Policies assigned to groups - membership changes not working

Similar Messages

• Unable to edit Distribution Group membership via Outlook (works via ECP).

  SITUATION: I am attempting to enable the ability for specified users to edit the membership of Exchange 2010 distribution groups via Outlook 2010.  I have configured permissions via RBAC for them to be able to do this by following the instructions and
  running the script found here:
  http://msexchangeteam.com/archive/2009/11/18/453251.aspx
  After running the script, users specified as group managers are able to edit group membership through the ECP.  But when they attempt to do so via Outlook, they receive the same message that they would see if the permission to edit group membership
  was not enabled:
  "Changes to the public group membership cannot be saved.  You do not have sufficient permission to perform this operation on this object."
  QUESTION:  Does anyone have any idea as to why we are still unable to edit group membership via Outlook, when all the permissions appear to be enabled doing so?

  Click Start
   Collapse this imageExpand this image
  , point to All Programs , point to Exchange Server 2010 , and then click
  Exchange Management Shell .
  At the command prompt, run the following cmdlet:
  New-RoleGroup DistributionGroupManagement -Roles "Distribution Groups"
  At the command prompt, run the following cmdlet:
  Add-RoleGroupMember DistributionGroupManagement -Member <var>UserName</var>
  Open Outlook and try to remove from your distribution list those members that you could not remove before

• My "Group" feature is not working in Pages 5.0.1. Any help here?

  My "Group" feature is not working in Pages 5.0.1. Any help here?

  Many site issues can be caused by corrupt cookies or cache. In order to try to fix these problems, the first step is to clear both cookies and the cache.
  Note: ''This will temporarily log you out of all sites you're logged in to.''
  To clear cache and cookies do the following:
  #Go to Firefox > History > Clear recent history or (if no Firefox button is shown) go to Tools > Clear recent history.
  #Under "Time range to clear", select "Everything".
  #Now, click the arrow next to Details to toggle the Details list active.
  #From the details list, check ''Cache'' and ''Cookies'' and uncheck everything else.
  #Now click the ''Clear now'' button.
  Further information can be found in the [[Clear your cache, history and other personal information in Firefox]] article.
  Did this fix your problems? Please report back to us!

• Project Server 2010 - Project Permissions - Users and Groups filter is not working

  Hi,
  While giving permissions from project center ribbon on a project - Users and Groups filter is not working, we are not able to filter any user.
  I am not sure why this error is occurring  i tried giving permissions by opening the project  but still the same filtering is not happening. Below is the screen shot
  We have installed Service Pack 2 and June 2014 CU recently will this effect ?
  Can any one throw some light on this??
  Geeth If you feel that the answer which i gave you is Helpful please select it as Answer/helpful.

  Hi Geetha,
  Which IE version are you using? First I'd try to add the URL to the compatibility mode sites, then to the trusted sites (if it is not done already). Then I'd try to set the default browser as IE8 or 9 (pressing F12, developer tool).
  Hope this helps,
  Guillaume Rouyre, MBA, MVP, P-Seller |

• My adobe presenter redemption code (creative cloud) membership does not work.

  my adobe presenter redemption code (creative cloud) membership does not work.  Each time I input my presenter code at creativecloud/redeem it returns a message 'ooops, this code has been redeemed.'

  I got both installed but on installing Presenter keeps giving errors that a previous version is installed on the computer and cannot proceed.  I verified that there is no previous version and keep redoing the install and get stuck AGAIN and AGAIN at this point.
  I also verified that I have the latest version of Flash on Chrome and I have the latest version.  Why is Adobe so all over on downloading/installing their products.  I (and other paying customers)  cannot waste more time on this very simple procedure just because the software packages are not packaged properly or. the teams in charge of ensuring the products DID NOT correctly package the products securely (with the updates included) and more importantly, ensured that the products were linked to user accounts who purchased them.

