments.
Operations-level agreement, which specifies which teams perform which operations and how frequently.
Policies around problem resolution through a support team.
Negotiated performance targets for first load of a site, subsequent loads, and performance at remote
locations.
Recovery, load balancing, and failover strategies.
Customization policies.
Storage limits for content and sites.
How to handle inactive or stale sites.
Multilingual support.
Deployment governance
In addition to governing services that you offer, you also need to govern installations of SharePoint in your
environment.
Track installations An Active Directory Domain Services (AD DS ) marker named Service Connection
Point identifies the SharePoint servers in an organization. Set this marker for each domain in your
organization if you want to track installations in all domains. See Track or block SharePoint Server 2010
installations.
Block installations You can block installations of SharePoint Server 2016 to prevent users from installing
it to unauthorized servers that you don't want to support. Use a Group Policy in Active Directory Domain
Services (AD DS ) to set a registry key on all servers to block installations. This registry key existed by
default in SharePoint Server 2010, but is not included in SharePoint Server 2016. You can create it yourself
in the registry if you want to block installations. See Track or block SharePoint Server 2010 installations.
Keep current with software updates Keep your servers current. Test and install recommended software
updates. See the Updates Resource Center for SharePoint Server 2016.
Site collection upgrades Site collections can now be upgraded independently from the content databases.
Determine who, when, and how to upgrade site collections when a new version or an update is available.
See Plan for site collection upgrades in SharePoint 2013.
Application management and governance in
SharePoint
6/7/2019 • 8 minutes to read • Edit Online
Customization policy
Determine the types of customizations you want to allow and how to manage them. Your customization policy
should include:
Service-level descriptions What are the parameters for supporting and managing customizations in your
environments? See Service-level agreements.
Guidelines for updating customizations How do you manage changes to customizations, and how do
you roll out those changes to your environments? Consider ways to manage source code, such as a source
control system and standards for documenting the code.
Processes for analyzing How do you understand whether a particular customization is working well in
your environment, or how do you decide which ones to create, change, or retire?
Approved tools for customization Consider development standards, such as coding best practices and
the tools that you will to use across your organization. For example, you should decide whether to allow the
use of SharePoint Designer 2013 and Design Manager, and specify which site elements can be customized
and by whom.
Process for piloting and testing customizations How do you test and deploy customizations? How
many people should be in a pilot testing group? What are your standards for testing and validating
customizations?
Who is responsible for ongoing support Who will be responsible for supporting customizations in your
environments—individual teams or a central group?
Guidelines for packaging and deploying customizations Do you have individual packages for each, or
do you include several in a feature or solution? Which customizations should be apps for SharePoint
instead of solutions? How do you ensure that customizations in one environment do not affect the rest of
your SharePoint implementation?
Specific policies regarding each potential type of customization What types of customizations do
you allow?
For more information about kinds of customizations and their potential risks, see the Customizations table
later in this article. For more information about processes for managing customizations, see the white paper
SharePoint Products and Technologies customization policy. Most of this content still applies to SharePoint
Server 2016.
Policies around using the App Catalog and SharePoint Store Which apps for SharePoint do you want
to make available to your organization? Can users purchase apps directly? See Solutions or apps for
SharePoint? later in this article for more information.
The highly customizable design of SharePoint products enables you to provide the look, behavior, or functionality
that meets your business needs. Customizations can introduce risk to your environment, whether that risk is to the
environment's performance, availability, or supportability. Conversely, a "no customizations" policy severely
restricts your organization's ability to take advantage of the SharePoint platform.
All customizations are not the same. You must decide carefully which kinds of customizations to allow in your
environment. You must ensure the customizations support the performance, availability, and supportability you
want for your environment. Your governance policy should balance a level of acceptable risk against the business
needs for your organization.
What is considered a customization? All of the following are considered kinds of customizations in SharePoint
products:
Configuration Using the SharePoint user interface to configure SharePoint products.
Branding Changing logos, styles, colors, master pages and page layouts, and so on to create a custom look
for your SharePoint sites. See more about Branding.
Custom code Using developer tools to add or change functionality in SharePoint products or to interact
with other applications. Risk can vary depending on kind of functionality and level of trust (full trust
solutions should be rarely used; consider apps for SharePoint first).
TIP
Sandboxed solutions are deprecated in this release, so they are not the best option for custom code in the long term
Some customizations have very little risk or impact on your environment. Others have the potential for much
higher risk and impact. The following table provides examples of different kinds of customizations, the risk level
associated with that kind of customization, and potential issues that you might face if you allow that kind of
customization.
Customizations
Moderate to high Creating applications that interact with Potential for service outage or
or redirect actions in key pipelines, such performance issues.
as events, claims, and so on. Might require rework at upgrade
Moderate to low Using a custom Web Part outside a Short or long-term performance issues
sandbox environment, creating custom or page errors.
actions such as adding a menu item, or Might require rework at upgrade.
creating a custom site provisioning
process.
Very low to no risk Using apps for SharePoint or using Minor configuration or page errors that
functionality within the product or would have to be addressed. Apps can
configurations, such as associating a be uninstalled or updated.
workflow with a list or using an instance
of a built in Web Part.
NOTE
For more information about customizations and upgrade, see Create a plan for current customizations during upgrade to
SharePoint 2013.
Also, when you think through the customizations to allow in your environment, consider carefully whether a
particular customization is necessary. If it recreates functionality that is already available in the product (such as
creating a Web Part that does the same thing as the Content Editor Web Part or the Content by Query Web Part),
then that might be unnecessary work. Consider first whether the standard functionality can do what you want, or
check the SharePoint Store to see if there is an app for SharePoint available that does what you need.
Life-cycle management
Follow these best practices to manage applications based on SharePoint Server 2016 throughout their life cycle:
Use separate development, preproduction, and production environments, and keep these environments as
synchronized as possible so that you can accurately test your customizations.
Test all customizations before releasing the first time and after any updates have been made before you
release them to your production environment.
Use source code control and solution and feature versioning to track changes to code.
Branding
Consistent branding with a corporate style guide makes for more cohesive-looking sites and easier development.
Store approved themes in the theme gallery for consistency so that users will know when they visit the site that
they are in the right place.
SharePoint Server 2016 includes a new feature to use for branding, Design Manager. By using Design Manager,
you can create a visual design for your website with whatever web design tool or HTML editor you prefer and then
upload that design into SharePoint. Design Manager is the central hub and interface where you manage all aspects
of a custom design.
Solutions or apps for SharePoint?
SharePoint Server 2016 has a new development model based on apps for SharePoint. Apps for SharePoint are
self-contained pieces of functionality that extend the capabilities of a SharePoint website. An app may include
SharePoint features such as lists, workflows, and site pages, but it can also use a remote web application and
remote data in SharePoint. An app has few or no dependencies on any other software on the device or platform
where it is installed, other than what is built into the platform. Apps have no custom code that runs on the
SharePoint servers.
The guidance for whether to use apps for SharePoint or SharePoint solutions is to:
Design apps for end users
Apps for SharePoint:
Are easy for users (tenant administrators and site owners) to discover and install.
Use safe SharePoint extensions.
Provide the flexibility to develop future upgrades.
Can integrate with cloud-based resources.
Are available for both SharePoint Online and on-premises SharePoint sites.
Use farm solutions for administrators
SharePoint solutions:
Can access the server-side object-model APIs that are needed to extend SharePoint management,
configuration, and security
Can extend Central Administration, Microsoft PowerShell cmdlets, timer jobs, custom backups, and
so on.
Are installed by administrators.
Can have farm, web application, or site-collection scope.
For more information about the new development model, Apps for SharePoint compared with SharePoint
solutions, and Deciding between apps for SharePoint and SharePoint solutions.
Set a policy for using apps for SharePoint in your organization. Can users purchase and download apps? How do
you make your organization's apps available? How do you tell if they're being used?
SharePoint Store Determine whether users can purchase or download apps from the SharePoint Store.
App Catalog Make specific apps for SharePoint available to your users by adding them to the App
Catalog.
App requests Configure app requests to control which apps are purchased and how many licenses are
available.
Monitor apps Monitor specific apps in SharePoint Server 2016 to check for errors and to track usage.
Information management and governance in
SharePoint
6/7/2019 • 5 minutes to read • Edit Online
How will data be presented? Plan for business intelligence in SharePoint 2013
How will site users navigate? Overview of site navigation in SharePoint Server
How will search be configured and optimized? Overview of search architecture in SharePoint Server
QUESTION MORE INFORMATION
How can you organize content so that searches return useful Best practices for organizing content for search in SharePoint
results? Server
What types of content will live on sites? Plan content types and workflows in SharePoint 2013 and
Plan for Internet, intranet, and extranet publishing sites in
SharePoint Server
How will content be tagged and how will metadata be Plan for managed metadata in SharePoint Server
managed?
Does any of the content on the sites have unique security Permissions planning for sites and content in SharePoint
needs? Server
What is the authoritative source for terms? Plan terms and term sets in SharePoint Server 2013
How will information be targeted at specific audiences? Audience and content targeting planning (SharePoint Server
2010)
Who will write content for the site and what method will you Overview of publishing to Internet, intranet, and extranet sites
use to publish it? in SharePoint Server
Information access
Be sure to consider access to content when you design your solution and sites. This overlaps with IT governance as
you consider your entire environment. Ask these questions:
Information management: permissions and audiences
How do I target content to a specific audience? Audience and content targeting planning (SharePoint Server
2010)
Should I use Information Rights Management (IRM) to protect Plan Information Rights Management (SharePoint Server
content? 2010)
IT governance: access
How do I make this content available to external users? SharePoint Server design samples: Corporate portal and
extranet sites
How do I make sure that only people who need access have Security and permissions (SharePoint 2013)
it?
Use workflows and approvals for Document Centers and site Plan content types and workflows in SharePoint 2013
pages—wherever official documentation is stored.
Use approval for published websites to control pages. Plan for Internet, intranet, and extranet publishing sites in
SharePoint Server and Plan content types and workflows in
SharePoint 2013
Use version history and version control to maintain a history Plan document versioning, content approval, and check-out
and master document. controls in SharePoint 2013
Manage libraries by using the Content Organizer. Configure the Content Organizer to route documents
Use site policies to manage site collection life cycles. Overview of site policies in SharePoint Server
Use Information Rights Management and auditing to secure Apply Information Rights Management to a list or library and
and audit important corporate assets and any sites that Configure audit settings for a site collection
contain sensitive information.
Determine the rules or policies that you need for the following types of items: pages, lists, documents, records, rich
assets, blogs and wikis, feeds, anonymous comments, anonymous access, terms and term sets, and external data
(Business Connectivity Services).
As a good information management practice, consider the balance among the following factors:
Availability Content needs to be available when users need it and where they can get to it.
Access Consider who has access to the content. If it should be secure, is it?
Redundancy Shared copies reduce redundancy and provide one version of a document.
Consider your priorities for different content by thinking through questions like these:
Which of these factors is the highest priority for each type of content?
Is availability more important than access?
Is access more important than redundancy?
What would make it so difficult for users that they would be tempted to use a different solution?
What trade-offs are possible or desirable?
TO PLAN … SEE …
The structure of sites and subsites Plan sites and site collections in SharePoint Server
Publishing and managing pages Plan for Internet, intranet, and extranet publishing sites in
SharePoint Server
Information management policies Plan for information management policy in SharePoint Server
See also
For the SharePoint Online version of this article, see Introduction to managed metadata.
Configure the Managed Metadata service
6/7/2019 • 4 minutes to read • Edit Online
IMPORTANT
When an InfoPath form that contains custom code is published in a web application with a Managed Solutions Gallery, the
form no longer renders in a browser. It also creates a category of sandbox solution that cannot be approved using the
Managed Solutions Gallery, so publishing fails and the form can no longer be rendered by InfoPath Forms Services. For
additional information, see InfoPath Forms Containing Code Fail to Activate when using the Managed Solutions Gallery.
Overview
The Managed Solutions Gallery is a new feature in the September Public Update for code-based sandbox
solutions which can be downloaded from here, SharePoint Updates https://go.microsoft.com/fwlink/?
LinkID=827479
NOTE
The September Public Update includes the English-language version of the Managed Solutions Gallery. A future Public
Update will include the Multi-language versions of the Managed Solutions Gallery.
NOTE
To initially setup and configure the Managed Solutions Gallery is only available by using the following Microsoft PowerShell
cmdlets: New-SPUserSolutionAllowList, Enable-SPUserSolutionAllowList. To use these cmdlets you must use elevated
administrator privileges, by using RunAs Administrator. > Once the gallery is configured, it is treated as a document library
(that is, SPList) and can be managed by using the user interface.
Before you can use the Managed Solutions Gallery, you must create a site collection on the Master Gallery, and
then enable the functionality of the Managed Solutions Gallery.
Create and enable the Managed Solutions Gallery
1. Verify that you meet all of the following minimum requirements:
You must have membership in the securityadmin fixed server role on the SQL Server instance
You must have membership in the db_owner fixed database role on all databases that are to be updated.
You must be a member of the Administrators group on the server on which you are running the Microsoft
PowerShell cmdlet.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
2. Start the SharePoint Management Shell.
3. At the PowerShell command prompt, type the following command to create the site collection in the
Managed Solutions Gallery.
4. At the PowerShell command prompt, type the following command to enable the functionality of the Managed
Solutions Gallery.
If you want to disable the functionality of the Managed Solutions Gallery, you can run the **Disable-
SPUserSolutionAllowList** cmdlet.
See also
Other Resources
Disable-SPUserSolutionAllowList
Get-SPUserSolutionAllowList
Searching and using keywords in the eDiscovery
Center
6/7/2019 • 6 minutes to read • Edit Online
NOTE
In order for content to be discovered, it must be crawled by search. For more information about the default file types that
are crawled, see the article Default crawled file name extensions and parsed file types in SharePoint Server 2013.
NOTE
When two words are specified with no operator, an implied AND exists. For example: wooly worm is the same as wooly AND
worm .
USE TO EXAMPLE
AND Find content that contains all of the risk AND value AND VAR finds
words or phrases it separates. content that contains all three words.
USE TO EXAMPLE
OR Find content that contains either of the risk OR VAR finds all the content that
words or phrases it separates. contains either word.
NOT Exclude content that contains the term Executive NOT Summary finds all the
within a phrase. content that contains the phrase
Executive, unless the content also
contains the term Summary.
NEAR(n) Finds words that are near each other, Mid NEAR(5) Office finds Mid and
where n equals the number of words Back Office and Mid-Office and Mid,
apart. If no number is specified, the Back, and Front Office.
default distance is 8 words.
Using Wildcards
Wildcards can help you expand your keywords to include terms that contain part of a keyword or terms that have
alternative spellings.
USE TO EXAMPLE
* at the end of word Find terms that contain the root word risk* finds risk, risks, risked, risking, and
and any additional letters. risky
> [!NOTE]
A query must include a term to find. Queries that consist only of terms to exclude will produce an error
message.
Examples for applying rules
KEYWORDS EXAMPLE RESULTS
Executive Briefing Any content that contains both Executive and Briefing,
anywhere in the document, page, message, or metadata.
"Executive Briefing" Any content that contains the exact phrase "Executive
Briefing" anywhere in the document, page, or message.
"Executive Briefing" AND "Executive Summary" Any content that contains the exact phrases "Executive
Briefing" and "Executive Summary" anywhere in the document,
page, message, or metadata.
filename:budget Any file with budget in its filename, such as 2014 budget
projections.docx, 2015 budget priorities.pptx, 2014 budget
planning.xlsx, 2014 budget review.xlsx, and so on
filename:2014 budget filetype:xlsx Excel worksheets that contain the phrase 2014 budget, such
as "2014 budget planning.xlsx" and "2014 budget review.xlsx"
Query Scope
A query can apply to all the content in a case, to specific eDiscovery Sets, or a specific content source (such as Web
content or a fileshare) within an eDiscovery Set. Narrowing the scope may help you identify the right content,
especially if the case is large, and the search returns in other sources or eDiscovery Sets aren't relevant.
IMPORTANT
When the Select sources options is selected, any filters that may have been added as part of the Discovery set are not
included.
To set the scope of a query, click Modify Query Scope, and then select All case content, Select eDiscovery
Sets, or Select sources.
The All case content option includes all content from the list of sources, with any eDiscovery Set filters applied.
You can also include additional content locations when setting query scope.
NOTE
If you don't select the Include items that are encrypted or have an unrecognized format option when you
export search results or just download the reports, the index error reports are downloaded but they don't have any
entries. This doesn't mean there aren't any indexing errors. It just means that unindexed items weren't included in the
request to download the reports.
NOTE
A query can contain a maximum of 100 SharePoint sources, and 500 keywords.
By default, a query searches across all content sources, you can choose which discovery sets or sources a query
searches if you don't need to search them all, which can make your queries run faster. You can also refine your
queries in other ways. For more information, see Searching and using keywords in the eDiscovery Center.
1. If your case is not already open, in an eDiscovery Center, click Cases, and then open the case you want to
create queries for. The case should already have content sources, such as Web sites.
2. In the Search and Export section, under Queries, click New Item.
3. Type a descriptive name for your query.
4. In the Query box, type the keywords you want to use to narrow down your query. Find tips for writing
queries in the See Also section.
5. To narrow down content by a date range, enter the Start Date and End Date.
NOTE
If you type the dates in the Start Date and End Date boxes, use the format mm/ dd / yyyy ; for example, you would use
03/01/2013 to specify March 1, 2013. Use the mm/ dd / yyyy format even if the regional settings on the local computer are
configured with a different format, such as dd /mm/ yyyy . Alternatively, select the start and end dates using the date picker.
1. To limit results to the author of a document or list item, or to a specific sender of e-mail messages, type the
names or e-mail addresses in the Author/Sender box.
2. If you have multiple sources and Discovery Sets, but don't need to search them all, click Modify Query
Scope. Then, specify the discovery sets or content sources you want.
3. To narrow down your query by specific types of content, click the SharePoint tabs, and then select the
checkboxes for the type of content you want. For example, you can select only only PowerPoint slides for
SharePoint.
4. To analyze or further refine your query, click Advanced Query Options., and do one or more of the
following.
To examine the syntax and structure of your query, view the SharePoint Query sections, and the table of
sources that shows filters, queries, and refiners,
5. When you are ready to run your query, click Search. The results are ranked based on relevance, such as how
frequently a search term appears.
NOTE
Once you add queries or content sources to an eDiscovery case, changing the regional settings for the site is not supported.
NOTE
If you update a query and rerun it, only the first page of the new results will be refreshed. If you are viewing multiple pages
of query results, and you are not viewing the first page, the page will not be refreshed with the new results.
NOTE
Once you add content sources or queries to an eDiscovery case, changing the regional settings for the site is not supported.
NOTE
To include sources in a case, they must first be indexed by the SharePoint search service. For more information, see the
person that manages the sites and mailboxes you want to include.
1. If your case is not already open, in an eDiscovery Center, click Cases, and then click the case that you want
to add content sources to.
2. Under eDiscovery Sets, click New Item.
3. Type a name for the eDiscovery Set, such as Executive Correspondence.
4. Next to Sources, click Add & Manage Sources.
5. Under Locations, type the URL for the content you want to use as the source. In SharePoint Server, you
can also type a file share address. Any content you include must be indexed by search.
6. Click Save.
7. In the box under Filter, type any keywords you want to use to narrow down the source.
8. To narrow down content by a date range, enter the Start Date and End Date.
9. To limit results to the author of a document or list item, or to a specific sender of e-mail messages, type the
names or e-mail addresses in the Author/Sender box.
10. Click the Apply Filter button.
11. To verify that you've selected the right content, click Preview Results.
12. Click Save.
NOTE
You can add and remove content sources after you create an eDiscovery Set. To see a list of content sources in an
eDiscovery Set, click Sources.
1. If your case is not already open, in an eDiscovery Center, click Cases, and then click the case in which you
want to place on hold.
2. Under eDiscovery Sets, click New Item.
3. Type a name for the eDiscovery Set, such as Executive Correspondence.
4. Next to Sources, click Add & Manage Sources.
5. Under Locations, type the URL for the content you want to use as the source. In SharePoint Server, you
can also type a file share address. Any content you include must be indexed by search.
6. Click Save.
7. In the box under Filter, type any keywords you want to use to narrow down the source.
8. To narrow down content by a date range, enter the Start Date and End Date.
9. To limit results to the author of a document or list item, or to a specific sender of e-mail messages, types the
names or e-mail addresses in the Author/Sender box.
10. Click the Apply Filter button.
11. Click Enable In-Place hold.
12. To verify that you've selected the right content, click Preview Results.
13. Click Save.
NOTE
After you've placed content on hold, if you want to see a list of content sources for a case, click Sources.
To find and preserve content, create an eDiscovery set. Each eDiscovery set contains the following:
Sources, which are locations to be searched. Exchange mailboxes, SharePoint sites, and file shares can all be
sources.
A filter, which defines what you are searching for. A filter can include search terms, a date range, and an
author's name.
An option to apply an in-place hold to the sources that contain content that matches the filter.
To find and export content, create a query. Each query contains the following:
Query filters, which define what you are searching for. Query filters resemble a filter in an eDiscovery set,
and can include search terms, a date range, and an author's name. However, query filters in a query can
also use stemming.
Sources to be searched. Exchange mailboxes, SharePoint sites, file shares, and eDiscovery sets can all be
sources in a query.
When you run a query, you can see statistics about the items that were found, you can preview the results, and
you can filter the results by message type (for Exchange results) or by file type (for SharePoint results). When you
are finished, you can export the results of the query.
The content that you export by using a query is formatted according to the Electronic Data Reference Model
(EDRM ) specification so that it can be imported into a review tool. An export can include the following:
Documents: Documents are exported from file shares. Documents and their versions can be exported from
SharePoint Server.
Lists: If a list item is included in the query results, the whole list is exported as a comma-separated values
(.csv) file.
Pages: SharePoint pages, such as wiki pages or blogs, are exported as MIME HTML (.mht) files.
Exchange objects: Items in an Exchange Server mailbox, such as tasks, calendar entries, contacts, email
messages and attachments are exported as a .pst file. If Skype for Business conversations are archived in
Exchange, those can be discovered and exported, too.
Crawl log errors.
An XML manifest that provides an overview of the exported information.
As the Search system crawls content, it creates a search index. The search index stores data that's used to provide
the results for search queries. The search index also stores information about the permissions that are required to
access each piece of content. When a user performs a search, the search system uses the search index to identify
the appropriate search results. Before displaying the results, the Search service application performs security
trimming, by which the system compares the user's permissions to the permissions that are required to access
content that search results link to, and then "trims" the results to show only those results that the user has
permissions to view.
In-place holds
SharePoint Server 2013 introduced the concept of an in-place hold. When you apply an in-place hold to a site,
content in the site remains in its original location. Users can still work with the content, but a copy of the content
as it was at the time that you initiated the hold is preserved. Additionally, if an in-place hold is applied to a site, any
new content that's created or added to the site after it was put on hold will be discoverable, and will be preserved
if it's deleted. Also, users don't have to know that their content is on hold.
IMPORTANT
If SharePoint Server runs on a server that uses Alternate Access Mapping (AAM), host-named site collections, or SSL
termination format, then users will not be able to edit web pages in a site that has an in-place hold applied. To allow users to
edit pages in sites that are on hold, you need to disable loopback checking as described in Method 2 of KB article 896861.
An in-place hold is applied at the level of a site. When a hold is placed on a SharePoint site, a preservation hold
library is created, if one doesn't already exist. The preservation hold library is only visible to site collection
administrators so most users can't view it. The search crawler also has special permissions to crawl content in the
preservation hold library.
NOTE
There is one case in which a user can view the preservation hold library. Users who are granted permissions at the web
application level can view all content in all site collections within the web application.
If a user attempts to modify or delete content in a site that's on hold, SharePoint first checks whether the content
has been modified since the hold was applied. If this is the first modification since the hold was applied,
SharePoint copies the content to the preservation hold library, and then allows the user to modify or delete the
original content. Note that any content in the site can be copied to the preservation hold library, even if the
content doesn't match the filter of the eDiscovery set that initiated the hold.
A user receives an error if they try to delete a library, list, or site collection that's on hold. Users also receive an
error if they try to delete a folder that contains a file that's on hold. If users want to delete a folder that contains
one or more files that are on hold, they have to delete those files before they can delete the folder.
The Hold Processing and Reporting timer job generates reports about items on hold and removed item from hold
libraries that are pending release. The timer job runs daily and processes eDiscovery in SharePoint Server.
Consider the following when planning for in-place holds:
To store all versions of content in a site, you have to enable document versioning for the document libraries
in the site. For more information about versioning, see Enable and configure versioning for a list or library.
If a document is deleted from a site that's on hold and document versioning is enabled, all versions of the
deleted document will be preserved.
As previously mentioned, if a site is put on hold, any new content that's created or added to the site after it
was put on hold will be preserved if it's deleted.
If document versioning isn't enabled and an item is placed on hold multiple times, SharePoint preserves
the version that's current at the time each hold is placed. For example, if version 27 of an item is the most
recent when the site is placed on hold the first time, and version 51 is the most recent when the site is
placed on hold the second time, versions 27 and 51 are preserved.
Storage space is used efficiently when an in-place hold is implemented. Most content in a site does not
change, and content that's not changed is not copied to the preservation hold library.
NOTE
A file on a file share whose file name is longer than 259 characters cannot be discovered.
List all the locations that contain content that must be discoverable. If you have more than one eDiscovery Center,
indicate which Search service application will crawl each content source.
If you want to manage the discovery of Exchange Servers 2019, 2016, or 2013 content from a SharePoint Server
eDiscovery Center, you must configure a Search service application to include Exchange Server 2019, 2016, or
2013 as a result source. If you want to manage the discovery of Skype for Business Server 2015 content from a
SharePoint Server eDiscovery Center, you must configure Skype for Business Server 2015 to archive content to
either Exchange Server 2019, 2016 or 2013.
NOTE
SharePoint Server 2019 with Exchange 2019, enables Outlook on the web users to link to and share documents that are
stored in OneDrive for Business instead of attaching files to messages. Users in SharePOint Server 2019 can collaborate on
files the same way as in Office 365. You'll need to run Office Online Server in your environment to do this. For more
information, see the Document collaboration section in What's new in Exchange Server.
NOTE
To manage discovery of Exchange content through SharePoint Server 2013, you must be using Exchange Server 2013. To
manage discovery of Lync content through SharePoint, you must be using both Lync Server 2013 and Exchange Server 2013.
NOTE
Because SharePoint Online is a hosted service, administrators cannot access web applications directly. Therefore, in SharePoint
Online you must explicitly add eDiscovery users as site collection administrators on each site collection that contains
discoverable content.
Decide whether you will grant permissions by web application or by site collection. If you will grant permissions at
the web application level, identify which web applications you will have to grant access to eDiscovery users. (It is
likely that this will be all web applications.) If you will grant permissions at the site collection level, identify which
site collections eDiscovery users will need access to and record your decisions.
Generally, when you export content for eDiscovery, you will also want to export a list of things that could not be
indexed. The search crawl log contains this information. Therefore, eDiscovery users also have to have access to the
search crawl log.
See also
Concepts
eDiscovery and in-place holds in SharePoint Server
Configure eDiscovery in SharePoint Server
Search and place a hold on public folders using In-Place eDicovery
Configure eDiscovery in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
IMPORTANT
To discover content in Exchange Server from a SharePoint eDiscovery Center, you must be running Exchange Server
versions 2019, 2016, or 2013.
Grant permissions
We recommend that you create a security group to contain all users of the eDiscovery Center. After you create
the security group, grant the security group permissions to access all discoverable content.
1. If you will grant permissions at the web application level, create a user policy that gives the security group
full read permissions for each web application that contains discoverable content. For information about
how to create a policy for a web application, see Manage permission policies for a web application in
SharePoint Server.
NOTE
When you change permissions at the web application level, Search re-crawls all of the content in the web
application.
2. If you will grant permissions at the site collection level, make the security group a site collection
administrator for each site collection that contains discoverable content. For information about how to add
a site collection administrator, see Add, change, or remove a site collection administrator.
IMPORTANT
A site collection administrator must add the security group as an additional site collection administrator by using
the Site Settings menu. You cannot use Central Administration to make a security group a site collection
administrator
3. Ensure that the security group has permissions to access all file shares and other websites that contain
discoverable content.
4. If you will use a SharePoint eDiscovery Center to discover content in Exchange Server, grant the security
group permissions to access Exchange Server mailboxes. For information about how to grant permissions
in Exchange, see Integration with SharePoint.
5. Grant the security group permissions to view the crawl log. For information about how to grant
permissions to access the crawl log, see Set-SPEnterpriseSearchCrawlLogReadPermission.
NOTE
Once you add content sources or queries to an eDiscovery case, changing the regional settings for the site is not supported.
> In order for content to be discovered, it must be crawled by search. For more information about the default file types that
are crawled, see the article Default crawled file name extensions and parsed file types in SharePoint Server 2013.
Create a case
1. In an eDiscovery Center, click Create new case.
2. Type a title and description for your case.
3. In the Web Site Address box, type the last part of the URL you want for the case, such as
ContosovsFabrikam.
4. Under Select a template, make sure that eDiscovery Case is selected.
5. Under User Permissions, select whether or not to keep the same permissions as the parent site or use
unique permissions. If specific people will need access to this case, but not to other cases, you should choose
Use unique permissions.
Close cases
When you close a case, in-place holds will be released for all of its sources, and you will no longer be able to put
sources on hold for this case.
1. Click Settings , and then click Case Closure.
2. Click Close this case.
Find more information about eDiscovery
For more information about eDiscovery cases, see the following articles:
Add content to a case and place sources on hold in the eDiscovery Center
Searching and using keywords in the eDiscovery Center
Default crawled file name extensions and parsed file types in SharePoint Server
Overview of crawled and managed properties in SharePoint Server
Create and run queries in the eDiscovery Center
Export content and create reports in the eDiscovery Center
Records management in SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
Benefit plans, insurance plans, pension Employee Benefit Descriptions Descriptions of all employee benefit
plans plans.
Shipping forms, shipping reports Shipping Records Documents the shipment of materials.
Press releases, newspaper articles Press Releases Public relations information about
products and services.
Emergency contact sheets, medical plan Personnel Records Records of individuals' employment
enrollment forms, resumes, benefits histories and related personnel actions.
status reports
RECORD
RECORDS DESCRIPTION MEDIA CATEGORY RETENTION DISPOSITION CONTACT
401k plans Description of Web pages Employee X years None Kathi Flood
employee Benefit Plans
benefit plan.
NOTE
The example earlier in this section is a sample. It is not a recommendation of any particular file plan settings. To reinforce that
this is an example and not a recommendation of any records management policy, no retention periods are supplied.
Plan ways to convert active documents to records in
SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
Payroll timesheets Summaries of hours Electronic documents Payroll records server Using a custom
worked, overtime, not based on program
and salaries paid. SharePoint Server
Managing record retention The content organizer automatically There may be different policies for
puts new records in the correct folder in records and active documents based on
the archive's file plan, based on the current content type or location.
metadata.
FACTOR RECORDS ARCHIVE IN-PLACE RECORDS
Restrict which users can view records Yes. The archive specifies the No. Permissions do not change when a
permissions for the record. document becomes a record. However,
you can restrict which users can edit
and delete records.
Ease of locating records (for records Easier. All records are in one location. Harder. Records are spread across
managers) multiple collaboration sites.
Maintain all document versions as The user must explicitly send each Automatic, assuming versioning is
records version of a document to the archive. turned on.
Ease of locating information (for team Harder, although a link to the Easier.
collaborators) document can be added to the
collaboration site when the document
becomes a record.
Clutter of collaboration site Collaboration site contains only active Collaboration site contains active and
documents. inactive documents (records), although
you can create views to display only
records.
Administrative security A records manager can manage the Collaboration site administrators have
records archive. permission to manage records and
active documents.
The following table describes differences between the two records management approaches that might affect how
you manage IT resources.
Resource differences between a records archive and in-place records
Number of sites to manage More sites. That is,, there is a separate Fewer sites.
archive in addition to collaboration sites.
Scalability Relieves database size pressure on Maximum site collection size reached
collaboration sites. sooner.
Ease of administration Separate site or farm for records. No additional site provisioning work
beyond what is already needed for the
sites that have active documents.
Storage Can store records on different storage Active documents and records stored
medium. together.
See also
Other Resources
Introduction to Records Management and Compliance
Document management in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
NOTE
Policies are not available in SharePoint Foundation 2013.
Identify users and analyze document usage in
SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
Identify users
To identify the stakeholders and participants in your document management solution, you can use a survey to
collect information. For example, your survey might contain the following questions:
Who in your organization creates documents?
What kinds of documents do they create?
What role does the user of the document have?
Who reviews documents?
Who edits documents?
Who uses documents?
Who approves the publication of documents?
Who designs websites used for hosting documents?
Who sets guidelines and policies for managing documents?
Who manages records in your organization?
Who deploys and maintains the servers on which documents are stored?
Identifying content stakeholders can help you make sure that your document management solution is
comprehensive and that you design sites and document libraries that suit your enterprise's content needs and
processes.
Analysis The separate authoring and publishing formats require a format conversion. The large number of
reviewers requires one or more workflows (business processes implemented on the server). The two sites
(authoring and testing) require mechanisms for moving the content from one site to another.
Table: Example with employee information
Analysis Two authors and multiple reviewers require one or more workflows. The document is handled by many
people, then is located in a corporate web server (presumably highly secured) and is managed in place or moved
to a records center. The sensitive nature of this content requires Information Rights Management (IRM ) on the
desktops and servers, in addition to corporate policies and best practices (such as auditing) that protect the
employee's privacy and the enterprise's legal standing.
NOTE
The Records Center is not available in SharePoint Foundation 2013.
Worksheets
Use the following worksheets to record the information discussed in this article:
Document management participants worksheet (https://go.microsoft.com/fwlink/p/?LinkId=165871)
Analyze document usage worksheet (https://go.microsoft.com/fwlink/p/?LinkId=165873)
Plan document libraries in SharePoint Server
6/7/2019 • 9 minutes to read • Edit Online
NOTE
The publishing feature, Document Center, Records Center, and Published Links web service are not available in SharePoint
Foundation 2013. All other content in this topic applies to SharePoint Server 2016, SharePoint Server 2013 and SharePoint
Foundation 2013 unless otherwise noted.
LIBRARY PURPOSE
Library in a team site Collaboration; easy sharing of content among peers; content
control, such as versioning; SharePoint Server search.
Library in a portal area Content that is intended for a wider audience in the
organization; similar to a library in a team site, but typically
implemented by using a stricter review and approval process.
Library in a Document Center site (SharePoint Server 2016 A large-scale library useful as an enterprise knowledge base or
and SharePoint Server 2013 only.) historical archive; includes features to help users navigate,
search, and manage lots of documents in a deep hierarchy by
using a set of specialized Web Parts.
LIBRARY PURPOSE
Library in a Records Center (SharePoint Server 2016 and Specialized records management; each library corresponds to
SharePoint Server 2013 only.) a record type, such as contract, that the organization must
retain for legal compliance purposes; libraries retain
documents, metadata, and associated audits and are meant to
be read-only.
Library in an Internet site (HTML) (SharePoint Server 2016 and Content in web pages to incorporate into an Internet or
SharePoint Server 2013 only.) intranet website; SharePoint Server supports editing web
pages directly and manages the underlying document libraries
for each page automatically.
Library in an Internet site (hybrid) (SharePoint Server 2016 Content available for downloading from a website; you can
and SharePoint Server 2013 only.) present content from document libraries on an Internet site.
The following example shows how to use the analysis that you completed in the Analyze document usage section
in Identify users and analyze document usage in SharePoint Server to help you plan document library organization
for your enterprise. In this example, Contoso Ltd. delivers content to clients based on market research. The content
is created primarily by consultants who operate remotely. This is performed in a cycle in which the following steps
occur:
1. A partner evaluates engagement ideas and requests for proposals.
2. After a contract is established, a project manager assembles a team of consultants and creates an
engagement-specific working site in which the results of the research are recorded and the project is
completed.
3. When the project is finished, the deliverable documents are published to a secured Internet site, where
customers have access to them.
4. The team writes best practices documents and case studies based on the project.
5. Knowledge managers collect, organize, and archive the best practices and other documents.
6. Deliverables, contracts, and other documents are retained as corporate records.
7. By using the content maintained by the knowledge managers, partners evaluate opportunities and create
new proposals.
The following table shows a document usage analysis for this scenario.
Table: Document usage analysis
Research results and Generate documents Project leader; project Editors; technical .docx and other types
project deliverable related to the contributor; reviewers
drafts customer consultant
engagement
Best practices and Capture Project contributor; All team members Various types
case study documents organizational consultant;
knowledge knowledge manager
You can customize the Office Open dialog box and the Save dialog box to encourage organization members to use
document libraries as storage locations. By adding sites to the My Places bar next to the Open dialog box and the
Save dialog box, you can provide single-click access to the locations where users should store their documents.
This makes it possible for team members to interact with the document libraries when they use Save from Office
client applications, instead of having to go directly to the server to upload their documents.
To promote using sites in the Open dialog box and the Save dialog box, you can publish them by using a web
service. This service provides a list of sites targeted to specific users based on their roles or the sites that they are
members of. An Office client application can automatically discover this web service through the user's My Sites.
Other server products can also implement this web service and provide the location of the service to the Office
client application. After the web service is configured, Office adds an entry to the My Places bar and populates it
with the locations that are defined by the web service. For more information about the Published Links web
service, see Published Links web service in the MSDN Library.
Or, administrators can set registry keys to add specific sites to the My Places bar in the Office Open dialog box and
the Save dialog box. Registry keys are deployed by using Group Policy and an Active Directory directory service
template that is provided in the Office 2013 Resource Kit.
You can limit the locations that organization members can save content to by using the Office Save dialog box. For
example, you can restrict the ability to save files to desktops and force users to save content in a document library.
In Office, you can control where users can browse to save their documents. This guides users to save in approved
locations. Note that this does not guarantee that users will not save files to their local computers or other
unapproved locations. There are many ways to move files onto a computer, and motivated people can work around
most restrictions. However, by limiting access to these locations through the Office Save dialog box, you can
significantly reduce the number of team members who use these unapproved locations.
To restrict the locations available in the Office Save dialog box, use Group Policy to set the appropriate registry
keys to enable this setting and define the approved local, network, or server locations. When this setting is enabled,
any location not defined in this manner — including standard links to the Desktop and My Network Places folders
— will be removed from the My Places bar.
The list of approved locations can be limited to one or more Office applications. For example, an administrator can
restrict save locations in Access while allowing other Office applications to save anywhere.
Plan content types and workflows in SharePoint
Server
6/7/2019 • 11 minutes to read • Edit Online
NOTE
You can also associate properties, workflows, policies, and templates directly with a list or library. However, doing this can
limit these associations to the list or library and is not reusable across your solution. In SharePoint Server 2013, site-level
workflows can be associated with multiple lists or libraries.
