CSOM ; Security Groups ; Role Manager Claim Identity RRS feed

  • Question

  • Hi,

    Within the SharePoint O365 Admin portal I have created some security groups.  I would like to add one or two of the security groups to a chosen subsite SharePoint group on a specific action.  

    My problem is that I cannot seem to be able to locate how to find my security groups using the CSOM API.  It is not in the list of users (yes I did say users, they are returned as users I believe with a principal type of security group) in TenantAdminWebSiteDomainPath, TenantWebSiteDomainPath, SiteCollectionUrl or the SiteUrl?

    Now that wouldn't be a problem if I could discover the role manager claim identity. As I have discovered that I can add the security group to the SharePoint group if I use the following claim encoded identity as per below.  I discovered this identity by manually adding via the web application, yes the web application can see the security groups that I have created via Admin which makes this even more confusing.

    The second login name below does not work which is a shame as I could derive this. The initial login name - role manager claim does work however.  I just need to find a way of discovering the role manager claim encoded identity for a given security group.

                    var user = new UserCreationInformation
                        LoginName = "c:0-.f|rolemanager|s-1-5-21-3374343676-3451180696-2017581922-67753845",  // YES
                        //LoginName = "i:0#.f|membership|securitygroupname",  // NO
                        Title = "XYZ"

    I hope this makes sense, I been looking at this problem for the best part of today and I am a relative O365 SharePoint newbie so maybe I missed something?




    • Edited by MattJordan Friday, April 29, 2016 3:11 PM
    Friday, April 29, 2016 3:04 PM

All replies


    I discovered the solution utilising the SPWeb.EnsureUser method, example below just in case anyone else runs into the same problem.

    var colGroup = spSite.SiteGroups;
    var spGroupcolGroup.GetByName(##yourSPGrpName##);
    var user = context.Web.EnsureUser(##yourADSecurityGrpName##);


    Tuesday, May 3, 2016 8:42 AM