• Role membership rule not working

  Hi guys,
  When I create a role and assign 'membership rule' to it, the members are shown in preview screen.
  But they are not  show up in members screen of that role.
  My environment is 11gR2 SP1.
  It is working nicely in 11gR2 base. But from some bundle pack and after, it is not working.
  1. is it right?
  2. if then, why is it changed?
  3. and how shoul I assign members to role?
  (as a workaround I modified the memner arrtibute. => not working
  and restart OIM, => still not working
  and reboot the server.> still not working...)
  can anyone help this?
  regards,
  dongsu

  J,
  It has been a critical issue in real customer project this year.
  Certainly we informed it to local oracle team and they says it is intentional change and we have to accept it.
  (means create role first and read in users by trusted recon from source again.. bra bra..)
  But I do not get any documented information about it.
  Actually in BP4 (may be..) if I change any attribute value of that user who supposed to  belongs to that role, then it works.
  But in BP7 and now in PS1, even that approach do not working.

• AD Group Permissions do not work

  SP 2k10 on Windows Server 2k8 R2.
  My site and everything is functional only to Site Collection administrators or individual AD users that I add directly to the site permissions.
  For instance;
  Scenario #1: test.user is a member of the Domain Users AD group. I created a SharePoint group called Portal Readers and give it read access to the entire Site Collection. I then add the Domain Users AD group to the Portal Readers SharePoint Group. Test.User
  gets Access Denied to the portal page. If I check permissions in the site permissions it says test.user has none.
  Scenario #2: If I remove the Domain Users AD group from the Portal Readers SharePoint group then add just the test.user AD account to the Portal Readers SharePoint Group everything works fine. I check the permissions in the site permissions and it says test.user
  has read from the Portal Readers group. I thought maybe this was a token cache issue so I took everything out, came back the next day and reconfigured Scenario #1 then let the server run all weekend. I come back in on Monday and I have the same symptomology.
  I don’t have any health issues in Central Admin nor any Red events in the event viewer. This is a pretty generic SharePoint install, nothing special the same way I’ve done it many times before without issue.
  What am I missing?

  Hi signalwarrant,
  Whether you are using Claims authentication.
  The claims based token is refreshed every 10 hours and hence if you make any changes to Active directory group memberships it won't reflect immediately in the token. you need to run the following powershell command to adjust the token life time to a smaller
  value.
  $sts = Get-SPSecurityTokenServiceConfig
  $sts.WindowsTokenLifetime = (New-TimeSpan –minutes 60)
  $sts.FormsTokenLifetime = (New-TimeSpan -minutes 60)
  $sts.Update()
  IISRESET
  More information, please refer to the link:
  http://www.shillier.com/archive/2010/10/25/authorization-failures-with-claims-based-authentication-in-sharepoint-2010.aspx
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• Not inheriting group membership / users not showing in workgroup "Everyone"

  Hi,
  In the new OS X Lion Server Profile Manager, there is a default group called Everyone, that should contain all users.
  However, it only shows the first user I created (UID 1025).
  Users created after that are not automatically added to the group Everyone
  I can assign these newer users to a Workgroup I created myself, but since they are absent in the Everyone group, I cannot assign devices to these users, and thus not properly manage these users and their devices.
  Using Workgroup Manager to check on the membership of the users with UID>1025 I see that the inherited workgroup membership of Users (GID 403) is missing.
  How can fix a problem with the inherited group membership of users?
  Thanks in advance.
    Patrick

  did you configure the people picker
  http://technet.microsoft.com/en-us/library/gg602075(d=lightweight,v=office.14).aspx#section4
  http://jaredmatfess.wordpress.com/2013/02/26/sharepoint-2010-people-picker-is-having-a-hard-time-finding-people/
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog
  No need to configure the People Picker in a full trust between domains of the same forest.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• AD Security Group name change not showing in Sharepoint 2010

  Hi!
  We have a Sharepoint 2010 Standard enviroment and are heading for a role-based identity-managment in our company. That's why we find it better to use AD Groups instead of Sharepoint Groups.
  So we have over 1000 AD Security Groups groups that have been added to our Sharepoint Sites and our goal is to control every permission in Sharepoint from AD.
  I have done all this with the combination of Excel and Powershell and it have worked great.
  The problem i see in the long run is the name change of AD Security Groups. Sharepoint 2010 isn't showing the new name of the group.
  Does anyone know of any workaround that can solve this problem. It's a bit of a disappointment that Microsoft haven't fixed this. The only information i think they should store in Sharepoint is the SID of the groups.
  I was thinking of designing a powershell script that runs every night and updates the display name of the groups that do not match the AD display name.
  Is there any other way?