Document libraries and lists can contain multiple content types. For example, a library can contain both the
documents and the graphics related to a project. When a list or library contains multiple content types, the
following apply:
By default, the New command in that list or library lets users select from all available content types when
they create a new item. Content type owners can configure the New command to display only certain
content types.
The columns associated with all available content types are displayed.
You can define custom content types in a site's content type gallery. A custom content type must be derived, directly
or indirectly, from a core content type such as Document or Item. After it is defined in a site, a custom content type
is available in that site and in all sites below that site. To make a content type most widely available throughout a
site collection, define it in the content type gallery of the top-level site. In SharePoint Server, you can also create a
custom content type inside a content type hub that is defined in a managed metadata service instance. When it is
created in a content type hub, the content type will be available to other site collections that are part of web
applications associated with that managed metadata service instance.
NOTE
The Managed Metadata service and the content type hub are not available in SharePoint Foundation 2013.
For example, if your organization uses a particular contract template, in the content type gallery of the top-level site
in a site collection, you can create a content type that defines the metadata for that contract, the contract's template,
and workflows required to review and complete the contract. Then, any document library in your site collection to
which you associate the Contract content type will include all these features and will enable authors to create new
contracts based on the template.
In sites that are based on SharePoint Server, each default list item or library item, such as Contact, Task, or
Document, has a corresponding core content type in the site's content type gallery. When you plan content types,
you can use these core content type definitions as starting points and base new content types on existing ones as
needed.
Content types are organized into a hierarchy that lets one content type inherit its characteristics from another
content type. This inheritance enables classes of documents to share characteristics across an organization, and it
enables teams to customize these characteristics for particular sites or lists.
For example, all user-deliverable documents in an enterprise might require a set of metadata, such as account
number, project number, and project manager. By creating a top-level Customer Deliverable content type from
which all other customer-deliverable document types inherit, you make sure that required information, such as
account numbers and project numbers, will be associated with all variants of customer-deliverable documents in
your organization. Note that if the content type owner adds another required column to the top-level Customer
Deliverable content type, the content type owner can propagate the changes to all content types that inherit from it,
which will add the new column to all customer deliverable documents.
Properties integration with Office
In the Microsoft Office system, when a user edits a document from a SharePoint Server document management
server, a Document Information Panel is shown at the top of the document. The Document Information Panel
displays an editable form of the document's properties on the server.
SharePoint Server makes it easy to customize the property form for a content type. When you configure a content
type, you can start InfoPath, which generates a default property form that is based on the properties of the content
type. The default form includes the same controls, layout, and schema that InfoPath would use if no custom form
were defined. You can then customize and deploy the form as you would any other InfoPath form. For example,
you can add your company logo, fonts, and color scheme to a form; connect it to a custom data source; add
conditional logic; and design form features that are available to users based on their roles.
Along with editing properties in the Document Information Panel, authors who use Word can insert properties that
are defined on the server into their documents. For example, if the document properties include a project manager
name, this name can be inserted into the title page, the footer, or anywhere else the name is used in the document.
If a new project manager is assigned to a project, the Project Manager property can be updated on the document
management server. This updated project manager name will be reflected in every instance of this property that
was inserted into a document.
Using metadata with content types
Metadata is information about a document that is used to categorize and classify your content. Metadata is
associated with a content type as a column. Metadata can provide contextual information about your document by
associating it with an author, subject, audience, language, and so on. Unlike properties, metadata are stored as
columns and can be indexed and searched on by the SharePoint Search engine.
Metadata added at the site collection level can be associated with content types. By using metadata with content
types, all later content types can inherit some or all the metadata from the parent content type at the site collection
level. Additional metadata can then be added at a lower level, such as a single document.
Column templates
Each item of metadata that is associated with a content type is a column, which is a location in a list to store
information. Lists or libraries are often displayed graphically as columns of information. However, depending on
the view associated with the list, the columns can appear in other forms, such as days in a calendar display. In forms
associated with a list or library, columns are displayed as fields.
You can define columns for use in multiple content types. To do this, create them in a Column Templates gallery.
There is a Column Templates gallery in each site in a site collection. As with content types, columns defined in the
Column Templates gallery of a site are available in that site and in all sites below it.
Folder content types
Folder content types define the metadata that is associated with a folder in a list or library. When you apply a folder
content type to a list or library, the New command in that list or library will include the folder content type, which
makes it possible for users create folders of that type.
You can define views in a list or library that are available only in folders of a particular content type. This is useful
when you want a folder to contain a particular kind of document and you want views in that folder to only display
columns that are relevant to the document type that is contained in that folder.
By using the SharePoint Server object model, you can customize the New command for a folder content type so
that when a user creates a new folder of that type, the folder is prepopulated with multiple files and documents
based on templates that are stored on the server. This is useful, for example, for implementing a compound
document type that requires multiple files to contribute to a single deliverable document.
Document sets is a feature in SharePoint Server that lets you use Office to manage deliverables that span multiple
documents. Document sets are special kinds of folders that are used to manage a single deliverable, or work
product, which can include multiple documents in multiple locations. You create document sets by using extensible
templates that are provided with SharePoint Server. You can also customize Document Set templates to represent
the work products that are relevant to your organization. Document sets also include version control, which lets
you capture the status of the complete document set at various points in its life cycle. For more information about
document sets, see Plan document sets in SharePoint Server 2013.
For information about changing the core content types, download the white paper "Guidance for editing pre-
defined content types and site columns" (https://go.microsoft.com/fwlink/p/?LinkId=260922).
Plan workflows
Workflows implement business processes on documents, web pages, forms, and list items in SharePoint Server.
They can be associated with libraries, lists, or content types.
In document management, use workflows to route documents from person to person so that they can each
complete their document management tasks, such as reviewing documents, approving their publication, or
managing their disposition. Also, use custom workflows to move documents from one site or library to another.
For example, you can design a workflow to copy a document from one site to another when the document is
scheduled to be archived.
SharePoint Server includes the Three-state workflow, which you can use to manage business processes that track
the status of an item through three states or phases. SharePoint Server also includes the following workflows that
address document management needs:
Collect Feedback Sends a document for review.
Approval Sends a document for approval, often as a prerequisite to publishing it.
Disposition Manages document expiration and disposition.
Collect Signatures Routes a document for signatures.
Associate a workflow with a content type when you want to make that workflow available when that content type is
being used. For example, a purchase order content type could require approval by a manager before the
transaction can be completed. To make sure that the Approval workflow is always available when a purchase order
is initiated, create a Purchase Order content type and associate the Approval workflow with it. Then add the
Purchase Order content type to any document libraries in which purchase orders will be stored.
To plan workflows for your document management solution, analyze each document content type that you plan to
implement and identify the business processes that have to be available to run on content of that type. Then
identify the workflows you will have to make available for that content.
The following is a sample table that analyzes workflows for a contract content type.
Table: Workflows for a contract content type
Policies can be implemented to help an organization comply with legally mandated requirements, such as the
need to retain records. For example, a Human Resources policy, used in an organization to ensure that employee
records are handled in compliance with legally recommended guidelines, could include the following policy
features:
Auditing, to record the editing and viewing history of each employee-related document.
Retention, to ensure that work-in-progress content is not kept for an unnecessarily long time.
Print restrictions, to ensure that sensitive employee-related documents are printed only on secure printers.
Note that this is an example of a custom policy feature that must be implemented by using the SharePoint
Server object model or obtained from a third-party software vendor.
Policy features are implemented as programs that run on SharePoint Server. They can be enabled and configured
by a server administrator and, when they are enabled, they can be used by site administrators to define policies.
SharePoint Server includes policy features to help you manage your content. By using the SharePoint Server
object model, you can design and install custom policy features that meet unique enterprise needs.
When your organization uses Office client applications together with SharePoint Server, policies are enforced
both on the server and in the client applications. This is done transparently; policy features that apply to a
document are described in a policy statement that is associated with the document, and policy-aware applications
prevent users from doing tasks that violate the document's policy.
To implement a policy, associate it with content types, libraries, or lists in sites.
You can associate a policy with a library, list, or content type in the following ways:
Associate policy features with a Site Collection policy and then associate that policy with a
content type or with a list or library. The top-level site of a site collection includes a Site Collection
Policies gallery where administrators of the top-level site can create new policies. After creating a Site
Collection policy, you can export it so that administrators of other site collections can import it into their
Site Collection Policies galleries. This lets you standardize policies across your organization.
When a Site Collection policy is associated with a content type and that content type is associated with a list
or library, the owner of the list or library cannot modify the Site Collection policy in the list or library. This
ensures that policies that are assigned to a content type are enforced at each level of the site hierarchy.
Associate a set of policy features directly with a content type, and then add that content type to
one or more lists or libraries. To ensure that a policy that is created by using this method will be used in
the whole site collection, associate it with a content type in the Site Content Type gallery of the top-level
site collection. Then every item of that content type in the site collection, and every item of a content type
that inherits from the original content type, will have the policy. When you use this method of associating a
policy with a content type, it is harder to reuse the policy in other site collections, because policies created
by using this method cannot be exported.
NOTE
To more tightly control which policies are being used in a site collection, site collection administrators can disable the
ability to set policy features directly on a content type. When setting policy features on a content type is restricted,
content type designers can only associate policies from the Site Collection Policies gallery with content types.
Associate a set of policy features directly with a list or library. You can only use this method if the list
or library does not support multiple content types. This method of creating a policy is only useful for a
narrowly defined policy that applies to a single list or library.
NOTE
To more tightly control which policies are being used in a site collection, site collection administrators can disable the
ability to set policy features directly on a library. When setting policy features on a library is restricted, content type
designers can only associate policies from the Site Collection Policies gallery with libraries.
NOTE
The label policy feature has been deprecated and should not be used in SharePoint Server 2013 or SharePoint Server
2016.
Barcode The Barcode policy feature enables you to track physical copies of a document by creating a
unique identifier value for a document and inserting a bar code image of that value in the document. By
default, bar codes are compliant with the common Code 39 standard (ANSI/AIM BC1-1995, Code 39), and
you can plug in other bar code providers by using the policies object model.
Plan versioning
The default versioning control for a document library depends on the site collection template. However, you can
configure versioning control for a document library depending on your particular requirements. Each document
library can have a different versioning control that best suits the kind of documents in the library. SharePoint
Server has three versioning options:
No versioning Specifies that no earlier versions of documents are saved. When versioning is not being
used, earlier versions of documents are not retrievable, and document history is also not retained because
comments that accompany each iteration of a document are not saved. Use this option on document
libraries that contain unimportant content or content that will never change.
Create major versions Specifies that numbered versions of documents are retained by using a simple
versioning scheme (such as 1, 2, 3). To control the effect on storage space, you can specify how many earlier
versions to keep, counting back from the current version.
In major versioning, every time that a new version of a document is saved, all users who have permissions
to the document library will be able to view the content. Use this option when you do not want to
differentiate between draft versions of documents and published versions. For example, in a document
library that is used by a workgroup in an organization, major versioning is a good choice if everyone on the
team must be able to view all iterations of each document.
Create major and minor (draft) versions Specifies that numbered versions of documents are retained by
using a major and minor versioning scheme (such as 1.0, 1.1, 1.2, 2.0, 2.1). Versions ending in .0 are major
versions and versions ending with non-zero extensions are minor versions. Previous major and minor
versions of documents are saved together with current versions. To control the effect on storage space, you
can specify how many previous major versions to keep, counting back from the current version. You can also
specify how many major versions being kept should include their respective minor versions. For example, if
you specify that minor versions should be kept for two major versions and the current major version is 4.0,
then all minor versions starting at 3.1 will be kept.
In major and minor versioning, any user who has read permissions can view major versions of documents.
You can specify which users can also view minor versions. Typically, we recommend that you grant
permissions to view and work with minor versions to the users who can edit items, and restrict users who
have read permissions to viewing only major versions.
Use major and minor versioning when you want to differentiate between published content that can be
viewed by an audience and draft content that is not yet ready for publication. For example, on a human
resources Web site that describes organizational benefits, use major and minor versioning to restrict
employees' access to benefits descriptions while the descriptions are being revised.
NOTE
When you create a new version of a document, the incremental changes are stored in SQL Server, rather than a completely
new copy of the document. This provides the most efficient storage and helps reduce overall storage requirements.
NOTE
You should not check out a document when you use the co-authoring functionality.
Overview of co-authoring in SharePoint Server
6/26/2019 • 7 minutes to read • Edit Online
IMPORTANT
This article is for IT Professionals managing SharePoint Server. > Are you looking for help with co-authoring? You may
be looking for Document collaboration and co-authoring, which will help you understand and use the co-authoring and
versioning and applies to SharePoint Online.
See also
Plan document versioning, content approval, and check-out controls in SharePointServer
Configure versioning for co-authoring in SharePoint
2013
6/7/2019 • 2 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Permissions and Add-SPShellAdmin.
$siteurl ="<ServerName>"
$mysite=new-object Microsoft.SharePoint.SPSite($siteurl)
$mysite.WebApplication.WebService.CoauthoringVersionPeriod = <Time>
$mysite.WebApplication.WebService.Update()
PARAMETER VALUE
4. Save the file and add the .ps1 extension, such as SuggestedNameOfFile.ps1.
NOTE
You can use a different file name, but you must save the file as an ANSI-encoded text file whose extension is .ps1.
./SuggestedFileName.ps1
See also
Concepts
Configure versioning for co-authoring in SharePoint 2013
Overview of co-authoring in SharePoint Server
Configure the maximum number of co-authoring
authors in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions.
For additional information about PowerShell permissions, see Permissions and Add-SPShellAdmin.
$siteurl = "<ServerName>"
$mysite=new-object Microsoft.SharePoint.SPSite($siteurl)
$mysite.WebApplication.WebService.CoauthoringMaxAuthors = <MaxAuthors>
$mysite.WebApplication.WebService.Update()
3. Replace:
<ServerName> with the name of the server.
<MaxAuthors> with the maximum number of authors to allow.
4. Save the file and add the .ps1 extension, such as SuggestedNameOfFile.ps1.
NOTE
You can use a different file name, but you must save the file as an ANSI-encoded text file whose extension is .ps1.
See also
Concepts
Overview of co-authoring in SharePoint Server
Disable co-authoring in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions.
For additional information about PowerShell permissions, see Permissions and Add-SPShellAdmin.
$siteurl = "<servername>"
$mysite=new-object Microsoft.SharePoint.SPSite($siteurl)
$mysite.WebApplication.WebService.DisableCoauthoring = $true;
$mysite.WebApplication.WebService.Update();
PARAMETER VALUE
4. Save the file and add the .ps1 extension, such as SuggestedNameOfFile.ps1.
NOTE
You can use a different file name, but you must save the file as an ANSI-encoded text file whose extension is .ps1.
./SuggestedFileName.ps1
To disable co-authoring for Word documents and PowerPoint presentations at the web application level
by using Windows PowerShell (save as script and run script)
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions.
For additional information about PowerShell permissions, see Permissions and Add-SPShellAdmin.
$siteurl = "<servername>"
$mysite=new-object Microsoft.SharePoint.SPSite($siteurl)
$mysite.WebApplication.DisableCoauthoring = $true;
$mysite.WebApplication.Update();
PARAMETER VALUE
4. Save the file and add the .ps1 extension, such as SuggestedNameOfFile.ps1.
NOTE
You can use a different file name, but you must save the file as an ANSI-encoded text file whose extension is .ps1.
./SuggestedFileName.ps1
See also
Overview of co-authoring in SharePoint Server
Workflow in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
TIP
SharePoint Designer 2013 can connect to any SharePoint Server site as long as you have permissions to that site and can
access it over a network. For example, you might have SharePoint Designer 2013 installed on a computer in your home office
and SharePoint Server might be installed on a server at your corporate data center. As long as you can connect to your site,
you can use SharePoint Designer 2013 to develop workflows for it.
IMPORTANT
The steps in this article apply to SharePoint Server. The SharePoint 2013 Workflow platform is not supported in SharePoint
Foundation 2013.
NOTE
You can watch a video series that walks through the process of installing and configuring the SharePoint 2013 Workflow
platform. To view the videos, see Video series: Install and configure Workflow in SharePoint Server 2013
Overview
A new option exists when you build a workflow for SharePoint Server. This option is called Platform Type. The
figure shows the Platform Type option when you are creating a new workflow by using SharePoint Designer
2013.
Figure: SharePoint Server includes three workflow platform options.
The only platform available when you first install SharePoint Server is the SharePoint 2010 Workflow platform.
The SharePoint 2013 Workflow platform and the Project Server platform require additional steps. The three
workflow platforms are outlined in the following table.
Workflow Platform types available in SharePoint Server
SharePoint 2010 Workflow Windows Workflow Foundation 3 Installs automatically with SharePoint
Server.
SharePoint 2013 Workflow Windows Workflow Foundation 4 Requires SharePoint Server and
Workflow Manager.
SharePoint 2013 Workflow - Project Windows Workflow Foundation 4 Requires SharePoint Server, Workflow
Server Manager, and Project Server.
NOTE
Workflow Manager must be downloaded and installed separately from SharePoint Server. It does not install automatically
when you install SharePoint Server.
NOTE
The SharePoint 2010 Workflow platform installs automatically when you install SharePoint Server. The SharePoint 2013
Workflow platform requires Workflow Manager and must be installed separately and then configured to work with your
SharePoint Server farm. > To function correctly SharePoint 2013 Workflows require to have App Management Service and
Site Subscription Service provisioned. It is not required to setup a wildcard certificate and DNS registration but both instances
need to be running.
1: Workflow Manager is installed on a server that is part of 2: Workflow Manager is installed on a server that is part of
the SharePoint Server farm. Communication takes place by the SharePoint Server farm. Communication takes place by
using HTTP. using HTTPS.
3: Workflow Manager is installed on a server that is NOT part 4: Workflow Manager is installed on a server that is NOT part
of the SharePoint Server farm. Communication takes place by of the SharePoint Server farm. Communication takes place by
using HTTP. using HTTPS.
NOTE
For security reasons, we recommend HTTPS for a production environment.
TIP
For information about least-privilege configuration, see Least Privilege Configuration for Workflow Manager with SharePoint
Server 2013.
To configure Workflow Manager on a server that is part of the SharePoint Server farm and on which
communication takes place by using HTTP
1. Log on to the computer in the SharePoint Server farm where Workflow Manager was installed.
2. Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking the
SharePoint Management Shell and choosing Run as administrator.
3. Run the Register-SPWorkflowService cmdlet.
Example:
NOTE
When you install Workflow Manager on a server it automatically installs the Workflow Manager Client on that server.
You will still need to install the Workflow Manager Client on any additional servers. For example, if you have a farm
that contains five servers and you install Workflow Manager on one of those servers you will still need to install the
Workflow Manager Client on the four additional servers.
5. Install the Workflow Manager Client on each server in the SharePoint farm.
Download and install the Workflow Manager Client here: http://go.microsoft.com/fwlink/p/?LinkID=268376
To configure Workflow Manager on a server that is part of the SharePoint Server farm and on which
communication takes place by using HTTPS
1. Determine if you need to install Workflow Manager certificates in SharePoint.
Under some circumstances, you have to obtain and install Workflow Manager certificates. If your installation
requires that you obtain and install these certificates, you must complete that step before continuing. To
learn whether you need to install certificates, and for instructions, see Install Workflow Manager certificates
in SharePoint Server.
2. Log into the computer in the SharePoint Server farm where Workflow Manager was installed.
3. Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking the
SharePoint Management Shell and choosing Run as administrator.
4. Run the Register-SPWorkflowService cmdlet.
Example:
NOTE
When you install Workflow Manager on a server it automatically installs the Workflow Manager Client on that server.
You will still have to install the Workflow Manager Client on any additional servers. For example, if you have a farm
that contains five servers and you install Workflow Manager on one of those servers you will still need to install the
Workflow Manager Client on the four additional servers.
6. Install the Workflow Manager Client on each server in the SharePoint farm.
Download and install the Workflow Manager Client here: http://go.microsoft.com/fwlink/p/?LinkID=268376
To configure Workflow Manager on a server that is NOT part of the SharePoint Server farm and on
which communication takes place by using HTTP
1. Log on to each server in the SharePoint Server farm.
2. Install the Workflow Manager Client on each server in the SharePoint farm.
Before you can run the workflow pairing cmdlet, you must install Workflow Manager Client on each of the
servers in the SharePoint farm.
Download and install the Workflow Manager Client here: http://go.microsoft.com/fwlink/p/?LinkID=268376
3. Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking the
SharePoint 2013 Management Shell command and choosing Run as administrator.
4. Run the Register-SPWorkflowService cmdlet. The cmdlet should be run only once and can be run from
any of the servers in the SharePoint farm.
Example:
IMPORTANT
You must install the Workflow Manager Client on each server in the SharePoint farm before you run the pairing cmdlet.
To configure Workflow Manager on a server that is NOT part of the SharePoint Server farm and on
which communication takes place by using HTTPS
1. Determine whether you need to install Workflow Manager certificates in SharePoint 2013.
Under some circumstances, you have to obtain and install Workflow Manager certificates. If your installation
requires that you obtain and install these certificates, you must complete that step before continuing. To
learn whether you need to install certificates, and for instructions, see Install Workflow Manager certificates
in SharePoint Server.
2. Log on to each server in the SharePoint Server farm.
3. Install the Workflow Manager Client on each server in the SharePoint farm.
Before you can run the workflow pairing cmdlet, you must install Workflow Manager Client on each of the
servers in the SharePoint farm.
Download and install the Workflow Manager Client here: http://go.microsoft.com/fwlink/p/?LinkID=268376
4. Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking the
SharePoint Management Shell command and choosing Run as administrator.
5. Run the Register-SPWorkflowService cmdlet.
Example:
IMPORTANT
You must install the Workflow Manager Client on each server in the SharePoint farm before you run the pairing cmdlet.
Troubleshooting
For security reasons, the Setup account cannot be used to create a workflow based on the SharePoint 2013
Workflow platform. If you try to create a workflow based on the SharePoint 2013 Workflow platform by using
SharePoint Designer 2013, you receive a warning that the list of workflow actions do not exist, and the workflow is
not created.
The user who deploys and runs a workflow must be added to the User Profile service. Check the User Profile
service application page in Central Administration to confirm that the user you are using to validate workflow
installation is in the User Profile service.
You can determine which ports SharePoint Server and Workflow Manager are using for both HTTP and HTTPS by
using IIS Manager as shown in the figure.
Figure: Use IIS Manager to view the ports used by Workflow Manager
Workflow Manager communicates by using TCP/IP or Named Pipes. Make sure that the appropriate
communication protocol is enabled on the SQL Server instance that hosts the Workflow Manager databases.
The SQL Browser Service must be running on the SQL Server instance that hosts the Workflow Manager
databases.
The System Account cannot be used to develop a workflow.
To troubleshoot SharePoint Server, see Troubleshooting SharePoint Server.
Install Workflow Manager certificates in SharePoint
Server
6/7/2019 • 2 minutes to read • Edit Online
Configuration steps
The following sections provide instructions for configuring SSL communication with Workflow Manager and
SharePoint Server.
Enable SSL
Enable Secure Sockets Layer (SSL ) in IIS Manager. For guidance on completing the configuration, see the
following:
Configuring SSL in IIS Manager
How to Set Up SSL on IIS 7
Install Workflow Manager certificates in SharePoint
Under some circumstances, you must obtain and install Workflow Manager "issuer" certificates on SharePoint
Server. Here are the circumstances where you must install Workflow Manager certificates:
1. If SSL is enabled either on SharePoint Server (which is not the default) or on Workflow Manager (which is
the default), AND
2. If SharePoint Server and Workflow Manager do not share a Certificate Authority, AND
3. If Workflow Manager is configured to generate self-signed certificates (which is the default).
NOTE
Product trial, workflow development, and troubleshooting are easier if SSL is not enabled. However, communication between
SharePoint Server and Workflow Manager is not encrypted if SSL is not enabled. For this reason, SSL should be enabled for
production configurations.
See also
Concepts
Getting started with SharePoint Server workflow
Update Workflow in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
IMPORTANT
The latest update level must be installed on SharePoint Server, Workflow Manager, and Workflow Manager Client before you
run the update cmdlets.
$credential = [System.Net.CredentialCache]::DefaultNetworkCredentials
$site = Get-SPSite(<siteUri>)
$proxy = Get-SPWorkflowServiceApplicationProxy
$svcAddress = $proxy.GetWorkflowServiceAddress($site)
Copy-SPActivitiesToWorkflowService -WorkflowServiceAddress $svcAddress -Credential $credential -Force $true
NOTE
Because workflow supports environments with multiple Site Subscriptions, the $site Site Collection address determines the
proper configuration location for workflow settings.
$proxy = Get-SPWorkflowServiceApplicationProxy
$site = Get-SPSite(<siteUri>)
$proxy.GetWorkflowServiceAddress($site)
Inspect any errors displayed in the SharePoint Designer user interface or any errors shown in the
SharePoint Workflow Status user interface.
Administration of SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
Manage databases in SharePoint Server Learn how to manage the databases that are associated with
SharePoint Server.
Web applications management in SharePoint Server Learn how to manage web applications in a SharePoint Server
farm.
Configure server-to-server authentication between publishing Learn how to configure server-to-server authentication when
and consuming farms sharing service applications across SharePoint farms.
Configure log shipping in SharePoint Server Learn how to implement log shipping for SharePoint Server in
a disaster-recovery scenario.
Description of MinRole and associated services in SharePoint Learn about the MinRole feature in SharePoint Server 2016
Server 2016 and the services that are associated with each server role.
Managing a MinRole Server Farm in SharePoint Server 2016 Learn how to manage your MinRole farm deployment in
SharePoint Server 2016.
Role conversion using MinRole in SharePoint Server 2016 Learn about how to convert your server roles in a SharePoint
farm deployment using MinRole to help you select the right
server role when provisioning SharePoint Server 2016.
Administer search in SharePoint Server Learn how to manage the search schema and the search
topology in SharePoint Server.
Administer the User Profile service in SharePoint Server Learn how to administer the User Profile service in SharePoint
Server 2016.
See also
Concepts
System Center Operations Manager knowledge articles for SharePoint Server
Other Resources
About SharePoint
Server Management
6/7/2019 • 2 minutes to read • Edit Online
ARTICLE DESCRIPTION
Global deployment of multiple farms (SharePoint 2013) Learn about supported architectures for SharePoint 2013 in
WAN environments, strategies for optimizing performance
over WAN connections, and recommendations for service
applications.
SQL Server and storage (SharePoint Server) Learn how to plan for SQL Server and storage configuration
for SharePoint Server 2016 and SharePoint Server 2013.
Overview of backup and recovery in SharePoint Server Learn about how to prepare to back up and restore and
complete specific operations for SharePoint Server 2016 and
SharePoint 2013.
High availability and disaster recovery concepts in SharePoint Create a well-designed high availability plan and a disaster
Server recovery plan that meets business goals and objectives for
SharePoint Server 2016 and SharePoint 2013.
Configure SQL Server AlwaysOn Availability Groups for Learn how to create and configure a SQL Server Always On
SharePoint Server Availability Group for a SharePoint Server 2016 and
SharePoint 2013 farm.
Performance planning in SharePoint Server 2013 Learn about the concepts and planning considerations for
managing the capacity of a SharePoint Server environment.
Managing a MinRole Server Farm in SharePoint Server 2016 Learn how to manage your MinRole farm deployment in
SharePoint Server 2016.
Remove a server from a farm in SharePoint Server 2016 Learn how to remove a web server, application server, or
database server from a SharePoint 2013 farm.
Remove a server from a farm in SharePoint 2013 Learn how to remove a web server, application server, or
database server from a SharePoint 2013 farm.
Uninstall SharePoint 2013 Learn how to uninstall SharePoint Server 2013 and SharePoint
Foundation 2013.
Uninstall SharePoint Server 2016 Learn how to uninstall SharePoint Server 2016.
Custom Tiles in SharePoint Server 2016 This article describes Custom Tiles which is one of the new
features in the November 2016 Public Update for SharePoint
Server 2016 (Feature Pack 1).
Configure server-to-server authentication between publishing Learn how to configure server-to-server authentication when
and consuming farms you share service applications across SharePoint Server
publishing and consuming farms.
ARTICLE DESCRIPTION
Turn on automated document translation in SharePoint Server Learn how to turn on the Machine Translation Service in
SharePoint Server to let site owners automatically translate
documents.
Manage the Distributed Cache service in SharePoint Server Learn how to configure and manage the Distributed Cache
service in SharePoint Server.
Configure Request Manager in SharePoint Server
6/24/2019 • 13 minutes to read • Edit Online
Overview
Request Manager is functionality in SharePoint Server that enables administrators to manage incoming requests
and determine how SharePoint Server routes these requests.
Request Manager uses configured rules to perform the following tasks when it encounters requests:
Deny potentially harmful requests from entering a SharePoint farm.
Route good requests to an available server.
Manually optimize performance.
Information that administrators or an automated process provide to Request Manager determine the effectiveness
of routed requests.
The following table describes possible scenarios and resolutions that Request Manager can address.
Reliability and performance Routing new requests to web front end Request Manager can route to front-
with low performance can increase end web servers that have better
latency and cause timeouts. performance, keeping low performance
front-end web servers available.
Requests from users and bots have Prioritize requests by throttling requests
equal priority. from bots to instead serve requests
from end-users).
Manageability, accountability, and SharePoint Server fails or generally Request Manager can send all requests
capacity planning responds slowly, but it’s difficult to of a specific type, for example, Search,
identify the cause of a failure or User Profiles, or Office Online, to specific
slowdown. computers. When a computer is failing
or slow, Request Manager can locate
the problem.
All front-end web servers must be able Request Manager can send multiple or
to handle the requests because they single requests to front-end web
could be sent to any front-end web servers that are designated to handle
server. them.
Scaling limits Hardware scaling limited by load Request Manager can perform
balancer application routing and scale out as
needed so that a load balancer can
quickly balance loads at the network
level.
Configuration
Request Manager has two configurable parts: General settings and Decision information. General settings are
parameters that make Request Manager ready to use, such as enabling or disabling Request Routing and Request
Throttling and Prioritizing. Decision information is all of the information that is used during the routing and
throttling processes, such as routing and throttling rules.
NOTE: You configure Request Manager on a farm and functionality occurs at a web application level in SharePoint
Server 2013 and the web application role in SharePoint Servers 2016 and 2019.
General settings
By default, request routing and request throttling and prioritizing are enabled. You use the Set-
SPRequestManagementSettings cmdlet to change the properties of request routing, request throttling and
prioritizing, and select a routing weight scheme.
The table describes the configuration situation and Windows PowerShell syntax to use.
In some situations, multiple front-end web servers will be suitable destinations for a particular request. In this case,
by default, SharePoint Server selects one server randomly and uniformly. One routing weight scheme is static-
weighted routing. In this scheme, static weights are associated with front-end web servers so that Request
Manager always favors a higher static weight during the selection process. This scheme is useful to give added
weight to more powerful front-end web servers and produce less strain on less powerful ones. Each front-end web
server will have a static weight associated with it. The values of the weights are any integer value, where 1 is the
default. A value less than 1 represents lower weight, and greater than 1 represents higher weight.
Another weighting scheme is health-weighted. In health-weighted routing, front-end web servers that have health
scores closer to zero will be favored, and fewer requests will be sent to front-end web servers that have a higher
health score values. The health weights run from 0 to 10, where 0 is the healthiest and therefore will get the most
requests. By default, all front-end web servers are set to healthy, and therefore, will have equal weights.
SharePoint's health score based monitoring system assigns weight to server and send a health score value as a
header in the response to a request. Request Manager uses same health score and stores it in local memory.
Decision information
Decision information applies to routing targets, routing rules, and throttling rules.
Routing targets
Request routing determines the routing targets that are available when a routing pool is selected for a request. The
scope of routing targets is currently for front-end web servers only, but Request Manager’s design does not
exclude routing to application servers, too. A list of front-end web servers in a farm is automatically maintained by
using the configuration database. An administrator who wants to change that list, typically in dedicated mode, has
to use the appropriate routing cmdlets to get, add, set, and remove routing targets.
The following table describes the various routing target tasks and the associated Windows PowerShell syntax to
use.
TASK MICROSOFT POWERSHELL EXAMPLE
$rm=Get-
SPRequestManagementSettings -
Identity $web
Add-SPRoutingMachineInfo –
RequestManagementSettings $rm -
Name <MachineName> -Availability
Available
$rm=Get-
SPRequestManagementSettings -
Identity $web
$m=Get-SPRoutingMachineInfo -
RequestManagementSettings $rm -
Name <MachineName>
Set-SPRoutingMachineInfo -
Identity $m -Availability
Unavailable
$rm=Get-
SPRequestManagementSettings -
Identity $web
$m=Get-SPRoutingMachineInfo -
RequestManagementSettings $rm -
Name <MachineName>
Remove-SPRoutingMachineInfo -
Identity $M
NOTE: You cannot remove front-end web servers that are in the farm. Instead, you can use the Availability
parameter of the Set-SPRoutingMachineInfo cmdlet to make them unavailable.
Routing and throttling rules
Request routing and request throttling and prioritizing are decision algorithms that use rules to prescribe many
actions. The rules determine how Request Manager handles requests.
Rules are separated into two categories, routing rules and throttling rules, which are used in request routing and
request throttling and prioritizing, respectively. Routing rules match criteria and route to a machine pool. Throttling
rules match criteria and throttle based on known health score of a computer.
Request Routing
Request processing is all operations that occur sequentially from the time that Request Manager receives a new
request to the time that Request Manager sends a response to the client.
Request processing is divided into the components:
request routing
incoming request handler
request throttling and prioritizing
request load balancing
Incoming request handler
The role of the incoming request handler is to determine whether Request Manager should process a request. If
request throttling and prioritizing is disabled and the Request Manager queue is empty, Request Manager directs
the request to SharePoint Server that is running on the current front-end web server. If request throttling and
prioritizing is enabled, request throttling and prioritizing determines whether the request should be allowed or
denied on the current front-end web server . The processes steps of the incoming request handler are as follows:
1. Request is determined if it should be throttled or routed
2. For routed requests, load balance algorithm is run
3. Request routed to load balancer endpoint
Request routing and Request throttling and prioritizing only run if it is enabled and is routed once per farm.
Request load balancer only runs if a request has been determined as routable. The outgoing request handler only
runs if the request has to be sent to a different front-end web server. The role of the outgoing request handler is to
send the request to the selected front-end web server, wait for a response, and send the response back to the
source.
Request routing
The role of request routing is to select a front-end web server to route a request. By using no routing rules that are
defined, the routing scheme is as easy as randomly selecting an available front-end web server.
The algorithm of request routing is defined by two parts: request-rule matching and front-end web server
selection.
Request rule matching
Every rule has one or more match criteria, which consist of three things: match property, match type, and match
value.
The following table describes the different types of match properties and match types:
Hostname ReqEx
URL Equals
For example, an administrator would use the following match criteria to match http://contoso requests: Match
Property=URL; Match value= http://contoso; Match type=RegEx.
Front-end web server selection
The front-end web server selection uses all routing rules, whether they match or do not match a given request.
Rules that match have machine pools, a request sends load balanced to any machine in any matching rule’s
machine pool. If a request does not match any request, it sends load balanced to any available routing target.
NOTE: For SharePoint Servers 2016 and 2019, the front-end role type is used.
Request routing and prioritizing
For routing requests that use the health-based monitoring system, the role of request routing and prioritizing is to
reduce the routing pool to computers that have a good health score to process requests. If request routing is
enabled, the routing pool is whichever front-end web server is selected. If request routing is disabled, the routing
pool only contains the current front-end web server.
Request routing and prioritizing can be divided into two parts: request-rule matching and front-end web server
filtering. Request-rule matching happens exactly like in request routing. Front-end web server filtering uses the
health threshold parameter from the throttling rules in combination with front-end web server health data to
determine whether the front-end web servers in the selected routing pool can process the given request.
The front-end web server filtering process follows these steps:
1. The routing pool is either the current front-end web server or one or more front-end web servers that request
routing selects.
2. All matching rules are checked to find the smallest health threshold value.
3. Remove front-end web servers in the routing pool that have health scores greater than or equal to the smallest
health threshold value.
For example, request routing is disabled and the current front-end web server has a health score of 7 and a rule
“Block OneNote” without a health threshold (that is, health threshold = 0) is created.
The routing pool is the current front-end web server that has a health threshold equal to zero (0). So, the smallest
threshold that the front-end web server can serve is zero. Because the current front-end web server has health
score of 7, Request Manager denies and removes the request.
Request load balancing
The role of request load balancing is to select a single target to which to send the request. Request load balancing
uses the routing weight schemes to select the target. All routing targets begin with a weight of 1. If static weighting
is enabled, request load balancing uses the static weights set of each routing target to adjust the weights and the
value can be valid integer number. If health weighting is enabled,request load balancing uses health information to
add weight to healthier targets and remove weight from less healthy targets.
Along with creating a performance monitor log file, the verbose logging level can be enabled by using the
following Microsoft PowerShell syntax:
Set-SPLogLevel “Request Management” –TraceSeverity Verbose
Global deployment of multiple farms (SharePoint
2013)
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
** ** CONTENT DESCRIPTION
Key concepts
This article uses the following terms:
Central site—The location that hosts most of the company data and employee computers. A centralized
SharePoint Server environment can consist of a single farm or multiple farms located in the same
datacenter.
Regional site—A location that hosts a subset of corporate data and employee computers that are connected
by using a combination of local-area network (LAN ) and WAN links.
Distributed environment—An environment in which employees and company data are dispersed across the
globe.
In-country farm — A farm that is deployed inside a political boundary to satisfy government regulations.
Business Data Connectivity Yes After the data model is cached on the
web server of the remote farm (the
farm that consumes the Business Data
Connectivity service from a central
farm), the remote farm connects directly
to the data source over the WAN to
query the data (instead of reconnecting
to the farm that is hosting the Business
Data Connectivity service). Therefore,
the remote farm requires permission to
access the data source. Also,
performance between the remote farm
and the data source depends on the
performance of the WAN connection.
Search
You can share the Search service application across WAN connections. However, if a WAN connection is robust
enough to support crawling content over the WAN, the connection is likely robust enough to support user actions
over the WAN to a central farm. Instead of sharing the Search service application over WAN connections, we
recommend that you take advantage of WAN performance improvements by eliminating the regional farm and
having users use a central farm environment instead.
The following WAN conditions may be reasons for creating regional farms:
Highest latency connections
Intermittent connections
Unreliable connections caused by network congestion
Inefficient routing patterns
Packet loss
We do not recommend sharing the Search service application across these types of WAN connections. Instead, we
recommend that you configure Search on the regional farm and use Remote SharePoint result sources to bring
together search results from the regional farm(s) and the central farm.
In-country farms represent a different challenge. If the purpose of an in-country farm is to prevent documents and
files from residing in locations outside a political boundary, we do not recommend crawling content over the WAN.
