none
Active Directory Security Groups Displaying in People Picker

    質問

  • I have anissue with a few of my security groups displaying all information in the people picker of SharePoint. I have a Global Security Group in active directory that I have recently added an email address (originally did not have email field filled out). The email does not show in SharePoint people picker and I am assuming because of that if I try to use that group in a workflow I receive error on not being able to send emails to that group.

    In testing I did add a new test security group with the same settings of the non-working group and everything seems to update just fine in SharePoint. I can add or remove the email in active directory and immediately see the changed in SharePoint.

    This is happening to a customer of our and I am able to duplicate the problem in our development environment. It seems that older groups (once created before sharepoint) do not update, only those created after sharepoint get updated (just an idea).

    Any Help would be great.

    THANKS



    2012年4月12日 13:37

回答

  • failed to notice that it is ad group instead ad user, i remember that i could not import ad group into SharePoint 2010 user profile service application either.

    My test result in a classic windows authenticate web application is that when you grant ad group permission for SharePoint site for the first time or assign task list item to ad group for the first time, the ad group is added into the site collection user information list. After that, if you change email address for the group in AD, it out be out of sync with the user information list.

    i tried the set-spuser -id $user -syncfromad cmdlet described in http://blog.falchionconsulting.com/index.php/2011/12/updating-sharepoint-2010-user-information/ , but it gives "cannot get the full name or e-mail address of user" error. i guess it is because that $user is an ad group instead of ad user.

    Anyway, i set the Email property for SPUser manually with powershell:

    $user.email="adgroup@domain.com" 

    $user.update()

    It works. Now, the email address appears in user information list and peoplepicker.

    In short, it seems that if the user/group is in user information list, the people picker will get information from user information list instead of AD.


    2012年4月19日 3:54

すべての返信

  • Phillip,

    Could elaborate more on your problem? I can not understand what you exactly want to do?

    Regards,

    Hiren

    2012年4月16日 14:10
  • Phillip,

    Check your crawler to make sure you are not ecluding any particular type of groups, you can also specify what fields you want from AD.

    Luke

    2012年4月16日 14:26
  • I have a group in AD that is a global security group. This group originaly did not have an email associated with, once an email was added to the group I checked SharePoint through the people picker and the email is not being displayed. If I am correct this security group has been around for awhile posibly before sharepoint.  To test I created a new group without putting an email in, checked SharePoint and the group was their. I then went to AD added the email to the group, checked sharepoint and the email was their.

    To sum this up, one AD security group will update the email in ShatePoint people picker and one will not.  I can not think of why the older group will not update.

    People picker is more of a direct link to AD correct? Their is no sync or service or timer job that controls that correct?

    Thank you for your help.

    2012年4月17日 2:29
  • could you please check if the Email addresses (both those work as expected and those not in peoplepicker) exists in the site collection hidden user information list first?

    you can find the list in SharePoint designer 2010->all files->_catalogs->users, or with the URL /_catalogs/users/detail.aspx

    2012年4月17日 9:32
  • The users that work show the email in the user list and the ones that do not do not show in the user list.

    2012年4月17日 13:30
  • Then exam/run the User Profile Service Application - User Profile to SharePoint Full timer job to synchronize email address from user profile service application to site collection user information list.

    And you should also make sure that the email address is synchronized from AD to SharePoint sucessfully. You can view user profile information in user profile service application through Central Administration->Manage Profile Service: User Profile Service Application->Manage User Profiles.

    If the email address is not in user profile service application, please check if you had maintained user profile synchronization correctly:http://technet.microsoft.com/en-us/library/ff681014.aspx

    2012年4月18日 5:17
  • I have not checked the user profile yet but wanted to ask a question first.

    Please let me know if I am wrong but I did not think that userprofile did not effect groups in people picker.  The only reson that I ask is because when  i create a new group in AD it is added right away and the same if I add or remove some group email, they are added right away.  Because of that I did not think they were dependent on the Timer Job and Use rProfile.

    2012年4月18日 18:58
  • failed to notice that it is ad group instead ad user, i remember that i could not import ad group into SharePoint 2010 user profile service application either.

    My test result in a classic windows authenticate web application is that when you grant ad group permission for SharePoint site for the first time or assign task list item to ad group for the first time, the ad group is added into the site collection user information list. After that, if you change email address for the group in AD, it out be out of sync with the user information list.

    i tried the set-spuser -id $user -syncfromad cmdlet described in http://blog.falchionconsulting.com/index.php/2011/12/updating-sharepoint-2010-user-information/ , but it gives "cannot get the full name or e-mail address of user" error. i guess it is because that $user is an ad group instead of ad user.

    Anyway, i set the Email property for SPUser manually with powershell:

    $user.email="adgroup@domain.com" 

    $user.update()

    It works. Now, the email address appears in user information list and peoplepicker.

    In short, it seems that if the user/group is in user information list, the people picker will get information from user information list instead of AD.


    2012年4月19日 3:54
  • THank you,

    I am a beginner to PowerShell so to be clear I would need something that defined the $user correct? For example...

    $user = ITdepartment

    $user.email="itdepartment@domain.com"

    $user.update()

    • 回答の候補に設定 srituraj 2013年3月5日 19:17
    2012年4月19日 19:28
  • get-spuser -web http://yoursharepointwebsiteurl

    $user=get-spuser -web http://yoursharepointwebsiteurl |where {$_.DisplayName -like "TheUserDisplayNam*"}

    2012年4月20日 1:33