Journey Into the Aggregation Process Part 2

hope you are not feeling to weary just yet, as we embark on the second leg of the Sitecore Experience Platform data journey. In this leg of the journey we will see how the data points go from living in tables into bright, colorful, and insightful tables and charts. Understanding how these tables and charts populate will allow you to take control of your organizations data and make meaningful decisions to further engage customers.



Journey Into the Aggregation Process

Pack your bags and get ready for an exhilarating trip through Sitecore Experience Platform’s data aggregation process. This introductory post will help you and your team get on board with the basics of data movement as a site visitor becomes an important data point in understanding customer engagement with your brand.


Collapse and Expand the Accordion

One click, two click, three click, where is that field? Once a day, I get so lost expanding and collapsing field sections when working in Sitecore’s Content Editor interface, that my poor mouse almost takes a unplanned trip across the office. As the industrious Sitecore developer I am, I decided enough was enough. My decision lead to the creation of Custom Content Editor Buttons.

Requires Qualified Assembly Name, ugh!

You are plugging away at writing this super sweet class, to be used in your latest application, and then you hit the wall! Nothing builds because the configuration file requires a reference to the fully qualified assembly name…ugh!!!

The first thing you do is scratch your inner mind trying to recall what makes up this name. (At least that is what I end up doing every time.) It seems depending on what you are working on you will either need a four-part name or a ‘five-part name’.

The four-part fully qualified name consists of the following in the following order:

Assembly Name, Version=, Culture=culture code, PublicKeyToken=public key

(It is common for culture to be set to ‘neutral’ if there is nothing contained that is specific to a cultural style.)

What I consider the to be the five-part name is the four-part name with the namespace and class name that is being referenced prefixed.

Namespace.Class Name, Assembly Name, Version=, Culture=culture code, PublicKeyToken= public key

With the background details explained, how as a lazy programmer can we retrieve the fully qualified name without a lot of clicks? The old stand by use to be to fire up reflector, throw your assembly in and poof there was the four part assembly name, but any more finding a really good reflector is much more difficult (and there is a lot of extra clicking involved by using a second program.)

Visual Studio 2010 has a great feature in allowing you to set up single clicks from the menu bar and via hotkeys to external tools…which means a perfect fit for a simple PowerShell command.

  1. Go to Tools -> External Tools.
  2. The External Tools dialog box should open for you. Click Add.
  3. This will then generate a new value labeled [New Tool 1] and have it selected for you.
  4. In the lower half, provide a Tittle for the new tool such as "4-Part Name".
  5. In the Command, textbox you will enter the following
  6. In the Arguments, textbox enter the following
    -command "[System.Reflection.AssemblyName]::GetAssemblyName(\"$(TargetPath)\").FullName
  7. Select Use Output window to force the assembly name into the output window of Visual Studio.
  8. The completed dialog should resemble the following
  9. Click OK.
  10. Your command should now display under Tools.
  11. To get the four part name,
    1. Select the project or any file in the project from Solution Explorer or Solution Navigator
    2. Go to Tools –> 4-Part Name
    3. See the four part name displayed in the Output window

MSDN AssemblyName.GetAssemblyName()
MSDN Type.FullName
MSDN Details on Assemnly Names

Time to Populate

This is part 3 of 4 in generating a script to populate users and groups in Active Directory. Part 3 is all about populating the groups generated with users. The first two parts are:
Part 1 Adding Users to AD Via PowerShell
Part 2 Making the Perfect Group

Step 0 – Import the Active Directory Modules:
Before we can even begin to try out commands we must make sure the Active Directory Modules have been imported. You can skip actually importing by running the predefined PowerShell prompt with Active Directory, which can be found amongst your Administrator Tools on the server. Or the old fashion way and enter the commands.
PS C:\> Import-Modules active*

Step 1 – Find out about the Command
The command which will be used is Add-ADGroupMember. The TechNet details can be found at
This command allows for either groups, users, service accounts or computers to be added as members to the specified AD group. This cmdlet requires a ADGroup object, which can be returned via the -PassThru parameter when creating a new group(see part 2 for details on creating a new group) or retrieved from AD with the Get-ADGroup cmdlet.

Details on Get-ADGroup can be found on TechNet ( but just like all the commands we will be needing in part 4, I am going to highlight a few of the key parameters.

Get-ADGroup returns either a single group or can return multiple groups from AD. To get more than one group returned you will have to use the Filter parameter, while to retrieve a single group you will need to provide the Distinguished Name (DN), GUID, security identifier (SID), security accounts manager (SAM) name, or the canonical name.

