STSADM (Part 1)

This is the first of three STSADM posts we have planned. This first post covers a number of commands that we commonly get questions about and/or use to resolve customer related issues.

Topics/Commands covered in this post:
Adding the path for stsadm (so you don't have to navigate out to the bin folder anymore)
stsadm Preparetomove
stsadm setproperty peoplepicker
stsadm Execadmsvcjobs
stsadm Migrateuser
stsadm Sync
stsadm Job-immediate-alerts
stsadm Provisionservice
stsadm EditSSP

1. Index of stsadm commands:

2. Adding the path to system variable

This allows you to run stsadm command from anywhere in the file system.  You don't have to change directories to c:\program files\common files\microsoft shared\web server externsions\12\bin.

Right click on My Computer

Choose Properties, Click the advanced tab | Environment Variables button.

Under System variables, double-click Path.

This is a list of paths separated by semi colons. Click in the Variable Value box and hit the "End" key to move the cursor to the end. Enter a semi colon (if there's not already one there, and paste in the path: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN.

Test it by opening a command prompt, and from any path, enter stsadm -? This should list out the syntax and all the operations available for stsadm.


3. Some less common (but very useful) commands:



stsadm -o preparetomove {-ContentDB <DatabaseServer:DatabaseName> | -Site <URL>} [-OldContentDB <uniqueidentifier>] [-undo]


-- Should be run prior to moving a content DB to another web app within the farm, or moving a site collection from one content DB to another. The -Site switch is needed for the latter.

EX: stsadm -o preparetomove -contentdb m4:m4_MOSS_content -site http://m4/sites/team



-- If you do not run this command prior to moving the content database, you will get Profile synchronization errors with event IDs 5555, 5553, and 7888.


All peoplepicker commands:


Syntax: stsadm -o setproperty

   -propertyname peoplepicker-searchadforests

   -propertyvalue <valid list of forests or domains>

   [-url] <URL>


EX: stsadm -o setproperty -url http://m4 -pn peoplepicker-searchadforests -pv ";", bar\admin, password



-- Permits a user to search from a second one-way trusted forest or domain.

All servers in a farm need to be within one domain. Users in the forest that the server is in (that is, a resource forest) are displayed automatically. Forests that have at least a one-way trust to that forest can be searched for users to add.

-- When a Web application uses Windows authentication, People Picker searches all two-way trusted forests and all two-way trusted domains. However, if you want to search from a one-way trusted forest or a one-way trusted domain, you must run the setapppassword operation, and then run the peoplepicker-searchadforests property.

-- The peoplepicker-searchadforests property allows you to search multiple values from PeoplePicker. You can add multiple forests, domains, accounts, and even specific property searches.  In the above screen shot, two domains will be searched.

-- As with all setproperty commands, if you enter the wrong property value or do not specify the URL, the tool will still come back and say "Operation completed successfully."  As a result, its best to test PeoplePicker to ensure that the command you entered is correct.

--In the above screen shot and syntax example, the quotation marks were moved around the entire property value (-pv).  This is done as it common for passwords to contain special characters that can cause the user specified to be unable to authenticate.


Syntax: stsadm -o execadmsvcjobs


EX: Stsadm -o Execadmsvcjobs



-- If you suspect a problem where timer jobs are not running on all WFEs, or if the SPAdmin service is disabled, run this command.

-- Executes all administrative timer jobs immediately instead of waiting for the timer job to run.

When the process account for the Windows SharePoint Services Timer service (SPAdmin) is disabled (necessary in some installations for security reasons), the execadmsvcjobs operation must be run on all computers to perform provisioning and other administrative tasks that would ordinarily happen by using the Windows SharePoint Services Timer service (SPTimer).


Syntax: stsadm -o migrateuser

   -oldlogin <domain\name>

   -newlogin <domain\name>



EX: stsadm -o migrateuser -oldlogin armory\User1 -newlogin armory\temp -ignoresidhistory

stsadm -o migrateuser -oldlogin armory\temp -newlogin armory\User1 -ignoresidhistory

Useful if user gets deleted and recreated in AD. You can migrate to a temp account, and then migrate back to the users real login name:



-- Migrates a user account in Microsoft Office SharePoint Server 2007 to a new login name and binary ID. If an entry for the new login name already exists, the entry is marked for deletion to make way for the migration. Migrates user access from one domain user to another.

-- If ignoresidhistory is not specified, the SIDHistory attribute will be queried from Active Directory, to ensure that the account specified in '-oldlogin' will be copied.



stsadm -o sync {-ExcludeWebApps <web applications> | -SyncTiming <schedule(M/H/D:value)> | -SweepTiming <schedule(M/H/D:value)> | -ListOldDatabases <days> | -DeleteOldDatabases <days>}



EX: stsadm -o sync listolddatabases 0


Notice there are a few that have not synched since 8/11/08, 7/25/08, and 12/10/08.


--This command lists the databases that have not synchronized with the SSP in zero days.


EX: stsadm -o sync deleteolddatabases 1


-- This will delete synch records for all the content DBs that have not synched in the last 1 day.


Now as you can see we only show DBs that have synched with the SSP today.


• M:<# of minutes>

• H:<# of hours>

• Set back to default (h:1) when done testing.

EX: stsadm -o sync -synctiming m:5



-- This is useful for testing synch problems. You can set the synch schedule to every 5 minutes instead of every 1 hour.


Syntax: stsadm -o setproperty

   -propertyname job-immediate-alerts

   -propertyvalue <A valid Windows SharePoint Services Timer service schedule>

   [-url] <URL>


Ex: stsadm -o getproperty -pn job-immeditate-alerts -url http://m4


Ex: stsadm -o setproperty -pn job-immeditate-alerts -pv "every 1 minutes between 0 and 59" -url http://m4



You can use this command to change the immediate alerts schedule (default 5 minutes). This is usful in testing alerts. You can change it to 1 minute so you don't have to wait 5 minutes between each change to see if it's fixed.



stsadm -o provisionservice

   -action {start | stop}

   -servicetype <servicetype>

   [-servicename] <servicename>


-- Useful for search issues to either reprovision services, for example: the Osearch service, or Office Server Web Services.

First run stsadm -o enumservices > c:\services.txt

This will output all services in the farm to a text file. You need to do this so that you can copy the service type out and use it in the command.


Then you copy the text between the <Type> tags for the desired service (highlighted above) and paste it in as the -servicetype parameter in the command.


Stsadm -o provisionservice -action start -servicetype "Microsoft.Office.Server.Search.Administration.SearchAdminSharedWebService, Microsoft.Office.Server.Search, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" -servicename SearchAdminSharedWebService




Syntax: stsadm -o editssp

   -title <SSP name>

   [-newtitle] <new SSP name>

   [-sspadminsite] <administration site URL>

   [-ssplogin] <user name>

   [-ssppassword] <password>

   [-indexserver] <index server>

   [-indexlocation] <index file path>

   [-setaccounts] <process accounts (domain\username)>

   [-ssl] <yes|no>


EX: stsadm -o editssp -Title M4SSP -indexlocation c:\MossIndex



This is useful for changing properties of the SSP. For example, it’s a good way to move the location of the search index.

4. Commands that are new (Between RTM and SP2) -  See STSADM (Part II)

5. Post-SP2 commands - See STSADM (Part III)