A search index contains at least fragments of the crawled content. Furthermore, a temporary copy of each
document is downloaded to the search farm for processing. Therefore, a central farm that crawls an in-country
farm includes a copy of the data in that in-country farm. If this is against company policy, we recommend that you
use Remote SharePoint result sources instead. With this configuration, search results can include content from an
in-country farm and content continues to reside only on the local farm, unless a user downloads a copy to their
local computer.
The one scenario in which crawling content over WAN connections is allowed is with a hybrid deployment in which
an on-premises SharePoint Server farm is used to crawl content in an Office 365 Dedicated farm (O365-D ) and
provide search services to that farm. With the Office 365 Dedicated subscription plan each customer environment
is placed on a dedicated server farm. Crawling the Office 365 dedicated farm provides a single relevancy-ranked
set of results for the two environments. The dedicated Office 365 environment differs from the multi-tenant Office
365 environment. For hybrid environments that include the Office 365 multi-tenant environment, crawling the
multi-tenant environment is not possible and the recommendation is to provide centralized search by using remote
result sources.
Despite the recommendations, sharing the Search service application over WAN connections is supported and can
be implemented in the following ways:
A regional farm can consume the Search service application from a central farm and use it to crawl content
locally. You have to set up a cross-farm service sharing relationship and complete additional configuration.
In this case, the search components on the central farm crawl content on the regional farm. Communication
that is necessary to crawl content occurs over the WAN connection. This configuration is not recommended.
Instead, deploy and configure the Search service application directly on the regional farm.
A Search service application at a central farm can crawl content at a regional farm. This configuration does
not require you to set up cross-farm service sharing. Instead, crawl rules are added at the central farm to
crawl content at a remote farm. However, this configuration crawls content over the WAN connection, which
is not ideal.
The following table summarizes the differences between crawling over the WAN and using remote result sources
to include content in search results.
Options for including global content in search results
Description Content at regional sites is crawled from Search is configured to return results
the central site over the WAN. from one or more remote farms (result
source), in addition to the local farm.
In this scenario, remote farms are
crawled locally. You configure search at
the central farm to include results from
the remote indexes.
You can also configure the remote
farms to include results from the central
farm and other regional farms. This
allows users to search from the local
farm.
User experience Users are presented with a single list of Results are presented in in a single list.
results. However, the results are grouped in
blocks by result source. You can
configure the number of results within
each group.
Advantages Search results are contained in a single WAN crawling is not used.
search-ranked list. Search results are potentially fresher,
Search is managed centrally. based on the crawl schedule.
If you also configure remote farms to
include result sources for other farms,
enterprise-wide search is available from
remote farms in addition to the central
farm.
Disadvantages Crawling over the WAN takes time and Users see multiple groupings of results.
uses bandwidth. Search results are not ranked across the
Search results might not be as fresh as organization.
if the content were crawled locally. Search must be managed at multiple
Enterprise-wide search is available only locations.
from the central farm.
Testing WAN connections for SharePoint 2013
architectures
6/7/2019 • 11 minutes to read • Edit Online
Key concepts
Bandwidth — The data transfer capacity, or speed of transmission, of a digital communications system as
measured in bits-per-second (bps).
Latency — The time that is required for a request to travel from one point on a network to another point.
Network congestion - The condition of a network when the current load approaches or exceeds the available
resources and bandwidth that are designed to handle that load at a particular location in the network. Packet
loss and delays are associated with congestion.
In the two network traces, the horizontal rows represent the ports that are open. The colored blocks represent
content that is traveling over the wire, such as the images, JavaScript, and HTML. In the SharePoint 2010 network
trace, the white spaces between the colored blocks represent idle time in which the client or server is waiting for
something to happen before completing the next action. In the SharePoint Server 2013 network trace, the network
pipe is filled almost 100%. Communication between the client and server is ongoing until the transaction is
complete. There is very little or no idle time between actions. These improvements are provided by the
optimizations described earlier in this article (minimal download strategy, active download management, and script
on demand).
The following diagram calls attention to the improvement in bandwidth utilization. The blue graphs in both
network traces represent the bandwidth utilization. The use of available bandwidth is more efficient in SharePoint
Server 2013.
This following diagram of the network traces shows that the content that users interact with on the page (the
document library, prompts, navigational elements, etc.) are downloaded a full second faster in SharePoint Server
2013 compared to SharePoint 2010. Users can interact with the site much sooner.
Compared to SharePoint 2010, WAN optimizations in SharePoint Server 2013 achieve the following
improvements for this network scenario:
Downloads 65% fewer bytes for images because of better use of image compression.
Downloads 20% more bytes for the JavaScript which provides quicker and improved functionality in the
browser.
Downloads 15% fewer bytes total.
An important consideration for this user test is the use of a WAN accelerator device between the two locations.
Teck uses a Riverbed device to accelerate traffic. WAN accelerators look for patterns within packets of data and
potentially only send packets that are unique, replacing duplicate packets with content that is cached on the other
end. For Teck to obtain accurate results, it was important to use files that have different content for each test,
instead of just renaming files.
To repeat this unit test, the Microsoft SharePoint writing team had colleagues in the Beijing office connect to
SharePoint sites in the Redmond office. In this scenario, two writers repeated the test multiple times throughout
the day and produced a range of results. Files with different content were used each time to avoid potential caching
issues, although a WAN accelerator device is not used between the two locations. The following table records the
results.
Microsoft writing team unit test — File upload from Beijing to Redmond (144ms latency)
VISUAL STUDIO 2012 UPDATE 1 NETWORK MONITOR WITH VISUAL ROUND TRIP ANALYZER
Repeatable unit and load test capabilities End-user oriented monitoring (true end-user experience
Data capture across servers and load test agents capture)
Plug-ins to test SharePoint loads Network packet and port analysis
Export to Excel with Pivot capability Low barrier to entry (free and easy setup)
Real and simulated bandwidth and latency capability Real bandwidth, latency, congestion, packet loss and
optimization is reflected
Test scenarios
Create test scenarios that reflect the types of actions users will perform as part of their jobs. Common scenarios
include the following:
Browse a team site
Fill out a form
Upload a document
Download a document
View a document in Office Web Apps Server
Edit a document in Office Online Server
Add a newsfeed post
Add a social tag
The goal is to have a well-rounded set of unit tests which capture actions that end-users perform in a SharePoint
environment and expose any potential latency-sensitive transactions.
Finally, make sure that you conduct rounds of tests at various times throughout the day to capture differences in
network utilization patterns. For example, 09:00 on Monday morning may have a very different network and
performance pattern compared to 23:00 on Friday. Also, be aware of events in other geographical regions, such as
a natural disaster that results in region-wide power outages, that might impact WAN routing or performance. A
comprehensive set of tests spread across different time intervals will provide insight and set expectations about
what your end-users will experience when they use SharePoint Server 2013 across the WAN.
Example WAN test using Visual Studio 2013
For an example test case, see SharePoint 2013 SharePoint 2013 WAN testing with Visual Studio 2012
walkthrough. This 3 megabyte Visio slide deck shows how to build a web test and load test for WAN testing that
uses Visual Studio 2013.
Example test results
Fabrikam is a fictional company that represents a large, world-wide manufacturing company that participated in
the SharePoint Server 2013 prerelease program. Fabrikam used Visual Studio to script a load test made up of
many unit tests and then ran the load test from multiple geographic locations.
In this first set of results, two users in the Fabrikam Shanghai, China, office ran the load test against the servers
running SharePoint Server 2013 in the Texas, USA datacenter. Latency is around 190 ms. The upload, download,
and Office Online Server tests were conducted with a 1 mb file.
Fabrikam — WAN performance across the feature set for Shanghai to Texas
The test results show that performance is good, especially for the social tasks.
The next set of results shows performance for the same load test across a larger set of geographic locations where
Fabrikam employees work. The SharePoint servers are located in Texas, USA.
Fabrikam — Results across the feature set for differentlocations
Even though there are varying degrees of latency, performance is good for users across the globe. The Fabrikam
test results provide an example of systematic WAN testing that uses a load test made up of many SharePoint tasks
that are important to the company.
Fabrikam is an example of a world-wide company that succeeds with a central datacenter model, instead of
deploying SharePoint Server 2013 to multiple regions across the world. If you plans include a move from a central
datacenter model to multiple SharePoint sites in different geographical regions, make sure that you conduct WAN
testing to see whether it is really necessary.
See also
Concepts
Global architectures for SharePoint 2013
SQL Server and storage (SharePoint Server)
6/7/2019 • 2 minutes to read • Edit Online
** CONTENT** DESCRIPTION
Overview of SQL Server in SharePoint Server 2016 and 2019 Describes the relationship between SharePoint Servers 2016
environments and 2019, the supported versions of SQL Server and how you
can interact with the databases.
Overview of SQL Server in a SharePoint Server 2013 Describes the relationship between SharePoint Server 2013
environment and supported versions of SQL Server and how you can
interact with the databases.
Deploy Azure SQL Managed Instance with SharePoint Server Describes how to deploy Azure SQL Managed Instance with
2016 and 2019 SharePoint Servers 2016 and 2019 that are hosted in
Microsoft Azure.
Storage and SQL Server capacity planning and configuration Describes a process for planning storage and SQL Server
(SharePoint Server) capacity for a SharePoint Server deployment.
Overview of SQL Server in SharePoint Server 2016
and 2019 environments
6/7/2019 • 10 minutes to read • Edit Online
NOTE
SQL Server Express is not supported with SharePoint Servers 2016 and 2019.
SQL Server 2017 on Linux is not supported with SharePoint Servers 2016 and 2019.
Depending on the installed version, you can use specific features of SQL Server, such as reporting and business
intelligence (BI with SharePoint Server 2016. For more information, see Hardware and software requirements for
SharePoint Server 2016.
SharePoint Server 2016 supports the following:
SQL Server 2016 Reporting Services (SSRS )
SQL Server 2016 Analysis Services (SSAS )
SharePoint Server 2019 supports the following:
SQL Server 2016 Reporting Services (SSRS )
SQL Server 2016 Analysis Services (SSAS )
NOTE
SQL Server Reporting Services integration with SharePoint Server 2019 is no longer supported. For more information, see
Reporting Services Report Server (SharePoint Mode) and Supported combinations of SharePoint and Reporting Services
server.
You can use the Report Viewer web part that has much of the same functionality as integrated mode. for more
information, see Add the Report Viewer web part to a web page and Report Viewer web part on a SharePoint site
- Reporting Services
NOTE
If you want to use Microsoft SQL Server Power Pivot for SharePoint or Microsoft Power View for SharePoint for BI solutions
you must install the Power Pivot or Power View add-ins for SQL Server 2016 RTM. The SQL Server 2014 (SP1) Power Pivot
for SharePoint and Power View for SharePoint BI solutions do not work with SharePoint Server 2016.
SharePoint Servers 2016 and 2019 and the SQL Server database
engine
The SharePoint Server 2016 application is built on the SQL Server database engine. Most content and settings in
SQL Server 2014 (SP1), SQL Server 2016, and SQL Server 2017 RTM are stored in relational databases. The
following table shows the databases that SharePoint Servers 2016 and 2019 use.
Service application Databases for service applications store the data that service
applications use.
For a full list of all of the databases that support SharePoint Servers 2016 and 2019, see Database types and
descriptions in SharePoint Server. The Quick reference guide: SharePoint Servers 2016 and 2019 Databases,
is available to download as either a PDF or Visio file.
SharePoint Server 2016 and SQL Server 2014 with Service Pack 1 (SP1)
SQL Server 2014 (SP1) provides greater performance, availability, and manageability with SharePoint Server
2016 than SQL Server 2014. While you can't use SQL Server Power Pivot for SharePoint or Power View for
SharePoint with SQL Server 2014 (SP1), you can use some business intelligence solutions with SharePoint Server
2016. For example, you can install Office Online Server to use Excel Online.
For more information, see Features Supported by the Editions of SQL Server 2014. For detailed information
about Office Online Server, see Configure Office Online Server for SharePoint Server 2016.
High Availability Solutions
We recommend AlwaysOn Availability Groups and AlwaysOn Failover Cluster Instances for high availability in
SQL Server 2014 Reporting Services (SP1). Other high availability solutions are database mirroring, and log
shipping. Both AlwaysOn Availability Groups and Failover Cluster Instances solutions require and use Windows
Server Failover Clustering (WSFC ).
NOTE
We recommend that you use AlwaysOn Availability Groups instead of database mirroring for your high availability solution
with SQL Server 2014 (SP1), SQL Server 2016, and SQL Server 2017 RTM for SharePoint Servers 2016 and 2019. For more
information, see Overview of SQL Server High-Availability Solutions.
For more information, see AlwaysOn Availability Groups (SQL Server), and Prerequisites, Restrictions, and
Recommendations for AlwaysOn Availability Groups (SQL Server).For information about high availability for SQL
Server Reporting Services, see High Availability (Reporting Services).
Log Shipping
SQL Server Log shipping provides a disaster recovery solution for single primary databases and multiple
secondary databases where each are located on separate instances of SQL Server. Log shipping backs up the
transaction log on the production server, copies the log to the backup or secondary instances, and is then available
to restore the log backup. You can then configure alerts to notify you when the production server fails. Then you
can fail over from the production server to the backup servers so if the production server fails one of the backup
or secondary servers can be brought online to act as the production server. For more information, see About Log
Shipping (SQL Server).
Reporting Services SharePoint mode
When you setup Reporting Services with SharePoint Server 2016 you create a report server. The report server is
the central component of Reporting Services. This component contains two processing engines and a set of unique
extensions that handle authentication, data processing, rendering, and delivery operations.
For more information, see Supported Combinations of SharePoint and Reporting Services Server and Add-in
(SQL Server 2016). The following levels of integration are provided when you run a report server in integrated
mode with SharePoint Server 2016.
Shared storage
Shared security
Same site access for all business documents such as reports, report models, and shared data sources
When Reporting Services runs in SharePoint integrated mode, both the SharePoint content and report server
databases store content and metadata. The following table shows the report server data that each database stores.
SharePoint configuration All report server configuration settings that you make in
Central Administration including:
Report server URL
Report server Reporting Services account information
Information about the authentication provider that is used on
the server
Site-level settings that limit or enable report history and
logging
Report server Internal copies of report content and metadata, which are also
stored in the SharePoint content database, and the following
report data:
Schedules
Subscriptions
Snapshots for report history or report execution
SharePoint mode in SQL Server 2016 is a SharePoint shared service that you configure in either the SharePoint
Central Administration website or by using Reporting Services SharePoint mode, Microsoft PowerShell cmdlets.
SharePoint mode supports SharePoint Server 2016 backup and restore for SQL Server Reporting Services service
application and Unified Logging Service (ULS ) trace logs. SharePoint mode also supports claims-based
authentication.
SharePoint mode requires that a report server component of Reporting Services must run within a SharePoint
Server farm. This means that a SharePoint application server must exist with the Reporting Services shared
service installed and at least one Reporting Services service application.
For more information, see Reporting Services Report Server (SharePoint Mode), Reporting Services Report
Server, and PowerShell cmdlets for Reporting Services SharePoint Mode.
SQL Server 2016
SQL Server 2016 provides business intelligence solutions for SharePoint Server 2016. The SharePoint mode of
SQL Server 2016 provides features for SQL Server Analysis Services and SQL Server Reporting Services. For
more information, see Features Supported by the Editions of SQL Server 2016.
When you install SQL Server 2016 Analysis Services (SSAS ) and SQL Server 2016 Reporting Services (SSRS ) in
a SharePoint Server 2016 farm the following business intelligence solutions are available:
SQL Server 2016 Power Pivot
SQL Server 2016 Power View
Reporting Services interactive report designer that runs on Power Pivot or Analysis Services tabular data
models
The following SharePoint Server 2016 business intelligence features are available when you upgrade to SQL
Server 2016 RTM:
Power Pivot Gallery
Scheduled Data Refresh
Workbooks as a Data Source
Power Pivot Management Dashboard
Power View reports
Power View Subscriptions
Report Alerting
For more information, download the new Deploying SQL Server 2016 PowerPivot and Power View in SharePoint
2016 white paper. For details about configuring and deploying business intelligence in a multiple server
SharePoint Server 2016 farm, download Deploying SQL Server 2016 PowerPivot and Power View in a Multi-Tier
SharePoint 2016 Farm.
For more information, see Supported Combinations of SharePoint and Reporting Services Server and Add-in
(SQL Server 2016) and Install SQL Server 2016 Business Intelligence Features.
Power Pivot for SharePoint
SQL Server 2016 RTM is required to deploy Power Pivot for SharePoint 2016. Power Pivot for SharePoint 2016 is
an add-in that is available in the SQL Server 2016 RTM Feature Pack. SQL Server 2016 Analysis Services must be
run in SharePoint mode. This provides a server that hosts Power Pivot data in a SharePoint farm. For more
information, see Install Analysis Services in Power Pivot Mode. The server that hosts Power Pivot for SharePoint
2016 can be outside a SharePoint Server 2016 farm.
SQL Server 2016 Analysis Services provides three modes for analysis, Multidimensional, Tabular, and Power Pivot
for SharePoint. Note that each server mode is independent of the others, and each supports a type of analytical
database that only runs in that modality. For more information about SQL Server 2016 Analysis Services, see
Analysis Services.
To configure Power Pivot for SharePoint you can use the Power Pivot for SharePoint 2013 Configuration tool, the
SharePoint Central Administration website, or Microsoft PowerShell cmdlets. The following table lists each
method and describes the process:
Power Pivot for SharePoint 2016 Configuration Tool Evaluates an existing installation and determines what needs
to be configured in the SharePoint farm and Power Pivot for
SharePoint and then configures everything required.
SharePoint Server 2016 Central Administration Central Administration provides the SQL Server Power Pivot
Service Application that you create to access the Power Pivot
Management Dashboard for your BI farm.
Microsoft PowerShell cmdlets Provides cmdlets that you can use to build PowerShell script
files (.ps1) and automate the configuration process for Power
Pivot for SharePoint.
Power View for SharePoint
Power View is a feature included with Microsoft SQL Server 2016 Reporting Services Add-in for Microsoft
SharePoint. Install SQL Server 2016 Reporting Services Add-in for SharePoint, and then configure the servers for
integration. When you deploy Power View for SharePoint you can create and interact with views of data from data
models that are based on Power Pivot workbooks that are published in a Power Pivot Gallery, or tabular models
that are deployed to SSAS. You can also create and view reports from SSRS on SharePoint document libraries. All
Power View reports provide multiple views that feature tiles, slicers, chart filters, and visualizations. For more
information, see What's New in Reporting Services (SSRS ).
See also
Other Resources
Supported Combinations of SharePoint and Reporting Services Server and Add-in (SQL Server 2016)
What's New in SQL Server 2016
Deprecated and Discontinued SQL Server Features in SQL Server 2016
What's New (Analysis Services)
Analysis Services
Features Supported by the Editions of SQL Server 2014
Deprecated Database Engine Features in SQL Server 2014
Deploy Azure SQL Managed Instance with
SharePoint Servers 2016 and 2019
6/7/2019 • 2 minutes to read • Edit Online
IMPORTANT
SharePoint Server farms must be hosted in Microsoft Azure to support Azure SQL Managed Instance. The SharePoint Server
farm and the managed instance must be hosted in the same Azure region. SharePoint Server farms don't support managed
instances when hosted in customer datacenters.
Deploying a managed instance with SharePoint Server lets you move your SQL Server on-premises application to
the cloud with little or no application and database changes. The following procedure shows how to deploy an
Azure SQL Database Managed Instance with SharePoint Servers 2016 and 2019.
Environment
1. Create a resource group with a vNet and then create two subnets. You can use the SQL Managed Instance
Virtual Network Environment template to create an Azure Virtual Network with two subnets.
2. Create subnet 1 (Default) and then create two VMs. First, set up VM 1 as an Active Directory Directory
Services domain controller and configure your domain. For more information, see Step-By-Step: Setting up
Active Directory in Windows Server 2016.
3. Install SharePoint Server 2016 or SharePoint Server 2019 in VM 2:
Run PrerequitsiteInstaller.exe
Run Setup.exe
Install the May 2019 sts core patch for SharePoint Server 2016, KB 4464549 or SharePoint Server
2019, KB 4464556
Install the April 2019 wssloc MUI/language pack patch for SharePoint Server 2016, KB 4461507 or
for SharePoint Server 2019, KB 4462221
NOTE
You can join other VMs to Active Directory in subnet 1.
4. Create an Azure SQL Managed Instance in subnet 2, within this resource group (ManagedInstance).
IMPORTANT
No other resources can reside in subnet 2 except for SQL MI.
5. Create the SharePoint farm, hosting the databases on SQL MI with SQL authentication. Open the
SharePoint Management Shell and run the following Windows PowerShell commands:
$FarmCredential = Get-Credential -Message "Provide the user name and password for the SharePoint
farm service account."
$DBCredential = Get-Credential -Message "Provide the user name and password for the Azure SQL
Managed Instance database login."
$FarmPassphrase = Read-Host -AsSecureString -Prompt "Provide the SharePoint farm passphrase"
Where:
<DBServer> is the name you gave the Azure SQL Managed Instance in step 4.
<ConfigDB> is the name of the SharePoint configuration database to be created.
<ServerRole> is the SharePoint MinRole server role for this server in the SharePoint farm.
6. Run the SharePoint Products Configuration Wizard to complete the configuration. Next open Central
Administration to complete the Farm Configuration Wizard.
NOTE
Access Services isn't supported with Azure SQL Managed Instances.
See also
Other Resources
Azure SQL Database managed instance
SQL Server instance migration to Azure SQL Database managed instance
Quickstart: Create an Azure SQL Database managed instance
Quickstart: Configure Azure VM to connect to an Azure SQL Database Managed Instance
Quickstart: Restore a database to a Managed Instance
Overview of SQL Server in a SharePoint Server 2013
environment
6/7/2019 • 9 minutes to read • Edit Online
NOTE
SharePoint Foundation 2013 does not support BI features, which require SharePoint Server 2013.
The minimum requirements for a database server in SharePoint Server 2013 are SQL Server 2008 R2 with
Service Pack 1 (SP1) or SQL Server 2012, or SQL Server 2014 64-bit versions. Note that to use the business
intelligence (BI) tools in SharePoint Server 2013 you must install SQL Server 2012 with Service Pack 1 (SP1) or
SQL Server 2014, 64-bit version. For more information, see Hardware and software requirements for SharePoint
Server 2016.
Service application Databases for service applications store the data that service
applications use.
For a full list of all of the databases that support SharePoint Server, see Database types and descriptions in
SharePoint Server. For a graphical representation of the databases that support SharePoint Server 2013, see
Databases that support SharePoint 20113.
Working with the SQL Server databases that support SharePoint Server
2013
The databases that support SharePoint Server 2013 are either created automatically with the SharePoint Products
Configuration Wizard or by database administrators when they manually configure SharePoint Server 2013.
Microsoft does not support directly querying or modifying the databases that support SharePoint Server. In
SharePoint Server the Usage and Health Data Collection database does support schema modifications.
The SQL Server databases that support SharePoint Server 2013 are subject to sizing limitations and to
configuration recommendations that are not standard for SQL Server. For more information, see Storage and SQL
Server capacity planning and configuration (SharePoint Server).
NOTE
Reporting Services supports SharePoint integrated mode using SharePoint Server 2013 only.
When you setup Reporting Services with SharePoint Server 2013 you create a report server. The report server is
the central component of Reporting Services. This component contains two processing engines and a set of unique
extensions that handle authentication, data processing, rendering, and delivery operations.
NOTE
When you configure a report server to run with SharePoint Server 2013 in integrated mode you must install the SQL Server
2012 Reporting Services add-in or later on a SharePoint front-end web server. > SQL Server 2008 R2 is the minimum version
and is not supported when you use SQL Server 2012 Reporting Services or SQL Server 2014 Reporting Services.
For more information, see Supported Combinations of SharePoint and Reporting Services Components. The
following levels of integration are provided when you run a report server in integrated mode with SharePoint
Server 2013.
Shared storage
Shared security
Same site access for all business documents such as reports, report models, and shared data sources
When Reporting Services runs in SharePoint integrated mode, both the SharePoint content and report server
databases store content and metadata. The following table shows the report server data that each database stores.
SharePoint configuration All report server configuration settings that you make in
Central Administration including:
Report server URL
Report server Reporting Services account information
Information about the authentication provider that is used on
the server
Site-level settings that limit or enable report history and
logging
Report server Internal copies of report content and metadata, which are also
stored in the SharePoint content database, and the following
report data:
Schedules
Subscriptions
Snapshots for report history or report execution
Reporting Services data alerts are available to inform recipients of changes in report data.
For more information, see Storing and Synchronizing Report Server Content With SharePoint Databases
NOTE
SharePoint Foundation 2013 does not support SQL Server BI features.
For more information, see AlwaysOn Availability Groups (SQL Server), and Prerequisites, Restrictions, and
Recommendations for AlwaysOn Availability Groups (SQL Server).
Reporting Services SharePoint mode
SharePoint mode in SQL Server 2012 Reporting Services and SQL Server 2014 Reporting Services is a
SharePoint Server 2013 shared service that you configure in either the SharePoint Central Administration website
or by using Reporting Services SharePoint mode Microsoft PowerShell cmdlets. For more information, see
PowerShell cmdlets (Reporting Services SharePoint Mode). SharePoint mode supports SharePoint Server 2013
backup and restore for SQL Server Reporting Services service application and Unified Logging Service (ULS )
trace logs. SharePoint mode also supports claims-based authentication. For more information, see the "SharePoint
Mode" section of What's New (Reporting Services). For more information about the SharePoint Microsoft
PowerShell cmdlets for ULS, see Logging and events cmdlets in SharePoint 2013.
SharePoint mode requires that a report server component of Reporting Services must run within a SharePoint
Server farm. This means that a SharePoint application server must exist with the Reporting Services shared service
installed and at least one Reporting Services service application.
For more information, see Reporting Services Report Server (SSRS ) and Reporting Services Report Server
(SharePoint Mode).
Business intelligence features
NOTE
SharePoint Foundation 2013 does not support BI features, which require SharePoint Server 2013.
When you install SQL Server 2012 Analysis Services (SSAS ) and SQL Server 2012 Reporting Services (SSRS ) in
a SharePoint Server 2013 farm the following business intelligence features are enabled:
SQL Server 2012 Power Pivot for SharePoint 2013
Power View for SharePoint 2013
Reporting Services interactive report designer that runs on Power Pivot or Analysis Services tabular data
models
The xVelocity in-memory analytics engine in SQL Server 2012 supports both self-service BI and corporate BI. For
more information, see xVelocity in SQL Server 2012.
For more information, see Guidance for Using SQL Server BI Features in a SharePoint Farm, Install SQL Server BI
Features with SharePoint 2013 (SQL Server 2012 SP1), and Install SQL Server BI Features with SharePoint
(PowerPivot and Reporting Services).
Power Pivot for SharePoint 2013
SQL Server 2012 with SP1 is required to deploy Power Pivot for SharePoint 2013. Power Pivot for SharePoint
2013 is a SharePoint Server service application that becomes available when Analysis Services runs in SharePoint
mode. This provides a server that hosts Power Pivot data in a SharePoint farm. SQL Server 2012 Analysis Services
provides three modes for analysis, Multidimensional, Tabular, and Power Pivot for SharePoint. Note that each
server mode is independent of the others, and each supports a type of analytical database that only runs in that
modality. For more information about SQL Server 2012 Analysis Services (SSAS ), see Analysis Services. For more
information about SQL Server 2014 Analysis Services, see Analysis Services. The server that hosts Power Pivot
for SharePoint 2013 can be outside a SharePoint Server 2013 farm.
To configure Power Pivot for SharePoint you can use the SharePoint Central Administration website, the Power
Pivot for SharePoint 2013 Configuration tool, or Microsoft PowerShell cmdlets. The following table lists each
method and describes the process:
SharePoint Server 2013 Central Administration Provides all available options to configure the Power Pivot for
SharePoint service application.
Power Pivot for SharePoint 2013 Configuration Tool Evaluates an existing installation and determines what needs
to be configured in the SharePoint farm and Power Pivot for
SharePoint and then configures everything required.
Microsoft PowerShell cmdlets Provides cmdlets that you can use to build PowerShell script
files (.ps1) and automate the configuration process for Power
Pivot for SharePoint.
The Power Pivot for SharePoint 2013 add-in enables PowerPivot Gallery, Schedule Data Refresh, and the
PowerPivot Management Dashboard in Central Administration. For more information, see PowerPivot for
SharePoint (SSAS ).
See also
Other Resources
Supported Combinations of SharePoint and Reporting Services Components
What's New (Analysis Services)
Features Supported by the Editions of SQL Server 2014
Deprecated Database Engine Features in SQL Server 2014
Storage and SQL Server capacity planning and
configuration (SharePoint Server)
7/17/2019 • 42 minutes to read • Edit Online
NOTE
If you want to use SQL Server database mirroring to provide availability for the Configuration database, you must use
the full recovery model.
IOPS requirements for the Configuration database and Central Administration content database are minimal.
Content storage and IOPS
Estimating the storage and IOPS required for content databases is not a precise activity. In testing and
explaining the following information, we intend to help you derive estimates to use to determine the initial size
of your deployment. However, when your environment is running, we expect that you'll revisit your capacity
needs based on the data from your live environment.
For more information about our overall capacity planning methodology, see Capacity management and sizing
for SharePoint Server 2013.
Formula to estimate content database storage
The following process describes how to approximately estimate the storage required for content databases,
without considering log files:
1. Use the following formula to estimate the size of your content databases:
Database size = ((D × V ) × S ) + (10 KB × (L + ( V × D )))
NOTE
The value, 10 KB, in the formula is a constant that approximately estimates the amount of metadata required by
SharePoint Server. If your system requires significant use of metadata, you may want to increase this constant.
2. Calculate the expected number of documents. This value is known as D in the formula.
How you calculate the number of documents will be determined by the features that you are using. For
example, for My Sites or collaboration sites, we recommend that you calculate the expected number of
documents per user and multiply by the number of users. For records management or content
publishing sites, you may calculate the number of documents that are managed and generated by a
process.
If you are migrating from a current system, it may be easier to extrapolate your current growth rate and
usage. If you are creating a new system, review your existing file shares or other repositories and
estimate based on that usage rate.
3. Estimate the average size of the documents that you'll be storing. This value is known as S in the
formula. It may be worthwhile to estimate averages for different types or groups of sites. The average
file size for My Sites, media repositories, and different department portals can vary significantly.
4. Estimate the number of list items in the environment. This value is known as L in the formula.
List items are more difficult to estimate than documents. We generally use an estimate of three times
the number of documents (D ), but this will vary based on how you expect to use your sites.
5. Determine the approximate number of versions. Estimate the average number of versions any
document in a library will have. This value will usually be much lower than the maximum allowed
number of versions. This value is known as V in the formula.
The value of V must be above zero.
As an example, use this formula and the characteristics in the following table to estimate the required storage
space for data files in a content database for a collaboration environment. The result is that you need
approximately 105 GB.
INPUT VALUE
Database size = (((200,000 x 2)) × 250) + ((10 KB × ( 600,000 + ( 200,000 x 2))) = 110,000,000 KB or 105 GB
NOTE
Efficient File I/O in SharePoint Server is a storage method in which a file is split into pieces that are stored and updated
separately. These pieces are streamed together when a user requests the file. This increases the I/O performance but it
normally does not increase the file size. However, small files can see a small increase in the disk storage that is required.
NOTE
Office Online Server is the next version of Office Web Apps Server. Using Office Online Server with SharePoint Servers
2016 and 2019 doesn't affect the size of the content database. To deploy Office Online Server in your SharePoint Server
2016 farm, see Deploy Office Online Server.
To estimate the storage requirements for the service applications in the system, you must first be aware of the
service applications and how you'll use them. Service applications that are available in SharePoint Server
2016 and that have databases are listed in the following tables. The storage and IOPs data for all of the
service applications in SharePoint Servers 2016 and 2019 remains the same as in SharePoint Servers 2010
and 2013.
Search service application storage and IOPS requirements
DATABASE SCALING DISK IOPS DISK SIZE 10M ITEMS 100M ITEMS
User Profile The User Profile service application is associated with three
databases: Profile, Synchronization, and Social Tagging.
Note: The testing for the User Profile database storage
requirements and IOPS recommendations is not yet
complete. Check back for additional information.
For User Profile database information, see Database types
and descriptions in SharePoint Server.
Managed Metadata Service The Managed Metadata service application has one
database. The size of the database is affected by the
number of content types and keywords used in the system.
Many environments will include multiple instances of the
Managed Metadata service application.
Secure Store Service The size of the Secure Store service application database is
determined by the number of credentials in the store and
the number of entries in the audit table. We recommend
that you allocate 5 MB for each 1,000 credentials for it. It
has minimal IOPS.
Word Automation Services The Word Automation service application has one
database. We recommend that you allocate 1 GB for it. It
has minimal IOPS.
Business Data Connectivity service The Business Data Connectivity service application has one
database. This database is small and significant growth is
unlikely. It has minimal IOPS.
SERVICE APPLICATION SIZE ESTIMATION RECOMMENDATION
Power Pivot The Power Pivot Service application has one database. This
database is small and has no significant I/O impact. We
recommend that you use the same IOPS as the SharePoint
content database. Note that content databases have
significantly higher I/O requirements than the Power Pivot
service application database.
Transparent data encryption If your security requirements include the need for transparent data
encryption, you must use SQL Server Enterprise Edition.
Content deployment If you plan to use the content deployment feature, consider SQL Server
Enterprise Edition so that the system can take advantage of database snapshots.
NOTE
If you are using a Remote BLOB storage provider that does not support database snapshots, you can't use
snapshots for content deployment or backup.
Remote BLOB storage If you want to take advantage of remote BLOB storage to a database or
location outside the files associated with each content database, you must use the Enterprise Edition of:
SharePoint Server 2019
SQL Server 2016
SQL Server 2017 RTM
SharePoint Server 2016
SQL Server 2014 (SP1)
SQL Server 2016
SQL Server 2017 RTM
SharePoint 2013
SQL Server 2008 R2 with SP1
SQL Server 2012 Enterprise Edition
Resource governor Resource Governor is a technology introduced in SQL Server 2008 to enable you
to manage SQL Server workloads and resources by specifying limits on resource consumption by
incoming requests. Resource Governor enables you to differentiate workloads and allocate CPU and
memory as they are requested, based on the limits that you specify. For more information about how to
use Resource Governor, see Resource Governor for SQL Server 2014 and Resource Governor for SQL
Servers 2016 and 2019.
We recommend that you use Resource Governor with SharePoint Server to:
Limit the amount of SQL Server resources that the web servers targeted by the search crawl
component consume. As a best practice, we recommend limiting the crawl component to 10
percent CPU when the system is under load.
Monitor how many resources are consumed by each database in the system — for example, you
can use Resource Governor to help you determine the best placement of databases among
computers that are running SQL Server.
Microsoft Power Pivot for SharePoint Enables users to share and collaborate on user-generated
data models and analysis in Excel on the web while automatically refreshing those analyses. You must
have Office on the web to use Excel on the web with Power Pivot for SharePoint and SharePoint Server
2016. You can use SQL Server 2014 (SP1) or SQL Server 2016 RTM Enterprise Edition and SQL
Server Analysis Services for business intelligence with SharePoint Server 2016. However, you can only
use Power Pivot for SharePoint with SQL Server 2016 RTM, not with SQL Server 2014 (SP1).
Power Pivot for SharePoint 2013 Enables users to share and collaborate on user-generated data
models and analysis in Excel and in the browser while automatically refreshing those analyses. It is part
of SQL Server 2008 R2 Analysis Services (SSAS ) Datacenter and Enterprise Edition, SQL Server 2012
SP1 Analysis Services (SSAS ) Enterprise Edition, and SQL Server 2014 Analysis Services (SSAS )
Enterprise and Business Intelligence Edition.
NOTE
NAS is only supported for use with content databases that are configured to use remote BLOB storage (RBS). Any
network storage architecture must respond to a ping within 1 ms and must return the first byte of data within 20 ms.
This restriction does not apply to the local SQL Server FILESTREAM provider, because it only stores data locally on the
same server.
NOTE
Some confusion exists about if you use the Internet Small Computer System Interface (iSCSI) and assume that it is a
NAS protocol. If you access this iSCSI storage through the Common Internet File System (CFIS), it is a NAS protocol. This
means that you can't use this storage with content databases if they aren't configured to use RBS. If however, you
access this iSCSI storage through a locally attached hard disk, it is considered a SAN architecture. This means that you
can use it with NAS.
Recommendation for more than 5 terabytes Additional RAM over 64 GB can improve SQL Server
caching speed
NOTE
These values are higher than those recommended as the minimum values for SQL Server because of the distribution of
data required for a SharePoint Server environment. For more information about SQL Server system requirements, see
Hardware and Software Requirements for Installing SQL Server 2014 and Hardware and Software Requirements for
Installing SQL Server for SQL Servers 2016 and 2017.
For information about SQL Server capacity limits and specifications see Compute Capacity Limits by Edition
of SQL Server and Maximum Capacity Specifications for SQL Server.
Other factors that may influence the memory that is required include the following:
The use of SQL Server mirroring.
The frequent use of files larger than 15 megabytes (MB ).
NOTE
If you use iSCSI, make sure each network adapter is dedicated to either network communication or iSCI, not
both.
Configure SQL Server
The following sections describe how to plan to configure SQL Server for SharePoint Server.
In this section:
Estimate how many servers are required
Configure storage and memory
Set SQL Server options
Configure databases
Estimate how many servers are required
In general, SharePoint Server is designed to take advantage of SQL Server scale out. For example, SharePoint
Server may perform better with many medium-size servers that are running SQL Server than with only
several large servers.
Always put SQL Server on a dedicated server that is not running any other farm roles or hosting databases
for any other application. The only exception to this recommendation is if you deploy the system on a stand-
alone server for a development or a non-performance oriented test environment. Although SQL Server can
run on the same server as SharePoint, we recommend running SQL Server on a separate server for better
performance.
The following is general guidance for when to deploy an additional server that will run a SQL Server instance:
Add an additional database server when you have more than four web servers that are running at
capacity.
Add an additional database server when your current server has reached its effective resource limits of
RAM, CPU, disk IO throughput, disk capacity, or network throughput.
For more information, see Compute Capacity Limits by Edition of SQL Server and Maximum Capacity
Specifications for SQL Server.
To promote secure credential storage when you are running the Secure Store service application, we
recommend that the Secure Store database be hosted on a separate database instance where access is limited
to one administrator.
Configure storage and memory
On the server that is running SQL Server, we recommend that the L2 cache per CPU have a minimum of 2
MB to improve memory.
Follow vendor storage configuration recommendations
For optimal performance when you configure a physical storage array, adhere to the hardware configuration
recommendations supplied by the storage vendor instead of relying on the default values of the operating
system.
If you do not have guidance from your vendor, we recommend using the PowerShell storage cmdlets that are
available for Windows Server 2012 R2. For more information, see Storage Cmdlets in Windows PowerShell.