  • Identity
    • This parameter defines which group or groups will be returned.
    • This value can be a distinguished name, object GUID, Security Identifier (objectSID), or Security Accounts Manager Account Name (sAMAccountName)
    • This is a required parameter.
  • Properties
    • If you want additional properties outside the default set returned, these can be defined with this property.
    • This will be a comma separated list of the attributes.
    • Or you can specifyasteriskrick (*) to get all set attributes returned
    • This is an optional parameter.
    • Example: -Properties OfficePhone,Organization
  • Server
    • This defines the AD DS server which the group should be returned from.
    • Value can be Fully Qualified Domain Name, NetBIOS,Fully Qualified directory server name and port
    • If no server is given the following rules are applied to identify the server:
      1. Server value is taken from any passed in values
      2. Server from the associated with the Active Directory PowerShell provider drive
      3. The domain of the computer running PowerShell
    • This is an optional parameter

Once you hretrievedeved the AD Group object of the desired group (either via Get-ADGroup or using tPassThruThry parameter when creating a new group) it is time to begin adding members to the group. The command used to add members to a group is Add-ADGroupMember. Members that can be added are users, groups, computers, or service accounts.

New members can be identified via distinguished name (DN), GUID, security identifier (SID), SAM account name, or an AD object variable. If multiple members are to be added to the group use a coseparatedated list as the value of the Members parameter. Values parameterseres can not be submitted to Add-ADGroupMember via the pipeline,to do this use Add-ADPrincipalGroupMembership cmdlet.

The details for Add-ADGroupMember can be found on TechNet at As with the other commands, I have pulled out some of the key parameters needed for basic usage of the command.

  • Identity
    • Specifies the AD group that members will be added to.
    • This value can be a distinguished name, object GUID, Security Identifier (objectSID), or Security Accounts Manager Account Name (sAMAccountName)
    • In addition to the the above options, this value can be an AD Group object or be passed in via the pipeline.
    • This is a required parameter.
  • Members
    • A separatederated list of the members to be added to the group.
    • Members can be users, computers, groups, and security accounts.
    • This value can be a distinguished name, object GUID, Security Identifier (objectSID), Security Accounts Manager Account Name (sAMAccountName), or AD object variable.
    • This is a required parameter.
  • PassThru
    • Returns an object of the group that has just been modified.
    • By default the command returns nothing, unless this parameter is listed.
    • This is an optional parameter.
  • Server
    • This defines the AD DS server to connect to.
    • Value can be Fully Qualified Domain Name, NetBIOS,Fully Qualified directory server name and port
    • If no server is given the following rules are applied to identify the server:
      1. Server value is taken from any passed in values
      2. Server from the associated with the Active Directory PowerShell provider drive
      3. The domain of the computer running PowerShell
    • This is an optional parameter
  • Credential
    • The actions performed by the cmdlet by default use the credentials ocurrentlyrrenly logged in account running it.
    • This parameter allows for a specredentialsntials to be used to run the command. It accepts only PSCredential object
    • This is optional parameter.

Step 2 – Get and Populate a Group

Now that we have an understanding of the commands needed, lets try them out. First this to do is get the group we want to add members to.
PS C:\>$myGroup = Get-ADGroup -Identity theCoolKids
Check that you got the group
PS C:\>$myGroup = Get-ADGroup -Identity theCoolKids

With the group to add members to, it is time to add those members to the group.
PS C:\>Add-ADGroupMember -Identity $myGroup -Members myTest2Name,SQLUser,SQLAdminGroup

There we have it, how to get a preexisting group out of AD and then add new members to it. The final part of the series will be combining all of these commands into a single script to read an xml file to load Active Directory.

ASP.NET Security Patch

Last week I cross-posted, about a security flaw in ASP.NET which could allow an attacker to get access to files on the server.

Microsoft has announced an out-of-band patch for this on Tuesday, September 28, 2010.

Here is the blog post from the Microsoft SharePoint Team blog with details and links.

x-post from the Microsoft Security Response Center blog — The download links for the security updates are in the Security Bulletin.

As we announced yesterday, today we released Security Bulletin MS10-070 out-of-band to address a vulnerability in ASP.NET. The bulletin and the blog by Scott Guthrie, corporate vice president of Microsoft’s .NET Developer Platform are available for more information.

This security update addresses a vulnerability affecting all versions of the .NET Framework when used on Windows Server operating system. While desktop systems are listed as affected, consumers are not vulnerable unless they are running a web server from their computer.

The update will be made available initially only through the Microsoft Download Center and then released through Windows Update and Windows Server Update Services within the next few days. This allows customers the option to deploy it manually now without delaying for broader distribution.

For customers who use Automatic Updates, the update will be automatically applied once it is released broadly. Once the Security Update is applied, customers are protected against known attacks related to Security Advisory 2416728.

If you can, please join me and Dustin Childs today for a live webcast where we will cover the details of this bulletin and take customer questions live. Here is the registration information:

Date: Tuesday September 28, 2010
Time: 1:00 p.m. PDT
Click Here to Register

Dave Forstrom
Director, Trustworthy Computing

Big Security Hole for SharePoint Servers

You may have already read this somewhere out there, it is making the rounds across the Twitter-phere, blogs, and news. But I felt it would be important to post, or I should say re-post the issue.

Executive Summary from Vulnerability in ASP.NET Could Allow Information Disclosure (

Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. Microsoft is aware of limited, active attacks at this time. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Scott Guthrie has an excellent post up regarding this vulnerability at As normal, he has gone through with code snippets to explain the issue and what you can due to protect your systems.

Good luck keeping your systems safe!