Search/Identify blocked file types in SharePoint

In SharePoint 2016 On-Prem, Microsoft has reduced the number of blocked file types from previous versions of SharePoint. It is totally different than the SharePoint 2010 / 2013. In SharePoint 2013, there are 105 default file types that are blocked by default but in SharePoint 2016, this number goes all the way down to 6. Interestingly, there is no blocked file type in SharePoint Online.


Block type references:

Small Script to find all blocked file types:

$path = "C:\DRIVERS";
$extensitons = @("*.ade","*.adp","*.asa","*.ashx","*.asmx","*.asp","*.bas","*.bat","*.cdx","*.cer",`

Get-Childitem -r -path $path\* -include $extensitons | %{$_.fullname}

#Optionally push results to a text file
#Get-Childitem -r -path $path\* -include $extensions | %{$_.fullname} > C:\File_Extensions.txt


“Replicating Directory Permissions” to the User Profile Synchronisation account

Self Note:

To create SharePoint managed service accounts see –

Steps to add “Replicating Directory Permissions” to the User Profile Synchronisation account

1> Open “Active Directory Users and Computers”.  Right click on the domain name in the management console and select “Delegate Control…”



2.> On the “Delegation Control Wizard” click “Next” > On the “Users or Groups” screen used to delegate control.  Click “Add” and add your User Profile Sync account.  Click “Next”.


3.> On the “Tasks to Delegate” screen select the option “Create a custom task to delegate” > “Next”.


4.> On the “Active Directory Object Type” screen accept the default settings and click “Next”.


5.> On the “Permissions” screen check the box to allow “Replicate Directory Changes” and Click “Next”.  The last screen is for review and select “Finish”

To verify that this account got the right settings, run the following script:

import-module ActiveDirectory

# Functions to check AD Accounts has permissions  - I need to change Tobias Lekman's script to work for my environments - this is based on his script
function Check-ADUserPermission(
    $dse = [ADSI]"LDAP://Rootdse"
    $ext = [ADSI]("LDAP://CN=Extended-Rights," + $dse.ConfigurationNamingContext)
	$domain =$env:USERDOMAIN

    $right = $ext.psbase.Children |
        ? { $_.DisplayName -eq $permission }

    if($right -ne $null)
		$mvar = $entry.psbase.ObjectSecurity.Access;
		$objUser = New-Object System.Security.Principal.NTAccount($domain, $user)
        $perms = $entry.psbase.ObjectSecurity.Access |
            ? { $_.IdentityReference.Value.ToLower() -eq $env:USERDOMAIN.ToLower() + "\" + $user.ToLower() } |
            ? { $_.ObjectType -eq [GUID]$right.RightsGuid.Value }

        return ($perms -ne $null)
        Write-Warning "Permission '$permission' not found."
        return $false

# Functions to check AD Accounts has Replicating Directory Changes permissions  - based Tobias Lekman's script
function Check-ReplicateChanges([string]$userName)
	$replicationPermissionName = "Replicating Directory Changes"
	$dse = [ADSI]"LDAP://Rootdse"
    $entries = @(
        [ADSI]("LDAP://" + $dse.defaultNamingContext),
        [ADSI]("LDAP://" + $dse.configurationNamingContext));
    Write-Host -ForegroundColor Blue " User '$userName': "
    foreach($entry in $entries)
        $result = Check-ADUserPermission $entry $userName $replicationPermissionName
            Write-Host "   has '$replicationPermissionName' permissions on '$($entry.distinguishedName)'" `
                -ForegroundColor Green
            Write-Host "   does NOT have '$replicationPermissionName' permissions on '$($entry.distinguishedName)'" `
                -ForegroundColor Red
			# check if the user is a domain admin
			$user = New-Object System.Security.Principal.WindowsIdentity($userName)
			$WindowsPrincipal = New-Object System.Security.Principal.WindowsPrincipal($User)
			{   Write-Host "   is a Domain Administrator" -ForegroundColor Green }
				Write-Host "   add 'replication permissions' or a work around (less secure) is to add the User Profile Sync account as a local admin " -ForegroundColor Red
				Write-Host "   see for instructions to setup accounts and replication" -ForegroundColor Red





The required path is working just fine, so I am not going to bother much about the rest of the path.