Provide as many resources as possible
Ensure that the SQL Server I/O channels to the disks are not shared by other applications, such as the paging
file and Internet Information Services (IIS ) logs.
Provide as much bus bandwidth as possible. Greater bus bandwidth helps improve reliability and
performance. Consider that the disk is not the only user of bus bandwidth — for example, you must also
account for network access.
Set SQL Server options
The following SQL Server settings and options should be configured before you deploy SharePoint Server.
Do not enable auto-create statistics on a server that hosts SQL Server and supports SharePoint Server.
SharePoint Server configures the required settings upon provisioning and upgrade. Auto-create
statistics can significantly change the execution plan of a query from one instance of SQL Server to
another instance of SQL Server. Therefore, to provide consistent support for all customers, SharePoint
Server provides coded hints for queries as needed to provide the best performance across all scenarios.
To ensure optimal performance, we strongly recommend that you set max degree of parallelism
(MAXDOP ) to 1 SQL Server instances that host SharePoint Server databases. For more information
about how to set max degree of parallelism, see Configure the max degree of parallelism Server
Configuration Option.
Configure databases
The following guidance describes best practices to plan for as you configure each database in your
environment.
Separate and prioritize your data among disks
Ideally, you should place the tempdb database, content databases, Usage database, search databases, and SQL
Server 2014 (SP1), SQL Server 2016, SQL Server 2017 RTM, SQL Server 2008 R2 with SP1 and SQL Server
2012 transaction logs on separate physical hard disks.
The following list provides some best practices and recommendations for prioritizing data:
When you prioritize data among faster disks, use the following ranking:
Tempdb data files and transaction logs
Database transaction log files
Search databases, except for the Search administration database
Database data files
In a heavily read-oriented portal site, prioritize data over logs.
Testing and customer data show that SharePoint Server farm performance can be significantly impeded
by insufficient disk I/O for tempdb. To avoid this issue, allocate dedicated disks for tempdb. If a high
workload is projected or monitored — that is, the average read action or the average write action
requires more than 20 ms — you might have to ease the bottleneck by either separating the files across
disks or by replacing the disks with faster disks.
For best performance, place the tempdb on a RAID 10 array. The number of tempdb data files should
equal the number of core CPUs, and the tempdb data files should be set at an equal size. Count dual
core processors as two CPUs for this purpose. Count each processor that supports hyper-threading as
a single CPU. For more information, see Optimizing tempdb Performance.
Separate database data and transaction log files across different disks. If files must share disks because
the files are too small to warrant a whole disk or stripe, or you have a shortage of disk space, put files
that have different usage patterns on the same disk to minimize concurrent access requests.
Consult your storage hardware vendor for information about how to configure all logs and the search
databases for write optimization for your particular storage solution.
Use multiple data files for content databases
Follow these recommendations for best performance:
Only create files in the primary filegroup for the database.
Distribute the files across separate disks.
The number of data files should be less than or equal to the number of core CPUs. Count dual core
processors as two CPUs for this purpose. Count each processor that supports hyper-threading as a
single CPU.
Create data files of equal size.
IMPORTANT
Although you can use the backup and recovery tools that are built in to SharePoint Server to back up and recover
multiple data files, if you overwrite in the same location, the tools can't restore multiple data files to a different location.
For this reason, we strongly recommend that when you use multiple data files for a content database, you use SQL
Server backup and recovery tools. For more information about how to back up and recover SharePoint Server, see Plan
for backup and recovery in SharePoint Server.
For more information about how to create and manage filegroups, see Physical Database Files and
Filegroups.
Limit content database size to improve manageability
Plan for database sizing that will improve manageability, performance, and ease of upgrade for your
environment.
To help ensure system performance, we recommended that you limit the size of content databases to 200 GB,
except when specific usage scenarios and conditions support larger sizes. For more information about content
database size limits, see the "Content database limits" section in Software boundaries and limits for
SharePoint Servers 2016 and 2019.
We generally recommend that a site collection should not exceed 100 GB unless it is the only site collection in
the database so that you can use the SharePoint Server granular backup tools to move a site collection to
another database if you need to.
Proactively manage the growth of data and log files
We recommend that you proactively manage the growth of data and log files by considering the following
recommendations:
As much as possible, pre-grow all data and log files to their expected final size.
We recommend that you enable autogrowth for safety reasons. Do not rely on the default autogrowth
settings. Consider the following guidelines when you configure autogrowth:
When you plan content databases that exceed the recommended size (200 GB ), set the database
autogrowth value to a fixed number of megabytes instead of to a percentage. This will reduce
the frequency with which SQL Server increases the size of a file. Increasing file size is a blocking
action that involves filling the new space with empty pages.
If the calculated size of the content database is not expected to reach the recommended
maximum size of 200 GB within the next year, set it to the maximum size the database is
predicted to reach in a year — with 20 percent additional margin for error — by using the
ALTER DATABASE MAXSIZE property. Periodically review this setting to make sure that it is
still an appropriate value, depending on past growth rates.
Maintain a level of at least 25 percent available space across disks to allow for growth and peak usage
patterns. If you are managing growth by adding disks to a RAID array or allocating more storage,
monitor disk size closely to avoid running out of space.
For example, if you have a RAID 1 system that has two physical disks, and your counters are at the values that
are shown in the following table.
COUNTER VALUE
The I/O value per disk can be calculated as follows: (80 + (2 × 70))/2 = 110
The disk queue length can be calculated as follows: 5/2 = 2.5
In this situation, you have a borderline I/O bottleneck.
Other monitoring tools
You can also monitor disk latency and analyze trends by using the sys.dm_io_virtual_file_stats dynamic
management view in SQL Server 2008. For more information, see sys.dm_io_virtual_file_stats (Transact-SQL ) .
SQL Server 2012 for SharePoint Server 2013
Thanks to Bill Baer, Microsoft Senior Product Marketing Manager and Brian Alderman, CEO and Founder of
MicroTechPoint for providing a series of online SQL Server 2012 training modules. Special thanks to Channel
9 Microsoft for hosting these online training modules. The following training modules provide details about
SQL Server 2012 database settings to help you learn how to improve SharePoint Server 2016 performance,
availability, and security.
Tuning SQL Server 2012 for SharePoint 2013: (01) Key SQL Server and SharePoint Server Integration
Tuning SQL Server 2012 for SharePoint 2013: (02) Best Practices for SQL Server Database Settings
Tuning SQL Server 2012 for SharePoint 2013: (03) Server Settings for SQL Server
Tuning SQL Server 2012 for SharePoint 2013: (04) SQL Server and SharePoint Availability
See also
Concepts
Overview of SQL Server in SharePoint Server 2016 and 2019 environments
Optimize performance for SharePoint Server 2013
Best practices for SQL Server in a SharePoint Server farm
Performance planning in SharePoint Server 2013
Capacity management and sizing for SharePoint Server 2013
Capacity planning for SharePoint Server 2013
Other Resources
Overview of SQL Server in a SharePoint Server 2013 environment
Manage databases in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Add content databases in SharePoint Server Adding a content database to an existing Web application is a
common task. This article describes how to add a content
database to an existing SharePoint Server implementation.
Attach or detach content databases in SharePoint Server Certain operations, such as applying updates or creating
copies of configuration settings, require that you detach and
then attach databases. This article describes how to do these
procedures.
Move site collections between databases in SharePoint Server Under some circumstances, you might want to move one or
more site collections to a different content database. For
example, a site collection can outgrow the content database
on which it is located, and you would have to move the site
collection to a larger content database. Conversely, if site
collections do not grow to their expected capacity, it might be
convenient to combine several site collections onto one
content database. This article describes how to move site
collections between databases.
Move content databases in SharePoint Server This article describes how to move content databases between
servers that are running SQL Server, between instances of
SQL Server, or from one SharePoint Server Web application to
another. You can also move a content database to load
balance a database server or Web application.
Move all databases in SharePoint Server This article describes how to move all of the databases
supported by SharePoint Server from one database server to
another database server. If your SharePoint databases are
hosted on different servers, this procedure applies to the
database server that hosts the configuration database.
Move or rename service application databases in SharePoint Learn how to move and rename service application databases
Server by using SQL Server, and then how to point the service
application to the moved or renamed database.
Run a farm that uses read-only databases in SharePoint A read-only farm can be part of a disaster recovery
Server environment. Alternatively, it can be part of a highly available
maintenance, patching, or upgrade environment that provides
user access while another version of the farm is being
updated. This article describes how to run a SharePoint Server
farm in which content databases are set to be read-only (a
read-only farm).
Manage RBS in SharePoint Server Learn about Remote BLOB Storage (RBS) and how to manage
RBS in SharePoint Server.
CONTENT DESCRIPTION
Best practices for SQL Server in a SharePoint Server farm Learn about best practices for SQL Server in a SharePoint
Server farm.
See also
Concepts
Overview of backup and recovery in SharePoint Server
Plan for backup and recovery in SharePoint Server
Database types and descriptions in SharePoint Server
Add content databases in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
IMPORTANT
The account name and password must already exist as a SQL Server login.
Specify the name of the failover database server, if one exists.
Specify the number of top-level sites that can be created before a warning is issued. By default, this is 2,000.
Specify the total number of top-level sites that can be created in the database. By default, this is 5,000.
7. Click OK.
To add a content database to a web application by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
NOTE
To attach an existing content database to a web application, use the Microsoft PowerShell cmdlet Mount-
SPContentDatabase. For more information, see Mount-SPContentDatabase.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Attach or detach content databases in SharePoint Server
Move site collections between databases in SharePoint Server
Attach or detach content databases in SharePoint
Server
8/13/2019 • 4 minutes to read • Edit Online
NOTE
The account name and password must already exist as a SQL Server login. We recommend that you use Windows
authentication instead of SQL authentication because, by default, SQL authentication sends a nonencrypted
password to the computer that is running SQL Server. If you use SQL authentication, the SQL account requires the
same SQL permissions as the SharePoint farm service account.
Click OK.
To detach a content database by using Central Administration
1. Verify that the user account that is performing this procedure is a member of the Farm Administrators
SharePoint group.
2. On the SharePoint Central Administration website, click Application Management.
3. On the Application Management page, in the Databases section, click Manage content databases.
4. Select the web application for which you want to detach a content database.
5. Click the content database that you want to detach.
6. On the Manage Content Database Settings page, select the Remove content database check box.
If the content database contains data, you will receive a warning. Click OK to continue with the operation.
7. Click OK to confirm the detachment, or click Cancel to stop the operation without detaching the database.
After detaching the content database in Central Administration, the content database still exists in SQL
Server. If you want to permanently remove the content database, you must do so by using a SQL Server
procedure.
To attach or detach a content database by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<ContentDb> is the content database to be attached.
<DbServer> is the name of the database server.
http://SiteName is the name of the web application to which the content database is being attached.
To detach a content database:
Dismount-SPContentDatabase "<ContentdBName>"
> [!IMPORTANT]
> If you have multiple content databases that have the same name, you must use the content database GUID in
this command instead of using the content database name. To retrieve the GUID of the content database, run
the **Get-SPContentDatabase** cmdlet with no arguments.
The Dismount-SPContentDatabase cmdlet detaches the content database from the web application, but it does
not delete the content database from SQL Server. After a content database is detached, you cannot delete it by
using PowerShell. You can only remove it by using SQL Server tools. If you want to delete the content database
from SQL Server while you detach it, use the Remove-SPContentDatabase cmdlet instead.
For more information, see Dismount-SPContentDatabase and Mount-SPContentDatabase.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Other Resources
Get-SPContentDatabase
New -SPContentDatabase
Remove-SPContentDatabase
Move site collections between databases in
SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
TIP
You can stay current about the space that site collections are using by creating site quotas and e-mail alerts..
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
$used
Where:
The amount of disk space that is being used by the specified site collection is stored in the _$used_
variable, and is displayed at the command prompt when the second command is run.
> [!NOTE]
> The amount of disk space that is displayed does not include the disk space that is used by the auditing
data that will be moved with the site collection.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
To delete the audit data without archiving it first, type the following command:
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<http://ServerName/Sites/SiteName> is the name of the site collection.
<DestinationContentDb> is the name of the destination content database.
To move multiple site collections
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
This command moves all site collections from the source content database to the destination content database.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Add content databases in SharePoint Server
Move content databases in SharePoint Server
6/7/2019 • 14 minutes to read • Edit Online
IMPORTANT
This article only describes how to move content databases. For information about how to move other kinds of databases
that are associated with SharePoint Server, see Move or rename service application databases in SharePoint Server and Move
all databases in SharePoint Server.
You can move content databases by using the SharePoint Central Administration website or Microsoft PowerShell,
and SQL Server tools. Which tool that you use depends on what kind of environment you have deployed, what
your schedule requires, and what service level agreements that you have made with your organization.
IMPORTANT
To move the content database file within the same instance SQL Server we recommend that you use the FILENAME
clause of the ALTER DATABASE statement. For more information, see Move User Databases.
IMPORTANT
To move a content database to another instance of SQL Server or to another server, we recommend that you use
procedures found in Database Detach and Attach (SQL Server) or Back Up and Restore of SQL Server Databases.
5. Copy or move the content database .mdf, .ndf, and .ldf files from the source location to the destination
location using File Explorer.
6. Attach the content database to the new SQL Server instance.
7. Add the content database to the destination web application in SharePoint Server.
IMPORTANT
Use the identical name when you add the content database or SharePoint Server creates a new content database.
8. Restart all service applications and services that you paused in step 2.
NOTE
The procedures in this section use Central Administration to move content databases. However, the first procedure, must be
performed by using PowerShell.
NOTE
If you are moving a content database to a different farm, you must make the server farm account a member of the
Administrators group on the database server during the restore process. This enables the account to replicate the security
setting for the databases. This access level can be removed after the content database is moved. For more information, see
Account permissions and security settings in SharePoint Server 2016.
The destination farm must be running the same version or a later version of SharePoint Server than the source
farm is running.
1. To record which content databases are associated with each web application
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
The dbcreator and securityadmin fixed server roles on the destination server, in order to attach the
database and configure SQL Server logins.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
> [!NOTE]
> We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product
versions.
NOTE
If the content database does not appear in the list, it might be associated with another web application. To select
another web application, on the Web Application menu, click Change Web Application.
4. On the Manage Content Database Settings page, in the Remove Content Database section, select the
Remove content database check box, and then click OK.
NOTE
Removing the content database does not delete the database. It only removes the association of the database with
the web application.
5. Repeat steps 3 and 4 for each content database that you want to move.
4. To detach the content databases from SQL Server
1. Verify that the user account that is performing this procedure is a member of the db_owner fixed database
role on the database server where each database is stored.
2. In SQL Server Management Studio, open the source SQL Server instance, and then expand the Databases
node.
3. Right-click the content database, point to Tasks, and then click Detach. Repeat this step for each content
database that you want to move.
NOTE
Use this procedure to move only content databases. Do not detach any other kinds of databases.
NOTE
Verify that the name is correct. If it is not, a new database will be created.
7. Specify the authentication method for the database, and then click OK.
8. Repeat these steps for each database that you are adding. Be sure that you select the correct web
application from the Web Application menu for each database.
8. To restart timer jobs by using Central Administration
1. Verify that the user account that is performing this procedure is a member of the Farm Administrators
group.
2. In Central Administration, in the Monitoring section, click Check Job Status.
3. For each scheduled job that you disabled previously, click the job to open the Edit Timer Job page, click
Enable, and then click OK.
NOTE
If you are moving a content database to a different farm, you must make the server farm account a member of the
Administrators group on the database server during the restore process. This enables the account to replicate the security
setting for the databases. This access level can be removed after the content database is moved.
The destination farm must be running the same version or a later version of SharePoint Server than the source
farm is running.
1. To record which content databases are associated with each web application
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
The dbcreator and securityadmin fixed server roles on the destination server, in order to attach the
database and configure SQL Server logins.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<http://WebApplicationURL> is the Web application associated with the content database that you are
moving.
<c:\timerjobfile.txt> is the location of the file that you are creating that lists all timer jobs associated with the
Web application.
For more information, see Get-SPTimerJob, Out-File, ForEach-Object, Get-Content, and Disable-SPTimerJob.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
3. To detach content databases from a web application by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
The dbcreator and securityadmin fixed server roles on the destination server, in order to attach the
database and configure SQL Server logins.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Dismount-SPContentDatabase "<ContentDB>"
> [!NOTE]
> If you have multiple content databases that have the same name, you must use the content database GUID in
this command instead of using the content database name. To retrieve the GUID of the content database, run the
**Get-SPContentDatabase** cmdlet without arguments.
> [!NOTE]
> We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product
versions.
NOTE
Use this procedure to move only content databases. Do not detach any other kinds of databases.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
> [!NOTE]
> We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product
versions.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where: _\<c:\timerjobfile.txt\>_ is the location of the file that you created that lists all of the timer
jobs associated with the Web application.
> [!NOTE]
> We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product
versions.
See also
Concepts
Move all databases in SharePoint Server
Move all databases in SharePoint Server
6/7/2019 • 10 minutes to read • Edit Online
IMPORTANT
To move database files within the same instance of SQL Server we recommend that you use the FILENAME clause of the
ALTER DATABASE statement. For more information, see Move User Databases.
NOTE
To move a database to another instance of SQL Server or to another server, we recommend that you use procedures found
in Database Detach and Attach (SQL Server) or Back Up and Restore of SQL Server Databases.
The following are the minimum permissions that are required to perform this process:
You must be a member of the Farm Administrators SharePoint group.
On the computer that is running the SharePoint Central Administration Web site, you must be a member
of the Administrators group.
On the database server from which the databases are being moved, you must be a member of the
following:
The Administrators group
The db_backupoperator fixed database role
On the database server to which the databases are being moved, you must be a member of the following:
The Administrators group
The db_owner fixed database role
In some environments, you must coordinate the move procedures with the database administrator. Be sure to
follow applicable policies and guidelines for managing databases.
IMPORTANT
When you move databases, all farm sites and assets are unavailable to users until the process is complete. Complete this
operation outside normal business hours.
NOTE
It is important that the destination server where you move the databases has the same database information that
the current SQL Server instance has. For details about how to do this, see How to transfer logins and passwords
between instances of SQL Server. For more information, see Server-Level Roles and Database-Level Roles.
7. Attach the databases to the new destination server that runs SQL Server.
8. Use SQL Server connection aliases to point to the new database server and update all web servers.
If you do not want to use SQL Server connection aliases use one of the following procedures to update the
database connections for your SharePoint Server farm.
Scenario 1: Use this procedure to update the database connections if you use SharePoint Server and SQL
Server AlwaysOn Availability Groups for high availability or disaster recovery.
Scenario 2: Use this procedure if you must use manual steps or if you move the databases from a
SharePoint Server Single-server farm role installation to a new Single-server farm role installation.
9. Restart all services that you stopped in step 3.
To prepare the new database server
Use the procedures in Configure SQL Server security for SharePoint Server to configure the new database server.
The new database server must run either the same version of Windows Server and SQL Server as the existing
database server, or one of the following versions:
For SharePoint Server 2019:
Windows Server 2019
Windows Server 2016
SQL Server 2016
SQL Server 2017
For SharePoint Server 2016:
Windows Server 2012 R2
Windows Server 2016
SQL Server 2014 Service Pack 1 (SP1)
SQL Server 2016
For SharePoint 2013:
Windows Server 2008 R2
Windows Server 2008 R2 Service Pack 1 (SP1)
Windows Server 2012
SQL Server 2008
SQL Server 2012
SQL Server 2014
The version of the existing SharePoint Server and Windows Server must also support the version of the new SQL
Server where the DBs are being moved. For more information, see Hardware and software requirements for
SharePoint Server 2016 and Hardware and software requirements for SharePoint 2013.
To close all open sessions of SharePoint Management Shell
1. Close all open SharePoint Management Shell windows, and all open command prompt windows.
To stop the farm
1. On the server that is running Central Administration, stop the following services:
SharePoint Administration
SharePoint Timer
SharePoint Tracing
SharePoint User Code Host
SharePoint VSS Writer
World Wide Web Publishing Service
SharePoint Server Search 16
2. On the server that is running Central Administration, at a command prompt, type iisreset /stop.
To detach databases
1. In SQL Server Management Studio on the original database server, detach the databases that you want to
move from the instance to which they are attached. If you are running many databases, you may want to
run a Transact-SQL script to detach databases.
A database cannot be detached if any one of the following is true:
The database is being mirrored.
A database snapshot exists on the database.
For more information, see: Database Detach and Attach (SQL Server), Detach a Database, and
sp_detach_db (Transact-SQL ).
To move database files to the new server
1. Verify that the user account that is performing this procedure is a member of the following:
On the database server from which the databases are being moved, you must be a member of the
following:
The Administrators group
The db_backupoperator fixed database role
On the database server to which the databases are being moved, you must be a member of the following:
The Administrators group
The db_owner fixed database role
2. Use Windows Explorer to locate the .mdf, .ldf, and .ndf files that are associated with each database that you
are moving.
3. Copy or move the files to the destination directory on the new computer that is running SQL Server.
To set up permissions on the new server
1. Verify that the user account that is performing this procedure is a member of the following:
The Administrators group
The db_owner fixed database role
2. On the destination database server, start Management Studio and transfer your logon credentials and
permissions from the original instance to the destination instance. We recommend that you transfer
permissions by running a script. An example script is available in How to transfer logins and passwords
between instances of SQL Server.
For more information about how to transfer SQL Server metadata between instances, see Managing
Metadata When Making a Database Available on Another Server Instance.
To attach databases to the new instance of SQL Server
1. Verify that the user account that is performing this procedure is a member of the following:
The Administrators group
The db_owner fixed database role
2. On the destination database server, attach the databases to the new instance. For more information, see Attach
a Database and sp_attach_db (Transact-SQL ).
The following procedures provide methods to connect to the new SQL Server instance or update the database
connections. Use the procedure that works best for your SharePoint Server farm environment.
IMPORTANT
If you're using SharePoint Server and SQL Server AlwaysOn Availability Groups before moving the databases, you should
point to the AG Listner. If you're moving from a single-server farm to an AlwayOn Availability Group then you should use
the cliconfg.exe.
To point the web application to the new database server by setting up SQL Server connection aliases
1. This procedure must be performed on all servers in the SharePoint Server farm that connect to the
instance of SQL Server that hosts the databases.
2. Verify that the user account that is performing this procedure is a member of the following:
The Administrators group
The db_owner fixed database role
3. Start the SQL Server Client Network Utility (cliconfg.exe). This utility is typically located in the
C:\Windows\SysWOW64 and C:\Windows\System32 folder.
4. On the General tab, verify that TCP/IP is enabled.
5. On the Alias tab, click Add. The Add Network Library Configuration window appears.
6. In the Server alias box, enter the name of the current instance of SQL Server.
7. In the Network libraries area, click TCP/IP.
8. In the Connection parameters area, in the Server name box, enter the new server name and instance to
associate with the alias, and then click OK. This is the name of the new server that is hosting the
SharePoint Server databases.
9. Repeat steps 3 through 8 on all servers in the farm that connect to the new instance of SQL Server.
10. Optional. If your environment relies on System Center 2012 - Data Protection Manager (DPM ) or a third-
party application that uses the Volume Shadow Copy Service framework for backup and recovery, you
must install the SQL Server connectivity components on each web server or application server by running
SQL Server setup. For more information, see Install SQL Server 2014 from the Installation Wizard (Setup)
and Windows Server Installation and Upgrade.
You can use these Microsoft PowerShell cmdlets to deploy, manage, and remove availability groups in SQL
Server with SharePoint Server:
Add-DatabaseToAvailabilityGroup
Remove-DatabaseFromAvailabilityGroup
Get-AvailabilityGroupStatus
Use the following procedure to update the database connections if you use SharePoint Server and SQL Server
AlwaysOn Availability Groups for high availability or disaster recovery.
Scenario 1: To update the database connections by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<AGGroupName> is the name of the Avaliability Group.
<DatabaseName> is the name of the database that you are adding to the Availability Group
If the optional -FileShare parameter is used, <\server\share> is the name of the server and the share that
you use.
4. Repeat these steps for all databases that you move, including the Configuration and Central Administration
Content databases.
Use the next procedure for the following scenarios:
If you must use manual steps
If you move the databases from a SharePoint Server 2016 Single-Server Farm role type to a new Single-
Server Farm role type or from a SharePoint 2013 single-server installation to a new single-server
installation.
NOTE
The Single-Server Farm role replaces the Standalone Install mode available in previous SharePoint Server releases.
For more information, see Overview of MinRole Server Roles in SharePoint Server 2016.
If you use Availability Groups then you must manually add the databases to the availability groups as
appropriate to their high availability/disaster recovery support. For more information, see Add a Database
to an Availability Group (SQL Server)
If you use SQL Mirroring then make sure your mirroring is setup appropriately. For more information, see
Setting Up Database Mirroring (SQL Server) and Database Mirroring (SQL Server).
Scenario 2: To update the database connections by using Microsoft PowerShell
1. Start the SharePoint Management Shell.
2. At the PowerShell command prompt, type the following commands:
$db.ChangeDatabaseInstance("<DBServerName>")
Where <DBServerName> is the name or alias of the new SQL Server or is the AlwaysOn Availability Group
listener DNS name.
$db.Update()
3. If you use SQL Server database mirroring then you must remember to populate the FailoverServiceInstance
property on the SharePoint database.
$db.failoverserviceinstance("<DBServerName>")
$db.update()
4. Repeat these steps for all databases that you move, including the Configuration and Central Administration
Content databases.
To restart the services in the farm
1. Verify that the user account that is performing this procedure is a member of the Farm Administrators
SharePoint group.
2. On the server that is running the SharePoint Central Administration website, at a command prompt, type
iisreset /start.
3. In the Microsoft Management Console Services snap-in, start all of the services that are related to
SharePoint Server and IIS. These include the following services:
SharePoint Administration
SharePoint Timer
SharePoint Tracing
SharePoint User Code Host
SharePoint VSS Writer
World Wide Web Publishing Service
SharePoint Server Search
See also
Concepts
Database types and descriptions in SharePoint Server
Other Resources
Quick reference guide: SharePoint Server 2016 databases
Databases that support SharePoint 2013
Add a database server to an existing farm in SharePoint 2013
Move or rename service application databases in
SharePoint Server
6/7/2019 • 20 minutes to read • Edit Online
Don't attempt to move and rename a database in one procedure. You should either move a database or rename a
database, not perform both actions at the same time.
When you move or rename service application databases, the first step is to stop the service application for the
database that you are changing. You can stop or start services by using Central Administration or PowerShell.
Step 1: To stop the service application by using Central Administration
1. Use an account that is a member of the Farm Administrators SharePoint group.
2. In Central Administration click System Settings.
3. On the System Settings page, in the Servers section, click Manage services on server.
4. Find the service application that you want to stop, click Stop or Disable in the Action column for the
service, and then click OK.
To stop a service by using PowerShell
1. Use an account with these memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
NOTE
For additional information about Microsoft PowerShell permissions, see Permissions.
NOTE
For additional information about Microsoft PowerShell permissions, see Permissions.
Where:
<ServiceApplicationName> is the name of the Managed Metadata service application.
<DatabaseName> is the name of the renamed database.
To point the PerformancePoint service application to a renamed or moved database by using PowerShell
1. Use an account with these memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
NOTE
For additional information about Microsoft PowerShell permissions, see Permissions.
Where:
<ServiceApplicationName> is the name of the PerformancePoint service application.
<DatabaseServerName\DatabaseName> is the location of and the name of the renamed or moved
database. Do not include the location if you are just renaming the database.
The State Service database stores temporary state information data. You can use PowerShell to point the State
Service service application to a moved database by performing one of the following procedures:
Add a new database in the new location, or create a database with a new name. Then add the new database
to the service application, and delete the old database. For details, see To add a new database to the State
service application, and remove an old database by using Microsoft PowerShell.
Dismount the old database, move it by using SQL Server, and then remount the State Service database. For
details, see To point the State service application to a moved database by using Microsoft PowerShell.
The following procedures all include the steps shown in the bullet list. So, they do not require that these
steps are already performed:
Stopping a service application
Moving a database by using SQL Server Management Studio and Windows
To add a new database to the State Service service application and remove an old database by using PowerShell
1. Use an account with these memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
NOTE
For additional information about Microsoft PowerShell permissions, see Permissions.
Where:
<NewDatabaseName> is the name of the new database that you want to create.
<OldDatabaseName> is the name of the old database that you want to disassociate with the State
service and detach from SQL Server.
To point the State Service service application to a moved database by using PowerShell
1. Start the SharePoint Management Shell.
2. At the PowerShell command prompt, type the following command to dismount the database:
Where <DatabaseID> is the State Service database to remove from the service application. The type must
be a valid GUID in the form 12345678-90ab-cdef-1234-567890bcdefgh, a valid name of a state database,
or an instance of a valid SPStateServiceDatabase object.
For more information, see Dismount-SPStateServiceDatabase.
3. Move the database. For details, see Move a database by using SQL Server Management Studio and File
Explorer.
4. At the PowerShell command prompt, type the following command to mount the renamed or moved
database:
Where:
<DatabaseName> is the name of the database to associate with the State service.
<ServerName> is the name of the SQL Server that hosts the State service database.
To point the Usage and Health data collection service application to a moved database by using PowerShell
1. Use an account with these memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
NOTE
For additional information about Microsoft PowerShell permissions, see Permissions.
Where:
<ServiceApplicationName> is the name of the usage and health data collection service application.
<DatabaseName> is the name of the database.
<SQLServerName> is the name of the database server.
To point the Word Automation service application to a renamed or moved database by using PowerShell
1. Use an account with these memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
NOTE
For additional information about Microsoft PowerShell permissions, see Permissions.
Where:
<ServiceApplicationName> is the name of the Word Automation service application.
<DatabaseName> is the name of the renamed or moved database.
<DatabaseServer> is the location of the renamed or moved database. Do not include this parameter
if you are pointing to a renamed database in the same location.
To point the Subscription Settings Services service application to a moved database by using PowerShell
1. Use an account with these memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
NOTE
For additional information about Microsoft PowerShell permissions, see Permissions.
Where:
<ServiceApplicationName> is the name of the Subscription Settings service application.
<DatabaseName> is the name of the renamed database.
<DatabaseServer> is the name of the renamed database.
Step 6: To start the service application by using Central Administration
1. Use an account that is a member of the Farm Administrators SharePoint group.
2. In Central Administration click System Settings.
3. On the System Settings page, in the Servers section, click Manage services on server.
4. Find the service application that you want and click Start in the Action column for the service, and then
click OK.
Where <ServiceGUID> is the GUID of the service. If you don't know the service GUID, you can retrieve a
list of all services in the farm together with their GUIDs by using the Get-SPServiceInstance cmdlet.
For more information, see Stop-SPServiceInstance and Get-SPServiceInstance.
Step 2: To detach a database from SQL Server
1. Use an account that has the db_owner fixed database role for all of the databases that you're moving.
2. In SQL Server Management Studio, connect to the source SQL Server instance, and then expand the
Databases node.
3. Right-click the database, point to Tasks, and then click Detach. Repeat this step for each database that you
want to move.
Step 3: To move the database files to a new location by using File Explorer or Windows Explorer
1. Use an account that has read permission on the source location and write permission on the target location.
2. In File Explorer, find the .mdf, .ndf, and .ldf files for the service application databases and select the ones you
want to move. The database files are typically found here,
C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLServer\MSSQL\Data
Where <SearchServiceApplicationName> is the name of the Search service application associated with the
database move.
To change the read-only mode for Search service application databases
1. Use an account that is a member of the db_owner fixed database role for the content database.
2. Open SQL Server Management Studio and connect to the database server.
3. In Object Explorer, expand Databases.
4. Set the following databases to read-only mode:
Search Administration
Analytics Reporting
Crawl
Link
Right-click the database that you want to set to read/write or read-only, and then click Properties.
In the Database Properties dialog box, on the Options properties page, in the State section, select
True or False in the list next to Database Read-Only, and then click OK.
Click Yes.
To back up the Search service application databases
1. Use an account that is a member of the SQL Server db_backupoperator fixed database role on the
database server where each database is stored.
2. Start SQL Server Management Studio and connect to the database server where the Search service
application databases are stored.
3. In Object Explorer, expand Databases.
4. Right-click the database that you want to back up, point to Tasks, and then click Back Up.
5. In the Back Up Database dialog box, in the Source area, select the kind of backup that you want to
perform from the Backup type list.
For more information about the type of backup to use, see Recovery Models (SQL Server).
6. In the Backup component area, click Database.
7. Either use the default name or specify a name for the backup set in the Name box.
8. Specify the expiration date for the backup set.
This date determines when the backup set can be overwritten by subsequent backups that have the same
name. By default, the backup set is set to never expire (0 days).
9. In the Destination area, specify where you want to store the backup.
10. Click OK to back up the database.
11. Repeat steps 1-10 for the following databases:
Search Administration
Analytics Reporting
Crawl
Link
To set the value of max degree of parallelism to 1 in the new server that hosts SQL Server
1. Start SQL Server Management Studio and connect to the new server that hosts SQL Server where you'll
move the Search service application databases.
2. In Object Explorer, right-click the database server and then click Properties.
3. Click Advanced.
4. In the Max Degree of Parallelism box, select 1 to limit the number of processors to use in parallel plan
execution.
For more information, see Configure the max degree of parallelism Server Configuration Option.
To restore the Search service application databases to a new database server
1. Use an account that is a member of the SQL Server sysadmin fixed server role on the database server
where each database is stored.
2. Start SQL Server Management Studio and connect to the database server.
3. In Object Explorer, expand Databases.
4. Right-click the database that you want to restore, point to Tasks, point to Restore, and then click Database.
5. In the Restore Database dialog box, on the General page, select the database to restore to from the To
database list.
6. Select the restore source from the From database list.
7. In the Select the backup sets to restore section area, select the check box next to the database.
8. On the Options tab, select the recovery state from the Recover state section.
For more information about which recovery type to use, see Recovery Models (SQL Server) in SQL Server
Books Online.
9. Click OK to restore the database.
10. Repeat steps 1-9 for each database that is associated with the service application.
To set the Search service application databases to read/write
1. Follow the steps in To change the read-only mode for Search service application databases.
To point the Search service application to moved databases by using PowerShell
1. Start the SharePoint Management Shell.
2. Point the Search Service Application database to the new location. At the PowerShell command prompt,
type the following commands:
Where:
<NewDbName> is the name of the database.
<NewServerName> is the new database location.
3. Point the Analytics Reporting database to the new location. At the PowerShell command prompt, type the
following commands:
Where:
<OriginalServerName> is the name of the original SQL server.
4. Point the CrawlStore database to the new location. At the PowerShell command prompt, type the following
commands:
5. Point the LinkStore database to the new location. At the PowerShell command prompt, type the following
commands:
6. Set all Search service instances to Online. Run the following commands for each search service in the farm,
until the Search service instance is reported as Online. At the PowerShell command prompt, type the
following commands:
Where <Search Server> is the name of the server that hosts the search components.
7. Resume the Search service application. At the PowerShell command prompt, type the following commands:
Where <SearchServiceApplicationName> is the name of the Search service application associated with the
database move.
8. Restart each server that hosts a search component.
See also
Concepts
Move all databases in SharePoint Server
Run a farm that uses read-only databases in
SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
NOTE
The Search service application does not function when its databases are set as read-only.
The functionality and user experience in a read-only farm depends on the databases that are set to read-only.
NOTE
A farm that uses read-only content and service application databases is likely to be part of a disaster recovery environment
or a highly available maintenance, update, or upgrade environment.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<Site URL> is the site collection URL for which you want to know the associated content database.
The command returns the content database that is associated with the site.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
You can follow these steps to set read/write content databases to be read-only by using SQL Server Management
Studio. You can also use the Transact-SQL ALTER DATABASE statement to set content databases to be read-only. For
more information, see ALTER DATABASE (Transact-SQL ).
IMPORTANT
Do not perform this procedure on databases in a failover environment that were log-shipped or mirrored. If a database in a
failover environment that is either log-shipped or mirrored is set as read-only then no updates are performed and the
backup is not valid.
NOTE
When a database is set to read-only, all connections except the one that is setting the read-only flag are stopped.
After the read-only flag is set, other connections are enabled.
The site collection that is associated with a read-only content database is automatically set to read-only if the
locking status of the site collection was previously None, No Additions, or Read-Only. If the locking status of the
site collection was previously No Access, it remains No Access when the database locking status is changed.
NOTE
When a database is set to read-only, all connections except the one that is setting the read-only flag are stopped.
After the read-only flag is set, other connections are enabled.
Manage RBS in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
** CONTENT** DESCRIPTION
Overview of RBS in SharePoint Server Conceptual overview of how RBS works with SQL Server 2014
Service Pack 1 (SP1). It contains important information about
RBS features and providers. We strongly recommend that you
read this article before you implement RBS.
Deciding to use RBS in SharePoint Server Information to help you decide whether to use Remote BLOB
Storage (RBS) in a SharePoint Server environment, and if you
use RBS, to understand the benefits and costs of using RBS in
your environment.
Install and configure RBS with FILESTREAM in a SharePoint How to install and configure RBS and implement the
Server farm FILESTREAM provider for use with SharePoint Server.
Install and configure RBS with a 3rd party provider for How to install and configure RBS using a 3rd party provider.
SharePoint Server
Set a content database to use RBS with FILESTREAM in How to set a content database to use Remote BLOB Storage
SharePoint Server (RBS) that uses the FILESTREAM provider.
Migrate content into or out of RBS in SharePoint Server How to migrate content into or out of RBS, or to a different
RBS provider.
Maintain RBS in SharePoint Server How to perform maintenance tasks that are associated with
Remote BLOB Storage (RBS).
Disable RBS on content databases in SharePoint Server How to disable RBS in a SharePoint Server environment.
Overview of RBS in SharePoint Server
6/7/2019 • 7 minutes to read • Edit Online
NOTE
Unless otherwise specified, the information in this article is specific to RBS using the FILESTREAM provider. For guidance
specific to another provider, contact the provider manufacturer.
Introduction to RBS
In SharePoint Server, a binary large object (BLOB ) is a large block of data stored in a database that is known by its
size and location instead of by its structure — for example a Office document or a video file. By default, these
BLOBs, also known as unstructured data, are stored directly in the SharePoint content database together with the
associated metadata, or structured data. Because these BLOBs can be very large, it might be better to store BLOBs
outside the content database. BLOBs are immutable. Therefore, a new copy of the BLOB must be stored for each
version of that BLOB. Because of this, as a database's usage increases, the total size of its BLOB data can expand
quickly and grow larger than the total size of the document metadata and other structured data that is stored in
the database. BLOB data can consume lots of space and uses server resources that are optimized for database
access patterns. Therefore, it can be helpful to move BLOB data out of the SQL Server database, and onto
commodity or content addressable storage. To do this, you can use RBS.
