Track SharePoint 2010 Installations by Service Connection Point (AD Marker)
A new improvement in SharePoint 2010 is the support of Service Connection Point (Active Directory Marker). This can help IT Professionals to track SharePoint 2010 installations in their environment.
To use this new feature, administrator needs to create a container in Active Directory then set the right permission to the container before they implement SharePoint 2010 products in their environment. This can be done through ADSI Edit. Here’re the steps:
1. Start ADSI Edit on your domain controller, or use remote administration tool to connect to it from another machine.
2. Expand System.
3. Right click in the white area then choose New, Object…
4. Create a container.
5. Fill in the container name, by default this should be Microsoft SharePoint Products. You can use other names, but you need to create a group policy for the domain machines to set a string value ContainerDistinguishedName under registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SharePoint. In this way PSConfig can detect the new name and change it accordingly.
6. Click Finish. The container is created.
7. Right click on the container, choose Properties.
8. Click Security.
9. Add the users you want to write to this container, and give them Create serviceConnectionPoint objects permission by clicking Advanced, then edit the object. When users who cannot write to this container install SharePoint 2010, no new entry will be created. A wise idea would be give Authenticated Users the permission so to track all the objects.
10. Install and provision a new SharePoint farm in the environment, and check if the SCP has been created successfully. If everything works, you can find a new GUID object under Microsoft SharePoint Product Container. Right click it and select Properties, you can find that the server farm’s topology web services is recorded here. In this case it is https://sp2010:32844/Topology/topology.svc
I will post a script for listing all the SharePoint 2010 server names in Script Center later.
Update: the script is here: https://gallery.technet.microsoft.com/ScriptCenter/en-us/af31bded-f33f-4c38-a4e8-eaa2fab1c459
Jie.
Comments
Anonymous
April 21, 2010
Very interesting. Thanks for sharing the details. How reliable is this? If I gave All Users access, would I be sure I had all SharePoint 2010 instances on the domain tracked?Anonymous
April 23, 2010
This is very reliable if the user has WRITE access to the container. And yes, they will be tracked. Ignore the above comment, I will dig into this.Anonymous
May 25, 2010
can you confirm, that "all authenticated users" is needed with write permission, so we can track all SharePoint 2010 installations outside of team?Anonymous
May 28, 2010
@Didier - please check the revised part : 9. Add the users you want to write to this container, and give them Create serviceConnectionPoint objects permission by clicking Advanced, then edit the object. When users who cannot write to this container install SharePoint 2010, no new entry will be created. A wise idea would be give Authenticated Users the permission so to track all the objects.Anonymous
October 10, 2010
Very interesting stuff and lead me to investigate further I have added mor information and an ADM/ADMX file to my blog. www.qa.com/.../sharepoint-2010-brings-new-governance-controls-to-it-pro&Anonymous
October 28, 2010
Hello, is there a way to disable the installation tracking? It is causing problems and the "improvement" is not really needed in most environments. Thank you.Anonymous
October 31, 2010
@Sam This is disabled by default - as long as you don't have a container created in your AD it is not tracked. No idea on why you have the question though.Anonymous
January 22, 2011
Interestingly enough though, if you don't have the container in AD, while you're installing you will see an error message stating that you're not able ot create the Service Connection.Anonymous
March 23, 2011
@Dan It's not actually and error its a warning. I have an example in my blog. See posting above for linkAnonymous
May 11, 2011
While it may be "optional" I found that running any updates (I just installed the Februrary CU on my farms) causes an exception in the error logs saying it can't find this node and the SharePoint Products Configuration Wizard will show as failed after the upgrade (although in CA it'll show it's fine). So until Microsoft makes the check for this token optional and not fail an upgrade, I suggest this be a mandatory step. Too bad things are mismatched here, an optional feature that is disabled by default yet another part of the system depends on it being done.Anonymous
June 23, 2011
I got this error when running the upgrade wizard after applying the April 2011 CU. Why does it error-out the upgrade?Anonymous
August 04, 2011
Could you provide the solution to override this "ServiceConnectionPointNotCreatedEventLog is Unable to create a Service Connection Point in the current Active Directory domain." error when running configuration wizard after applying CU updates?Anonymous
June 17, 2012
I am in the same boat, I just installed SP2010 and then installed SP1 and get the same error when trying to upgrade from either powershell "psconfig -cmd upgrade -inplace b2b -force" or Products Configu Wizard. I am in a Domain enviroment where enabling this feature is not an option. If anyone knows how to disable it or whatever work around is needed to get around this so the upgrade will complete I would appreciate it.Anonymous
June 17, 2012
I answered my own question, I re-ran the SP1 upgrade command (psconfig -cmd upgrade -inplace b2b -force) a couple times it completed.Anonymous
March 28, 2013
The comment has been removedAnonymous
April 08, 2014
Thanks for sharing. Its very helpful.Anonymous
July 25, 2014
Great it worked for me, able to run psconfig, after recreating the entire farmAnonymous
December 27, 2014
The comment has been removed