SharePoint on a Domain Controller Revisited

On Tuesday I wrote about installing SharePoint Foundation 2010 on my home windows server, which also acts as a domain controller, and I concluded by saying that I’d encountered performance issues as a result of that (non-recommended) setup.

Turns out, the performance issues were a complete coincidence, and everything is now running just fine.

The problem I was experiencing was that two of my three forward DNS servers weren’t working correctly. Now that my service provider has corrected their issue, everything is great.


For a small setup like mine, I’d say go ahead and install SQL Server Express and SharePoint on the domain controller. It works great!

0 notes

Installing SharePoint Foundation on a Domain Controller

It’s been a long time since I blogged about SharePoint, and that’s largely because I haven’t had a need to develop anything custom on top of the platform for quite some time.

If you’ve been following along for a long time, you may recall that back at the start of last year I installed SharePoint foundation on a Windows 7 Virtual Machine at home for testing purposes and, while I didn’t blog about it explicitly, when I upgraded my home server last August I replaced that Windows 7 virtual machine (which ran on my laptop) with an always-on Windows 2008 R2 VM, again running SharePoint foundation.

As my home network continued to evolve I turned that Windows Server VM into a domain controller, and this broke my SharePoint installation – but by then it wasn’t all that important and I didn’t need it for work anymore, so I simply uninstalled it.

Recently, I’ve been missing having SharePoint’s functionality at home. In particular, I wanted a shared calendar for Flo and I, and a place for shared documents. We can achieve much of this with Google calendar and our existing shared folders (and I already have a tool deployed that makes our network shares available from outside our home network), but it all feels a little kludged together and it’s lacking features like NTLM based SSO and an easy way to edit files from the web-interface that SharePoint provides out of the box. I looked at a couple of alternativesolutions and wasn’t satisfied.

Previously I’d deployed SharePoint foundation in standalone mode. This installs and runs all the required components on a single machine. It’s not recommended for a full-scale deployment, but it’s perfect for our home network. The problem is that this simply isn’t an option if you install it on a domain controller, and instead you have to install a server farm. In googling around, the consensus online seemed to be that it wasn’t possible to install SharePoint on a single server if that server was also acting as the domain controller.

Not so.

Read More →
0 notes


Hanlon's Razor →

In yesterday’s link roundup post I linked to an article about communication strategies within a geographically disparate team that made mention of Hanlon’s Razor.

I’ve known my boss’ boss’ boss to express this in different words:

“Nobody gets out of bed and comes into work in the morning just to screw you over.”

It’s good to know that there’s a name for this concept I can reference, and also an alternative wording I can use to make it appropriate for all audiences:

“Never attribute to malice that which is adequately explained by ignorance.”

Wikipedia also teaches me that Sir Bernard Ingham coined an even more succinct version:

Cock-Up Before Conspiracy.”
0 notes

Link Roundup - Thursday April 9th, 2015

I read a lot.

I have a reading list of blogs and other websites in Feedly that I read throughout the day, every day.It includes everything from traditional news through to cartoons.

Often I find something that I want to share on this blog. I quite often share links here to other articles, but I always try do it in the context of providing my own commentary and thoughts on the content. What I’m getting at is that sharing links on here is not a quick, one-click process, because I don’t want this blog to be merely a long list of links to other people’s content. I’m much too egotistical for that.

Anyway, the result of all this is that over time I build up a handful of flagged articles that I’ve been intending to share but never got around to doing so.

This is the first of what may become a semi-regular feature, where I spew those forth with (in the interests of time) only a sentence or two of comment instead of the full-blown article I was originally planning. Enjoy!

0 notes

Meeting Pre-Work (and Why I’m Bad at It)

Last week I linked to and wrote about an article that gave some tips on running effective meetings.

In addition to posting it here I also posted it, in advance, to my workplace’s internal social media platform to share it with my team and get their thoughts on meeting best practices.

My boss Matt commented that one of his tips was to highlight any meeting pre-work that may exist: information that participants need to bring with them to the meeting, or documents they should review in advance, for example. Matt suggested that it may sometimes even be worthwhile to go so far as to include these expectations in big bold text within the invite so they jump out.


This was an interesting topic to me, because I am certainly an occasional offender in this regard.

Basically, if you send me an email that includes a call to action then I will notice it and deal with it appropriately. I may not take the requested action immediately, of course, but I’ll flag the email for follow-up when I know I’ll have time to get it done, or maybe even schedule some time in my calendar if the situation warrants it.

A calendar invite is different, though. No matter how hard you try and how good your writing skills are, the instruction in the body of the invite is not the primary call to action when I receive it: instead, that’s something that’s defined for me by Outlook (or your client of choice) which is demanding that I choose to accept, tentatively accept or decline the invite itself. Once I’ve done one of those things the invite is forever gone from my inbox, and the meeting (along with whatever instruction you provided) is now on my calendar.

I’ll get to your email on whatever schedule my workload allows for, but my calendar by its very nature is a schedule, and it tells me when I should get to something. The next time I’ll look at your meeting invite is probably going to be two minutes before it starts, when I’m looking for conference line details or checking which room it’s in. By then of course it’s too late.

Recently I’ve started employing a new trick to deal with this kind of thing for meetings that I host. First I send an email to the group explaining what needs to be done (pre-work), suggesting that we collectively discuss to share our thoughts, and mentioning that I will set up some time to achieve this. Then I immediately follow-up with a meeting invite, into which I embed that first email.

I haven’t heard any comments, good or bad, but it seems to be working.