Fleanser – improves our productivity in migrating file shares to SharePoint Online

HuonIT excels in File Share migration projects with the introduction of custom developed cleansing and mirroring tool. Internally named Fleanser v1.0.

Our tool replaces part of the functionality provided by ShareGate solutions in migrating file share to SharePoint online environment.

Fleanser runs, various analytic operations in file paths to cleanse and shorten them intelligently when required. It also generates various analytic reports during cleanse process to back track on action applied against each file/folder members.

We tested our first version of this tool (functional edition) today for a client and we immediately saw the value we could add to our customers.

Proud to be a creator of this tool. We have already planned to add more functionalities to this tool in the subsequent releases.


Copying Directory Structures without Files

I am in the process of uploading huge amount of files and folder structure to SharePoint libraries using OneDrive client. for this work, I need to refer to the existing file share structure many times without having to copy terabytes of data.

Here is my little utility code:

robocopy D:\Egnyte D:\TargetEgnite /e /xf *

Resulting Folder Structure:


PowerShell Upload File to Style Library & Sub-Path Location

function UploadFile2StyleLibraryLocation($WebUrl, [String] $SourceFilePath, [String] $StyleLibrarySubPath) { # Open web $web = Get-SPWeb $WebUrl $file = Get-Item $SourceFilePath write-host "Started Uploading File..." $file.FullName # Open file $fileStream = ([System.IO.FileInfo] (Get-Item $file.FullName)).OpenRead() # Open Style Library $folder = $web.getfolder("Style Library") # Check whether the file is already exists? $File2Replace = $web.GetFile($folder.Url + $StyleLibrarySubPath + $file.Name) if($File2Replace.Exists -eq $true){ $File2Replace.CheckOut() } # Add the file $spFile = $folder.Files.Add($folder.Url + $StyleLibrarySubPath + $file.Name, [System.IO.Stream]$fileStream, $true) # Check in $spFile.CheckIn("Checkin by deploy script 1.7.0") # Finally publish the file $spFile.Publish("Published by deploy script 1.7.0") $MessageFilePath = $WebUrl + "/" + $folder.Url + $StyleLibrarySubPath + $file.Name $MessageFileName = $file.Name write-host $MessageFilePath write-host "Successfully uploaded file $MessageFileName" $fileStream.Close(); $web.Dispose() }



UploadFile2StyleLibraryLocation -WebUrl "http://win12sp13"` -SourceFilePath "C:\mywork\pwcs-customer\Phase2Development-V1_7_0\Readify.Pwcs.Deployment\V1.7.0\_package\Deploy\Content\promotion.js"` -StyleLibrarySubPath "/Readify/ClientTemplates/"

Disable Mobile View on all SPWeb

Param([string]$WebUrl) if($WebUrl -eq ""){ write-host "Please input `$WebUrl` parameter value." -ForegroundColor Red; exit -1 } [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null $WebApp = Get-SPWebApplication $WebUrl foreach($site in $WebApp.Sites){ foreach($web in $site.AllWebs){ $WUrl = $web.Url; Write-Host "Disabling mobile view on web - $WUrl..." -ForegroundColor Gray -NoNewline Disable-SPFeature -identity "d95c97f3-e528-4da2-ae9f-32b3535fbb59" -URL $WUrl -Force -Confirm:$false -ErrorAction SilentlyContinue write-host "done." -ForegroundColor Green } } Write-Host "End of exection" -BackgroundColor Green -ForegroundColor White

Downloading Azure Subscription File

This approach is useful for scenario where you work on a client workspace, where you don’t directly sign to root level Azure management portal. This was tested on Chrome.

Once after you login to client workspace level:[YOURCLIENTNAME]

On the same browser copy the following url and hit enter:

you will notice the subscription file related to the client workspace getting downloaded.


The usual approach for this, when you have root level azure management access:

  • Set the Windows PowerShell script execution policy to RemoteSigned:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

  • Import the Windows Azure PowerShell module:

Import-Module Azure

  • Download the Windows Azure Publish Settings file for your Windows Azure subscription. When you run this cmdlet, a web browser launches and asks you to sign in. Sign in with the same user name and password credentials that you used when you activated your Windows Azure subscription.


Note  When you save your Publish Settings file, specify a short easily-typed file name to save your file.

Add Feature (Install) IIS on a Windows Server

Import-Module ServerManager
$features = @(
Add-WindowsFeature $features -Verbose