  As far as I know, and I'm not sure where to go from here without testing on my own...and I'm not sure when I'll be able to do that.  Perhaps a configuration issue.
  Have you tried removing the incorrectly named group and adding in the correctly named one?
  Read through this related post: 
  http://social.msdn.microsoft.com/Forums/en-US/sharepoint2010general/thread/49dc833f-4127-45ac-bd21-98b04d3632ef
  Looks like that can help you.  Let us know how things go.
  Colorless Green Ideas Sleep Furiously http://www.sharepointnerd.com

• User Group Membership change Alert

  As a system administrator, I will like to be alerted when a user's group membership has changed on the domain. Can Spiceworks compare the imported memberships in its database with AD and alert me when they do not match? Below is an image of the information that SW imports which could be used for this comparison.
  This topic first appeared in the Spiceworks Community

  Assuming you know the dn of the groups to remove the person from and add them to, and the dn of the person to move, you should be able to do something similar to:
  Attributes attrs = new BasicAttributes(true);
  Attribute uniquemember = new BasicAttribute("uniquemember");
  uniquemember.add("uid=user,o=domain.com"); //add user to move to attribute
  attrs.put(uniquemember);
  DirContext ctx = //connect to your ldap dir
  try{
       ctx.modifyAttributes(groupToRemoveFromDN, ctx.REMOVE_ATTRIBUTE, attrs);
       ctx.modifyAttributes(groupToAddToDN, ctx.ADD_ATTRIBUTE,attrs);
  catch (NamingException ne) {
       //return error appropriately
  try{
       ctx.close();
  catch (NamingException ne) {
       //do what you want with error
  }You also might want to check out the JNDI tutorial at http://java.sun.com/products/jndi/tutorial/index.html
  --Nicole

• Get AD group membership doesn't work for global groups

  I want to pull the group membership for OBIEE directly from AD.
  This has been covered in many blogs and forums, no problem, I've found some user created functions - basically all of it uses
  DBMS_LDAP package methods
  with one exception that additionally to it also uses
  DBMS_LDAP_UTL.get_group_membership
  ALL THOSE functions work BUT I've verified it with the actual group membership from AD or adfind tool (http://www.joeware.net/freetools/tools/adfind/index.htm)
  The list returned by Oracle packages doesn't match, or to be exact only partially matches the factual AD list.
  I've done some research and found there are three types used for defining group's scope by AD:
  Domain Local, Global, or Universal
  (http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx)
  leaving the first one out of the scope as we don't use it
  - I've verified and found ALL missing ONES are defined as GLOBAL
  All the Oracle funcitons I've found correctly pulls only UNIVERSAL group memberships and none of GLOBAL
  Microsoft documentation says that both of them (Universal and Global) have forest-wide visibility....
  and so AdFind can list both..
  so why Oracle limits the search to UNIVERSAL ones only?
  Maybe it's a matter of initialize those DBMS_LDAP packages differently or passing slightly different parameters??
  I've really tried a lot of this code in different combinations but no joy
  Has anyone got some ideas?

  ...I try to block the usage of the command prompt only on this server.
  I have the same question as jrv: Why? It doesn't increase security. The command prompt is a program, not a security boundary.
  Disabling the command prompt does NOT increase security
  -- Bill Stewart [Bill_Stewart]

• Maxl statement (display user in group all;) is not working.

