Security group guidance

Hello,
I'm having all sorts of troubles getting security groups working within SharePoint. I'm aware of the various timeouts and caching that occur and have changed my WindowsTokenLifeTime to 30 minutes to pick up security group changes faster. However, I have
some areas in SharePoint where even after days, users in security groups with access to a site, library, or document still do not have access and they don't show up in Check Permissions. Also, I have some instances where a user, as a member of a security group
with access to a file, has access one day and then the next day does not. This happens for multiple users in multiple locations and I have no idea what's going on. 
Is there any guidance other than this about using AD security groups in SharePoint? 
http://technet.microsoft.com/en-us/library/cc261972(v=office.15).aspx
This is really messing with my head. 
Our farm is SharePoint 2013 SP1. Some of my security groups have nested security groups, some don't, and both have these issues. 
Thanks,
Aaron

I'm going to have to re-open this in a Reporting forum because this is so confusing.
So our setup is SSRS2012 on SharePoint 2013. We are doing item level permissions, which means we have an AD security group
Reports-All with Read to the Reports folder, then each actual report has unique permissions. We have a report with the
ProjectManagers AD security group on it with Read (plus some other stuff to let them manage subscriptions), and another AD security group
ProjectUsers with just Read access so they can open the reports. The data source used by this report has the AD security group I mentioned before,
Reports-All, with Read.
At a SharePoint level, things appear to work. When a user in ProjectManagers
or ProjectUsers browses to the library, they see only the 3 reports that those two security groups have permission to see (out of a lot more in the library). That means SharePoint is reading those security group memberships correctly
as far as I can tell.
The issue is when a user in ProjectManagers or ProjectUsers
clicks on a report, they get a reporting server based error message, and the ULS logs have an error specific to the user trying to run the report.
Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'MyDomain\MyUser' are insufficient for performing this operation. (Fault Detail is equal to Microsoft.ReportingServices.ServiceContract.RsExceptionInfo)
If I add that specific user with Read permissions to the report and the data source, they are then able to run the report without errors. It seems like some Report Server component is not liking the fact that I'm using security groups. 
Even though I'm going to put this elsewhere I figured I'd expand on my situation here in case it's an obvious solution to someone.

Similar Messages

  • Security Groups when in 'Project Server Permissions Mode' - Project Online

    Hi All,
    We have Project Online up and running, by default the PWA instance we added to O365 was in "SharePoint Permissions" Mode, we changed to "Project Server Permissions" Mode because of some complex security we need to configure. For some
    reason (different from Project Server 2013) Project Online creates a number of Security Groups by default that seem to be duplicates. For example for Administrators there are:
    - Administrators
    - Administrators for Project Web App
    - Web Administrators (Project Web App Synchronized)
    For Project Managers:
    - Project Managers
    - Project Managers (Project Web App Synchronized)
    - Project Managers for Project Web App
    And there is something similar for all the groups (compared to Project Server 2013):
    I have looked online, with no luck, for some guidance on what all these groups are and if I can delete some of them without causing PWA to crash.
    If anyone out there can point me in the right direction / send me some documentation or links it will be greatly appreciated!
    Thanks!
    Jorge

    Hi Jorge, I had the same thing on two different tenants within the last week - one today. I will just clean up the SharePoint groups manually. The ones with the descriptions are the correct Project Server permission mode groups... Hopefully Microsoft will
    fix this soon, you could raise a support ticket on your office 365 tenant - support is pretty quick! Paul
    Paul Mather | Twitter |
    http://pwmather.wordpress.com | CPS

  • Is there a way for an end user to see who has membership in a security group

    Windows Server 2008 R2
    Active Directory Domain
    Windows 7 workstations
    I am looking for a way that my end users can look at a folder security tab and then discover who has membership in the security groups listed.
    Is that possible? Any drawbacks or concerns?

    Hi Tod,
    Based on my research, other than viewing group membership in ADUC, we can use this PowerShell cmdlet
    Get-ADGroupMember GroupName and Net Group GroupName to view members in a group:
    However, these commands can only be used on Domain Controllers or when connecting to DCs remotely. That’s because accounts and account membership are stored on Domain Controllers, therefore we can only view group membership on DCs.
    More information for you:
    Viewing the Direct Members of a Group
    http://technet.microsoft.com/en-us/library/dd391915(v=WS.10).aspx
    Net group
    http://technet.microsoft.com/en-us/library/cc754051.aspx
    Best Regards,
    Amy

  • Not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365

    not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365?
    Any idea?

    after few days test in my lab, I can see that only email enabled group can be added as site collection admin using POWERSHELL.
    hope this helps who stuck like me!! :-)

