How to Create Hub Sites in SharePoint Online

WHAT IS THIS ALL ABOUT? 

Historically we only had two primary ways to structure sites in SharePoint. You would either create one big site collection and create lots of subsites in it, or you would have lots and lots of site collections in your tenant. Of course, you could have both models run in parallel. Provision lots of department sites each in its own site collection and lots of subsites in each department’s site collection. Multiple Site collections always made sense for large organizations. With the arrival of SharePoint Online and Office 365, we had many small businesses embrace SharePoint now and most small, and even medium-size businesses could get away with just 1 or 2 site collections. What made a single site collection really attractive to many is that you could easily build common navigation between all the subsites. On top of that, you could also create site templates and reuse them. 

Things started to swing in favor of flat architecture with the rollout of Office 365 Groups and Communication Sites. Every time you create an Office 365 Group or a Communication site – a new site collection is provisioned. So whether you want it or not, now you are almost forced into a flat architecture. 

WHAT ARE HUB SITES? 

So now, with all these Office 365 Groups and Communication Sites and old legacy site collections, the challenge is how do we bring them all together via common navigation? I documented several ways to create common navigation for sites previously, but all of the tricks are local to the site collection.  Meaning, if you create navigation in one site collection, you can only propagate it to subsites underneath, not to other site collections.. 

This is where Hub Sites come in. Hub Sites are a way to tie together all the autonomous site collections under one navigation umbrella. There are other characteristics that are shared within a Hub , but primarily – they are for navigation. 

HOW TO CREATE HUB SITES 

So now that we are clear what the Hub Sites are, let me show you how to create them! There are 2 steps involved. 

  • Step 1: You need to pick a site that will be the main hub – that’s where you will manage the global menu from (think of this as an older brother) and… 
  • Step 2: You need to associate other site collections to the hub site (think of them as brothers and sisters joining the older brother). 

Step 1: Register Hub Site 

  1. Navigate to Office 365 Admin Center 
  • Click on SharePoint Admin Center 
  • Navigate from Classical to Modern SharePoint Admin Center by clicking “Try it now” button. NOTE: This step is and will only be necessary for a short period of time. Microsoft is currently modernizing SharePoint Admin Center (and you can only create Hub Sites from Modern SharePoint Admin Center). As of the writing of this post, we are still in transition mode, but in future, when the transition is complete, you can just skip this step. 
  • Click on Active Sites to see a list of all the site collection you have (Office 365 Group Site Collections, Communication Site Collection, legacy (classical) site collections) 
  • Click the check box next to the site that will become a hub, then Register as Hub Sitefrom Hub Site menu 
  • Fill in the name of the Hub and click Save (you can also designate users who will be able to connect to this Hub, but let’s not worry about it here) 

Mazel Tov, you just created your first Hub Site!!! 

Step 2: Associate a Site to a Hub 

The next step is for you to associate (connect) other site collections to the Hub. There are two ways for you to do so: 

Option 1: Connect from the SharePoint Admin Center 

  1. While in SharePoint Admin Center, click on the checkbox next to the site collection you want to associate with the hub, then from the Hub site drop-down menu chooseAssociate with a hub site 
  • From the list of all the hubs you have available in your tenant, choose one you want to connect to and click Save 

Option 2: Connect from the site collection itself 

  1. Navigate to the root (the very top-level site) of the site collection that you want to associate with the hub 
  2. Click Gear Icon > Site Information 
  • Choose Hub Site Association and click Save 

NOTE: This second technique only works for site collections that have been modernized. That means that if you have a classical site collection with a classical page, you won’t see the Site Information in the menu under the gear icon. So what you will need to do first is modernize your page first. It is quite easy, and I described how to do it here

CONFIGURE HUB 

Assign a Hub Name and Upload a Hub Logo 

There is a bit of configuration you can also do to a Hub once created. If you go back to the main Hub Site, then click Gear Icon > Hub Site Settings… 

…you can upload a Hub logo and specify a navigation name for the Hub. 

Don’t mind the Site design drop-down – it is way too technical for us, out of the box guys and girls. 

Here is what this all means: 

  • Hub Logo: Appears as a little thumbnail on the Hub Global menu to the left of the navigation. Clicking on the Hub Logo from any site collection navigates the user to the main Hub Site 
  • Hub Site Navigation Name: This is how the name of the Hub will appear in the global navigation. So does not really matter what you called your main hub, you can call it something else in the navigation (i.e. Intranet) 

Build Common Navigation 

This step is primarily the reason why we did all of the above. Associating (connecting) all the site collections to the hub, does not automatically add links to the navigation. You have to do so manually. Let me show you how to do this. 

  1. Navigate to the main Hub Site again 
  2. Click on Add link 
  • Click the “+” sign to add a new link, fill in the blanks. Click OK and Save 
  • You can also create drop-down menus by doing sublinks 

Take advantage of Hub Features 

Here I would like to list all the advantages of the Hub functionality. At the moment, the list is not big. However, I am sure as Hub Sites evolve, there will be other features added. 