  Hello,
  Hyperion version 9.3.1 upgraded to 9.3.3. Not sure the below issue is because of this
  I have an interesting issue with a maxl statement : "display user in group all;". When I execute this statement through command prompt doing essmsh, it does give out any records and also doesn't end. I will have to end it with ctrl+c.
  When I execute it through EAS console, then EAS console just hangs.
  But, if I try to retrieve the users from groups individually ( I mean "display user in group 'examplegrp';"), then its working fine and throwing out the records.
  It is giving me a hard time and my dumb mind not able to figure it out.
  Any ideas please?
  Thanks

  Hi CL, Yes I ran it on the Essbase Server. We actually set it up through a scheduled batch script which was perfectly fine till last month (I guess). We noticed this just a week ago. The only change we had in our environment is that we upgraded 9.3.1 to 9.3.3 recently. Not sure whether it is making any difference.
  Thanks,
  KK

• Currency conversion with Group consolidation does not work

  Currency Conversion WITHOUT group consolidation works (script logic reads CURRENCY = %GROUPS_SET%) which puts out values in USD. The values were translated correctly as per the exchange rates.
  Now, since we need consolidation, I ran currency consolidation WITH group consolidation (I changed the script logic to read GROUP = %GROUPS_SET%). FXtrans package runs successfully with 0 records (0 submitted, 0 success, 0 fail).
  I also referred NOTE 1519146.
  Please advice.
  Thanks,
  Tagz

  Hi,
  You can try to use %GROUPS_DIM% or the dimension name directly in the dynamic script as suggested.
  And also try after modifying your currency conversion script as GROUPS = %GROUPS_SET%. If this does not work please try
  by hardcoding GROUPS=Value in the script and let us know how it works.
  Hope this helps.
  Regards,
  Shoba

• Transfer Order auto create for Posting Change not working

  Hello Gurus -
  When we release an inspection lot from "Q" status, it creates a posting change notice, and we have it configured to create a TO in the background to the same bin, and auto confirm.  The desired and intended result is to take something from "Q" status to unrestricted status, while keeping it in the same bin - and avoiding the user having to deal with the transfer orders.  Essentially it is seamless and all in the background, the user just sees that he has changed something from quality status to unrestricted.
  It works fine when the entire quantity is selected for the usage decision, but when a partial usage decision is made, the transfer order does not create - and requires processing in LU04 for the posting change.
  Why would this work for an entire qty, but not work for a partial qty - and simply require someone to go in to LU04 and hit "create transfer order" - with no additional information?
  Any help would be most appreciated.  Does it have something to do with a setting of quants?

  Hi,
  In case of a usage decision for a partial quantity, it is not possible to create the Transfer Order for the generated posting change notice automatically. This is only possible when the full quantity is released. The same happens if you release a partial quantity and post the rest to blocked stock or scrap. The reason is, there needs to be a user decision, which part of the quantity has to be posted, this is necessary for example when the quantity is distributed in the warehouse over many storage bins. But even if the full quantity is on one storage bin, there is no automatic TO creation. You can see this also in the online
  processing (LT05), in case of partial quantities you have to enter the selected quantity in the quant list, for a full posting this is not necessary.
  Hope this helps,
  Sinéad Curran

• Group contacts did not work correctly since IOS 6

  Hi Guys,
  since update from IOS 5.1.1 to IOS 6.0 it isn't possible to show groups in Contact seperatly.
  Neither on my IPHONE 4 and now on my IPHONE 5.
  In IOS 5.x.x it was possible to list seperate groups.
  I tried this with my ICLOUD Account and also with my GMAIL Account.
  I need to have different group lists for my work - e.g "Private", "Work", ...
  In IOS 5.x.x it was possible to list the contact folder, than  click on "groups" and there it was possible to select the group i wanted.
  Than I've only seen the contacts from the selected group.
  Now since update to IOS 6 it doesen't work like this. There is only the opportunity to mark or unmark a contact group to list it seperately.
  Can You explain how this is going to work on IOS6 ??
  Or do You know an application to group contacts seperatly.
  I set up my GMAIL Account as "Exchange Account" to see the contact groups.
  It's nessecary that it syncronises correctly with my GMAIL Account, because I also use an IPAD.
  I've over 250 contacts, so it has to work correctly.
  I can't understand, why apple removed this feature in IOS 6.
  I hope you know what I mean.
  Very nice greetings
  Roland

  Do you really have them all? I created a group I wanted and synced the phone. Now my phone contacts has 2 groups, all contacts and phone contacts. However, when I scroll to the bottom of the contacts list, both show the same 164 contacts, not all the 470 contacts in my address book. I have just the contacts I wanted, but it is confusing by having the "all contacts" list on the phone. They are really just the same lists.