What does everyone think, though? Am I spamming people and over-contributing to their already burgeoning inboxes? Am I solving a problem that people don’t actually have and unfairly assuming that everyone shares the same lack of organizational skills that I possess?

Let me know in the comments below, or contact me!

0 notes


Scott Forsyth's Blog - Windows Server 2008 R2 DNS Issues →

I use a service at home to unlock region-locked web content, particularly internet video. As I’ve mentioned previously, I run a Windows 2008 R2 server on our home network which is our domain controller, and (as a result) our DNS server too.

The service I use for unlocking content requires that you set the DNS server on the network to the values it specifies. That’s not viable for me because of course the client machines need to use the internal DNS server in order to be able to find the domain controller, but no problem - the windows server VM can act as the DNS server just fine, handle requests relating to the internal network domain itself, and forward everything else off using the forwarders I specify (which come right from my content unlocking service).

This worked great until a few weeks ago, and then it suddenly stopped working.

I don’t know why and I’m not quite technical enough to fully grasp the details, but the problem was EDNS (whatever that is). The blog post I’ve linked above talks about it more depth, but the bottom line for me is that once I turned EDNS off everything worked fine.

0 notes


It’s been a while since I’ve shared one of my somewhat-humorous Friday updates, so I present for your viewing pleasure “Sh*t Project Manager’s Say”

We’ve certainly watched this a few times on my team at work and subtle references to it slip in all over the place. I don’t think I’ve previously shared it here though, so enjoy!

0 notes


5 Keys to Effective Project Meetings →

I read the article (linked above) by Brad Egeland a couple of weeks ago, and I wanted to share it here because I agree with him, and I think these are great tips. They also apply to any meeting, not just project meetings.

The article also serves as a great reminder that project management is all about people. You could be the best in the world overseeing requirement elicitation for a project, turning that into a work breakdown structure, then a network diagram, then a project plan with schedule and cost baselines… if you can’t run an effective meeting then you’re unlikely to be able to successfully execute upon your plan. These are skills that cannot be forgotten about and the importance of which should not be minimized.

Here are five key practices you can follow to ensure your meetings are effective, well attended and convey the proper information while staying on track and on time.

Sometimes the operative word in your job title is “project,” but more frequently it’s “manager.”

My favourite piece of advice from Brad is the first one: Send out an advance agenda. Adding an agenda to every meeting I host has changed my life. The mere act of forcing myself to think carefully about the agenda ahead of time has inherent value for me, and you’d be surprised (or maybe you wouldn’t) how often giving this the right thought causes me to reevaluate in some way, maybe by adding or removing invitees, maybe by lengthening or shortening my planned meeting length, or maybe by changing the communication medium altogether and replacing the meeting with a phone call or an email. It also helps participants identify whether they really should be involved or not: maybe I’ve misunderstood someone’s role and they won’t have anything to contribute, or maybe there’s someone on their team that the meeting should be forwarded to for the benefit of obtaining whatever additional insight that person holds. It really helps make meetings effective and minimize the need for follow-ups.

To my mind, in fact, it’s so important that I would go a step further – or more accurately, take one additional step back: define a one-sentence meeting “purpose” up front as well, and share that in the invite too. It doesn’t have to be complicated by any means, but it’s a powerful tool to use if (when) a particular meeting starts to get off track, and it’s also something concrete to come back to at the end. Have we collectively achieved the defined purpose? If not, are we each clear on our individual next steps in order to move expeditiously toward that goal?

You can think of a meeting like a small project in its own right, if it helps: the meeting purpose statement is your project objective, and the agenda is the scope statement that flows from that. You could even include an “out of scope” section if you feel in advance there’s a risk of people getting off topic for one reason or another.

0 notes

Windows Authentication on External Websites

My home network is domain-based, and I’m running a Windows Server 2008 VM as the domain controller. I’ve written in the past about how to use PHP to do authentication using domain credentials, and that works great for some scenarios. As a case in point, I use Pydio to host a web-based file manager that allows me access to my files when I’m out and about. Pydio runs on a linux server VM on my home server, and it actually includes a built-in mechanism to authenticate against an LDAP server (the Windows domain controller) so I didn’t have to modify it with my PHP code. The principle is the same, though.


This is all good stuff for anything hosted on my home server, but what if that isn’t what I want? What if I want to host something on my external, public webserver, and still use my active directory credentials to sign in to it? And, while we’re at it, what if I want to be even more restrictive and limit access to a particular organizational unit within active directory?

As luck would have it, these are all problems that I solved this week. Read on!

Read More →
0 notes


Compiling Third-Party Modules Into Nginx →

I want my public web server, which runs nginx, to authenticate against my active directory server using LDAP. I’ve written in the past about how to use PHP to authenticate against active directory in this way, but there are a couple of problems: my active directory server isn’t accessible to the internet, and I want to use standard HTTP authentication instead of username and password boxes included on a webpage.

The answer, I think, is to put an authentication PHP script on my home server, make that available to the public web server through an SSH tunnel, and then use nginx’s Auth Request module to authenticate against it using the public server as a proxy.

This is - I hope - less complicated than it sounds. We’ll see, and I’ll post more if and when I’m successful, but the problem I’ve initially run into is that nginx in Ubuntu’s repositories doesn’t include the Auth Request module. I have remove nginx and re-install it from source, compiling it with the additional module included.

It’s a bit of a daunting process, but the page I’ve linked seems like it will take me through it step by step.

Wish me luck!

0 notes