RBS is a SQL Server library API set that is incorporated as an add-in feature pack that you can install when you
install the following:
SQL Server 2014 Service Pack 1 (SP1)
SQL Server 2014
SQL Server 2012
SQL Server 2008 R2 Express
SQL Server 2008 R2
SQL Server 2008
The RBS feature enables applications, such as SharePoint Server, to store BLOBs in a location outside the content
databases. Storing the BLOBs externally can reduce how much SQL Server database storage space is required.
The metadata for each BLOB is stored in the SQL Server database and the BLOB is stored in the RBS store.
SharePoint Server uses the RBS feature to store BLOBs outside the content database. SQL Server and SharePoint
Server jointly manage the data integrity between the database records and contents of the RBS external store on a
per-database basis.
RBS is composed of the following components:
RBS client library
An RBS client library consists of a managed library that coordinates the BLOB storage with SharePoint
Server, SQL Server, and RBS provider components.
Remote BLOB Storage provider
An RBS provider consists of a managed library and, optionally, a set of native libraries that communicate
with the BLOB store.
An example of an RBS provider is the SQL FILESTREAM provider. The SQL FILESTREAM provider is an
add-in feature of SQL Server 2014 Service Pack 1 (SP1) that enables storage of and efficient access to
BLOB data by using a combination of SQL Server 2014 (SP1) and the NTFS file system. For more
information about FILESTREAM, see FILESTREAM (SQL Server) For information about how to enable and
configure FILESTREAM, see Enable and Configure FILESTREAM.
BLOB store
A BLOB store is an entity that is used to store BLOB data. This can be a content-addressable storage (CAS )
solution, a file server that supports Server Message Block (SMB ), or a SQL Server database.
RBS providers
RBS uses a provider to connect to any dedicated BLOB store that uses the RBS APIs. SharePoint Server supports
a BLOB storage implementation that accesses BLOB data by using the RBS APIs through such a provider. There
are two kinds of RBS providers, local and remote.
The location in which an RBS provider stores the BLOB data depends on the provider that you use. In the case of
the FILESTREAM provider, the data is not stored in the .mdf file. Instead, it is stored in another folder that is
associated with the database.
Local RBS provider
A local provider stores the BLOBS outside the database but on the same server that is running SQL Server. You
can conserve resources by using the local RBS FILESTREAM provider to put the extracted BLOB data on a
different (that is, less resource-intensive) local disk. Because the BLOBs are stored in the same Filegroup as the
metadata, SharePoint Server features, such as backup and restore in Central Administration, can be used.
The RBS FILESTREAM provider is available as an add-in when you install SQL Server 2014 Service Pack 1 (SP1).
The RBS FILESTREAM provider uses the SQL Server FILESTREAM feature to store BLOBs in an additional
resource that is attached to the same database and stored locally on the server. The FILESTREAM feature
manages BLOBs in a SQL database by using the underlying NTFS file system.
IMPORTANT
The local FILESTREAM provider is supported only when it is used on local hard disk drives or an attached Internet Small
Computer System Interface (iSCSI) device. You cannot use the local RBS FILESTREAM provider on remote storage devices
such as network attached storage (NAS).
NOTE
If Visio web services runs on SharePoint Server application servers that do not have an RBS provider installed, a Visio error
occurs when you attempt to open a Visio diagram from this server. You must install an RBS client on SharePoint Server
servers that run the Visio Graphics Service if you want to open Visio diagrams on that server.
SharePoint Server 2016: To run RBS on a remote server, you must be running SQL Server 2014 (SP1)
Enterprise on the server that is running SQL Server where the metadata is stored in the database.
If you plan to store BLOB data in an RBS store that differs from your SharePoint Server 2016 content databases,
you must run SQL Server 2014 (SP1). This is true for all RBS providers.
SharePoint Server 2013: To run RBS on a remote server, you must be running SQL Server 2008 R2, SQL Server
2012, or SQL Server 2014 Enterprise on the server that is running SQL Server where the metadata is stored in
the database.
If you plan to store BLOB data in an RBS store that differs from your SharePoint 2013 content databases, you
must run SQL Server 2008 with SP1 and Cumulative Update 2, SQL Server 2012, or SQL Server 2014. This is
true for all RBS providers.
The FILESTREAM provider that is recommended for upgrading from stand-alone installations of Windows
SharePoint Services 3.0 that have content databases that are over 4 gigabytes (GB ) to SharePoint 2013 associates
data locally with the current content database, and does not require SQL Server Enterprise.
IMPORTANT
Although RBS can be used to store BLOB data externally, accessing or changing those BLOBs is not supported using any
tool or product other than SharePoint Server. All access must occur by using SharePoint Server only.
See also
Other Resources
Binary Large Object (Blob) Data (SQL Server)
FILESTREAM (SQL Server)
Remote BLOB Store Provider Library Implementation Specification
Install and configure RBS with SharePoint 2013 and SQL Server 2012
Deciding to use RBS in SharePoint Server
6/7/2019 • 11 minutes to read • Edit Online
IMPORTANT
RBS does not increase the storage limits of content databases. All limitations still apply to RBS-enabled content databases.
RBS is intended to lower storage costs by allowing you to store large read-intensive BLOBs on less expensive drives. For
example, if you have 150 GB of RBS data and you have a content database that is 70 GB, this still exceeds the limits.
In SharePoint Server, a binary large object (BLOB ) is a file, such as a Microsoft Office document or a video file. By
default, these BLOBs, also named unstructured data, are stored inline in the SharePoint content database together
with the metadata, or structured data. Because BLOBs can be very large, it can be helpful to move BLOB data out
of the SQL Server database, and onto commodity or content addressable storage. To do this, you can use RBS.
NOTE
Unless otherwise specified, the information in this article is specific to RBS using the FILESTREAM provider. For guidance
specific to another provider, contact the provider manufacturer.
For more information about RBS including information about RBS providers, we highly recommend that you see
Overview of RBS in SharePoint Server.
Limitations of RBS
Each RBS provider has different capabilities and limitations. The FILESTREAM provider has the following
limitations:
RBS has specific content database size limits for specific scenarios. For more information about these
limitations, see the "Content database limits" section in Software boundaries and limits for SharePoint
2013 and Content database limits.
Encryption is not supported on BLOBs, even if Transparent Data Encryption is enabled.
RBS does not support using data compression.
Support for database mirroring and log shipping is altered. For more information, see Evaluate provider
options later in this article.
To determine the capabilities and limitations of third-party providers, contact the provider manufacturer.
IMPORTANT
The use of RBS-enabled content databases larger than 200GB with collaboration sites is not supported. You cannot upload
any document larger than 2GB to an RBS-enabled content database. For more information about RBS limits, see the
"Content database limits" section in Software boundaries and limits for SharePoint 2013 and Content database limits.
Record centers
RBS works well for record centers and other archive sites. Because these sites are mostly read-only and do not use
versioning, you can store lots of data in the RBS store.
IMPORTANT
RBS can be run on the local computer that is running SQL Server 2014 (SP1), SQL Server 2008 R2, SQL Server 2008 or SQL
Server 2008 R2 Express. To run RBS on a remote server, you must be running SQL Server 2008 R2 Enterprise. SharePoint
Server 2016 requires you to use the version of RBS that is included with the SQL Server 2014 (SP1). Earlier versions of RBS
will not work with SharePoint Server 2016.
IMPORTANT
SharePoint Server 2013 requires you to use the version of RBS that is included with the SQL Server Remote BLOB Store
installation package from the Feature Pack for SQL Server 2008 R2. Earlier versions of RBS will not work with SharePoint
2013. In addition, RBS is not supported in SQL Server 2005.
BLOBs can be kept on commodity storage such as direct-attached storage (DAS ) or network attached storage
(NAS ), as supported by the provider. The FILESTREAM provider is supported by SharePoint Server 2016 when it
is used on local hard disk drives or iSCSI drives only. You cannot use RBS with FILESTREAM on remote storage
devices, such as NAS.
The following table summarizes FILESTREAM benefits and limitations.
OPERATIONAL REQUIREMENT WITH THE FILESTREAM PROVIDER WITHOUT THE FILESTREAM PROVIDER
SQL Server integrated backup and Yes Only if supported by the RBS provider
recovery of the BLOB Store that you are using.
Supports mirroring No No
Network attached storage (NAS) Only supported by SharePoint Server Yes, with provider implementation
with iSCSI and if Time to First Byte is
less than 20 milliseconds.
Direct attached storage (DAS) Not supported by SharePoint Server Yes, with provider implementation
* If the RBS
provider that you are using does not support snapshots, you cannot use snapshots for content
deployment or backup. The FILESTREAM provider does not support snapshots.
If the FILESTREAM provider is not practical for the environment, you can purchase a supported third-party
provider. In this case, you should use the following criteria when you evaluate a provider:
Backup and restore capability
Tested disaster recovery
Deployment and data migration
Performance impact
Long-term administrative costs
IMPORTANT
We do not recommend that you develop a provider unless you are an independent software vendor (ISV) that has
significant development experience in designing storage solutions.
See also
Other Resources
Remote Blob Store (RBS ) (SQL Server)
SQL Server Remote BLOB Store and FILESTREAM feature comparison
Install and configure RBS with FILESTREAM in a
SharePoint Server farm
6/7/2019 • 10 minutes to read • Edit Online
TIP
This solution uses the FILESTREAM RBS provider that is included with SQL Server 2014, Service Pack 1 SP1, SP2, SQL Server
2016, SQL Server 2016 SP1, and SQL Server 2008. If you want to install and configure RBS using a different provider, use
the procedure in Install and configure RBS with a 3rd party provider for SharePoint Server.
TIP
For best performance, simplified troubleshooting, and as a general best practice, we recommend that you create the
BLOB store on a volume that does not contain the operating system, paging files, database data, log files, or the
tempdb file.
use [WSS_Content]
if not exists
(select * from sys.symmetric_keys
where name = N'##MS_DatabaseMasterKey##')
create master key encryption by password = N'Admin Key Password !2#4'
use [WSS_Content]
if not exists
(select groupname from sysfilegroups
where groupname=N'RBSFilestreamProvider')
alter database [WSS_Content]
add filegroup RBSFilestreamProvider contains filestream
use [WSS_Content]
alter database [WSS_Content]
add file (name = RBSFilestreamFile, filename =
'c:\Blobstore')
to filegroup RBSFilestreamProvider
Install the RBS client library on SQL Server and each Front-end or
Application server
You must install RBS client library on the SQL Server node and all Front-end or Application servers in the
SharePoint farm. The RBS client library is installed only one time per web server, but RBS is configured separately
for each associated content database. The client library consists of a client-side dynamic link library (DLL ) that is
linked into a user application, and a set of stored procedures that are installed on SQL Server.
Cau t i on
Do not install the RBS client library by running the RBS_amd64.msi file and starting the Install SQL Remote
BLOB Storage wizard. The wizard sets certain default values that are not recommended for SharePoint Server
To install the RBS client library on the SQL Server.
1. Confirm that the user account performing these steps is a member of the Administrators group on the
computer where you are installing the library.
2. On SQL Server node, download the correct RBS client based on the SQL Server version and SharePoint
level that you use.
SharePoint Server 2016 supports the FILESTREAM provider that is included in the , SP1, SP2, SQL Server
2016, and SQL Server 2016 SP1.
SharePoint 2013 supports the FILESTREAM providers that are included in all versions of SQL Server 2008
R2, SQL Server 2012, and .
You only need to download the RSB.msi file from the Feature Pack but make sure you download the correct
processor type for your server, either x86 or x64.
For SharePoint Server 2016, choose the correct install from the following list:
Microsoft SQL Server 2014 Feature Pack
Microsoft SQL Server 2014 SP1 Feature Pack
Microsoft SQL Server 2014 SP2 Feature Pack
Microsoft SQL Server 2016 Feature Pack
Microsoft SQL Server 2016 SP1 Feature Pack
For SharePoint 2013, choose the correct install from the following list:
Microsoft® SQL Server® 2008 R2 Feature Pack
Microsoft SQL Server 2008 R2 SP1 Feature Pack
Microsoft SQL Server 2008 R2 SP2 Feature Pack
Microsoft SQL Server 2008 R2 SP3 Feature Pack
Microsoft SQL Server 2012 Feature Pack
Microsoft SQL Server 2012 SP1 Feature Pack
Microsoft SQL Server 2012 SP2 Feature Pack
Microsoft SQL Server 2012 SP3 Feature Pack
Microsoft SQL Server 2014 Feature Pack
Microsoft SQL Server 2014 SP1 Feature Pack
Microsoft SQL Server 2014 SP2 Feature Pack
3. Copy and paste the following command into the Command Prompt window. Replace WSS_Content with the
database name, and replace DBInstanceName with the SQL Server instance name. You should run this
command by using the specific database name and SQL Server instance name only one time. The action
should finish within approximately one minute.
msiexec /qn /lvx* rbs_install_log.txt /i RBS_amd64.msi TRUSTSERVERCERTIFICATE=true FILEGROUP=PRIMARY
DBNAME="WSS_Content" DBINSTANCE="DBInstanceName" FILESTREAMFILEGROUP=RBSFilestreamProvider
FILESTREAMSTORENAME=FilestreamProvider_1
To install the RBS client library on all SharePoint Front-end and Application servers
1. Confirm that the user account performing these steps is a member of the Administrators group on the
computer where you are installing the library.
2. On any web server, download the correct RBS client based on the SQL Server version and SharePoint level
that you use. Use one of the following lists to choose the correct install. Run the self-extracting download
package to create an installation folder for the X64 RBS.msi file.
SharePoint Server 2016 supports the FILESTREAM provider that is included in the , SP1, SP2, SQL Server
2016, and SQL Server 2016 SP1.
SharePoint 2013 supports the FILESTREAM providers that are included in all versions of SQL Server 2008
R2, SQL Server 2012, and .
You only need to download the RSB.msi file from the Feature Pack but make sure you download the correct
processor type for your server, either x86 or x64.
For SharePoint Server 2016, choose the correct install from the following list:
Microsoft SQL Server 2014 Feature Pack
Microsoft SQL Server 2014 SP1 Feature Pack
Microsoft SQL Server 2014 SP2 Feature Pack
Microsoft SQL Server 2016 Feature Pack
Microsoft SQL Server 2016 SP1 Feature Pack
For SharePoint 2013, choose the correct install from the following list:
Microsoft® SQL Server® 2008 R2 Feature Pack
Microsoft SQL Server 2008 R2 SP1 Feature Pack
Microsoft SQL Server 2008 R2 SP2 Feature Pack
Microsoft SQL Server 2008 R2 SP3 Feature Pack
Microsoft SQL Server 2012 Feature Pack
Microsoft SQL Server 2012 SP1 Feature Pack
Microsoft SQL Server 2012 SP2 Feature Pack
Microsoft SQL Server 2012 SP3 Feature Pack
Microsoft SQL Server 2014 Feature Pack
Microsoft SQL Server 2014 SP1 Feature Pack
Microsoft SQL Server 2014 SP2 Feature Pack
3. Copy and paste the following command into the Command Prompt window. Replace WSS_Content with the
database name, and replace DBInstanceName with the name of the SQL Server instance. The action should
finish within approximately one minute.
msiexec /qn /lvx* rbs_install_log.txt /i RBS_amd64.msi DBNAME="WSS_Content" DBINSTANCE="DBInstanceName"
ADDLOCAL=Client,Docs,Maintainer,ServerScript,FilestreamClient,FilestreamServer
> [!NOTE]
> If you attempt to install SQL Server 2012 Remote Blob Store for an additional database on the same instance
of SQL Server, you will receive an error. For more information, see [KB2767183]
(https://support.microsoft.com/en-us/kb/2767183).
For subsequent content databases for which you want to enable RBS, change the msiexec command similar to
below.
4. Repeat this procedure for all Front-end servers and Application servers in the SharePoint farm.
NOTE
If you install Visio web services on SharePoint Server application servers that do not have an RBS provider installed, a
Visio error occurs when you attempt to open a Visio diagram from this server. You must install an RBS client on
SharePoint Server servers that run the Visio Graphics Service if you want to open Visio diagrams on that server.
NOTE
You can only enable RBS by using Microsoft PowerShell.
See Also
Overview of RBS in SharePoint Server
Deciding to use RBS in SharePoint Server
Install and configure RBS with SharePoint 2013 and SQL Server 2012
Install for SharePoint 2013
Remote Blob Store (RBS ) (SQL Server)
Enable and Configure FILESTREAM
Install and configure RBS with a 3rd party provider
for SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
IMPORTANT
This solution uses a third-part provider. Before continuing, make sure that you read the instructions from the manufacturer
of the provider. If you want to install and configure RBS using the FILESTREAM provider, use the procedure in Install and
configure RBS with FILESTREAM in a SharePoint Server farm.
Do not directly access BLOBs when you are using third-party providers. Always access these BLOBs by using
SharePoint Server.
Do not install RBS by running the RBS_x64.msi file and starting the Install SQL Remote BLOB Storage wizard.
The wizard sets certain default values that are not recommended for SharePoint Server.
To install the RBS client library on the on the first front-end or application server
1. Confirm that the user account performing these steps is a member of the Administrators group on the
computer where you are installing the library.
2. On any front-end or application server, for SharePoint Server 2016, download the Microsoft SQL Server
2014 Feature Pack. Run the self-extracting download package to create an installation folder for the X64
RBS.msi file.
For SharePoint 2013, download the RBS_amd64.msi file.
3. Copy and paste the following command into the Command Prompt window. Replace WSS_Content with
the database name, and replace DBInstanceName with the SQL Server instance name. You should run this
command by using the specific database name and SQL Server instance name only one time. The operation
should finish within approximately one minute.
To install the RBS client library on all additional front-end and application servers
1. Confirm that the user account performing these steps is a member of the Administrators group on the
computer where you are installing the library.
2. On any web server, for SharePoint Server 2016, download the Microsoft SQL Server 2014 Feature Pack.
Run the self-extracting download package to create an installation folder for the X64 RBS.msi file.
For SharePoint 2013, download the RBS_amd64.msi file.
3. Copy and paste the following command into the Command Prompt window. Replace WSS_Content with
the database name, and replace DBInstanceName with the name of the SQL Server instance. The operation
should finish within approximately one minute.
4. Repeat this procedure for all Web servers in the SharePoint farm.
5. Run the following command on each application server in the SharePoint farm:
Where:
See also
Concepts
Overview of RBS in SharePoint Server
Deciding to use RBS in SharePoint Server
Other Resources
Remote Blob Store (RBS ) (SQL Server)
Enable and Configure FILESTREAM
Set a content database to use RBS with FILESTREAM
in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
NOTE
These instructions assume that you are using the FILESTREAM RBS provider. If you are using a different RBS provider, refer to
that provider's instructions to perform these operations.
use [ContentDbName]
if not exists (select * from sys.symmetric_keys where name = N'##MS_DatabaseMasterKey##')
create master key encryption by password = N'Admin Key Password !2#4'
use [ContentDbName]
if not exists (select groupname from sysfilegroups where groupname=N'RBSFilestreamProvider')
alter database [ContentDbName] add filegroup RBSFilestreamProvider contains filestream
use [ContentDbName]
alter database [ContentDbName] add file (name = RBSFilestreamFile, filename = 'c:\RBSStore') to filegroup
RBSFilestreamProvider
Where _[ContentDbName]_ is the content database name and _c:\RBSStore_ is the volume\directory that will
contain the RBS data store. Be aware that you can provision a RBS store only one time. If you attempt to
provision the same RBS data store multiple times, you will receive an error.
> [!TIP]
> For best performance, simplified troubleshooting, and as a general best practice, we recommend that you
create the RBS data store on a volume that does not contain the operating system, paging files, database data,
log files, or the tempdb file.
7. Right-click Start, click Run, type cmd into the Run text box, and then click OK.
8. Copy and paste the following command at the command prompt:
Where _\<ContentDbName\>_ is the name of the content database, and _\<DBInstanceName\>_ is the name of the
SQL Server. The operation should finish within approximately one minute.
See also
Concepts
Overview of RBS in SharePoint Server
Migrate content into or out of RBS in SharePoint Server
Other Resources
Install and configure RBS with SharePoint 2013 and SQL Server 2012
Migrate content into or out of RBS in SharePoint
Server
6/7/2019 • 2 minutes to read • Edit Online
$rbs=(Get-SPContentDatabase <ContentDbName>).RemoteBlobStorageSettings
$rbs.GetProviderNames()
$rbs.SetActiveProviderName(<NewProvider>)
Where _\<NewProvider\>_ is the name of the provider that you want to make active for this content database.
If you want to migrate the content database out of RBS completely and back into SQL Server inline storage, set
this value to `()`.
7. Migrate the data from RBS to the new provider or to SQL Server:
$rbs.Migrate()
See also
Concepts
Set a content database to use RBS with FILESTREAM in SharePoint Server
Maintain RBS in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
If you are using SQL authentication, the RBS Maintainer connection strings must be in an encrypted format.
Therefore, to add connection strings, either the new strings must be encrypted or all the connection strings
must be decrypted. Encrypted strings must be added one at a time. However all the connection strings can be
decrypted at the same time by using the %windir%\Microsoft.net\Framework\ _\<version\>_\Aspnet_regiis.exe
tool, which is distributed as a part of the Microsoft .NET Framework.
Run the following commands to decrypt the connection strings and store the results in a Web.config file:
See also
Concepts
Overview of RBS in SharePoint Server
Install and configure RBS with FILESTREAM in a SharePoint Server farm
Set a content database to use RBS with FILESTREAM in SharePoint Server
Migrate content into or out of RBS in SharePoint Server
Disable RBS on content databases in SharePoint Server
Disable RBS on content databases in SharePoint
Server
6/7/2019 • 2 minutes to read • Edit Online
Do not use the Disable() method on the RemoteBlobStorageSettings object. This method is used only to
uninstall RBS, and we do not recommend that you just disable the writing of new BLOBs into RBS. To completely
remove RBS, perform the below task and then use Move-SPSite to move all sites into a non-RBS enabled
database. This will allow you to delete the content database that previously had RBS enabled.
You must use Microsoft PowerShell cmdlets to disable RBS. There is no user interface option for this task.
To disable RBS by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
2. Start the SharePoint Management Shell.
3. At the PowerShell command prompt, type the following commands:
$site=Get-SPSite "<http://yourSiteURL>"
$rbss=$site.ContentDatabase.RemoteBlobStorageSettings
$rbss.SetActiveProviderName("")
Where http://yourSiteURL is the Web application that is attached to the content database that is being disabled for
RBS.
For more information, see Get-SPSite.
See also
Concepts
Set a content database to use RBS with FILESTREAM in SharePoint Server
Best practices for SQL Server in a SharePoint Server
farm
6/7/2019 • 10 minutes to read • Edit Online
NOTE
If you plan to use SQL Server Business Intelligence components in a SharePoint Server 2016 farm you must use SQL Server
2016 CTP 3.1 or later. You can now download SQL Server 2016 CTP 3.1 or later to use the SQL Server Power Pivot for
SharePoint add-in. You can also use Power View by installing SQL Server Reporting Services (SSRS) in SharePoint-integrated
mode and the SSRS front-end add-in from the SQL Server installation media.
For more information, download the new Deploying SQL Server 2016 PowerPivot and Power View in SharePoint
2016 white paper. For details about configuring and deploying business intelligence in a multiple server
SharePoint Server 2016 farm, download Deploying SQL Server 2016 PowerPivot and Power View in a Multi-Tier
SharePoint 2016 Farm.
NOTE
If you plan to use SQL Server Business Intelligence components in a SharePoint Server 2013 farm you must use SQL Server
2012 with Service Pack 1 (SP1) or SQL Server 2014. For information about SQL Server 2012 with SP1 BI and SharePoint
Server 2013, see Install SQL Server BI Features with SharePoint 2013 (SQL Server 2012 SP1). For more information about
SQL Server 2014 and SharePoint Server 2013, see Install SQL Server 2014 Business Intelligence Features.
IMPORTANT
Best practices in this article apply to the Relational Database Management System (RDBMS) of SQL Server with SharePoint
Server.
NOTE
The recommendation to use a dedicated server for relational databases also applies to deploying SQL Server in virtual
environments.
IMPORTANT
Setting the max degree of parallelism to any other number can cause a less optimal query plan to be used that will
decrease SharePoint Server performance.
To help simplify maintenance, such as to make it easier to move databases to another server, create DNS
aliases that point to the IP address for all instances of SQL Server. For more information about DNS or
Hostname aliases, see How to Add a Hostname Alias for a SQL Server Instance.
For more information about these SQL Server settings and options, see Set SQL Server options.
NOTE
Database mirroring will be deprecated in future versions of SQL Server. We recommend using Always On Availability Groups.
AlwaysOn Availability Groups require a Windows Server Failover Clustering (WSFC ) cluster. A WSFC resource
group is created for every availability group that is created. For more information, see the following resources:
AlwaysOn Availability Groups (SQL Server)
Overview of AlwaysOn Availability Groups (SQL Server)
Failover Clustering and Always On Availability Groups (SQL Server)
Configure SQL Server AlwaysOn Availability Groups for SharePoint Server
RANK ITEM
In a heavily read-oriented portal site, prioritize data and search over transaction logs as follows.
The highest ranked item should be in the fastest drives.
RANK ITEM
Testing and user data shows that insufficient disk I/O for tempdb can significantly impede overall farm
performance. To avoid this issue, allocate dedicated disks for the drive that stores tempdb data files.
For best performance, use a RAID 10 array for the drive that stores tempdb data files. The number of
tempdb data files should equal the number of CPU cores, and each tempdb data file should be set to the
same size.
Separate database data and transaction log files across different disks. If data and log files must share disks
due to space limitations, put files that have different usage patterns on the same disk to minimize
concurrent access requests.
Use multiple data files for heavy-use content databases, and put each on its own disk
To improve manageability, monitor and make adjustments as needed to keep content databases below 200
GB, rather than restrict the database size.
NOTE
If you manually restrict database size in SQL Server, you can cause unexpected system downtime when the capacity
is exceeded.
Proper configuration of I/O subsystems is very important to the optimal performance and operation of SQL
Server systems. For more information, see Monitoring Disk Usage
TIP
Consider that how you measure disk speed varies between data files and log files. The fastest drives for database data may
not be the fastest for log files. Consider usage patterns, I/O, and file size.
The default settings for a new database are to grow by 1 MB increments. Because this default setting
for autogrowth results in increases in the size of the database, do not rely on the default setting.
Instead, use the guidance provided in Set SQL Server options.
Set autogrowth values to a fixed number of megabytes instead of to a percentage. The bigger the
database, the bigger the growth increment should be.
NOTE
Use care when you set the autogrowth feature for SharePoint databases. If you set a database to autogrow
as a percentage, for example at a 10-percent (%) growth rate, a database that is 5 GB grows by 500MB
every time that a data file has to be expanded. In this scenario, you could run out of disk space.
Consider for example, a scenario where content is gradually increased, say at 100MB increments,
and autogrowth is set at 10MB. Then suddenly a new document management site requires a very
large amount of data storage, perhaps with initial size of 50 GB. For this large addition, growth at
500 MB increments is more appropriate than 10MB increments.
For a managed production system, consider autogrowth to be merely a contingency for unexpected
growth. Do not use the autogrow option to manage your data and log growth on a day-to-day basis.
Instead, set the autogrowth to allow for an approximate size in one year and then add a 20 percent
margin for error. Also set an alert to notify you when the database runs low on space or approaches
a maximum size.
Maintain a level of at least 25 percent available space across drives to accommodate growth and peak
usage patterns. If you add drives to a RAID array or allocate more storage to manage, monitor capacity
closely to avoid running out of space.
Acknowledgements
The SharePoint Server Content Publishing team thanks the following contributors to this article:
Kay Unkroth, Senior Program Manager, SQL Server
Chuck Heinzelman, Senior Program Manager, SQL Server
See also
Concepts
Overview of SQL Server in SharePoint Server 2016 and 2019 environments
Storage and SQL Server capacity planning and configuration (SharePoint Server)
Other Resources
Securing SharePoint: Harden SQL Server in SharePoint Environments
Configure log shipping in SharePoint Server
6/7/2019 • 12 minutes to read • Edit Online
In the illustration:
Two environments are illustrated side by side: the on-premises SharePoint farm and the recovery (standby)
farm in Azure.
Each environment includes a file share.
Log shipping is used to copy logs from the secondary database server in the on-premises environment to
the local file share.
DFSR copies files from the file share in the on-premises environment to the file share in the Azure
environment. In a WAN scenario, DFSR is more efficient than shipping the logs directly to the secondary
server in Azure.
Log shipping replays the logs from the file share in the Azure environment to the primary replica in the
SQL Server AlwaysOn availability group in the recovery environment.
Log-shipped databases are not attached to the SharePoint Server farm until a recovery exercise is
performed.
The following diagram shows the seven phases that the complete SharePoint Server disaster recovery in Azure
solution contains. Phase 6: Set up log shipping to the recovery farm is highlighted in this diagram and explained in
the following sections.
NOTE
Some organizations use a third database server as a monitor to record the history and status of backup and restore
operations. This optional monitor server creates alerts when backup operations fail.
For detailed information about log shipping, refer to the articles listed in the following table.
Table: Reference articles for log shipping
URL DESCRIPTION
About Log Shipping (SQL Server) Describes log shipping transaction log backups and the
options that are available.
Configure Log Shipping (SQL Server) Describes how to configure log shipping in SQL Server 2012
by using SQL Server Management Studio or Transact-SQL.
View the Log Shipping Report (SQL Server Management Explains how to view the Transaction Log Shipping Status
Studio) report in SQL Server Management Studio. You can run a
status report at a monitor server, primary server, or
secondary server.
Performance considerations
Log shipping consists of three jobs. Each job performs one of the following operations:
1. Backs up the transaction log at the primary server instance.
2. Copies the transaction log file to the secondary server instance.
3. Restores the log backup on the secondary server instance.
Each job operates on a schedule and runs for an interval, which can have a significant impact on the database
server and, by default, SharePoint farm performance.
To correctly set the backup, copy, and restore job intervals for log shipping, you must analyze the amount of data
that is being log shipped. The amount of log shipped data is affected by the daily amount of change in the content
databases. The percentage of change can vary greatly depending on the content, maintenance changes, and usage
peaks.
To get an accurate percentage of change, calculate the sum of changes in the transaction log backups for each
content database that you log ship over a given interval. Use this data to calculate the percentage of change
compared to the primary database.
The following guidance is derived from the log-shipping experience of Microsoft field personnel with several
releases of SharePoint Server.
Avoid performance degradation due to all jobs starting at the same time by making sure that all log-
shipping jobs are offset with at least a one-minute delay from the previous job.
It is better to back up and copy many small transaction logs instead of a few large transaction logs.
Schedule log backups and copying at frequent intervals. You can restore the transaction logs at less frequent
intervals. For example, start by using backup and copy intervals of five minutes, and a restore interval of 15
minutes.
If you switch the database to simple recovery, log shipping will stop working.
Before you configure log shipping, you must create a share to make the transaction log backups available to
the secondary server. This is a share of the directory where the transaction log backups are generated.
In addition to your Recovery Point Objectives (RPO ), ensure that the recovered farm data is as complete and
uncorrupt as possible. To reach these goals, you must carefully plan and schedule every aspect of log shipping.
SET NOCOUNT ON
USE MSDB
GO
--@PrimServer : Primary Server name
--@SecServer : DR/Secondary Server Name
--@SecInstance : DR/Secondary FQDN
--@Domain : Domain Name
--@BkpDrive : Production Backup server Name
--@DBName : DatabaseName
DECLARE @LS_BackupJobIdAS uniqueidentifier, @LS_PrimaryIdAS uniqueidentifier , @SP_Add_RetCode As int
DECLARE @Time as nvarchar(10),@SecInstance as nvarchar(250), @PrimServer as nvarchar(50),@SecServer as
nvarchar(50),
@Domain as nvarchar(50),@DBName as nvarchar(max),@BkpDrive as nvarchar(250),@CMD as nvarchar(max),@Counter int
----------------------------------------------------------------------------
IF OBJECT_ID ('tempdb.DBO.#LogShipping','U') IS NOT NULL DROP TABLE #LogShipping
Create table #LogShipping ( LSDBs nvarchar(max))
Set @PrimServer ='SQL1'
Set @SecServer ='SQL2'
Set @SecInstance ='SQL2.corp.adventureworks.com'
Set @Domain ='corp.adventureworks.com'
Set @BkpDrive ='FS1.corp.adventureworks.com'
Set @DBName = 'Social_DB'
Set @Time = '0130'
SET @DBName = UPPER(REPLACE(@DBName, ' ', ''))
SET @DBName = '''' + REPLACE(@DBName, ',', ''', ''') + ''''
Set @CMD = ' Select ' +
'''DECLARE @SP_Add_RetCode As int, @LS_BackupJobIdAS uniqueidentifier, @LS_PrimaryIdAS uniqueidentifier
EXEC @SP_Add_RetCode = master.dbo.sp_add_log_shipping_primary_database ' + CHAR(10) +
'@database = '''''' + db.Name + ''''''' + CHAR(10) +
',@backup_directory = ''''\\' + @BkpDrive + '\LS\' + ''' + db.Name + ''''' + '''' + CHAR(10) +
',@backup_share = ' + '''''\\' + @BkpDrive + '\LS\' + ''' + db.Name + ''''' + '''' + CHAR(10) +
',@backup_job_name = ''''' + 'LSBackup_' + ''' + db.Name + ''''' + '''' + CHAR(10) +
',@backup_retention_period = 4320
,@backup_compression = 1
,@backup_threshold = 180
,@threshold_alert_enabled = 1
,@history_retention_period = 5760
,@backup_job_id = @LS_BackupJobId OUTPUT
,@primary_id = @LS_PrimaryId OUTPUT
,@overwrite = 1 ' +
'IF (@@ERROR = 0 AND @SP_Add_RetCode = 0)
BEGIN
DECLARE @LS_BackUpScheduleUIDAs uniqueidentifier ,@LS_BackUpScheduleIDAS int
EXEC msdb.dbo.sp_add_schedule
@schedule_name = ''''' + 'LSBackupSchedule_'+ @PrimServer + '_' + ''' + db.Name + ''''' + '''' + CHAR(10) +
',@enabled = 1
,@freq_type = 4
,@freq_interval = 1
,@freq_subday_type = 4
,@freq_subday_interval = 13
,@freq_recurrence_factor = 0
,@active_start_date = 20090506
,@active_end_date = 99991231
,@active_start_time = ' + @Time + CHAR(10) +
',@active_end_time = 235900
,@schedule_uid = @LS_BackUpScheduleUID OUTPUT
,@schedule_id = @LS_BackUpScheduleID OUTPUT
EXEC msdb.dbo.sp_attach_schedule @job_id = @LS_BackupJobId ,@schedule_id = @LS_BackUpScheduleID
EXEC msdb.dbo.sp_update_job @job_id = @LS_BackupJobId ,@enabled = 1
END
EXEC master.dbo.sp_add_log_shipping_alert_job
EXEC master.dbo.sp_add_log_shipping_primary_secondary
@primary_database = ''' + ''''' + db.Name + ''''' + '''' + CHAR(10) +
',@secondary_server = ''''' + @SecInstance + '''''' + CHAR(10) +
',@secondary_database = ''' + ''''' + db.Name + ''''' + '''' + CHAR(10) +
',@overwrite = 1 ''' +
' [LSDBs] FROM sys.databases db where name in (' + @DBName + ')' +
'and db.name not in (''master'',''model'',''msdb'',''tempdb'',''metricsops'',''periscope'' )
and Not (exists (select lss.Secondary_database from msdb.dbo.log_shipping_Secondary_databases lss where
db.Name = lss.Secondary_database)
or exists (select lsp.primary_database from msdb.dbo.log_shipping_primary_databases lsp where db.Name =
lsp.primary_database)
)'
Insert #LogShipping (LSDBs)
Insert #LogShipping (LSDBs)
Exec ( @CMD)
Set @Counter = @@rowcount
While (@counter > 0)
Begin
select top 1 @CMD = LSDBs from #LogShipping
exec sp_executesql @CMD
set @counter = @counter - 1
delete top (1) from #LogShipping
End
IF OBJECT_ID ('tempdb.DBO.#LogShipping','U') IS NOT NULL DROP TABLE #LogShipping
-- ****** End: Script to be run at Primary: [DB1-PSMSQL-01] ******
2. Set up log shipping on a secondary database server by using the following script: Secondary-
Logshippingsetupparameter scripts. In our lab environment, the secondary database server is in recovery
farm located in Azure.
3. Verify that the transaction logs are shipped to the share and that DFS is replicating these logs to the share on
the Azure file server. Open the Job Activity Monitor in SQL Server to verify the transaction logs were shipped
successfully. Open the shared folders on both file servers in the production and Azure farms to verify DFS is
transferring the transaction logs.
See also
Concepts
Configure SQL Server AlwaysOn Availability Groups for SharePoint Server
Other Resources
About Log Shipping (SQL Server)
Replication Tutorials
Overview of backup and recovery in SharePoint
Server
6/7/2019 • 14 minutes to read • Edit Online
The architecture supports both full and differential backups. Full backups create a new backup of the complete
system. Differential backups create a backup of all changes that are stored in databases since the last full backup.
The farm backup system is organized hierarchically. The components in a farm that you can select for backup
include the following:
Farm The farm is the highest-level object. You can select from the following options when you perform a
farm backup:
Content and configuration data (default)
The whole server farm is backed up. This includes settings from the configuration database.
Configuration-only
Configuration database settings are backed up so that you can apply configurations across farms.
For more information, see Configuration-only backup use and benefits later in this article.
Web application Within a web application, you can select one or more of the content databases to back
up.
A web application backup includes the following:
Application pool name and application pool account
Authentication settings
General web application settings such as alerts and managed paths
Internet Information Services (IIS ) binding information, such as the protocol type, host header and
port number
Changes to the Web.config file that were made through the object model or Central Administration
NOTE
Changes to the Web.config file that were made to support claims-based applications that use forms-based
authentication are not included in backups, because those changes are made manually. For more
information, see Considerations for using farm backups later in this article.
Sandboxed solutions
For recommendations about how to protect these settings, see Plan for backup and recovery in
SharePoint Server.
Services and service applications (not shared) An example of a service that is not shared is the State
Service. Service and service application backups contain the settings for a service or service application
and any databases associated with it.
IMPORTANT
Backups of service applications do not include the related proxy. To back up both the service application and the
service application proxy, you must either back up the farm or perform two consecutive backups. You select the
service application in one backup, and you select the associated service application proxy in the second backup.
Many service application databases cannot be backed up individually from SharePoint Server. To back up
service application databases only, you must use SQL Server backup.
Proxies for service applications that are not shared
Shared Services Shared services require both a service application and a service application proxy to
run. Select the Shared Services node to back up all of the service applications and the related service
application proxies on the farm.
NOTE
The backup hierarchy enables you to select individual service applications and service application proxies to back
up. However, when you select one or all service applications, or one or all proxies, the related objects are not
backed up by default.
