none
Active Directory Security Groups Displaying in People Picker

    שאלה

  • I have anissue with a few of my security groups displaying all information in the people picker of SharePoint. I have a Global Security Group in active directory that I have recently added an email address (originally did not have email field filled out). The email does not show in SharePoint people picker and I am assuming because of that if I try to use that group in a workflow I receive error on not being able to send emails to that group.

    In testing I did add a new test security group with the same settings of the non-working group and everything seems to update just fine in SharePoint. I can add or remove the email in active directory and immediately see the changed in SharePoint.

    This is happening to a customer of our and I am able to duplicate the problem in our development environment. It seems that older groups (once created before sharepoint) do not update, only those created after sharepoint get updated (just an idea).

    Any Help would be great.

    THANKS



    • נערך על-ידי Phillip6653 יום שישי 13 אפריל 2012 14:02
    יום חמישי 12 אפריל 2012 13:37

תשובות

  • failed to notice that it is ad group instead ad user, i remember that i could not import ad group into SharePoint 2010 user profile service application either.

    My test result in a classic windows authenticate web application is that when you grant ad group permission for SharePoint site for the first time or assign task list item to ad group for the first time, the ad group is added into the site collection user information list. After that, if you change email address for the group in AD, it out be out of sync with the user information list.

    i tried the set-spuser -id $user -syncfromad cmdlet described in http://blog.falchionconsulting.com/index.php/2011/12/updating-sharepoint-2010-user-information/ , but it gives "cannot get the full name or e-mail address of user" error. i guess it is because that $user is an ad group instead of ad user.

    Anyway, i set the Email property for SPUser manually with powershell:

    $user.email="adgroup@domain.com" 

    $user.update()

    It works. Now, the email address appears in user information list and peoplepicker.

    In short, it seems that if the user/group is in user information list, the people picker will get information from user information list instead of AD.


    יום חמישי 19 אפריל 2012 03:54
    מנחה דיון

כל התגובות

  • Phillip,

    Could elaborate more on your problem? I can not understand what you exactly want to do?

    Regards,

    Hiren

    יום שני 16 אפריל 2012 14:10
  • Phillip,

    Check your crawler to make sure you are not ecluding any particular type of groups, you can also specify what fields you want from AD.

    Luke

    יום שני 16 אפריל 2012 14:26
  • I have a group in AD that is a global security group. This group originaly did not have an email associated with, once an email was added to the group I checked SharePoint through the people picker and the email is not being displayed. If I am correct this security group has been around for awhile posibly before sharepoint.  To test I created a new group without putting an email in, checked SharePoint and the group was their. I then went to AD added the email to the group, checked sharepoint and the email was their.

    To sum this up, one AD security group will update the email in ShatePoint people picker and one will not.  I can not think of why the older group will not update.

    People picker is more of a direct link to AD correct? Their is no sync or service or timer job that controls that correct?

    Thank you for your help.

    יום שלישי 17 אפריל 2012 02:29
  • could you please check if the Email addresses (both those work as expected and those not in peoplepicker) exists in the site collection hidden user information list first?

    you can find the list in SharePoint designer 2010->all files->_catalogs->users, or with the URL /_catalogs/users/detail.aspx

    יום שלישי 17 אפריל 2012 09:32
    מנחה דיון
  • The users that work show the email in the user list and the ones that do not do not show in the user list.

    יום שלישי 17 אפריל 2012 13:30
  • Then exam/run the User Profile Service Application - User Profile to SharePoint Full timer job to synchronize email address from user profile service application to site collection user information list.

    And you should also make sure that the email address is synchronized from AD to SharePoint sucessfully. You can view user profile information in user profile service application through Central Administration->Manage Profile Service: User Profile Service Application->Manage User Profiles.

    If the email address is not in user profile service application, please check if you had maintained user profile synchronization correctly:http://technet.microsoft.com/en-us/library/ff681014.aspx

    יום רביעי 18 אפריל 2012 05:17
    מנחה דיון
  • I have not checked the user profile yet but wanted to ask a question first.

    Please let me know if I am wrong but I did not think that userprofile did not effect groups in people picker.  The only reson that I ask is because when  i create a new group in AD it is added right away and the same if I add or remove some group email, they are added right away.  Because of that I did not think they were dependent on the Timer Job and Use rProfile.

    יום רביעי 18 אפריל 2012 18:58
  • failed to notice that it is ad group instead ad user, i remember that i could not import ad group into SharePoint 2010 user profile service application either.

    My test result in a classic windows authenticate web application is that when you grant ad group permission for SharePoint site for the first time or assign task list item to ad group for the first time, the ad group is added into the site collection user information list. After that, if you change email address for the group in AD, it out be out of sync with the user information list.

    i tried the set-spuser -id $user -syncfromad cmdlet described in http://blog.falchionconsulting.com/index.php/2011/12/updating-sharepoint-2010-user-information/ , but it gives "cannot get the full name or e-mail address of user" error. i guess it is because that $user is an ad group instead of ad user.

    Anyway, i set the Email property for SPUser manually with powershell:

    $user.email="adgroup@domain.com" 

    $user.update()

    It works. Now, the email address appears in user information list and peoplepicker.

    In short, it seems that if the user/group is in user information list, the people picker will get information from user information list instead of AD.


    יום חמישי 19 אפריל 2012 03:54
    מנחה דיון
  • THank you,

    I am a beginner to PowerShell so to be clear I would need something that defined the $user correct? For example...

    $user = ITdepartment

    $user.email="itdepartment@domain.com"

    $user.update()

    • הוצע כתשובה על-ידי srituraj יום שלישי 05 מרץ 2013 19:17
    יום חמישי 19 אפריל 2012 19:28
  • get-spuser -web http://yoursharepointwebsiteurl

    $user=get-spuser -web http://yoursharepointwebsiteurl |where {$_.DisplayName -like "TheUserDisplayNam*"}

    יום שישי 20 אפריל 2012 01:33
    מנחה דיון