  • Project Server 2010: PWA Removing Default Project Site Security Groups When Creating a New Project

    I looked for this specific issue with Project Server 2010/PWA/SharePoint and could not find an exact answer... hopefully someone can help.
    We are currently using Project Server 2010 and have a number of project site templates that are used dependent upon the enterprise project type selected. Each of these project site templates have unique permissions which should create the default security
    groups on the project site upon publishing/syncing:
    <Project Name> Members
    <Project Name> Owners
    <Project Name> Visitors
    <Project Name> Project Managers (Project Web App Synchronized)
    <Project Name> Team Members (Project Web App Synchronized)
    Web Administrators (Project Web App Synchronized)
    Whether a user creates a project through PWA or Project Pro 2010 and imports the project into PWA, we get a weird result in the Site Permissions of the newly created project site. PWA will remove all default security groups from the project site template
    and add a whole list of users in the Site Permissions list without groups. 
    Once the project is published and the project site is created, we can then go back and add those default security groups back in the project Site Permissions and even add a couple of custom groups without them being removed on all subsequent project syncs
    or publishing. 
    How do we get PWA to not overwrite the project site templates' security groups and place each user in the proper default security groups? At the same time, how is PWA adding a number of users into the Project Site Permissions?
    Thanks in advance.

    Paul,
    Thanks for that information. Right now we are using the Test environment to turn the Auto-sync feature back on. I suspect that the reason this is happening is due to PWA groups/categories/security templates. There may be more than one PWA group that is "overwriting"
    the default project site groups upon initial creation of the project. We will look further into the security settings to tighten up the policies. 

  • Security Group for SharePoint 2013 Online Enterprise 3

    I need to copy all the user account names from one SharePoint Security group to a different SharePoint Security group in the same single tenant.
    I can not figure out how to do this.
    Thanks.
    Dawn

    Call your local Microsoft office (any office may due, but info from your local office will be more accurate), and ask for the
    Account Manager for SMB (small to medium businesses) in the
    education sector.
    Scott Brickey
    MCTS, MCPD, MCITP
    www.sbrickey.com
    Strategic Data Systems - for all your SharePoint needs

  • Using a security group to add members to the collection question

    Hi,
    I have a collection created in SCCM 2007 that is using a security group for membership. So I added a computer to the security group in AD but when I go to SCCM and click on the collection I dont see the computer in the collection. Should it show here or
    because it is a security group based membership will it not show the members?
    THanks!

    Details from Active directory are added to SCCM database through discovery methods. Please ensure that AD security group discovery and AD system discovery are enabled in the primary site. If they are enabled, check the frequency set for these discovery
    methods. Once you added these computers to the AD group, you need to wait till the next discovery cycle before it appears in SCCM collections. Till that point, SCCM database will not have information about the group memberships of these computers

  • Unable to change members of AD security groups who have access to shared mailboxes

    I have an exchange 2013 running for over a year now and never had any problems with it. Until recently.
    A request came in to make a new shared mailbox. So I did just that and gave rights to a security (not mail enabled) AD group. Just like I Always do. Everything worked fine. A few hours later I did exactly the same for another request and then the people
    could not access the shared mailbox. So I added my regular user to the AD group and I also couldn't (I tested it with OWA and Outlook). I tried to remove myself of one of my own shared mailboxes and the permissions wouldn't stick. When I removed the entire
    group then the permissions were gone(and I could not access the shared mailbox). When I added it back I had my permissions back but still wasn't in the group. Then I tried adding a distribution group with the same result.
    It seems when I add normal users directly to the permissions everything works.
    When I had to restart the server a few days later. All changes were applied but I could not change it again.
    i'm a bit stumped on this one. i'm out of options.

    Hi Jelle,
    "I did exactly the same for another request and then the people could not access the shared mailbox.", I would like to verify if you give the same Security Group rights to multiple shared mailboxes.
    If the security group members can't have access to all the shared mailboxes they have rights, you can recreate a security group and grant permissions to shared mailboxes one by one to check the result.
    Hope this can be helpful to you.
    Best regards,
    Amy Wang
    TechNet Community Support

  • Can I deploy 2 computer GPO for 2 different Security Groups to the same machine?