Common Navigation 

We already covered it above, so not going to repeat it here. 

News roll up 

When you combine your site collections into a Hub, you can automatically aggregate News and Announcements from all the sites into 1 site by using News Web Part. Go ahead and add a News Web Part to a page on the main Hub Site. Click the Edit Button. There you will be able to choose an option to aggregate all the news within a Hub into one! 

Search within a Hub 

Once you create a Hub and connect other sites to it, you will notice that a Search Box on the Main Hub now searches across other sites within a Hub. This is amazing! 

Common theme 

You will notice as soon as you add your site collection to a hub, that its color scheme will adopt the colors of the main Hub. That’s pretty nice – great from common branding/user adoption standpoint. 

Content roll-up via HCWP 

Once you create a Hub, you will be able to roll-up content using Highlighted Content Web Part (HCWP) within a hub. 



How to Stop and Start All SharePoint 2013 Farm Services using PowerShell

How to Stop and Start All SharePoint 2013 Farm Services using PowerShell? 

Prior to SharePoint patching, its a best practice to Stop all SharePoint 2013 and its related services and then start once patching is completed. If you don’t do this, your service pack or patch installation will take longer than its expected.

So what are all the services to be stopped?

SharePoint 2013 Search Service (OSearch15 – OSearch16 in SharePoint 2016)

SharePoint 2013 Timer Job (SPTimerV4) • SharePoint 2013 Administration (SPAdminV4)

SharePoint 2013 Tracing (SPTraceV4)

SharePoint 2013 VSS Writer (SPWriterV4)

SharePoint 2013 User Code Host (SPUserCodeV4)

• SharePoint Search Host Controller (SPSearchHostController)

• Forefront Sync Service (FIMSynchronizationService)

Forefront Service (FIMService)

World Wide Web Publishing Service (W3SVC)

Internet Information Services (IIS)

Don’t forget to do it in all your SharePoint Servers of the farm!

Lets use PowerShell to stop and start all SharePoint services:

Stop all SharePoint 2013 Services, Lets use PowerShell to stop and start all SharePoint services:

Start all SharePoint 2013 Services: After the patching, Use the below script to start all SharePoint services. 

Completely Stop or Start SharePoint Farm Services on All Servers: Lets put everything together and make a reusable PowerShell function, which stops or starts all SharePoint related services in all servers of the farm.

Reconnecting Shared Mailboxes after an O365 Migration

I get a lot of these incidents in my queue after a user has been migrated to O365. For whatever reason, most likely due to the mailbox being moved itself, whether it is the user’s mailbox, the shared mailbox, or both, the connections to the shared mailboxes stop working in Outlook and the user cannot connect to the shared mailbox.

Here is a quick and easy solution to use to disconnect and reconnect the shared mailbox(es) that you lose connectivity to when migrated. This is usually performed on Outlook 2016 and above as most users upgrade their client software when moved to O365.

First, we remove the existing shared mailbox connection:

  • Click the File > Account Settings > Account Settings.
  • Select your company email address in the account list.
  • Click Change > More Settings > Advanced tab > Select the Shared Mailbox > Remove
  • Click Apply > OK > Next > Finish.
  • The shared mailbox will now automatically be removed in your Folder pane in Outlook.

Second, we re-add the shared mailbox connection to Outlook:

  • Click the File > Account Settings > Account Settings.
  • Select your company email address in the account list.
  • Click Change > More Settings > Advanced tab > Add
  • Type the name of the shared mailbox in the window and click OK.
  • Click Apply > OK > Next > Finish.
  • The shared mailbox will now automatically be added to your Folder List pane within Outlook.

Note: The above procedure must be followed in order to properly reconnect the shared mailbox. You cannot remove and re-add the mailbox in the same process as that will not reset the connection properly. You must save the settings when disconnecting.

I hope that this will assist everyone when troubleshooting Outlook connectivity issues to shared mailboxes after a migration.

HAPPY TROUBLESHOOTING!
PLEASE COMMENT!

Connect to all PowerShell Modules in O365 with one script

Let’s say you’re an admin that needs to connect to Office365 via PowerShell often. Now, there are many different websites or blogs that will show you how to connect to each session via PowerShell. That can cause a headache since you can end up having five different PowerShell sessions running in five different windows. You end up having to enter a username and password all those times, which can become time consuming.

I want to show you here how to combine all those sessions into one script where, if you’re security is tight enough on your computer, you don’t even have to enter credentials. This way, you can click on one icon and pull up all the O365 PowerShell commands that you’ll need to manage your organization.

First you need to download the following PowerShell Module Installation Files so that your PowerShell Database will have the correct modules installed:

Microsoft Online Service Sign-in Assistant for IT Professionals RTW
Windows Azure Active Directory Module for Windows PowerShell v2
SharePoint Online Management Shell
Skype for Business Online, Windows PowerShell Module

Next, we want to setup the CLI (Command Line Interface) to be too cool for school. I have learned it helps to have knowledge of how to customize the CLI window. You can do all of this in PowerShell ISE or Notepad, which ever you prefer. Here are the commands for the script that I use to setup the CLI:

Next, you want to set your Execution Policy and put in your credentials so that you won’t be prompted to enter the user credentials when you run the script.