Note that some settings in the SharePoint Server environment are not included in a farm backup. They include
the following settings that are stored on web servers:
Application pool account passwords
HTTP compression settings
Time-out settings
Custom Internet Server Application Programming Interface (ISAPI) filters
Computer domain membership
Internet Protocol security (IPsec) settings
Network Load Balancing settings
Secure Sockets Layer (SSL ) certificates
Dedicated IP address settings
Search service application backup process
Back up and recovery of the Search service application is a special case because of the complexity of interactions
between the components of the application.
When you start a backup of the Search service application, SharePoint Server starts a SQL Server backup of the
Search administration database, crawl databases, and property databases. The process also backs up the index
partition files in parallel.
Consider how the backup and recovery processes for the Search service application affect your service-level
agreement. For example, consider how pausing all crawls might affect the freshness of search results.
The backup process is as follows:
1. Master merges are paused to preserve the master index.
2. A full database backup starts.
3. The master index is backed up.
4. Crawls are paused.
The pause in crawling is much shorter than during a backup of earlier versions of SharePoint search, and
does not last the full duration of the backup process.
5. All shadow indexes are backed up.
6. An incremental database backup starts.
7. Crawls are resumed.
8. Master merges are resumed.
Configuration-only backup use and benefits
A configuration-only backup extracts and backs up the configuration settings from a configuration database. You
can use built-in tools to back up the configuration of any configuration database, whether it is currently attached
to a farm or not. For detailed information about how to back up a configuration, see Back up farm configurations
in SharePoint Server.
You can be restore a configuration backup to the same or another server farm. When you restore a configuration,
you overwrite settings in the farm if values for those settings are in the configuration backup. Settings in the
farm that are not in the configuration backup are not changed. For detailed information about how to restore a
farm configuration, see Restore farm configurations in SharePoint Server.
NOTE
Web application and service application settings are not included in a configuration backup. You can use PowerShell
cmdlets to document and copy settings for service applications. For more information, see Document farm configuration
settings in SharePoint Server and Copy configuration settings between farms in SharePoint Server.
Situations in which you might want to restore a configuration from one farm to another farm include the
following:
Replicating a standardized farm configuration to be used throughout an environment.
Moving configurations from a development or test environment to a production environment.
Moving configurations from a stand-alone installation to a farm environment.
Configuring a farm to serve as part of a standby environment.
SharePoint Server stores the following kinds of settings in the configuration-only backup:
Antivirus
Information rights management (IRM )
Outbound email settings (only restored when you perform an overwrite).
Customizations deployed as trusted solutions
Diagnostic logging
Considerations for using farm backups
NOTE
Workflows are not included in exports of sites or lists.
If you are running SQL Server Enterprise, the granular backup system can optionally use SQL Server database
snapshots to make sure that data remains consistent while the backup or export is in progress. After you create a
snapshot, SharePoint Server uses it to create the backup or export package, and then deletes the snapshot.
Database snapshots are linked to the source database. When the source database is offline, the snapshot is
unavailable. For more information about database snapshots, see Database Snapshots.
Benefits of backing up a site collection by using a snapshot include the following:
The snapshot makes sure that the data that is being read remains consistent while the operation is being
performed.
Users can continue to interact with the site collection while it is being backed up from the database
snapshot. This includes adding, editing, and deleting content. However, the changes that users make to the
live site will not be included in the site collection backup because the backup is based on the database
snapshot.
However, database snapshots can adversely affect performance.
You can use granular backup and export for content that is stored in a database that is configured to use the SQL
FILESTREAM RBS provider.
NOTE
If the RBS provider that you use does not support snapshots, you cannot use snapshots for content deployment or
backup. For example, the SQL FILESTREAM provider does not support snapshots.
NOTE
We do not recommend that you use SharePoint Server site collection backup for site collections larger than 85 GB.
The following illustration shows the granular backup and export system.
Site collection backup
NOTE
You cannot restore a service application as new in the same farm. You can restore a service application as
new in another farm.
When you restore an object and overwrite the existing object, no changes are necessary.
Search service application recovery process
The recovery process for the Search service application varies depending on whether you are restoring as new
or restoring as overwrite. When you restore as overwrite, no additional steps are necessary.
The restore as new process is as follows:
1. Restore the service application as new, and specify the new farm topology information as you restore.
2. Restore the service application proxy as new. If you did not restore the service application proxy, you must
create a new service application proxy and associate it with the Search service application.
3. Associate the service application proxy with the appropriate proxy group and associate the proxy group (if
it is not the default proxy group) with the appropriate Web application.
4. For least-privilege deployments, start the Search service and the Search admin query Web service with
the appropriate account.
For more information about how to recover the Search service application, see Restore Search service
applications in SharePoint Server.
Restoring from a site collection backup
Only site collections can be recovered from a site collection backup.
Recovering from an unattached content database
An unattached content database is a database that is attached to an instance of SQL Server but is not associated
with a web application. SharePoint Server can connect to and back up from an unattached database. For
example, SharePoint Server can connect to read-only content databases that were restored from any supported
backup technology and SQL Server database snapshots of content databases.
Recovery is the following two-stage process:
1. Back up or export the object from the unattached content database.
2. Restore or import the output of the prior step to SharePoint Server.
The following items can be backed up or exported from an unattached database by using granular backup and
export, and then restored:
Site collection
Back up by using site collection backup, and then recover by using a site collection restore.
Site
Export, and then import.
Lists and libraries
Export, and then import.
You can use import to recover content that you backed up from a database that is configured to use the SQL
FILESTREAM RBS provider. SharePoint Server uses the currently defined storage provider for that content
database to store recovered content. If the content database is not set to use RBS, the data will be stored in the
content database; if the content database is set to use RBS, the data will be stored in RBS.
See also
Concepts
Plan for backup and recovery in SharePoint Server
Plan for backup and recovery in SharePoint Server
6/7/2019 • 15 minutes to read • Edit Online
Service Yes
applications
Site collection Yes (1, 2) Yes (1, 2) Yes (1, 2) Yes (1, 2)
Content stored Yes (3) Yes (3) Yes (3) Yes (3)
in remote BLOB
stores
(1) Farm-level and database-level backup and restore can be used for site collection recovery if a single site
collection is stored in a database.
(2) Farm-level and database-level backups can be used with SharePoint Server 2016 unattached database
recovery to restore site collections, sites, lists, and configurations.
(3) Content stored in remote BLOB stores cannot be restored by using System Center Data Protection
Manager.
(4) Changes to Web.config can be backed up by using file system backup from DPM.
(5) IIS configurations can be recovered by using a bare-metal backup from DPM.
(6) DPM can recover this item by using a combination of a bare-metal backup and SharePoint Server 2016
backup. It cannot be backed up and recovered as an object.
(7) Fully-trusted solution packages are stored in the configuration database, and sandboxed solutions are
stored in content databases. They can be recovered as part of farm or content database recovery.
(8) Configuration settings can be recovered from farm-level backups. For more information, see Restore farms
in SharePoint Server.
(9) The Central Administration content database and the configuration database for a SharePoint Server 2016
farm can be recovered but only as part of a full-farm recovery to the same farm, with the same computers.
For more information, see Announcement: Protect your Server 2016 workloads with Enhanced Security.
SharePoint 2013 components for backup and recovery
Service Yes
applications
Site collection Yes (1, 2) Yes (1, 2) Yes (1, 2) Yes (1, 2)
Content stored Yes (3) Yes (3) Yes (3) Yes (3)
in remote BLOB
stores
(1) Farm-level and database-level backup and restore can be used for site collection recovery if a single site
collection is stored in a database.
(2) Farm-level and database-level backups can be used with SharePoint 2013 unattached database recovery to
restore site collections, sites, lists, and configurations.
(3) Content stored in remote BLOB stores cannot be restored by using System Center Data Protection
Manager.
(4) Changes to Web.config can be backed up by using file system backup from DPM.
(5) IIS configurations can be recovered by using a bare-metal backup from DPM.
(6) DPM can recover this item by using a combination of a bare-metal backup and SharePoint 2013 backup. It
cannot be backed up and recovered as an object.
(7) Fully-trusted solution packages are stored in the configuration database, and sandboxed solutions are
stored in content databases. They can be recovered as part of farm or content database recovery.
(8) Configuration settings can be recovered from farm-level backups. For more information, see Restore farms
in SharePoint Server.
(9) The Central Administration content database and the configuration database for a SharePoint 2013 farm
can be recovered but only as part of a full-farm recovery to the same farm, with the same computers.
NOTE
You can register SharePoint 2013 with Windows Server Backup by using the stsadm.exe -o -registerwsswriter
operation to configure the Volume Shadow Copy Service (VSS) writer for SharePoint 2013. Windows Server Backup then
includes SharePoint 2013 in server-wide backups. When you restore from a Windows Server backup, you can select
SharePoint Foundation (regardless of which version of SharePoint 2013 is installed), and all components reported by the
VSS writer for SharePoint 2013 on that server at the time of the backup will be restored. > Windows Server Backup is
recommended only for use with for single-server deployments.
NOTE
If you are using Remote Blob Storage (RBS), and the RBS provider that you are using does not support
snapshots, you cannot use snapshots for backup. For example, the FILESTREAM provider does not
support snapshots.
SharePoint Server backup is used to protect service applications. The backup interval is based on the
following:
The importance of the service.
The standard rate of change for the database.
The effect on performance that the backup has on the database.
All restore operations are performed through SharePoint Server. The choice of which restore system to
use is determined by the kind of backup that is available and the object being restored.
Other tools should be part of your business continuity strategy. Consider how you will use recycle bins and
versioning in site collections throughout the environment. For more information, see Plan for high availability
and disaster recovery for SharePoint Server.
See also
Concepts
Overview of backup and recovery in SharePoint Server
Other Resources
Data Protection and Recovery
Prepare to back up and restore farms in SharePoint
Server
6/7/2019 • 4 minutes to read • Edit Online
See also
Concepts
Backup solutions in SharePoint Server
Restore solutions in SharePoint Server
Configure backup and restore permissions in
SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
Permissions for the SharePoint Timer service and SQL Server account
in SharePoint Server
The SharePoint Timer Server and the SQL Server service account in SharePoint Server perform backup and
restore operations on behalf of users. These service accounts require Full Control permissions on any backup
folders.
Farm Yes No
NOTE
You only have to grant a user account access to back up and restore a specific farm component one time. You will have to
perform this task again only when you add new farm components to your environment or when you want to add users to
perform backup and restore operations.
IMPORTANT
The Add-SPShellAdmin cmdlet grants the SPDataAccess role but this is not enough to complete the restore operation. This
is because the restore-spsite cmdlet uses direct insert statements to add content rather than stored procedures which
accommodate other interactions. The Add-SPShellAdmin cmdlet worked fine in SharePoint 2010 because as part of the
SPDataAccess schema it added dbo permissions. For SharePoint Servers 2019, 2016 and 2013 the db_owner fixed database
role permissions are required to complete restore operations from the SharePoint Management Shell.
To add a user to or remove a user from the SharePoint_Shell_Access role by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions.
For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<Database ID> is the GUID assigned to the database.
To add a user account to all the databases in the farm, type the following command:
Where:
<User account> is the user whose account you want to remove.
To view the user accounts currently added to the databases in the farm, type the following command:
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
You might also have to grant additional permissions to the users who run the backup or restore operation by using
PowerShell. The following table shows the permissions that are required.
See also
Concepts
Plan for backup and recovery in SharePoint Server
Prepare to back up and restore farms in SharePoint Server
Overview of backup and recovery in SharePoint Server
Backup solutions in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Back up web applications in SharePoint Server Back up web application that are associated with the farm and
include configuration and content databases.
Back up service applications in SharePoint Server Back up service applications that are associated with the farm
and include configuration and content databases.
Back up User Profile service applications in SharePoint Server Back up User Profile Service applications that are associated
with the farm and include configuration and content
databases.
Back up Search service applications in SharePoint Server Back up Search service applications that are associated with
the farm and include configuration and indexes.
Back up the Secure Store Service in SharePoint Server Back up the Secure Store service application that is associated
with the farm and includes configuration and content
databases.
CONTENT DESCRIPTION
Back up content databases in SharePoint Server Back up content databases that are associated with the farm.
Back up databases to snapshots in SharePoint Server Back up databases to snapshots in the farm.
Back up customizations in SharePoint Server Back up customizations that are associated with the farm. This
article includes how to back up workflows in SharePoint
Server.
Back up site collections in SharePoint Server Back up site collections that are associated with the farm.
Back up apps for SharePoint in SharePoint Server Back up apps for SharePoint in SharePoint Server.
Export sites, lists, or document libraries in SharePoint Server Export a list, site, or document library that is associated with
the farm. Then import the items into another farm or move
them to another place in the existing farm.
See also
Concepts
Restore solutions in SharePoint Server
Back up farms in SharePoint Server
6/7/2019 • 7 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolder> is the path of a folder on the local computer or the network in which you want to
store the backups.
NOTE
If you are backing up the farm for the first time, you must use the Full option. You must perform a full backup
before you can perform a differential backup.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
Use Central Administration to back up a SharePoint Server farm
You can use Central Administration to back up the farm.
To back up a farm by using Central Administration
1. Verify that the user account that is performing this procedure is a member of the Farm Administrators
SharePoint group.
2. In Central Administration, on the home page, in the Backup and Restore section, click Perform a
backup.
3. On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, select the farm from the list
of components, and then click Next.
4. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either
Full or Differential.
NOTE
If you are backing up the farm for the first time, you must use the Full option. You must perform a full backup
before you can perform a differential backup.
5. In the Back Up Only Configuration Settings section, click Back up content and configuration
settings.
6. In the Backup File Location section, type the UNC path of the backup folder, and then click Start
Backup.
7. You can view the general status of all backup jobs at the top of the Backup and Restore Status page in the
Readiness section. You can view the status for the current backup job in the lower part of the page in the
Backup section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the backup to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you
specified in step 6.
See also
Back up farm configurations in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
Where:
<BackupFolder> is the path to the folder that has the correct backup files.
<DatabaseServerName> is the name of the database server for the farm that you are backing up.
<DatabaseName> is the name of the farm configuration database.
If you are not logged on with an account with db_backupoperator fixed database role on the
database server where the configuration database is stored, you must specify the value for
DatabaseCredentials parameter.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
You can back up the configuration for any service or application. However, common practice is to back up
configuration at the farm level.
4. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select Full.
5. In the Backup Only Configuration Settings section, select the Backup only configuration settings
option.
6. In the Backup File Location section, type the Universal Naming Convention (UNC ) path of the backup
folder, and then click Start Backup.
7. You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current backup job in the lower part of the page in
the Backup section. The status page updates every 30 seconds automatically. You can manually refresh the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the backup to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified
in step 5.
See also
Concepts
Restore farm configurations in SharePoint Server
Back up web applications in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
NOTE
Alternately, the user can be a member of the db_backupoperator fixed database role on all databases that are to
be updated if you do not want to assign full rights of the db_owner role.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolder> is the path of the folder that you use for storing backup files.
<WebApplicationName> is the name of the web application. To display the name of the web
application, at the PowerShell command prompt, type the following command:
Backup-SPFarm -ShowTree
NOTE
If you are backing up the web application for the first time, you must use the Full option. You must perform a full
backup before you can perform a differential backup.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
The web application might consist of several components. You must select the top-level component.
5. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either
Full or Differential.
NOTE
If you are backing up the web application for the first time, you must use the Full option. You must perform a full
backup before you can perform a differential backup.
6. In the Back Up Only Configuration Settings section, click Back up content and configuration
settings.
7. In the Backup File Location section, type the Universal Naming Convention (UNC ) path of the backup
folder, and then click Start Backup.
8. You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current backup job in the lower part of the page in
the Backup section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the backup to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified
in step 6.
Use SQL Server tools to back up a databases that are associated with a
web application
You cannot back up the complete web application by using SQL Server tools. However, you can back up all the
databases that are associated with the web application. To back up the complete web application, use either
PowerShell or Central Administration.
To back up a database associated with a web application by using SQL Server tools
1. Verify that the user account that is performing this procedure is a member of the SQL Server db_owner
fixed database role on all databases that are to be backed up.
2. Open SQL Server Management Studio and connect to the correct instance of the SQL Server Database
Engine.
3. In Object Explorer, expand Databases.
4. Right-click the database that you want to back up, point to Tasks, and then click Back Up.
5. In the Back Up Database dialog box, confirm the database name.
6. Next, select the kind of backup that you want to perform from the Backup type list. For more information
about which backup type to use, see Recovery Models (SQL Server).
7. In the Backup component area, click Database.
8. Either use the default name that is provided or specify a name for the backup set in the Name text box.
9. In the Destination area, specify where you want to store the backup.
10. Click OK to back up the database.
11. Repeat steps 1-10 for each farm database.
See also
Concepts
Restore web applications in SharePoint Server
Back up farms in SharePoint Server
Plan for backup and recovery in SharePoint Server
Back up service applications in SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
NOTE
SharePoint Server backup backs up remote Binary Large Object (BLOB) stores but only if you are using the FILESTREAM
remote BLOB store provider to put data in remote BLOB stores. If you are using another provider, you must manually back
up the remote BLOB stores.
Before you begin this operation, review the following information about prerequisites:
You must create a folder on the local computer or the network in which to store the backups. For better
performance, we recommend that you back up to the local computer and then move the backup files to a
network folder. For more information about how to create a backup folder, see Prepare to back up and
restore farms in SharePoint Server.
SharePoint Server backup backs up the SQL Server Remote BLOB Store installation package from the
Feature Pack for SQL Server 2008 R2 external content type definitions but does not back up the data
source itself. To protect the data, you should back up the data source when you back up the SQL Server
Remote BLOB Store installation package from the Feature Pack for SQL Server 2008 R2 or the farm.
If you back up the SQL Server Remote BLOB Store installation package from the Feature Pack for SQL
Server 2008 R2 or the farm and then restore the data source to a different location, you must change the
location information in the external content type definition. If you do not, the SQL Server Remote BLOB
Store installation package from the Feature Pack for SQL Server 2008 R2 might be unable to locate the
data source.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolder> is the path of a folder on the local computer or on the network in which you want
to store the backups.
<ServiceApplicationName> is the name of the service application that you want to back up. To
display the name of the service application, at the PowerShell command prompt, type the following
command: Backup-SPFarm -ShowTree .
To back up all the service applications, at the PowerShell command prompt, type the following command:
NOTE
If you are backing up the service application for the first time, you must use the Full option. You must perform a full
backup before you can perform a differential backup. Some service applications always require a full backup. For
these service applications, even if you select the Differential option, the system performs a full backup.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
The service application might consist of several components. You must select the top-level component.
5. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either
Full or Differential.
NOTE
If you are backing up the service application for the first time, you must use the Full option. You must perform a full
backup before you can perform a differential backup. Some service applications always require a full backup. For
these service applications, the system performs a full backup even if you select the Differential option.
6. In the Backup File Location section, in the Backup location box, type the path of the backup folder, and
then click Start Backup.
7. You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current backup job in the lower part of the page in
the Backup section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the backup to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified
in step 5.
See also
Concepts
Restore service applications in SharePoint Server
Back up User Profile service applications in
SharePoint Server
6/7/2019 • 7 minutes to read • Edit Online
IMPORTANT
The steps in this article apply to only SharePoint Servers 2019, 2016, and 2013.
NOTE
Backup of a User Profile service application can fail the first time that you use PowerShell to perform the backup. If this
occurs, repeat the backup procedure using PowerShell. For details about a backup failure, see the spbackup.log or
sprestore.log files in the backup directory.
To back up the User Profile service application by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013
Products cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolder> is the path of a folder on the local computer or on the network in which you want
to store the backups.
<ServiceApplicationName> is the name of the User Profile Service service application that you want
to back up.
NOTE
The User Profile Service service application always requires a full backup,
4. You must also back up the service application proxy. To do this, at the PowerShell command prompt, type
the following command:
Where:
<BackupFolder> is the path of a folder on the local computer or on the network in which you want
to store the backups.
<ServiceApplicationProxyName> is the name of the User Profile Service service application proxy
that you want to back up.
For more information, see Backup-SPFarm.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
Backup of a User Profile service application can fail the first time that you use Central Administration to perform the backup.
If this occurs, repeat the backup procedure using Central Administration. For details about a backup failure, see the
spbackup.log or sprestore.log files in the backup directory.
NOTE
The User Profile service application always requires a full backup. You must use the Full option.
6. In the Backup File Location section, in the Backup location box, type the path of the backup folder, and
then click Start Backup.
7. You must also back up the service application proxy. To do this, in Central Administration, on the home
page, in the Backup and Restore section, click Perform a backup.
8. On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, select the User Profile Service
service application proxy from the list of components, and then click Next.
9. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select Full.
10. In the Backup File Location section, in the Backup location box, type the path of the backup folder, and
then click Start Backup.
11. You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current backup job in the lower part of the page in
the Backup section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the backup to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified
in step 5.
miiskmu.exe
Use the Microsoft Identity Integration Server Key Management Utility Wizard to export the key set.
3. Open SQL Server Management Studio and connect to the database server.
4. In Object Explorer, expand Databases.
5. Right-click the database that you want to back up, point to Tasks, and then click Back Up.
6. In the Back Up Database dialog box, confirm the database name.
7. Next, select the kind of backup that you want to perform from the Backup type list. For more information
about which backup type to use, see Recovery Models (SQL Server).
8. In the Backup component area, click Database.
9. Either use the default name that is provided or specify a name for the backup set in the Name text box.
10. In the Destination area, specify where you want to store the backup.
11. Click OK to back up the database.
12. Repeat steps 1-10 for each User Profile service application database.
See also
Concepts
Backup solutions in SharePoint Server
Restore service applications in SharePoint Server
Other Resources
Windows PowerShell for SharePoint Server reference
Back up Search service applications in SharePoint
Server
6/7/2019 • 7 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolder> is the path of the folder that you use for storing backup files.
<SearchServiceApplicationName> is the name of the Search service application that you are
backing up.
NOTE
If you are backing up the farm for the first time, you must use the Full option. You must perform a full backup
before you can perform a differential backup. To view the progress of the backup operation, use the Verbose
parameter. The Differential option only applies to the search databases. The search index files are always fully
backed up, even when you use the Differential option.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
The search service application might consist of several components. You must select the top-level component. By
default, the service application is named "Search Service Application".
5. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either
Full or Differential.
NOTE
If you are backing up search for the first time, you must use the Full option. You must perform a full backup before
you can perform a differential backup. The Differential option only applies to the search databases. The search
index files are always fully backed up, even when you use the Differential option.
6. In the Backup File Location section, in the Backup location box, type the path of the backup folder, and
then click Start Backup.
7. You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current backup job in the lower part of the page in
the Backup section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are timer service jobs. Therefore, it might take
several seconds for the backup to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified
in step 6.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<SearchServiceApplicationName> is the name of the Search service application that you are backing
up.
To back up all the Search service application databases by using SQL Server tools
1. Verify that the user account that is performing this procedure is a member of the SQL Server
db_backupoperator fixed database role on the database server where each database is stored.
2. Start SQL Server Management Studio and connect to the database server.
3. In Object Explorer, expand Databases.
4. Right-click the database that you want to back up, point to Tasks, and then click Back Up.
5. In the Back Up Database dialog box, confirm the database name.
6. Next, select the kind of backup that you want to perform from the Backup type list. For more information
about which backup type to use, see Recovery Models (SQL Server).
7. In the Backup component area, click Database..
8. Either use the default name that is provided or specify a name for the backup set in the Name text box.
9. In the Destination area, specify where you want to store the backup.
10. Click OK to back up the database.
11. Repeat steps 1-10 for the following databases:
Search Administration
Analytics Reporting
Crawl
Link
To resume the Search service application by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<SearchServiceApplicationName> is the name of the Search service application.
See also
Concepts
Restore Search service applications in SharePoint Server
Back up the Secure Store Service in SharePoint
Server
6/7/2019 • 4 minutes to read • Edit Online
Where:
<BackupFolder> is the path of a folder on the local computer or on the network in which you want
to store the backups.
<SecureStoreService> is the name of the Secure Store Service application that you want to back up.
NOTE
You must use the Full option to back up the Secure Store Service.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
The Secure Store Service application might consist of several components. You must select the top-level component.
5. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select Full.
6. In the Backup File Location section, in the Backup location box, type the path of the backup folder, and
then click Start Backup.
7. You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current backup job in the lower part of the page in
the Backup section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the backup to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified
in step 5.
See also
Concepts
Restore Secure Store Service applications in SharePoint Server
Back up content databases in SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
Where:
<BackupFolder> is the path of the backup folder.
<ContentDatabaseName> is the name of the database that you want to back up. To display the
name of the content database, type the following command at the PowerShell command prompt:
Get-SPContentDatabase .
To view the progress of the backup operation, use the Verbose parameter.
NOTE
If you are backing up the content database for the first time, you must use the Full option. You must perform a full
backup before you can perform a differential backup.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
5. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either
Full or Differential.
NOTE
If you are backing up the content database for the first time, you must use the Full option. You must perform a full
backup before you can perform a differential backup.
6. In the Backup File Location section, type the Universal Naming Convention (UNC ) path of the backup
folder, and then click Start Backup.
7. You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status of the current backup job in the lower part of the page in the
Backup section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the backup to start.
If you receive any errors, review the Failure Message column of the Backup and Restore Job Status page.
You can also find more details in the Spbackup.log file at the UNC path that you specified in step 5.
IMPORTANT
Database snapshots do not replace a backup and restore strategy. To fully protect your SharePoint Server environment we
advise you to perform regular backups to protect your farm in case you need to restore data after a failure..
See also
Other Resources
Database Snapshots (SQL Server)
Database Snapshots with AlwaysOn Availability Groups (SQL Server)
Back up customizations in SharePoint Server
6/7/2019 • 9 minutes to read • Edit Online
NOTE
Each of these kinds of customizations requires a different type of backup.
Back up solution packages in SharePoint Server
Solution packages can be created by using SharePoint Designer or Visual Studio. We strongly recommend that all
customizations be deployed as solution packages. For more information, see Creating SharePoint Solution
Packages.
A solution package is a deployable, reusable file that can contain a set of features, site definitions, and assemblies
that apply to sites, and that you can enable or disable individually. Solution packages can include Web Parts, site or
list definitions, custom columns, new content types, custom fields, custom actions, coded workflows, or workflow
activities and conditions.
The method that you use to back up solution packages is determined by whether the customizations are deployed
as trusted solutions or sandboxed solutions (partially trusted code).
Trusted solutions are solution packages that farm administrators deploy. Trusted solutions are deployed to the
entire farm and can be used on any site within the farm. Trusted solutions are stored in the configuration database.
Trusted solutions are backed up when a farm is backed up by using SharePoint Server backup, and are included in
configuration-only backups. You can also back up trusted solutions as a group or individually. Trusted solutions are
visible in the backup hierarchy.
Sandboxed solutions are solution packages that site collection administrators can deploy to a single site collection.
Sandboxed solutions are stored in the content database that is associated with the site collection to which the
solution packages are deployed. They are included in SharePoint Server farm, web application, content database,
and site collection backups, but are not visible in the backup hierarchy and cannot be selected or backed up
individually.
We recommend that you keep a backup of the original .wsp file and the source code used to build the .wsp file for
both trusted solutions and sandboxed solutions.
To back up trusted solutions by using Central Administration
1. Verify that the user account that is performing this procedure is a member of the Farm Administrators
group.
2. Start Central Administration.
3. In Central Administration, on the home page, in the Backup and Restore section, click Perform a backup.
4. On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, select Solutions, and
then click Next.
You can also select an individual solution, if you only want to back up a single solution.
5. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select
either Full or Differential.
NOTE
If you are backing up the solution for the first time, you must use the Full option. You must perform a full backup
before you can perform a differential backup.
6. In the Backup File Location section, type the Universal Naming Convention (UNC ) path of the backup
folder, and then click Start Backup.
7. You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status of the current backup job in the lower part of the page in the
Backup section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the backup to start.
If you receive any errors, review the Failure Message column of the Backup and Restore Job Status
page. You can also find more details in the Spbackup.log file at the UNC path that you specified in step 4.
To back up trusted solutions by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<UNC location> is the UNC location of the directory where you store the backup file.
For more information, see Backup-SPFarm.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
If you are using forms-based authentication, provider registration in the Web.config file is manual, and is not protected by
SharePoint Server backup. In this case, make sure that you back up the Web.config file by using a file system backup.
LOCATION DESCRIPTION
See also
Concepts
Restore customizations in SharePoint Server
Back up farms in SharePoint Server
Back up farm configurations in SharePoint Server
Back up web applications in SharePoint Server
Back up content databases in SharePoint Server
Back up site collections in SharePoint Server
Update Workflow in SharePoint Server
Back up site collections in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
2. Start the SharePoint Management Shell.
3. At the PowerShell command prompt, type the following command:
Where:
<SiteCollectionGUIDorURL> is the ID or URL for the site collection you want to back up.
<BackupFile> is the path to where the backup file is located.
If you want to overwrite a previously used backup file, use the Force parameter. You can use the
NoSiteLock parameter to keep the read-only lock from being set on the site collection while it is being
backed up. However, using this parameter can enable users to change the site collection while it is being
backed up and could lead to possible data corruption during backup. To display the site collection GUID or
URL at the PowerShell command prompt, type the following command:
If the database server is running an Enterprise Edition of SQL Server, we recommend that you also use the
UseSqlSnapshot parameter for more consistent backups. You can also export sites or lists from these
snapshots.
NOTE
If the RBS provider that you are using does not support snapshots, you cannot use snapshots for content
deployment or backup. For example, the SQL FILESTREAM provider does not support snapshots.
For more information about how to use SQL snap-shots, see Back up databases to snapshots in
SharePoint Server.
For more information, see Backup-SPSite.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
If you want to reuse a file, select the Overwrite existing file check box.
See also
Concepts
Plan for backup and recovery in SharePoint Server
Restore site collections in SharePoint Server
Back up apps for SharePoint in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
SharePoint Server content databases become very large. We recommend that you back up each content database as a
separate process from other database or farm backups.
NOTE
Make sure that you record the passphrase when you back up the Secure Store database. You must have the passphrase
available to restore the Secure Store database.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<SiteCollectionGUIDorURL> is the ID or URL for the site collection you want to back up.
<BackupFile> is the path of where the backup file is located.
If you want to overwrite a previously used backup file, use the Force parameter. You can use the
NoSiteLock parameter to keep the read-only lock from being set on the site collection while it is being
backed up. However, using this parameter can enable users to change the site collection while it is being
backed up and could lead to possible data corruption during backup. To display the site collection GUID or
URL at the PowerShell command prompt, type the following command:
If the database server is running an Enterprise Edition of SQL Server, we recommend that you also use the
UseSqlSnapshot parameter for more consistent backups. You can also export sites or lists from these
snapshots.
NOTE
If the RBS provider that you are using does not support snapshots, you can't use snapshots for content deployment
or backup. For example, the SQL FILESTREAM provider does not support snapshots.
For more information about how to use SQL snap-shots, see Back up databases to snapshots in SharePoint
Server.
For more details, see Back up site collections in SharePoint Server
For more information, see Backup-SPSite.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Plan for backup and recovery in SharePoint Server
Restore apps for SharePoint in SharePoint Server
Export sites, lists, or document libraries in SharePoint
Server
6/7/2019 • 5 minutes to read • Edit Online
Export-SPWeb -Identity <SiteURL> -Path <Path and File Name> [-ItemUrl <URL of Site, List, or Library>]
[-IncludeUserSecurity] [-IncludeVersions] [-NoFileCompression] [-GradualDelete] [-Verbose]
Where:
<SiteURL> is URL for the site, list, or library that you are exporting.
<Path and FileName> is path and name for the site, list, or library that you are exporting.
<URL of Site, List, or Library> is the URL for the site, list, or library where you are exporting.
If you are exporting a large site, list, or document library, you can use the GradualDelete parameter. When
this parameter is used, the site collection is marked as deleted, which immediately prevents any further
access to its content. The data in the deleted site collection is then deleted gradually over time by a timer job
instead of at one time, which reduces its effect on the performance of farm servers and SQL Server.
To specify which version of the site, list, or document library to include, use the IncludeVersions parameter
and specify "LastMajor" (default), "CurrentVersion", "LastMajorandMinor", or "All". To include the user
security settings with the list or document library, use the IncludeUserSecurity parameter. If you want to
overwrite the file that you specified, use the Force parameter. To view the progress of the backup
operation, use the Verbose parameter.
The NoFileCompression parameter lets you specify that no file compression is performed during the export
process. Using this parameter can lower resource usage up to 30% during the export process. Using this
parameter will result in a backup folder being created instead of a compressed file. If you use the
NoFileCompression parameter in the Export-SPWeb command, you must also use it when you import the
content by using the Import-SPWeb command.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Plan for backup and recovery in SharePoint Server
Other Resources
Use Windows PowerShell to administer SharePoint Server
Restore solutions in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
CONTENT DESCRIPTION
Restore farms in SharePoint Server Solutions you can use to restore the complete farm from a
backup.
Restore farm configurations in SharePoint Server Restore the farm configuration to the same farm from a
backup.
Document farm configuration settings in SharePoint Server Document the configuration settings for your farm.
Copy configuration settings between farms in SharePoint Copy configuration settings from one farm to another.
Server
Restore web applications in SharePoint Server Restore a Web application from a backup.
Restore service applications in SharePoint Server Restore a service application from a backup.
Restore User Profile Service applications in SharePoint Server Restore the User Profile Service application instead of
restoring the complete farm.
Restore Search service applications in SharePoint Server Restore the Search service application from a backup.
Restore Secure Store Service applications in SharePoint Server Restore the Secure Store service application from a backup.
Restore content databases in SharePoint Server Restore a content database from a backup.
Attach and restore read-only content databases in SharePoint Attach a read-only content database to the farm.
Server
Restore content from unattached content databases in Restore or copy content, such as sites, site collections, lists, or
SharePoint Server document libraries, from a content database without having
to attach the content database to the farm.
Restore customizations in SharePoint Server Restore customizations that are associated with the farm from
backups.
Restore site collections in SharePoint Server Restore a site collection from a backup.
Restore apps for SharePoint in SharePoint Server Restore apps for SharePoint in SharePoint Server.
CONTENT DESCRIPTION
Import a list or document library in SharePoint Server Restore a site, list, or document library from a backup.
See also
Concepts
Backup solutions in SharePoint Server
Restore farms in SharePoint Server
7/15/2019 • 11 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolder> is the path of the folder you use for storing backup files.
<GUID> is the identifier of the backup to restore from.
NOTE
If you are not logged on as the Farm account, you are prompted for the Farm account's credentials.
If you do not specify the BackupId , the most recent backup will be used. To view the backups for the farm,
at the Microsoft PowerShell command prompt,type the following command:
Where:
<BackupFolder> is the path of the folder you use for storing backup files.
You cannot use a configuration-only backup to restore content databases together with the configuration.
4. To restart a service application, at the PowerShell command prompt, type the following command:
4. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is
next to the farm, and then click Next.
5. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component
section, make sure that Farm appears in the Restore the following component list.
In the Restore Only Configuration Settings section, make sure that the Restore content and
configuration settings option is selected.
In the Restore Options section, under Type of Restore, select the Same configuration option. A dialog
box will appear that asks you to confirm the operation. Click OK.
NOTE
If the Restore Only Configuration Settings section does not appear, the backup that you selected is a
configuration-only backup. You must select another backup.
NOTE
The search index is not stored in SQL Server. If you use SQL Server tools to back up and restore search, you must perform a
full crawl after you restore the content database.
Before you restore SharePoint Server, we recommend that you configure a recovery farm for site and item
recovery.
Restore the databases by following these steps:
1. If possible, back up the live transaction log of the current database to protect any changes that were made
after the last full backup.
2. Restore the last full database backup.
3. Restore the most recent differential database backup that occurred after the most recent full database
backup.
4. Restore all transaction log backups that occurred after the most recent full or differential database backup.
Use the following procedure to restore your farm databases.
To restore a farm by using SQL Server tools
1. Verify that the user account that is performing this procedure is a member of the sysadmin fixed server
role.
2. If the SharePoint Timer service is running, stop the service and wait for several minutes for any currently
running stored procedures to finish. Do not restart the service until after you restore all the databases that
you have to restore.
3. Start SQL Server Management Studio and connect to the database server.
4. In Object Explorer, expand Databases.
5. Right-click the database that you want to restore, point to Tasks, point to Restore, and then click
Database.
The database is automatically taken offline during the recovery operation and cannot be accessed by other
processes.
6. In the Restore Database dialog box, specify the destination and the source, and then select the backup set
or sets that you want to restore.
The default values for destination and source are appropriate for most recovery scenarios.
7. In the Select a page pane, click Options.
8. In the Restore options section, select only Overwrite the existing database. Unless your environment
or policies require otherwise, do not select the other options in this section.
9. In the Recovery state section:
If you have included all the transaction logs that you must restore, select RECOVER WITH
RECOVERY.
If you must restore additional transaction logs, select RECOVER WITH NORECOVERY.
The third option, RECOVER WITH STANDBY is not used in this scenario.
NOTE
For more information about these recovery options, see Restore Database (Options Page).
IMPORTANT
If you are restoring the User Profile database (by default named "User Profile Service_ProfileDB_<GUID>"), then also
restore the Social database (by default named "User Profile Service_SocialDB_<GUID>"). Failing to do this can cause
inaccuracies in the User Profile data that might be difficult to detect and fix.
12. To restore the configuration settings, you must use the existing configuration database or manually create
a new database and restore the configuration to that database. For more information about how to restore
the farm configuration, see Restore farm configurations in SharePoint Server.
13. Start the SharePoint Timer service.
14. Start any service applications that have to be restarted. In Central Administration, on the home page, in the
Systems Settings section, click Manage services on server. On the Services on Server page, start any
services related to service applications that you want to run by clicking Restart in the Action column next
to the service application.
Related content
The following list shows other recovery methods that you can use when you only need to restore part of your
farm:
Back up farms in SharePoint Server
Restore farm configurations in SharePoint Server
Restore web applications in SharePoint Server
Restore content databases in SharePoint Server
Restore farm configurations in SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
In earlier versions of SharePoint, you could not restore the configuration database and, therefore, you could not restore the
configuration of a farm. Now you do not have to restore the configuration database because you can restore the farm
configuration directly.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where <RestoreShare> is network location where the backup file is stored. For more information, see
Restore-SPFarm.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The
Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product
versions.
NOTE
You can view additional information about the backups by expanding the row that contains the backup.
NOTE
If the correct backup job does not appear, in the Backup Directory Location text box, enter the UNC path of the
correct backup folder, and then click Refresh.
5. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is
next to the farm, and then click Next.
6. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component
section, make sure that "Farm" appears in the Restore the following content list.
In the Restore Only Configuration Settings section, make sure that the Restore content and
configuration settings option is selected.
In the Restore Options section, select the Type of Restore option. Use the Same configuration setting.
A dialog box will appear that asks you to confirm the operation. Click OK.
NOTE
If the Restore Only Configuration Settings section does not appear, then the backup that you selected is a
configuration-only backup.
