Automate SharePoint Workspace account configuration/restoration
Applies to: SharePoint Workspace 2010, Groove Server 2010
Topic Last Modified: 2011-08-05
This article describes how to automate managed SharePoint Workspace account configuration and restoration in an Active Directory-integrated management environment. This process involves updating SharePoint Workspace computers with an account configuration code. The Groove Server 2010 Manager automatic account configuration and restoration capability facilitates the process of deploying or restoring managed SharePoint Workspace accounts and offers the following advantages over manual account activation:
Faster setup of managed SharePoint Workspace accounts and does not require end-user input.
Faster restoration of backed-up SharePoint Workspace accounts.
Easier migration of SharePoint Workspace accounts to a new or different Groove Server Manager system.
For information about how to manually distribute account configuration codes, especially useful for management environments that are not integrated with Active Directory, see Manually delivering SharePoint Workspace account configuration codes.
For information about migrating existing SharePoint Workspace accounts to a new Manager server, see Migrating SharePoint Workspace users to Groove Server Manager.
In this topic:
Before you begin
Enable automatic account configuration or restoration
Test the automatic account configuration or restoration setup
Before you begin
Before you start the procedure, make sure that your SharePoint Workspace management setup meets the following requirements:
Groove Server 2010 Manager must be installed on the network, as described in Install and configure Groove Server 2010 Manager.
Groove Server Manager must be integrated with an Active Directory forest, as described in Prepare Active Directory for Groove Server Manager.
SharePoint Workspace user contact information must be imported from your onsite Active Directory server into the Groove Server Manager, as described in Create a SharePoint Workspace user directory for Groove Server Manager.
Each client entry in Active Directory must include a valid e-mail address for account auto-configuration/restoration to function.
Groove Server Manager must be configured to trust the Windows network domain that contains SharePoint Workspace user logon accounts.
The Groove Server Manager-trusted domain must be configured to authenticate users against Active Directory forest that is integrated with Groove Server Manager.
SharePoint Workspace must be installed on client computers. For information about how to deploy SharePoint Workspace 2010 in an enterprise, see Deploy SharePoint Workspace 2010.
SharePoint Workspace clients must have logon accounts to a Windows network domain in an Active Directory forest.
Enable automatic account configuration or restoration
The following procedure guides you through the process of automating managed SharePoint Workspace account configuration for SharePoint Workspace users in your organization. This process can be applied to new SharePoint Workspace clients and to clients that have existing unmanaged SharePoint Workspace accounts. For more information about converting unmanaged accounts to managed accounts, see Migrating SharePoint Workspace users to Groove Server Manager.
To enable automatic account configuration or restoration
Address the requirements in Before you begin.
Log on to the Groove Server Manager administrative Web site, open to the Identity Policy template assigned to the relevant user group, and then verify that the Member Policy for scheduling SharePoint Workspace account backup is enabled.
For more information about account backup, see Backing up SharePoint Workspace accounts.
Update the registries of SharePoint Workspace clients with the name of the Groove Server Manager. The recommended method for doing this is to use an Active Directory Group Policy object (GPO), as follows:
Download the AdminTemplates.exe file from the Microsoft Administrative Templates page at https://go.microsoft.com/fwlink/p/?LinkID=102081&clcid=0x409, and then run the .exe file to extract the groove.ADM file which contains the required GPO.
Add the SharePoint Workspace Group Policy template, groove.ADM, to Active Directory via the GPO Editor.
Update the GPO template to include the fully qualified domain name of the Groove Server Manager Web site.
Assign the GPO template to the appropriate user container in Active Directory. The registry on SharePoint Workspace clients will be updated with the following key: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\Groove\Manager\<servername>
where <servername> is the fully qualified domain name for Groove Server Manager and the SSL certificate associated with the management server Web site.
On the server that hosts your Groove Server Manager Web site, use IIS Manager to do the following:
Add the certificate for the Groove Server Manager Web site to the Server Certificates store.
Configure the Groove Server Manager Web site for secure communications by right-clicking it, selecting Edit bindings…, and then defining the 443/TCP SSL port for HTTPS.
Ensure that the correct Authentication is enabled for your Groove Server Manager system by opening the Authentication page for the management server and specifying the following authentication settings for each Web-site level:
Groove Manager Web site: Anonymous Authentication
/AutoActivate: Windows Authentication
/GMSAdmin: Windows Authentication
/GMSClient: Anonymous Authentication
/GMSClient/Secure: Windows Authentication
/GMSConfig: Anonymous Authentication
Ensure that SSL is enabled for Groove Server Manager by opening SSL Settings for the following site levels and enabling Require 128-bit SSL:
/AutoActivate
/GMSAdmin
/GMSClient/Secure
Ensure that members for which you are configuring a new SharePoint Workspace account have a ‘pending member’ status in the Members list. Ensure that members for which you are restoring an account have an ‘active member’ status. Account auto-configuration and restoration require will not function for users who have an incompatible status.
Allow time for the Manager server to synchronize with Active directory or start the Groove Server Manager Directory Integration service to expedite synchronization.
When Active Directory and Groove Server Manager have been synchronized and a new user logs on to SharePoint Workspace, Groove Server Manager compares the user’s logon information with the imported Active Directory account name and if the information corresponds, automatically configures a managed account or restores the backed-up on the client. The user will be subject to management domain policies and Relay servers assigned to them in Groove Server Manager.
Test automatic account configuration and restoration at your site as described next in this article, in Test the automatic account configuration or restoration setup.
Test the automatic account configuration or restoration setup
The following procedure describes automatic account configuration for SharePoint Workspace users in your organization.
To test automatic account configuration or restoration
Complete the procedure in Enable automatic account configuration or restoration.
Test your account auto-configuration setup for a new member as follows:
On a client computer for which no previous account configuration has been attempted, start SharePoint Workspace for the first time. The Account Configuration Wizard opens briefly, followed by the SharePoint Workspace Launchbar.
From the SharePoint Workspace Files menu, select Info/Manage Account, select Account Preferences, and then click the Account tab. The Manager server name appears to the right side of the local computer name.
From the Groove Server Manager, select Members or another group and confirm that user status has changed from ‘pending user’ to ‘active user’.
Test your account auto-restoration setup for a member as follows:
Confirm that the member account was backed up by checking the management domain’s Member Activity report on the Groove Server Manager.
On the member’s client computer for which no previous account configuration has been attempted, log on as the member and start SharePoint Workspace for the first time. If a backed-up account exists, the SharePoint Workspace Launchbar appears.
Note
Log on to Active Directory if prompted to do so, as determined by the network topology and domain membership.
Confirm that the workspaces and contact list appear as expected and check the user account settings, available from the File menu to confirm that the correct Manager server name appears to the right side of the local computer name.