NOTE: MAKE SURE YOU KEEP YOUR SCRIPT SAFE AS THE CREDENTIALS ARE VISIBLE WITHIN THE SCRIPT IN PLAIN TEXT!

You can, alternatively, set your script to prompt for credentials every time by using the following:

$LiveCred = Get-Credential

Here is that part of the script:

Now we get into the importing of the modules for each O365 service:

Get the MSOnline Module:

Connect to the MSOnline Service:

Connect to Azure AD PowerShell:

Connect to SharePoint Online PowerShell:
NOTE – MAKE SURE YOU CHANGE TO YOUR COMPANY NAME IN THE URL!!

Connect to Exchange Online PowerShell:

Connect to Skype For Business Online PowerShell:

Connect to the Security & Compliance PowerShell:
NOTE – This one I still get “Access Denied” when trying to connect. I have looked for an answer to that issue, but have not found one. Please comment with a link if you have an answer so that I can update this script!

Lastly, put in a note to show that the PS load is completed:

So Here is the final script in its entirety:

Now you can create your icon for your desktop so that you can easily access the script. I would save the script to your Scripts directory.

That will usually be C:\Users\’username’\Documents\WindowsPowerShell\Scripts or wherever directory you choose.

To start, right click the desktop and choose New > Shortcut
In the Target Field, enter the following for your PowerShell Shortcut, pointing to the path of your script:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -ExecutionPolicy Unrestricted -File “C:\Users\username\Documents\WindowsPowerShell\Scripts\ConnectO365All.ps1”

Click on the Advanced button and check the box: Run As Administrator
Under the General Tab, name your shortcut: (CompanyName) O365 All PowerShell
Click OK to save the shortcut to your desktop.

LAST BUT NOT LEAST, RUN THE FOLLOWING COMMAND BEFORE EXITING OR CLOSING YOUR POWERSHELL WINDOW. THIS WILL REMOVE ALL THE SESSIONS YOU’VE CONNECTED TO:

Get-PSSession | Remove-PSSession

HAPPY SCRIPTING!
LEARN, DO, LIVE!

References:
Connect to all O365 Services in one PowerShell Window
How to connect to all O365 Services through PowerShell
Connecting to Office 365 “Everything” via PowerShell

Event 11022 with MSExchangeTransport – Easy Validation Test

In a hybrid environment, you’re always connecting between the cloud and on premises to establish transport through the connectors to transport mail. By default, this is done over a TLS (Transport Layer Security) connection. It’s similar to a VPN or SSL connection using certificates on the Transport Layer of the network stack to encrypt the data between the two Organizations in a Hybrid configuration.

Because you are using certificates, the certificate must be validated properly and checked to see if it has expired or been revoked by the issuing company. A revocation list is created and updated regularly for this purpose. If the connecting organization cannot validate the revocation of the certificate, it will not establish a TLS connection with the connecting organization. You will then get the following event:

Event 11022
MSExchangeTransport
Error:
Failed to confirm domain capabilities ‘mail.protection.outlook.com:AcceptOorgProtocol’ on connector ‘Inbound from Office 365’ because validation of the Transport Layer Security (TLS) certificate failed with status ‘RevocationOffline’. Contact the administrator of ‘mail.protection.outlook.com’ to resolve the problem, or remove the domain from the TlsDomainCapabilities list of the Receive connector.

Most likely, there is a network issue with the On Premises Organization being able to retrieve the Revocation File with the Certificate Information. Since it cannot retrieve that file, it stops the transport connection and throws the error.

A simple validation to validate the connector and assure transport from Office365 is to run the following cmdlet from the server on premises that performs the connection:

Again, I like to put the other cmdlets of 
write-host, hostname, and date 
in order to make it easy to document when working an incident.

From the highlighted text, we can see the test was successful.

The test runs a connection for each connector and tests the validity of each connector. If a success is returned, then we have knowledge that the certificate was validated and the connection was established through the connector from Office365.

If you get a failure though, you will need to run tests to see if you can pull the revocation list for the certificate as well as a simple test to connect to Office365:

Connect to Exchange Online via Powershell

IMPORTANT NOTE

I wanted to put some information on how to pull the CRL Distribution Point for the Office365 so that you could run an Invoke-WebRequest to pull the CRL file from the Distribution Point, but I have NOT found a single way through Powershell to pull that information. I have searched multiple posts and articles showing all these advanced methods of using certutil and PowerShell to get a bunch of other information, but NOTHING on how to pull the URL for the CRL file from the certificate. Doing a Get-ChildItem for the certificate using the Thumbprint does NOT pull that property from the certificate. Now, if you have a cmdlet that WILL do that, PLEASE POST!

So, in essence, to troubleshoot if you can get to the CRL file, you get the URL for the CRL Distribution Point from the GUI Properties of the certificate. Then you run the following cmdlet in PowerShell:

POST COMMENTS!
HAPPY TROUBLESHOOTING!