See also
Concepts
Back up farm configurations in SharePoint Server
Document farm configuration settings in SharePoint
Server
6/7/2019 • 8 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Permissions and Add-SPShellAdmin.
2. Use a text editor, such as Notepad, to create a text file by pasting the following code into the file. The
commands in the example create XML files that document the configurations of the Web applications and
service applications in the current farm. Choose only those commands that are relevant to your environment.
##
## Common SharePoint configuration settings
##
#Retrieve Web Application information. The default depth of 2 does not return much detail--we recommend that
you use a depth of 4 for this cmdlet.
Get-SPWebApplication | Export-Clixml .\WebAppFilename.xml -depth 4
#Retrieve custom layout information.
Get-SPWebApplication | Get-SPCustomLayoutsPage | Export-Clixml .\Get-SPCustomLayoutsPage.xml
#Determine how SharePoint designer access is configured.
Get-SPWebApplication | Get-SPDesignerSettings | Export-Clixml .\Get-SPDesignerSettings.xml
#Retrieve information about alternate access mapping
Get-SPAlternateURL | Export-Clixml .\Get-SPAlternateURL.xml
#Retrieve information about content databases
Get-SPContentDatabase | Export-Clixml .\Get-SPContentDatabase.xml
Get-SPContentDatabase | Export-Clixml .\Get-SPContentDatabase.xml
#Retrieve database properties for each database
Get-SPDatabase | Export-Clixml .\Get-SPDatabase.xml
#Retrieve information about all SharePoint Products installed in the farm, and the versions of all updates
installed for each product.
Get-SPProduct | Export-Clixml .\Get-SPProduct.xml
#Retrieve farm information
Get-SPFarm | Export-Clixml .\Get-SPFarm.xml
Get-SPFarmConfig | Export-Clixml .\Get-SPFarmConfig.xml
#Retrieve information about the servers in the farm
Get-SPServer | Export-Clixml .\Get-SPServer.xml
#Retrieve information about installed features
Get-SPFeature | Export-Clixml .\Get-SPFeature.xml
#Retrieve information about globally-installed site templates
Get-SPWebTemplate | Export-Clixml .\Get-SPWebTemplate.xml
#Retrieve information about deployed solutions
Get-SPSolution | Export-Clixml .\Get-SPSolution.xml
#Retrieve information about sandboxed solutions deployed in a site collection
Get-SPSite | Get-SPUserSolution | Export-Clixml .\Get-SPUserSolution.xml
#Retrieve information about claims authentication
Get-SPTrustedIdentityTokenIssuer | Export-Clixml .\Get-SPTrustedIdentityTokenIssuer.xml
Get-SPTrustedServiceTokenIssuer | Export-Clixml .\Get-SPTrustedServiceTokenIssuer.xml
Get-SPTrustedRootAuthority | Export-Clixml .\Get-SPTrustedRootAuthority.xml
#Retrieve information about installed Help
Get-SPHelpCollection | Export-Clixml .\Get-SPHelpCollection.xml
#Retrieve information about the logging levels that have been set
Get-SPLogLevel | Export-Clixml .\Get-SPLogLevel.xml
#Retrieve information about the sites in the farm
Get-SPSite | Export-Clixml .\Get-SPSite.xml
Get-SPSiteAdministration | Export-Clixml .\Get-SPSiteAdministration.xml
Get-SPSiteSubscription | Export-Clixml .\Get-SPSiteSubscription.xml
#Retrieve ULS logging information
Get-SPDiagnosticConfig | Export-Clixml .\Get-SPDiagnosticConfig.xml
Get-SPDiagnosticsPerformanceCounter | Export-Clixml .\Get-SPDiagnosticsPerformanceCounter.xml
Get-SPDiagnosticsProvider | Export-Clixml .\Get-SPDiagnosticsProvider.xml
#Retrieve information about accounts registered in the configuration database
Get-SPManagedAccount | Export-Clixml .\Get-SPManagedAccount.xml
Get-SPProcessAccount | Export-Clixml .\Get-SPProcessAccount.xml
Get-SPShellAdmin | Export-Clixml .\Get-SPShellAdmin.xml
#Retrieve specific information about the certificate authority
Get-SPCertificateAuthority | Export-Clixml .\Get-SPCertificateAuthority.xml
Get-SPClaimProvider | Export-Clixml .\Get-SPClaimProvider.xml
Get-SPClaimProviderManager | Export-Clixml .\Get-SPClaimProviderManager.xml
#Retrieve information about content deployment jobs
Get-SPContentDeploymentJob | Export-Clixml .\Get-SPContentDeploymentJob.xml
Get-SPContentDeploymentPath | Export-Clixml .\Get-SPContentDeploymentPath.xml
#Retrieve information about the Mobile Messaging account.
Get-SPWebApplication | Get-SPMobileMessagingAccount | Export-Clixml .\Get-SPMobileMessagingAccount.xml
##
##Common service infrastructure settings
##
#Retrieve information about the service applications in the farm
Get-SPServiceApplication | Export-Clixml .\Get-SPServiceApplication.xml
Get-SPServiceApplicationPool | Export-Clixml .\Get-SPServiceApplicationPool.xml
Get-SPServiceApplicationProxy | Export-Clixml .\Get-SPServiceApplicationProxy.xml
Get-SPServiceApplicationProxyGroup | Export-Clixml .\Get-SPServiceApplicationProxyGroup.xml
Get-SPServiceApplication | Get-SPServiceApplicationEndpoint | Export-Clixml .\Get-
SPServiceApplicationEndpoint.xml
#Retrieve information about the services running in the farm
Get-SPServiceInstance | Export-Clixml .\Get-SPServiceInstance.xml
#Retrieve information about InfoPath form services
Get-SPInfoPathFormsService | Export-Clixml .\Get-SPInfoPathFormsService.xml
Get-SPInfoPathFormTemplate | Export-Clixml .\Get-SPInfoPathFormTemplate.xml
###WARNING: The following cmdlet requires run as administrator rights.
Get-SPInfoPathUserAgent | Export-Clixml .\Get-SPInfoPathUserAgent.xml
#Retrieve information about common Web service settings
Get-SPServiceHostConfig | Export-Clixml .\Get-SPServiceHostConfig.xml
##
## Common service application settings
##
##
#Access Services
#Retrieve specific information for the Access Services service application
Get-SPAccessServiceApplication | Export-Clixml .\Get-SPAccessServiceApplication.xml
#Application Discovery and Load Balancer Service Application
Get-SPTopologyServiceApplication | Export-Clixml .\Get-SPTopologyServiceApplication.xml
Get-SPTopologyServiceApplicationProxy | Export-Clixml .\Get-SPTopologyServiceApplicationProxy.xml
#Business Data Connectivity Service
#Retrieve information about data connection files. ###WARNING: The following cmdlet requires run as
administrator rights
Get-SPDataConnectionFile | Export-Clixml .\Get-SPDataConnectionFile.xml
###WARNING: The following cmdlet requires run as administrator rights
Get-SPDataConnectionFile | Get-SPDataConnectionFileDependent | Export-Clixml .\Get-
SPDataConnectionFileDependent.xml
#Excel Services Application
#Note: An Excel service application must be provisioned for the following cmdlets to succeed.
Get-SPExcelServiceApplication | Get-SPExcelBlockedFileType | Export-Clixml .\Get-SPExcelBlockedFileType.xml
Get-SPExcelServiceApplication | Get-SPExcelDataConnectionLibrary | Export-Clixml .\Get-
SPExcelDataConnectionLibrary.xml
Get-SPExcelServiceApplication | Get-SPExcelDataProvider | Export-Clixml .\Get-SPExcelDataProvider.xml
Get-SPExcelServiceApplication | Get-SPExcelFileLocation | Export-Clixml .\Get-SPExcelFileLocation.xml
Get-SPExcelServiceApplication | Export-Clixml .\Get-SPExcelServiceApplication.xml
Get-SPExcelServiceApplication | Get-SPExcelUserDefinedFunction | Export-Clixml .\Get-
SPExcelUserDefinedFunction.xml
Get-SPWebApplication | Get-SPInfoPathWebServiceProxy | Export-Clixml .\Get-SPInfoPathWebServiceProxy.xml
Get-SPWebApplication | Get-SPManagedPath | Export-Clixml .\Get-SPManagedPath.xml
3. Save the file and add the .ps1 extension, such as SuggestedNameOfFile.ps1.
NOTE
You can use a different file name, but you must save the file as an ANSI-encoded text file whose extension is .ps1.
./SuggestedFileName.ps1
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
The following section lists the content of the Get-SPAlternateURL.xml file. Some sections are collapsed.
- <Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04">
+ <Obj RefId="0">
- <Obj RefId="7">
<TNRef RefId="0" />
<ToString>Microsoft.SharePoint.Administration.SPAlternateUrl</ToString>
- <Props>
<S N="IncomingUrl">http://servername</S>
<URI N="Uri">http://servername/</URI>
+ <Obj N="UrlZone" RefId="8">
- <Obj N="Collection" RefId="9">
<TNRef RefId="2" />
- <IE>
- <Obj RefId="10">
<TNRef RefId="0" />
<ToString>Microsoft.SharePoint.Administration.SPAlternateUrl</ToString>
+ <Props>
- <MS>
<S N="Zone">Default</S>
<S N="PublicUrl">http://servername</S>
</MS>
</Obj>
</IE>
- <Props>
<I32 N="Count">1</I32>
<B N="IsReadOnly">false</B>
<S N="TypeName">Alternate Access Mapping Collection</S>
<S N="DisplayName">SharePoint - 80</S>
<U64 N="DiskSizeRequired">0</U64>
<B N="CanSelectForBackup">false</B>
<B N="CanRenameOnRestore">false</B>
<B N="CanSelectForRestore">false</B>
<S N="Name">SharePoint - 80</S>
<G N="Id">5b65a69a-222d-4fe0-904b-0fb928bc7a89</G>
<S N="Status">Online</S>
<S N="Parent">SPFarm Name=SERVERNAME_SharePoint_Configuration_Database</S>
<I64 N="Version">3661</I64>
+ <Obj N="Properties" RefId="12">
<TNRef RefId="3" />
<DCT />
</Obj>
<S N="Farm">SPFarm Name=SERVERNAME_SharePoint_Configuration_Database</S>
<Ref N="UpgradedPersistedProperties" RefId="11" />
</Props>
</Obj>
<Ref N="UpgradedPersistedProperties" RefId="11" />
</Props>
+ <MS>
+ <Obj N="Zone" RefId="13">
<TNRef RefId="1" />
<ToString>Default</ToString>
<I32>0</I32>
</Obj>
<S N="PublicUrl">http://servername</S>
</MS>
</Obj>
</Objs>
This example imports the output from the XML file so that you can see its contents more easily.
Import-Clixml .\Get-SPAlternateURL.xml
Once an XML file is imported, you can use the objects in the pipeline as if they were real objects of the given type.
Import-Clixml .\Get-SPAlternateURL.xml | %{$_.Uri}
You can also pipe the objects as part of the cmdlet, and view all of the expected properties, methods, and
TypeNames. The following example pipes URIs.
See also
Other Resources
Export-Clixml
Import-Clixml
Get-SPAlternateURL
ForEach-Object
Get-Member
Copy configuration settings between farms in
SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
NOTE
This method does not include Web application or service application settings. If Web application settings are required
in the restored farm, use one of the other methods.
Create a deployment script, based on your documented configuration. This method may be more work at
first, but is easy to use to maintain standardization.
NOTE
Creating a farm backup without content databases does back up the service applications.
Get-SPContentDatabase | Dismount-SPContentDatabase
NOTE
You can view the progress of the backup by looking at the \servername\share\spbr####\spbackup.log file.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Overview of backup and recovery in SharePoint Server
Restore web applications in SharePoint Server
6/7/2019 • 7 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolderName> is the full path of the folder that you use for backup files.
<WebApplicationName> is the name of the web application that was backed up.
<GUID> is the identifier of the back up to use for the restore operation.
If you do not specify the value of the BackupID parameter, the most recent backup will be used. You cannot
restore a web application by using a configuration-only backup. You can view the backups for the farm by
typing the following:
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
If the correct backup job does not appear, in the Current Directory Location text box, type the Universal Naming
Convention (UNC) path of the correct backup folder, and then click Refresh. > You cannot use a configuration-only
backup to restore the web application.
5. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is
next to the web application, and then click Next.
6. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component
section, make sure that Farm\<Web application> appears in the Restore the following content list.
In the Restore Only Configuration Settings section, make sure that the Restore content and
configuration settings option is selected.
In the Restore Options section, under Type of Restore, select the Same configuration option. A dialog
box appears that asks you to confirm the operation. Click OK.
NOTE
If the Restore Only Configuration Settings section does not appear, the backup that you selected is a
configuration-only backup. You must select another backup.
NOTE
For more information about these recovery options, see Restore Database (Options Page).
See also
Concepts
Back up web applications in SharePoint Server
Plan for backup and recovery in SharePoint Server
Restore service applications in SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
NOTE
SharePoint Server restores remote Binary Large Object (BLOB) stores but only if you are using the FILESTREAM
provider to put data in remote BLOB stores. If you are using another provider, you must manually restore remote
BLOB stores.
You cannot restore the complete service application by using SQL Server tools. However, you can restore
the databases that are associated with the service application.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions.
Restore-SPFarm -Directory
<BackupFolder>
-Item "
<ServiceApplicationName>
" -RestoreMethod Overwrite [-BackupId
<GUID>
] [-Verbose]
Where:
<BackupFolder> is the path for the backup folder where the service application was backed up.
<ServiceApplicationName> is the name of the service application.
<GUID> is the ID of the backup to use.
To specify which backup to use, use the BackupId parameter. You can view the backups for the farm by
typing the following: Get-SPBackupHistory -Directory <BackupFolder> -ShowBackup . If you do not specify the
BackupId , the most recent backup will be used. You cannot restore a service application from a
configuration-only backup.
To restore all the service applications, at the PowerShell command prompt, type the following command:
Restore-SPFarm -Directory
<BackupFolder>
-Item "Farm\Shared Service Applications" -RestoreMethod Overwrite [-BackupId
<GUID>
] [-Verbose]
Where:
<BackupFolder> is the path for the backup folder where the service application was backed up.
<GUID> is the ID of the backup to use.
For more information, see Restore-SPFarm.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
If the correct backup job does not appear, in the Backup Directory Location text box, type the path of the correct
backup folder, and then click Refresh. You cannot use a configuration-only backup to restore the farm.
5. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, expand Shared Services
Applications, select the check box that is next to the service application, and then click Next. To restore all
the service applications, select the Shared Services Applications node.
6. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component
section, make sure that Farm\Shared Services Applications\<Service application> appears in the
Restore the following component list.
In the Restore Options section, under Type of restore, select the Same configuration option. A dialog
box will appear that asks you to confirm the operation. Click OK.
Click Start Restore.
7. You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page
in the Readiness section. You can view the status for the current recovery job in the lower part of the page
in the Restore section. The status page updates every 30 seconds automatically. You can manually update
the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take a
several seconds for the recovery to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified
in step 3.
See also
Concepts
Back up service applications in SharePoint Server
Restore User Profile Service applications in
SharePoint Server
6/7/2019 • 6 minutes to read • Edit Online
IMPORTANT
The steps in this article apply to SharePoint Server 2016.
Where:
<BackupFolder> is the path of the folder where the backups are stored.
<ServiceApplicationName> is the name of the service application.
<GUID> is the identifier of the backup to use in the restore process.
If you do not specify the BackupId , the most recent backup will be used. You cannot restore a service
application from a configuration-only backup.
For more information, see Restore-SPFarm.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
If the correct backup job does not appear, in the Backup Directory Location text box, type the path of the correct
backup folder, and then click Refresh. You cannot use a configuration-only backup to restore the User Profile Service
service application.
5. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, expand Shared Services
Applications, select the check box that is next to the User Profile Service service application, and then click
Next.
6. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component
section, make sure that Farm\Shared Services Applications\<User Profile Service service
application name> appears in the Restore the following component list.
In the Restore Options section, under Type of restore, select the Same configuration option. A dialog
box will appear that asks you to confirm the operation. Click OK.
7. Click Start Restore.
8. You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current recovery job in the lower part of the page in
the Restore section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take a
several seconds for the recovery to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified
in step 3.
Using SQL Server tools to restore the databases associated with the
User Profile service application in SharePoint Server
You cannot restore the complete service application or service application proxy by using SQL Server tools.
However, you can use SQL Server tools to restore the databases that are associated with the service application. To
restore the complete service application, use either PowerShell or Central Administration.
IMPORTANT
If you are restoring the User Profile database (by default, it is named User Profile Service_ProfileDB_ <GUID>), you must also
restore the Social database (by default, it is named User Profile Service_SocialDB_ <GUID>). Failing to do this can cause
inaccuracies in the User Profile data that might be difficult to detect and fix.
To restore the databases associated with the User Profile service application by using SQL Server tools
1. Verify that the user account that you are using to restore the databases is a member of the SQL Server
sysadmin fixed server role on the database server where each database is stored.
2. Start Central Administration.
3. In Central Administration, in the System Settings section, click Manage services on server.
4. On the Services on Server page, find User Profile Service. If the service is started, click Stop to stop the
service.
5. Before you restore the User Profile Service service application databases, you must import the Microsoft
Identity Integration Server (MIIS ) encryption key that you exported before backing up the databases. You
only have to do this one time for the restore process. To do this, on the server to which you are restoring the
service application, type the following at the command prompt:
6. Open SQL Server Management Studio and connect to the database server.
7. In Object Explorer, expand Databases.
8. Right-click the database that you want to restore, point to Tasks, and then click Restore Database.
9. In the Restore Database dialog box, on the Options page, select the kind of recovery that you want to
perform from the Recovery state list.
For more information about which recovery type to use, see Recovery Models (SQL Server) .
10. On the General page, in the Destination for restore section, select the database from the To database
list.
11. In the Source for restore section, select the backup source from the From database list.
12. Alternatively, if you have moved the backup files to another computer, select the From device option. If the
correct backup is not listed in the Select the backup sets to restore box, browse to the file by clicking the
ellipsis button.
13. Select the backup to restore from the Select the backup sets to restore box, and then click OK.
14. Click OK to restore the database.
15. Repeat steps 5-11 for the following databases associated with the User Profile Service service application
(the names that are listed are the default names):
See also
Concepts
Restore solutions in SharePoint Server
Back up User Profile service applications in SharePoint Server
Other Resources
Windows PowerShell for SharePoint Server reference
Restore Search service applications in SharePoint
Server
6/7/2019 • 8 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
2. Make sure that the server you are restoring to use the same drive mapping as the server where you
created the backup.
3. Start the SharePoint Management Shell.
4. At the PowerShell command prompt, type the following command:
Where:
<BackupFolder> is the path for the backup folder where the service application was backed up.
<ServiceApplicationName> is the name the service application.
_<GUID>_is the ID of the backup to use.
To specify which backup to use, use the BackupId parameter. You can view the backups for the farm by
typing the following: Get-SPBackupHistory -Directory <BackupFolder> -ShowBackup . If you do not specify the
BackupId , the most recent backup will be used. You cannot restore a service application from a
configuration-only backup.
To restore all the service applications, at the PowerShell command prompt, type the following command:
Where:
<BackupFolder> is the path for the backup folder where the service application was backed up.
_<GUID>_is the ID of the backup to use.
For more information, see Restore-SPFarm.
5. When you restore a Search service application, it is automatically paused. To resume the Search service
application when the restore has completed, type the following command:
Where:
<SearchServiceApplicationName> is the name the service application you want to resume.
NOTE
Index files are restored to one replica per index partition. After the restore has completed, the index for each replica is
replicated to the other index replicas. During this process the search topology is fully functional for crawling and queries,
but is not fault tolerant.
Depending on the size of the farm and the index, the process can take several hours and the index replicas appear
as degraded in the Search Administration UI and in the output of the Get-SPEnterpriseSearchStatus Microsoft
PowerShell cmdlet.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
If the correct backup job does not appear, in the Backup Directory Location text box, type the path of the correct
backup folder, and then click Refresh. > You cannot use a configuration-only backup to restore the farm.
6. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, expand Shared Services
Applications, select the check box that is next to the Search service application, and then click Next. To
restore all the service applications, select the Shared Services Applications node.
7. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component
section, make sure that Farm\Shared Services Applications\<Service application> appears in the
Restore the following component list.
In the Restore Options section, under Type of restore, select the Same configuration option. A dialog
box will appear that asks you to confirm the operation. Click OK.
Click Start Restore.
8. You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page
in the Readiness section. You can view the status for the current recovery job in the lower part of the page
in the Restore section. The status page updates every 30 seconds automatically. You can manually update
the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take a
several seconds for the recovery to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified
in step 3.
9. When you restore a Search service application, it is automatically paused. To resume the Search service
application when the restore has completed you need to use PowerShell:
Verify that you are a member of the Administrators group on the server on which you are running the
PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server
cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<SearchServiceApplicationName> is the name the service application you want to resume.
NOTE
Index files are restored to one replica per index partition. After the restore has completed, the index for each replica is
replicated to the other index replicas. During this process the search topology is fully functional for crawling and queries,
but is not fault tolerant. Depending on the size of the farm and the index, the process can take several hours. The index
replicas appear as degraded in the Search Administration UI and in the output of the Get-SPEnterpriseSearchStatus
Microsoft PowerShell cmdlet during the process.
Use SQL Server tools to restore the databases for a Search service
application
You cannot restore the complete SharePoint Search service application by using SQL Server tools. However, you
can use SQL Server tools to restore the databases that are associated with the service application. To restore the
complete Search service application, use either PowerShell or Central Administration.
To restore the databases for a Search service application by using SQL Server tools
1. Verify that the user account that you are using to restore the databases is a member of the SQL Server
sysadmin fixed server role on the database server where each database is stored.
2. Open SQL Server Management Studio and connect to the database server.
3. In Object Explorer, expand Databases.
4. Right-click the database that you want to restore, point to Tasks, point to Restore, and then click
Database.
5. In the Restore Database dialog box, on the General page, select the database to restore to from the To
database drop-down list.
6. Select the restore source from the From database drop-down list.
7. In the Select the backup sets to restore section area, select the check box next to the database.
8. On the Options tab, select the recovery state from the Recover state section.
For more information about which recovery type to use, see Recovery Models (SQL Server) .
9. Click OK to restore the database.
10. Repeat steps 1-9 for each database that is associated with the service application.
See also
Concepts
Back up Search service applications in SharePoint Server
Restore Secure Store Service applications in
SharePoint Server
6/7/2019 • 4 minutes to read • Edit Online
NOTE
If the correct backup job does not appear, in the Backup Directory Location text box, type the path of the correct
backup folder, and then click Refresh. You cannot use a configuration-only backup to restore the Secure Store
Service.
5. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, expand Shared Services
Applications and select the check box that is next to the Secure Store Service application backup group,
and then click Next.
6. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component
section, make sure that Farm\Shared Services\Shared Services Applications\<Secure Store Service
name> appears in the Restore the following component list.
In the Restore Options section, under Type of restore, select the Same configuration option. A dialog
box will appear that asks you to confirm the operation. Click OK.
Click Start Restore.
7. You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current recovery job in the lower part of the page in
the Restore section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take a
several seconds for the recovery to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Sprestore.log file at the path that you specified in step
3.
8. After the restore operation has successfully completed, you must refresh the passphrase.
9. In Central Administration, on the home page, in the Application Management section, click Manage
service applications.
10. On the Service Applications page, click the Secure Store Service name. You might receive an error that says
"Unable to obtain master key."
11. On the Secure Store Service page, on the ribbon, click Refresh Key.
12. In the Refresh Key dialog box, type the passphrase in the Pass Phrase box, and then click OK.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolder> is the path for the backup folder where the service application was backed up.
<SecureStoreServicename> is the name of the Secure Store Service application.
If you have multiple backups use the BackupId parameter to specify which backup to use. To view all of the
backups for the farm, type the following command at the PowerShell command prompt:
NOTE
If you do not specify a value for the BackupId parameter, the most recent backup will be used. You cannot restore
the Secure Store Service from a configuration-only backup.
4. After the restore operation has successfully completed, you must refresh the passphrase. At the PowerShell
command prompt, type the following command:
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Back up the Secure Store Service in SharePoint Server
Restore content databases in SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolder> is the name and path for the backup folder where the service application was
backed up.
<ContentDatabase> is the name of the content database.
If you do not use the BackupId parameter, the most recent backup will be used. To view all of the backups
for the farm, type the following command at the PowerShell command prompt:
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
NOTE
If the correct backup job does not appear, in the Current Directory Location text box, enter the path of the correct
backup folder, and then click Refresh.
5. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is
next to the content database, and then click Next.
NOTE
If the content database is not selectable, you must use PowerShell or SQL Server tools to restore the content
database.
6. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Options section,
under Type of Restore, click the Same configuration option. A dialog box appears that asks you to
confirm the operation. Click OK.
Click Start Restore.
7. You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current recovery job in the lower part of the page in
the Restore section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the recovery to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified
in step 2.
NOTE
For more information about these recovery options, see Restore Database (Options Page).
See also
Concepts
Back up content databases in SharePoint Server
Attach and restore read-only content databases in
SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<DatabaseName> is name of the read-only database.
<WebApplicationID> is ID assigned to the read-only database.
NOTE
Attaching a content database by using the Mount-SPContentDatabase cmdlet differs from attaching a database in
SQL Server by using SQL Server tools. Mount-SPContentDatabase associates the content database with a Web
application so that the contents can be read.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Overview of backup and recovery in SharePoint Server
Restore content from unattached content databases
in SharePoint Server
6/7/2019 • 3 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions.
For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<DatabaseName> is the name of the unattached database from which you want to recover content.
<DatabaseServer> is the name of the database server that hosts the unattached database from
which you want to recover content.
For more information, see Get-SPContentDatabase.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Prepare to back up and restore farms in SharePoint Server
Attach or detach content databases in SharePoint Server
Restore customizations in SharePoint Server
6/7/2019 • 7 minutes to read • Edit Online
NOTE
If the correct backup job does not appear, in the Backup Directory Location text box, type the Universal Naming
Convention (UNC) path of the correct backup folder, and then click Refresh.
5. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is
next to the solution, and then click Next.
6. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component
section, make sure that Solution appears in the Restore the following component list.
In the Restore Only Configuration Settings section, make sure that the Restore content and
configuration settings option is selected.
In the Restore Options section, under Type of Restore, select the Same configuration option. A dialog
box appears that asks you to confirm the operation. Click OK.
Click Start Restore.
7. You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in
the Readiness section. You can view the status for the current recovery job in the lower part of the page in
the Restore section. The status page updates every 30 seconds automatically. You can manually update the
status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take
several seconds for the recovery to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore
Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified
in step 3.
To restore a trusted solution by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint
Server cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<BackupFolder> is the UNC location of the directory that you want to restore from.
<GUID> is the GUID of the backup ID that you want to restore from. If you do not specify a backup,
the most recent one is used.
<SolutionPath> is the path of the solution within the backup tree (usually farm\solutions\
SolutionName).
For more information, see Restore-SPFarm.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
LOCATION DESCRIPTION
See also
Concepts
Back up customizations in SharePoint Server
Restore farms in SharePoint Server
Restore farm configurations in SharePoint Server
Restore web applications in SharePoint Server
Restore content databases in SharePoint Server
Restore site collections in SharePoint Server
Restore site collections in SharePoint Server
6/7/2019 • 2 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<SiteCollectionURL> is URL for the site collection you want to restore.
<DatabaseServerName> is name of the database server where the site collection resides.
<ContentDatabaseName> is the name of the content database.
If you want to restore the site collection to a specific content database, use the DatabaseServer and
DatabaseName parameters to specify the content database. If you do not specify a content database, the site
collection will be restored to a content database chosen by SharePoint Server.
If you are restoring a host-named site collection, use the Identity parameter to specify the URL of the
host-named site collection and use the HostHeader parameter to specify the URL of the Web application
that will hold the host-named site collection.
If you want to overwrite an existing site collection, use the Force parameter.
NOTE
If the site collection that you are restoring is 1 gigabyte or larger, you can use the GradualDelete parameter for
better performance during the restore process. When this parameter is used, the site collection that is overwritten is
marked as deleted, which immediately prevents any additional access to its content. The data in the marked site
collection is then deleted gradually over time by a timer job instead of all at the same time, which reduces the
impact on server performance.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Back up site collections in SharePoint Server
Restore apps for SharePoint in SharePoint Server
6/7/2019 • 5 minutes to read • Edit Online
Any apps for SharePoint that contain remote components that are present on the backup copy of a site collection
could cause problems. This is because two copies of the app for SharePoint are accessing the remote connection
and can cause information disclosure or data loss. For example, when a site collection in a production environment
is copied by a backup for a development purpose, this could unintentionally grant developers access to production
data in remote sites if the app for SharePoint is not designed correctly.
To restore a site collection by using PowerShell
1. Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint
Server cmdlets.
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<SiteCollectionURL> is URL for the site collection you want to restore.
<DatabaseServerName> is name of the database server where the site collection resides.
<ContentDatabaseName> is the name of the content database.
If you want to restore the site collection to a specific content database, use the DatabaseServer and
DatabaseName parameters to specify the content database. If you do not specify a content database, the site
collection will be restored to a content database chosen by SharePoint Server.
If you are restoring a host-named site collection, use the Identity parameter to specify the URL of the
host-named site collection and use the HostHeader parameter to specify the URL of the web application
that will hold the host-named site collection.
If you want to overwrite an existing site collection, use the Force parameter.
NOTE
If the site collection that you are restoring is 1 gigabyte or larger, you can use the GradualDelete parameter for
better performance during the restore process. When this parameter is used, the site collection that is overwritten is
marked as deleted, which immediately prevents any additional access to its content. The data in the marked site
collection is then deleted gradually over time by a timer job instead of all at the same time, which reduces the effect
on server performance.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Back up apps for SharePoint in SharePoint Server
Restore content databases in SharePoint Server
Restore site collections in SharePoint Server
Import a list or document library in SharePoint
Server
6/7/2019 • 3 minutes to read • Edit Online
NOTE
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request
permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Where:
<SiteURL> is the URL for the site that you are importing to.
<ImportFileName> is the name of the file that you are exporting from.
IMPORTANT
The site or subsite that you are importing must have a template that matches the template of the site specified by
Identity .
You can also use the Get-SPWeb cmdlet and pass the ID to Import-SPWeb by using the PowerShell pipeline.
The value of the Path parameter specifies the path and file name of the file from which to import the list or
library. To include the user security settings with the list or document library, use the IncludeUserSecurity
parameter. To overwrite the list or library that you specified, use the Force parameter. You can use the
UpdateVersions parameter to specify how versioning conflicts will be handled. To view the progress of the
operation, use the Verbose parameter.
The NoFileCompression parameter lets you specify that no file compression is performed during the import
process. Using this parameter can lower resource usage up to 30% during the export and import process. If
you are importing a site, list, or document library that you exported from Central Administration, or if you
exported a site, list, or document library by using PowerShell and you did not use the NoFileCompression
parameter in the Export-SPWeb cmdlet, you cannot use this parameter in the Import-SPWeb cmdlet.
NOTE
There is no facility in the Import-SPWeb cmdlet to import a subset of the items within the export file. Therefore, the
import operation will import everything from the file.
NOTE
We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm
command-line tool has been deprecated, but is included to support compatibility with previous product versions.
See also
Concepts
Export sites, lists, or document libraries in SharePoint Server
Backup and restore best practices in SharePoint
Server
6/7/2019 • 10 minutes to read • Edit Online
NOTE
If you cannot back up to local drives, use network drives with similar latency. Because network backups are subject to network
errors, verify the backup action after it finishes. For more information, see "Backing Up to a File on a Network Share" in
Backup Devices (SQL Server).
To avoid I/O bottlenecks, perform the main backup to a separate disk from the disk running SQL Servers 2017
RTM, 2016, 2014, 2012, or 2008 R2 with Service Pack 1 (SP1). For more information, see Define a Logical Backup
Device for a Disk File (SQL Server).
By design, most backup jobs consume all available I/O resources to complete the job. Therefore, you might see
disk queuing, which can result in greater than usual latency for I/O requests. This is typical and should not be
considered a problem. For more information, see Monitor Disk Usage.
Avoid processing conflicts
Do not run backup jobs during times when users need access to the system. Typically, systems run 24 hours a day,
seven days a week. A best practice is to always run incremental backups to safeguard against server failure.
Consider staggering backups so that all databases are not backed up at the same time.
Keep databases small for faster recovery times
Keep databases small to speed both backup and restore. For example, use multiple content databases for a web
application instead of one large content database. For more information, see Database types and descriptions in
SharePoint Server.
For a graphical overview of the databases that support SharePoint Server 2016, see Quick reference guide:
SharePoint Server 2016 databases.
Use incremental backups for large databases
Use incremental backups for large databases because you can make them quickly and maintain performance of the
environment. Although you can restore full backups faster than incremental backups, continuous incremental
backups minimize data loss. For more information about types of backups, see Backup Overview (SQL Server).
Use compression during backup
In some circumstances, you can use compression to decrease the size of backups and the time to complete each
backup. Backup compression was introduced in SQL Server 2008 Enterprise. Backup compression increases CPU
usage and this can affect SQL Server concurrent operations.
IMPORTANT
SharePoint Server supports SQL Server backup compression. SQL Server data compression is not supported for SharePoint
Server databases.
For more information about how backup compression affects performance in SQL Server, see Backup
Compression (SQL Server).
Follow SQL Server backup and restore optimization recommendations
SQL Server backups use a combination of full, differential, and transaction log backups (for the full or bulk-logged
recovery model) to minimize recovery time. Differential database backups are usually faster to create than full
database backups and reduce the number of transaction logs required to recover the database.
If you are using the full recovery model, we recommend that you periodically truncate the transaction log files to
avoid maintenance issues.
For detailed recommendations about how to optimize SQL Server backup and restore performance, see
Optimizing Backup and Restore Performance in SQL Server.
Use RAID 10 if you use RAID
Carefully consider whether to use redundant array of independent disks (RAID ) on the device to which you back up
data. For example, RAID 5 has slow write performance, approximately the same speed as for a single disk. This is
because RAID 5 has to maintain parity information. RAID 10 can provide faster backups because it doesn't need to
manage parity. Therefore, it reads and writes data faster. For more information about how to use RAID with
backups, see Configure RAID for maximum SQL Server I/O throughput and RAID Levels and SQL Server.
Configure SharePoint settings to improve backup or restore performance
You can only configure file compression and log file settings in PowerShell. You can configure backup and restore
threads in both the SharePoint Central Administration website and PowerShell to increase backup or restore
efficiency and performance.
If you use the Export-SPWeb PowerShell cmdlet, you can use the NoFileCompression parameter. By default,
SharePoint Server uses file compression while exporting web applications, site collection, lists, or document
libraries. You can use this parameter to suppress file compression while exporting and importing. File compression
can use up to 30% more resources. However, the exported file uses approximately 25% less disk space. If you use
the NoFileCompression parameter when you export, you have to also use it when you import the same content.
You can also use the NoLogFile parameter. By default, SharePoint Server always creates a log file when you export
content. Although you can use this parameter to suppress log file creation to save resources, we recommend that
you always create logs. Logs are important for troubleshooting and log creation does not use many resources such
as CPU or memory.
When you use the Backup-SPFarm cmdlet, you can also use the BackupThreads parameter to specify how many
threads SharePoint Server will use during the backup process. A higher number of threads will consume more
resources during backup. But the overall time to make the backup is decreased. Because each thread is recorded in
the log files, the number of threads does affect log file interpretation. By default, three threads are used. The
maximum number of available threads is 10.
NOTE
The backup threads setting is also available through Central Administration on the Default Backup and Restore Settings
page in the Backup and Restore section.
Consider site collection size when you determine the tools to use
If the business requires site collection backups in addition to farm-level or database-level backups, choose a backup
tool that is based on the size of the site collection.
15-100 GB: Usethe Backup-SPSite , a SharePoint Server tool, a SQL Server tool, or other database backup
tool to protect the content database that contains the site collection. For more information, see Back up site
collections in SharePoint Server.
Larger than 100 GB: Use a differential backup solution, such as SQL Server or System Center Data
Protection Manager R2, instead of the built-in backup and recovery tools.
NOTE
SharePoint Server 2019 supports the FILESTREAM provider that is included with SQL Server 2017. SharePoint Server 2016
supports the FILESTREAM provider that is included with SQL Server 2014. For more information, see Enable and Configure
FILESTREAM.
NOTE
SharePoint Server 2013 supports the FILESTREAM provider that is included in the Microsoft® SQL Server® 2008 R2 Feature
Pack. The SQL Server 2012 and SQL Server 2014 installation media includes RBS as an optional add-on component.
See also
Concepts
Overview of backup and recovery in SharePoint Server
Plan for backup and recovery in SharePoint Server
Prepare to back up and restore farms in SharePoint Server
Other Resources
Transparent Data Encryption
High availability and disaster recovery concepts in
SharePoint Server
6/7/2019 • 10 minutes to read • Edit Online
Quantifying downtime
When downtime does occur, either planned, or unplanned, the primary business goal is to bring the system back
online and minimize data loss. Every minute of downtime has direct and indirect costs. With unplanned
downtime, you must balance the time and effort needed to determine why the outage occurred, what the current
system state is, and what steps are needed to recover from the outage.
At a predetermined point in any outage, you should make or seek the business decision to stop investigating the
outage or performing maintenance tasks, recover from the outage by bringing the system back online, and if
needed, reestablish fault tolerance.
Recovery objectives
Data redundancy is a key component of a high availability database solution. Transactional activity on your
primary SQL Server instance is synchronously or asynchronously applied to one or more secondary instances.
When an outage occurs, transactions that were in flight may be rolled back, or they may be lost on the secondary
instances due to delays in data propagation.
You can both measure the impact, and set recovery goals in terms of how long it takes to get back in business,
and how much time latency there is in the last transaction recovered:
Recovery Time Objective (RTO ). This is the duration of the outage. The initial goal is to get the system
back online in at least a read-only capacity to facilitate investigation of the failure. However, the primary
goal is to restore full service to the point that new transactions can take place.
Recovery Point Objective (RPO ). This is often referred to as a measure of acceptable data loss. It is the
time gap or latency between the last committed data transaction before the failure and the most recent
data recovered after the failure. The actual data loss can vary depending upon the workload on the system
at the time of the failure, the type of failure, and the type of high availability solution used.
NOTE
A related objective is Recovery level objective (RLO). This objective defines the granularity with which you must
be able to recover data — whether you must be able to recover the whole farm, Web application, site collection, site,
list or library, or item. For more information, see Plan for backup and recovery in SharePoint Server.
You should use RTO and RPO values as goals that indicate business tolerance for downtime and acceptable data
loss, and as metrics for monitoring availability health.
Justifying ROI or opportunity cost
The business costs of downtime may be either financial or in the form of customer goodwill. These costs may
accrue with time, or they may be incurred at a certain point in the outage window. In addition to projecting the
cost of incurring an outage with a given recovery time and data recovery point, you can also calculate the
business process and infrastructure investments needed to attain your RTO and RPO goals or to avoid the outage
all together. These investment themes should include:
Avoiding downtime. Outage recovery costs are avoided all together if an outage doesn't occur in the first
place. Investments include the cost of fault-tolerant and redundant hardware or infrastructure, distributing
workloads across isolated points of failure, and planned downtime for preventive maintenance.
Automating recovery. If a system failure occurs, you can greatly mitigate the impact of downtime on the
customer experience through automatic and transparent recovery.
Resource utilization. Secondary or standby infrastructure can sit idle, awaiting an outage. It also can be
leveraged for read-only workloads, or to improve overall system performance by distributing workloads
across all available hardware.
For given RTO and RPO goals, the needed availability and recovery investments, combined with the projected
costs of downtime, can be expressed and justified as a function of time. During an actual outage, this allows you
to make cost-based decisions based on the elapsed downtime.
Monitoring availability health
From an operational point of view, during an actual outage, you should not attempt to consider all relevant
variables and calculate ROI or opportunity costs in real time. Instead, you should monitor data latency on your
standby instances as a proxy for expected RPO.
In the event of an outage, you should also limit the initial time spent investigating the root cause during the
outage, and instead focus on validating the health of your recovery environment, and then rely upon detailed
system logs and secondary copies of data for subsequent forensic analysis.
Planning for disaster recovery
While high availability efforts entail what you do to prevent an outage, disaster recovery efforts address what is
done to re-establish high availability after the outage.
As much as possible, disaster recovery procedures and responsibilities should be formulated before an actual
outage occurs. Based upon active monitoring and alerts, the decision to initiate an automated or manual failover
and recovery plan should be tied to pre-established RTO and RPO thresholds. The scope of a sound disaster
recovery plan should include:
Granularity of failure and recovery. Depending upon the location and type of failure, you can take
corrective action at different levels; that is, data center, infrastructure, platform, application, or workload.
Investigative source material. Baseline and recent monitoring history, system alerts, event logs, and
diagnostic queries should all be readily accessible by appropriate parties.
Coordination of dependencies. Within the application stack, and across stakeholders, what are the
system and business dependencies?
Decision tree. A predetermined, repeatable, validated decision tree that includes role responsibilities, fault
triage, failover criteria in terms of RPO and RTO goals, and prescribed recovery steps.
Validation. After taking steps to recover from the outage, what must be done to verify that the system has
returned to normal operations?
Documentation. Capture all of the above items in a set of documentation, with sufficient detail and clarity
so that a third party team can execute the recovery plan with minimal assistance. This type of
documentation is commonly called a 'run book' or a 'cook book'.
Recovery rehearsals. Regularly exercise the disaster recovery plan to establish baseline expectations for
RTO goals, and consider regular rotation of hosting the primary production site on the primary and each
of the disaster recovery sites.
See also
Concepts
Choose a disaster recovery strategy for SharePoint Server
Other Resources
What workloads can you protect with Azure Site Recovery?
Replicate a multi-tier SharePoint application for disaster recovery using Azure Site Recovery
Choose a disaster recovery strategy for SharePoint
Server
6/7/2019 • 8 minutes to read • Edit Online
Introduction
An effective disaster recovery strategy for a SharePoint Server farm must be sufficient to meet your
organization's business requirements, which are typically expressed by using two measures: Recovery Time
Objective (RTO ) and Recovery Point Objective (RPO ). RTO and RPO requirements are derived by determining the
downtime cost to the organization if a disaster happens.
IMPORTANT
As a best practice we recommend that you clearly identify and quantify your organization's RTO and RPO before you
develop a recovery strategy and implement a technical solution. Focus on what is required, not how to do it.
Downtime costs vary significantly between and within industries, especially due to the different effects of
downtime. Business size is the most obvious factor. However, it is not the only one. Setting a measure means
establishing the nature and implications of the failure. Reduced to the simplest level, a failure of a critical
application could lead to the following types of losses:
Loss of the application service. The effect of downtime varies with the application and the business.
Loss of data. The potential loss of data due to a system outage can have significant legal and financial
impact.
Most organizations will incur a downtime cost from both of the previous types of loss but the nature of the
business will determine which type of loss has the biggest effect. The following article, written by Chris
Preimesberger at eWEEK, highlights the financial effect of data center downtime. Unplanned IT Downtime Can
Cost $5K Per Minute: Report.
In most scenarios, SharePoint products is one of several applications that must be recovered in the event of a data
center shutdown that qualifies as a disaster. For this reason we have not included information about disaster
recovery planning but focus on options for making sure that you can recover your SharePoint Server farm at
another location.
Regardless of the type and scale of a disaster, recovery involves the use of a standby data center that you can
recover the farm to.
Standby data center recovery options
Standby data centers are required for scenarios where local redundant systems and backups cannot recover from
the outage at the primary data center. The time and immediate effort to get a replacement farm up and running in
a different location is often known as a hot, warm, or cold standby. Our definitions for these farm recovery data
centers are as follows:
Cold standby. A secondary data center that can provide availability within hours or days.
Warm standby. A secondary data center that can provide availability within minutes or hours.
Hot standby. A secondary data center that can provide availability within seconds or minutes.
Each of these standby data centers has specific characteristics and requirements, and also an associated cost to
operate and maintain.
Cold standby disaster recovery strategy: A business ships backups to support bare metal recovery to local
and regional offsite storage regularly, and has contracts in place for emergency server rentals in another
region.
Pros: Often the cheapest option to maintain, operationally. Often an expensive option to recover, because it
requires that physical servers be configured correctly after a disaster has occurred.
Cons: The slowest option to recover.
Warm standby disaster recovery strategy with Azure Site Recovery.
Pros: Often fairly inexpensive to recover, because a virtual server farm can require little configuration upon
recovery.
Cons: Can be very expensive and time-consuming to maintain.
Hot standby disaster recovery strategy: A business runs multiple data centers, but serves content and
services through only one data center.
Pros: Often fairly fast to recover.
Cons: Can be very expensive to configure and maintain.
IMPORTANT
No matter which of the previous disaster recovery solutions that you decide to apply, there is likely going to be some data
loss.
TIP
There is consistency between the two farms and to reduce the possibility of error we recommend that you use
scripted deployment to create the primary and failover farm by using the same configuration settings and
customizations.
Operating system, SQL Server and SharePoint Server software updates must be applied to both farms, to
maintain a consistent configuration across both farms.
You can copy SharePoint Server content databases to the failover farm by using asynchronous mirroring,
asynchronous commit on an availability group replica, or log-shipping.
NOTE
SQL Server mirroring can only be used to copy databases to a single mirror server, but you can log-ship to multiple
secondary servers.
The SQL Server database mirroring feature will be removed in future versions. We recommend that you
avoid using this feature in new deployments. Plan to change applications that currently use this feature.
Use AlwaysOn Availability Groups instead.
Service applications vary in whether they can be log-shipped to a farm. For more information, see Service
application redundancy later in this article.
The hot standby farm topology can be repeated across more than one data center, as long as you configure SQL
Server log shipping to one or more additional data centers.
IMPORTANT
Available network bandwidth and latency are major considerations when you are using a failover approach for disaster
recovery. We recommend that you consult with your SAN vendor to determine whether you can use SAN replication for
SQL databases or another supported mechanism to provide the hot standby level of availability across data centers. Note
that using SAN replication for SharePoint servers is not supported.
See also
Concepts
High availability and disaster recovery concepts in SharePoint Server
Other Resources
What workloads can you protect with Azure Site Recovery?
Replicate a multi-tier SharePoint application for disaster recovery using Azure Site Recovery
Plan for SQL Server Always On and Microsoft Azure
for SharePoint Server Disaster Recovery
6/7/2019 • 41 minutes to read • Edit Online
NOTE
The references and instructions for SharePoint Server 2016 in this article also apply to SharePoint Server 2019.
NOTE
A related objective is Recovery Level Objective (RLO). This objective defines the granularity with which you must be able to
recover data—whether you must be able to recover the whole farm, web application, site collection, site, list or library, or
item. For more information, see Plan for backup and recovery in SharePoint Server.
The cost of a disaster recovery solution is tied to these objectives—the reality is that better RTO and RPO cost
more. The objective and cost level also determine the recovery environment you choose. The industry terminology
for three basic disaster recovery environments are: Cold Standby, Warm Standby, and Hot Standby. There are
variations of course, depending on the business sector.
For more information about disaster recovery solutions, see High availability and disaster recovery concepts in
SharePoint Server and Choose a disaster recovery strategy for SharePoint Server.
This article provides a framework that you can use to deploy a hybrid disaster recovery solution for SharePoint
Server.
What's not in this article
The following topics are out of scope for this article:
Creating a business continuity and associated disaster recovery plan.
Service level requirements for RTO and RPO.
Cost assessment based on service level requirements.
Detailed steps for the following:
Configuring a Windows Server Failover Cluster (WSFC ) cluster
Provisioning an Azure environment (storage accounts, virtual networks, cloud services, availability
sets, and virtual machines)
Configuring a VPN tunnel from on-premises farm to Azure recovery environment
NOTE
All the diagram labels are based on the naming convention we used to build out and test this disaster recovery scenario.
They provide reference points for the article.
NOTE
There are cases where synchronous commit to a replica in a recovery environment have been tested and
implemented because throughput is the same as using asynchronous commit to the recovery replica. However, this is
not broadly accepted or recommended.
Each farm has its own service applications that have synchronized databases between the two
environments. Because read-only databases are used for service applications in the disaster recovery farm,
service applications do not need to be re-provisioned when the production farm fails over.
Search crawling with Read-Only databases in the disaster recovery instance. If this is required you need to
configure a separate Search Service Application for the recovery farm. For more information, see Supported
high availability and disaster recovery options for SharePoint databases.
TIP
Use automation wherever and whenever possible. Scripted deployment and configuration ensures configuration consistency
and reduces errors caused by typing commands or navigating through the user interface to configure the farm.
COMPONENT SETTINGS
COMPONENT SETTINGS
Lock pages in memory Grant the SQL Server service account permissions to lock
pages in memory. For more information, see Enable the Lock
Pages in Memory Option (Windows) and Server Memory
Server Configuration Options.
Disable Auto-create statistics Do not enable auto-create statistics on SQL Server. This is not
supported for SharePoint Server. For more information, see
Best practices for SQL Server in a SharePoint Server farm.
Set Max Degree of Parallelism Set the max degree of parallelism (MAXDOP) to 1 in SQL
Server instances that host SharePoint Server databases.
Note: SharePoint Server installation on SQL Server will fail by
design unless the installer account has permission to change
it.
For more information, see Best practices for SQL Server in a
SharePoint Server farm.
Trace Flags Add the trace flags 1222 (return resources and types of locks
participating in a deadlock) and 3226 (suppress log backup
entries in the SQL error log).
DBCC TRACEON (1222,-1)
DBCC TRACEON (3226,-1)
SQLAgent Job History Make sure that SQLAgent has these settings,
(Jobhistory_max_rows = 50000 and
Jobhistory_max_rows_per_job = 10000).
Minimum memory Min Memory = 512 Mb. (However, this is based on our test
configuration and may not apply to your SQL Server
installation so you should calculate your requirement.) For
more information, see Server Memory Server Configuration
Options and Configure the min memory per query Server
Configuration Option.
Maximum memory Set the maximum memory limit for SQL Server based on the
following formula:
Total Server RAM (GB) - 4 GB = [max server memory]
For more information, see Server Memory Server
Configuration Options.
COMPONENT SETTINGS
DNS aliases We recommend that you create DNS aliases for all SQL Server
instances. This helps to simplify maintenance, such as to make
it easier to move databases to another server. For example,
the SharePoint farm in the Azure disaster recovery datacenter,
connects directly to the SQL Server instance names. You
should create a DNS alias rather than configure the farm with
the instance names directly.
Note: The client alias and DNS alias should match to ensure
clients which don't use SQL client aliases can also contact SQL
servers.
For more information, see Best practices for SQL Server in a
SharePoint Server farm.
SYNCHRONOUS-COMMIT SYNCHRONOUS-COMMIT
MODE WITH AUTOMATIC- MODE WITH MANUAL- ASYNCHRONOUS-COMMIT
FAILOVER TYPE FAILOVER MODE FAILOVER MODE MODE
Usage Yes No
Windows Server 2012 R2 and Windows Server 2016 failover Windows Server 2012 R2 or Windows Server 2016 on each
clustering farm server configured according to best practices (Windows
Server and SharePoint Server). For more information, see
Windows Server Failover Clustering (WSFC) with SQL Server.
Every server that will be a cluster node must have the Failover
Cluster feature and the Failover Cluster Management MMC
installed.
A file share for the WSFC Quorum. As a best practice this
should be configured in a third site that can be accessed by
the on-premises site and the recovery site.
Document and stick to a consistent naming convention for the
cluster.
SQL Server database configuration and Always On Availability SQL Server 2014 or SQL Server 2016 configured according to
Groups SharePoint requirements and the best practices identified in
"Dependencies, prerequisites and best practices".
Databases use full recovery model. For more information, see
Recovery Models (SQL Server).
SQL Server instance names. (We used the Default instance
name, which is supported in this design across all the cluster
nodes).
The same file paths for the database and log file locations for
each SQL Server instance. We used the following drive layouts,
(System (L:) for SQL databases and SharePoint databases),
(User (S:) for tempdb databases and log files), and (Local disk
(T:) for SharePoint SQL backups).
Document and stick to a consistent naming convention for the
Availability Groups, the replicas, and the listeners.
Microsoft Azure gateway server A server in Azure that provides the endpoint for the VPN
gateway connection from the on-premises farm. It is
configured with the Active Directory Domain Services (AD DS)
and DNS Services roles and is designated as a global catalog
server for the test domain (corp.adventureworks.com).
When there is a disaster this server can become the primary
domain controller.
The next table provides more information about the steps in Build phase 1.
1. Configure a two-node WSFC cluster Use the Windows Server article, Create a Failover Cluster to
create a two-node cluster. For Windows Server 2016
information, see Failover Clustering in Windows Server 2016.
2. Configure a file share witness The preferred configuration for WSFC in a SharePoint
environment is to use a file share witness and a node majority.
Both cluster nodes in the on-premises farm have a quorum
vote. The cluster node in the recovery farm doesn't have a
vote.
For more information, see Configure and Manage the Quorum
in a Windows Server 2012 Failover Cluster. For Windows
Server 2016, see Deploy a Cloud Witness for a Failover
Cluster.
Use the following Microsoft PowerShell cmdlet to configure a
file share and node majority Quorum:
Set-ClusterQuorum -NodeAndFileShareMajority
"\\fileserver\share"
Use the following PowerShell cmdlet to assign votes:
(Get-ClusterNode {CLUSTERNODENAME}).NodeWeight=1
Use the following PowerShell syntax to configure a Cloud
Witness:
Set-ClusterQuorum -CloudWitness -AccountName
<StorageAccountName> -AccessKey
<StorageAccountAccessKey>
3. Install SQL Server on each Windows cluster node Install SQL Server on both Windows Server cluster nodes.
Note the following:
Do not run the SQL Server setup program for a failover
cluster. These nodes are not part of a SQL Failover Cluster
Instance (FCI) Cluster.
Make sure that the SQL Server data paths are exactly the
same for each instance.
For more information, see Install SQL Server 2014 from the
Installation Wizard (Setup) or Install SQL Server 2014 from the
Command Prompt. Also, see Install SQL Server from the
Installation Wizard (Setup).
STEP NOTES AND GUIDANCE
4. Enable SQL Server Always On Use the guidance in Enable and Disable AlwaysOn Availability
Groups (SQL Server) to enable Always On. Use theSQL
Server2016 guidance in Enable and Disable Always On
Availability Groups (SQL Server).
The database grouping section after this table shows how you
can logically group SharePoint databases and map them to
different availability groups to meet your disaster recovery
requirements as well as your high availability requirements.
5. Configure farm account security Configure the appropriate permissions in each SQL Server
instance for the SharePoint setup user administrator account.
This account must be a member of the db_owner role and
assigned to the securityadmin and dbcreator SQL Server
security roles during setup and configuration.
For more information, see Configure SQL Server security for
SharePoint Server and Account permissions and security
settings in SharePoint Server 2016.
6. Create availability groups, Always On Endpoints, and Create the availability groups for synchronous-commit mode
Availability Group Listeners for high availability. (It is common practice to configure the
availability groups logically for the logical failover of
databases). After you create the Always On Endpoints, create
Availability Group listeners to enable client connectivity to
each availability group.
Note: You can create the availability groups with temporary
database names so SharePoint can use the listeners when the
farm is configured. This is so the database connection strings
point to the appropriate DNS entries created by the listeners.
This saves you having to reconfigure the listeners later.
For more information, see Configure SQL Server AlwaysOn
Availability Groups for SharePoint Server.
For information, see Create a Database Mirroring Endpoint for
AlwaysOn Availability Groups (SQL Server PowerShell). For
SQL Server 2016 information, see Database Mirroring -
Always On Availability Groups- PowerShell.
For information, see Availability Group Listeners, Client
Connectivity, and Application Failover (SQL Server). For SQL
Server 2016 information, see Listeners, Client Connectivity,
Application Failover.
Note: If you create the Availability Group Listeners using SQL
Server Management Studio, you have to add an IP address for
the disaster recovery subnet for each listener. This is not
required if you provision Availability Group Listeners using the
SQL Server New-SqlAvailabilityGroupListener PowerShell
cmdlet. The recovery farm will reference the SQL instances
through DNS host (A) entries and not the Availability Group
listeners. For more information, see New-
SqlAvailabilityGroupListener.
AG_SPSearch Search Admin, Search Crawl, Search Link, and Search Analytics
Reporting
(1) These names are only examples. You can use your own naming convention.
(2) The Usage database can be created independently on each SQL Server instance in the cluster. In addition to
storing transient data, it also has very high transactions, which is another reason not to place it in an availability
group. You can utilize the Set-SPUsageApplication cmdlet to create the database in the secondary SQL instance.
Then use the Set-SPUsageApplication cmdlet with the -FailoverDatabaseServer option to specify the secondary
SQL instance in the highly available environment.
The next table describes our test configuration at the end of Build phase 1.
SP-SQL-HA1, SP-SQL-HA2 These servers are configured as two nodes in our WSFC
cluster (SPDRCluster), each with one vote. Host the farm
databases, configured with Always On Availability Groups. SP-
SQL-HA1 has the primary replica role and SP-SQL-HA2 has
the secondary replica role. These availability groups and
listeners are configured: Availability groups = PROD-AG1,
PROD-AG2, PROD-AG3, PROD-AG4; Listeners = SQL-PROD-
AG1, SQL-PROD-AG2, SQL-PROD-AG3, SQL-PROD-AG4
Build phase 2
The next table provides more information about the steps in Build phase 2.
1. Create build scripts We recommend that you develop a set of build scripts to
install SharePoint Server 2016. These scripts can also be used
to build out the recovery farm (and future SharePoint farms).
Because the recovery farm will have service applications that
are identical to those in the on-premises farm, it's a best
practice to use identical service application and database
names. Scripting reduces configuration errors and ensures
consistency in farm configuration.
Note: Service applications reference their databases by the
database name, unlike the Content databases, which also have
a database ID that's stored in the SharePoint configuration
database.
There are several examples of scripted SharePoint installations
that you might be able to leverage in your environment. For
example, SharePointDsc or AutoSPInstaller is an end-to-end
open source program available at Codeplex.
Ensure that the farm configuration database, the content
databases, and service application databases point to the DNS
alias of the SQL Server instance that you use. The SharePoint
Server 2016 databases will be created with a connection string
mapped to the SQL Server instance. Later they will be moved
to availability groups using SharePoint Server PowerShell
cmdlets.
After you create the farm configuration databases, we
recommend scripting the following common tasks:
Join a SharePoint Server to the farm by using the
Join-SharePointFarm cmdlet
Register Managed Accounts by using the
New-SPManagedAccount cmdlet
Create Web Applications
Create Site Collections
Create Service Applications
Set the SharePoint App domain and Prefix
2. Install prerequisites and binaries For more information, see Install prerequisites for SharePoint
Server from a network share.
3. Configure Farm SMTP Settings, Web Apps, and Site Use the New-SPWebApplication cmdlet to create Web
Collections Applications and use the New-SPSite cmdlet to create Site
Collections.
4. Configure Service Applications Use the Service Application cmdlets in Index of Windows
PowerShell cmdlets for SharePoint Server 2016 to configure
service applications.
STEP NOTES AND GUIDANCE
5. Add the on-premises production farm databases to When you finish configuring the farm, add the farm databases
availability groups and synchronize the replicas to the appropriate availability groups. Use these PowerShell
cmdlets to add the databases and verify that they've been
added to the availability group you specify,
Add-DatabasetoAvailabilityGroup and
Get-AvailabilityGroupStatus
Important: Make sure that you enable the full recovery
model on all databases that are to be added to an availability
group before you add them.
After you add the farm configuration database to an
availability group you must restart all the servers in the farm
to ensure farm stability.
Synchronize the availability group replicas. For more
information, see Select Initial Data Synchronization Page
(AlwaysOn Availability Group Wizards).
Build phase 3
The next table provides more information about the steps in Build phase 3.
1. Add two nodes to the Azure disaster recovery datacenter Configure these settings on the server that will be the new
which will stretch the on-premises WSFC cluster cluster node; Install the Windows Failover clustering feature,
test the cluster, and then remove the quorum vote from the
new node.
Open the Windows PowerShell command line as an
Administrator and run the following cmdlet to install the
Windows Failover clustering feature and management tools:
Install-WindowsFeature -Name Failover-Clustering -
IncludeManagementTools
Test the cluster with the following cmdlet: Test-Cluster
Remove the Quorum vote from the server with the following
commands:
(Get-ClusterNode {CLUSTERNODENAME}).NodeWeight=0
For more information, see Configure and Manage the Quorum
in a Windows Server 2012 Failover Cluster. For Windows
Server 2016 information, see Deploy a Cloud Witness for a
Failover Cluster.
Note: If you use the same architecture as our test
environment, you'll have to perform these configuration steps
on both the SQL Server instances in the recovery
environment.
STEP NOTES AND GUIDANCE
2. Install the SQL Server instances Install SQL Server on both nodes. Ensure that the data paths
are exactly the same for each SQL instance and that the
configurations are identical, for example, port configurations,
database collation, and so on. For more information, see Install
SQL Server 2012 from the Installation Wizard (Setup). Also,
see Install SQL Server from the Installation Wizard (Setup).
3. Enable SQL Server Always On Availability Groups Use SQL Server Configuration Manager to enable SQL Server
Always On Availability Groups. For more information, see
Enable and Disable AlwaysOn Availability Groups (SQL Server).
For SQL Server 2016 guidance, see Enable and Disable Always
On Availability Groups (SQL Server).
Refer to the table in Build phase 1 for examples of the logical
grouping of SharePoint Server 2016 databases to availability
groups.
4. Configure farm account security Configure the appropriate permissions in each SQL Server
instance for the SharePoint setup user administrator account.
This account must be a member of the db_owner role and
assigned to the securityadmin and dbcreator SQL Server
security roles during setup and configuration.
For more information, see Configure SQL Server security for
SharePoint Server, Account permissions and security settings
in SharePoint Server 2016, and Account permissions and
security settings in SharePoint 2013
Build phase 4
The next table provides more information about the steps in Build phase 4.
1. Create build scripts We recommend that you develop a set of build scripts to
install SharePoint Server. These scripts can also be used to
build out the recovery farm (and future SharePoint farms).
Because the recovery farm will have service applications that
are identical to those in the on-premises farm, it's a best
practice to use identical service application and database
names. Scripting reduces configuration errors and ensures
consistency in farm configuration.
Note: Service applications reference their databases by the
database name, unlike the Content databases which also have
a database ID that's stored in the SharePoint configuration
database.
There are several examples of scripted SharePoint installations
that use PowerShell. For example, SharePointDsc or
AutoSPInstaller is an end-to-end open source program
available at Codeplex.
Ensure that the farm configuration database, the content
databases, and service application databases point to the DNS
alias of the SQL Server instance that you use. The SharePoint
Server databases will be created with a connection string
mapped to the SQL Server instance. Later they will be moved
to availability groups using SharePoint PowerShell cmdlets.
After you create the farm configuration databases, we
recommend scripting the following common tasks:
Join a SharePoint Server to the farm by using the
Join-SharePointFarm cmdlet. Register Managed Accounts
by using the New-SPManagedAccount cmdlet. Create Web
applications, site collections, and service applications. Finally,
set the SharePoint App domain and prefix.
2. Install the prerequisites and binaries For more information, see Install prerequisites for SharePoint
Server from a network share.
3. Configure farm SMTP settings, Web Applications, and Site Use the New-SPWebApplication cmdlet to create Web
Collections Applications and use the New-SPSite cmdlet to create Site
Collections.
STEP NOTES AND GUIDANCE
4. Configure Service Applications Use the Service Application cmdlets in Index of Windows
PowerShell cmdlets for SharePoint Server 2016 to configure
service applications.
Note: Service Applications are created in the disaster recovery
farm, with the exact same name as the primary farm. Ensure
the database names are also named exactly the same as the
primary farm, as the database will be referenced by the Service
Applications in the disaster recovery farm, where the service
application databases will eventually be created as replicas. As
part of the process, the databases in the disaster recovery
farm will be restored from the primary replicas, when the
asynchronous replicas are added to the SQL Availability
Group.
The content databases in the disaster recovery farm can be
removed from the SharePoint configuration as the primary
farm content databases will have a read-only replica available
in the disaster recovery SQL Server instance.
Use the SharePoint 2016 Management Shell to run the
following PowerShell cmdlet to dismount any content
databases from the disaster recovery farm
Remove-SPContentDatabase .
If any additional content databases exist on the SQL Server
instances in the disaster recovery farm, delete all of them. You
can use any of these methods, DROP DATABASE (Transact-
SQL), Database.Drop Method (), or Delete a Database.
5. Shut down the farm Shut down the farm after you finish configuring SharePoint.
Now you can create asynchronous replicas for the databases
on the on-premises farm.
Build phase 5
The next table provides more information about the steps in Build phase 5.
1. Verify that the SQL instance can access the database and Each node in an availability group must have access to a
backup shares. common backup location. This is required for the initial
database seeding during the process of adding replicas to the
availability group.
The SQL Server account must have access to the common
backup location.
STEP NOTES AND GUIDANCE
2. Create a SQL Server endpoint and grant connect You must create a logon on the disaster recovery SQL Server
permissions to the endpoint. instance in order to create a secondary replica and join the
databases to the Availability Groups. For more information,
see Set Up Login Accounts for Database Mirroring or
AlwaysOn Availability Groups (SQL Server) and Set Up Login
Accounts - Database Mirroring Always On Availability.
A SQL Server endpoint is required on the primary replica so
the SQL instance can send log buffers to the secondary
replicas. Use the process in Create a Database Mirroring
Endpoint for AlwaysOn Availability Groups (SQL Server
PowerShell) and Database Mirroring - Always On Availability
Groups- PowerShell to create the endpoint.
You must give the service account on the primary SQL Server
instance access to the endpoint in order to transfer log buffers
to the disaster recovery instances. Connect permission is
required.
For more information, see GRANT Endpoint Permissions
(Transact-SQL).
3. Create secondary replicas of the user content and service Each Availability Group requires a secondary replica in the
application databases in the recovery farm instance. disaster recovery farm. You must be connected to the SQL
instance that is hosting the primary replica before you can
create the secondary replica.
For more information, see Add a Secondary Replica to an
Availability Group (SQL Server).
4. Ensure that the replicas in the recovery farm are configured The availability replicas in the DR SL Server instances are
for Read-Only access. configured as readable secondary replicas. The disaster
recovery farm will access the service application and content
databases in read-only mode. This is because the recovery
farm is already referencing the service application database
names. This reduces the Recovery Time Objective (RTO) when
we failover to the DR environment.
Note: If this is not configured correctly, you may experience
errors in the recovery environment.
For more information, see Configure Read-Only Routing for an
Availability Group (SQL Server) and Configure Read-Only
Access on an Availability Replica (SQL Server).
5. Copy logons from the primary SQL Server instance to the You have to copy SQL logons and passwords from the
secondary SQL Server instances. primary instance to the secondary instances. SQL Server
copies only the content of an availability group database.
Logons and passwords are not copied from one instance to
another.
For more information, see How to transfer logins and
passwords between instances of SQL Server and Troubleshoot
Orphaned Users (SQL Server).
Build phase 6
The next table provides more information about the steps in Build phase 6.
1. Power up the recovery farm Now that the service application and content databases are
available in read-only mode in the recovery farm SQL
instances, you can power up the SharePoint farm.
2. Mount the content databases to the web application(s) For every content database that has a read-only replica in the
disaster recovery SQL instance, which holds the most current
content in the primary farm, the database needs to be
mounted in the appropriate web applications in the disaster
recovery farm. You can use the Mount-SPContentDatabase
cmdlet to mount the content databases.
3. Refresh sites in configuration database We recommend that you refresh the sites in the SharePoint
configuration database. Use the PowerShell example shown in
the (1) note after this table, to refresh the sites for each
content database.
4. Check the farm services Verify that all the farm services are running as expected.
5. Perform a farm health check Perform health checks on the farm to make sure that the farm
is stable and working correctly.
(1) Use the following PowerShell syntax for step 3 in the Build phase 6 table.
3. Move the cluster group to an active SQL node in the disaster recovery data center by using the following
command.
5. Adjust the voting rights for the cluster. All SQL Server nodes in the disaster recovery site must be provided
Quorum voting rights. Repeat the following command for each cluster node in the disaster recovery datacenter.
6. After the remote node is granted a vote for the Quorum, use the following command to remove the votes of the
two nodes in the on-premises farm.
Get-ClusterNode | fl Name,NodeWeight
8. When the node weights are applied successfully, the availability groups can be moved to the appropriate SQL
Server instances in the disaster recovery farm by using the SQL Server Switch-SqlAvailabilityGroup cmdlet.
You must use the -AllowDataLoss parameter when you run this cmdlet. For example:
IMPORTANT
It is very important as part of an operational process that any content databases created in the primary farm are added to
the availability groups and mounted in the disaster recovery farm.
Failover step 4
Service Applications
Log on as a member of the Farm Administrators SharePoint group and complete the following tasks:
1. Verify the service applications are accessible.
2. Start the User Profile Synchronization Service on one server in the disaster recovery farm.
3. Perform a full import of the user profiles.
NOTE
The Secure Store Service might require the SharePoint Farm Administrator to refresh the key in order to decrypt the
applications that are registered in the Secure Store. The administrator must have full permissions to the Secure Store before
refreshing the key. You can also use the Update-SPSecureStoreApplicationServerKey cmdlet to update the Secure Store
key.
NOTE
The User Profile Synchronization timer job must be re-enabled and profile imports should be scheduled. Since the databases
are now in write mode after a failover, the imports should be scheduled accordingly.
Failover step 5
Configure DNS Redirection
Update DNS to provide the following redirections:
To the recovery farm for web applications and site collections.
To the recovery farm for the application domain.
Failover step 6
Validate the recovery
Run Test Cases in your environment to ensure that the recovery is as expected.
After you validate the recovery:
Enable the User Profile Synchronization Service Timer job.
Schedule a full backup of the recovery farm.
Failover step 7
Send out notifications
Notify the appropriate business stakeholders once the recovery validation is complete.
Conclusion
After you failover and validate the recovery, you are in a position to start configuring the farm to meet the current
and future operational requirements such as capacity and high availability. These requirements are determined by
the duration of the downtime and recovery of the farm in the on-premises datacenter.
As a final note, you have to review and validate your plan for falling back to the on-premises farm when it's
operational again.
Appendix
Appendix 1: Getting started in Microsoft Azure
ITEM NOTES
Azure subscriptions and storage accounts At a minimum, you will need one subscription to create the
Azure recovery farm. After you have a subscription, you can
create up to 100 uniquely named storage accounts. As in the
case of other Azure services, there are standard and premium
storage accounts. For more information, see Introduction to
Microsoft Azure Storage.
Cloud services When you create the server for the VPN gateway, a cloud
service gets created for the virtual machine. At this point, you
have to determine how many cloud services you want to have
for the recovery farm. You obviously don't want a cloud
service for every server in the farm; but should you use one or
several? There are good arguments for both options. By
grouping virtual machines into separate cloud services, you
can work with several servers as a single unit. In our test farm,
we used four cloud services. The first was for the VPN gateway
and then one for each of the following tiers: front end web
servers, application servers, and the database servers. For
more information, see Should I Choose Cloud Services?.
PowerShell PowerShell Azure cmdlets can help you automate tasks in your
virtual environment. For more information, see Windows
Azure PowerShell Cmdlets (v2.2.2).
Virtual Machines, Machine sizing Azure VMs are available in multiple series which have different
performance and capacity characteristics. You can mix and
match machines based on your workloads and farm tiers.
For more information, see Sizes for Windows virtual machines
in Azure.
See also
Other Resources
SharePoint Server 2016 in Microsoft Azure
What workloads can you protect with Azure Site Recovery?
Replicate a multi-tier SharePoint application for disaster recovery using Azure Site Recovery
Supported high availability and disaster recovery
options for SharePoint databases
6/7/2019 • 22 minutes to read • Edit Online
Introduction
The scope of this article is the supported high availability and disaster recovery solutions for each SharePoint
Server system and service application database. These solutions address the database level, instead of the
database instance or database server level and include the following: database mirroring, database availability
groups, and log shipping.
When you evaluate a high availability or a disaster recovery option for SharePoint, you must understand that not
all of the options are supported by each SharePoint database. This is because of design requirements and feature
characteristics.
This article identifies the supported option for each SharePoint database. These databases are grouped by SKU
and then by feature.
CATEGORY DESCRIPTION
Supports SQL Server 2014 with Service Pack 1 (SP1), SQL Yes
Server 2016, and SQL Server 2017 RTM synchronous
mirroring in a farm for availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL No. This is a farm specific database.
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 asynchronous mirroring or log-
shipping to another farm for disaster recovery
Supports SQL Server AlwaysOn Availability Group with No. This is a farm specific database.
asynchronous-commit for disaster recovery
CATEGORY DESCRIPTION
Purpose This database stores all configuration data for the Central
Administration site collection. If SQL Server 2016 RTM, Power
Pivot for SharePoint Server 2016 or SQL Server 2012 Power
Pivot for SharePoint 2013 is installed the Central
Administration content database also stores the Excel Online
and Excel worksheets and Power Pivot data files that are used
in the Power Pivot Management Dashboard.
Note: Power Pivot for SharePoint Server 2016 is only
available with SQL Server 2016 RTM.
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL No. This is a farm specific database.
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
Supports SQL Server AlwaysOn Availability Group with No. This is a farm specific database.
asynchronous-commit for disaster recovery
Content database
CATEGORY DESCRIPTION
Purpose Content databases store all content for a site collection. This
includes site documents or files in document libraries, list
data, Web Part properties, audit logs, and some apps for
SharePoint data if the apps are installed, in addition to user
names and rights.
Content databases also store user data for SQL Server 2016
CTP 3.1 or later, Power Pivot for SharePoint Server 2016 and
SQL Server 2012 Power Pivot for SharePoint 2013, if you
installed it in your SharePoint Server environment.
Additionally Content databases also store the Project Server
2016 extensions in SharePoint Server 2016.
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
CATEGORY DESCRIPTION
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
CATEGORY DESCRIPTION
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
CATEGORY DESCRIPTION
Default database name when it is installed with the 2016/2019: Managed Metadata Service_<GUID>
SharePoint Products Configuration Wizard 2013: Managed Metadata Service
Application_Metadata_<GUID>
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
NOTE
The Managed Metadata Service is the Taxonomy service. This database cannot be attached to a Managed Metadata Service
Application in read only mode.
CATEGORY DESCRIPTION
Default database name when it is installed with the 2016/2019: PerformancePoint Service Application_<GUID>
SharePoint Products Configuration Wizard 2013: PerformancePoint Service_<GUID>
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
CATEGORY DESCRIPTION
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
NOTE
Power Pivot for SharePoint Server 2016 is only available with SQL Server 2016 CTP 3.1 or later.
NOTE
Power Pivot for SharePoint 2013 is only available with SQL Server 2012 SP1 Analysis Services (SSAS).
CATEGORY DESCRIPTION
Purpose Stores data refresh schedules, and workbook usage data for
internal use by Power Pivot service applications.
Supports SQL Server 2016 RTM synchronous mirroring in a Yes, but not recommended. Use AlwaysOn in Synchronous-
farm for availability Commit Mode instead.
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
The following table describes the supported high availability and disaster recovery options for the Project Server
database.
NOTE
Project Server creates a separate database for each instance of Project Web App
CATEGORY DESCRIPTION
Purpose Each Project Web App database contains the following data:
All Project and Portfolio Management (PPM) data
Time tracking and Timesheet data
Aggregated SharePoint project site data
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL No. Taking a copy of the Search Administration database and
Server 2017 RTM asynchronous mirroring or log-shipping to using it to re-create the Search service application is
another farm for disaster recovery supported.
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
Supports SQL Server AlwaysOn Availability Group with No. Taking a copy of the Search Administration database and
asynchronous-commit for disaster recovery using it to re-create the Search service application is
supported.
CATEGORY DESCRIPTION
Purpose Stores the results for usage analysis reports and extracts
information from the Link database when it is needed.
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
Crawl database
CATEGORY DESCRIPTION
Purpose Stores the state of the crawled data and the crawl history.
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL No
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
Link database
CATEGORY DESCRIPTION
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL No
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
CATEGORY DESCRIPTION
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
CATEGORY DESCRIPTION
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
CATEGORY DESCRIPTION
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL No
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
CATEGORY DESCRIPTION
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
CATEGORY DESCRIPTION
Purpose Stores health monitoring and usage data temporarily, and can
be used for reporting and diagnostics.
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes, but not recommended
Server 2017 RTM synchronous mirroring in a farm for
availability
Supports SQL Server 2008 R2 and SQL Server 2012
synchronous mirroring in a farm for availability
Supports SQL Server AlwaysOn Availability Group with Yes, but not recommended
synchronous-commit for availability
Note: It is not possible to run PSConfig, (SharePoint Products
Configuration Wizard or Microsoft PowerShell) to apply
SharePoint CUs when this database is a member of an Always
On Availability Group.
Supports SQL Server 2014 (SP1), SQL Server 2016, and SQL Yes, but not recommended
Server 2017 RTM asynchronous mirroring or log-shipping to
another farm for disaster recovery
Supports SQL Server 2008 R2 and SQL Server 2012
asynchronous mirroring or log-shipping to another farm for
disaster recovery
CATEGORY DESCRIPTION
Supports SQL Server AlwaysOn Availability Group with No. This database is farm specific. However, you can copy it to
asynchronous-commit for disaster recovery a disaster recovery environment for data mining.