    Hi
    this is my scenario
    I have 2 different security group ( in a domain ) and i would like to deploy 2 different Computer GPO depends by the user SG membership
    this is a terminal server ( 2k12) and I would like  have the computer GPO policy/admin template/windows components/remote desktop session host/profile different for each security group.
    thanks
    Marco

    > I have 2 different security group ( in a domain ) and i would like to
    > deploy 2 different Computer GPO depends by the user SG membership
    Not really, but for some settings there is a workaround... ->
    http://evilgpo.blogspot.de/2012/03/how-to-save-my-screen.html
    > this is a terminal server ( 2k12) and I would like  have the computer
    > GPO policy/admin template/windows components/remote desktop session
    > host/profile different for each security group.
    For THIS setting, it definitely does NOT work. The profile path must be
    known BEFORE the user is logged on and this means BEFORE any user
    specific settings can be processed.
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • Error while adding new security group in content server

    Hi,
    When i am trying to add new security group in UCM using User Admin applet i am getting following error:
    Event generated by user 'weblogic' at host 'vpunvfpctnsz-07.ad.infosys.com:16200'. Unable to execute service ADD_GROUP and function insertGroupRow.
    Unable to execute query 'IroleDefinition(INSERT INTO RoleDefinition (dGroupName, dRoleName, dPrivilege, dRoleDisplayName)
    values ('Test_111', 'admin', 0, ''))'. ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated
    java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated. [ Details ]
    An error has occurred. The stack trace below shows more information.
    !csUserEventMessage,weblogic,vpunvfpctnsz-07.ad.infosys.com:16200!$!csServiceDataException,ADD_GROUP,insertGroupRow!$!csDbUnableToExecuteQuery,IroleDefinition(INSERT INTO RoleDefinition (dGroupName\, dRoleName\, dPrivilege\, dRoleDisplayName)<br>          values ('Test_111'\, 'admin'\, 0\, ''))!$ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated<br>!syJavaExceptionWrapper,java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated<br>
    intradoc.common.ServiceException: !csServiceDataException,ADD_GROUP,insertGroupRow!$
    at intradoc.server.ServiceRequestImplementor.buildServiceException(ServiceRequestImplementor.java:2071)
    at intradoc.server.Service.buildServiceException(Service.java:2207)
    at intradoc.server.Service.createServiceExceptionEx(Service.java:2201)
    at intradoc.server.Service.createServiceException(Service.java:2196)
    at intradoc.server.ServiceRequestImplementor.handleActionException(ServiceRequestImplementor.java:1736)
    at intradoc.server.ServiceRequestImplementor.doAction(ServiceRequestImplementor.java:1691)
    at intradoc.server.Service.doAction(Service.java:476)
    at intradoc.server.ServiceRequestImplementor.doActions(ServiceRequestImplementor.java:1439)
    at intradoc.server.Service.doActions(Service.java:471)
    at intradoc.server.ServiceRequestImplementor.executeActions(ServiceRequestImplementor.java:1371)
    at intradoc.server.Service.executeActions(Service.java:457)
    at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:723)
    at intradoc.server.Service.doRequest(Service.java:1865)
    at intradoc.server.ServiceManager.processCommand(ServiceManager.java:435)
    at intradoc.server.IdcServerThread.processRequest(IdcServerThread.java:265)
    at intradoc.idcwls.IdcServletRequestUtils.doRequest(IdcServletRequestUtils.java:1332)
    at intradoc.idcwls.IdcServletRequestUtils.processFilterEvent(IdcServletRequestUtils.java:1678)
    at intradoc.idcwls.IdcIntegrateWrapper.processFilterEvent(IdcIntegrateWrapper.java:221)
    at sun.reflect.GeneratedMethodAccessor120.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at idcservlet.common.IdcMethodHolder.invokeMethod(IdcMethodHolder.java:87)
    at idcservlet.common.ClassHelperUtils.executeMethodEx(ClassHelperUtils.java:305)
    at idcservlet.common.ClassHelperUtils.executeMethodWithArgs(ClassHelperUtils.java:278)
    at idcservlet.ServletUtils.executeContentServerIntegrateMethodOnConfig(ServletUtils.java:1592)
    at idcservlet.IdcFilter.doFilter(IdcFilter.java:330)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:94)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:414)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:138)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: intradoc.data.DataException: !csDbUnableToExecuteQuery,IroleDefinition(INSERT INTO RoleDefinition (dGroupName\, dRoleName\, dPrivilege\, dRoleDisplayName)
    *          values ('Test_111'\, 'admin'\, 0\, ''))!$ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated* at intradoc.jdbc.JdbcWorkspace.handleSQLException(JdbcWorkspace.java:2441)
    at intradoc.jdbc.JdbcWorkspace.execute(JdbcWorkspace.java:584)
    at intradoc.server.UserService.insertGroupRow(UserService.java:1201)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at intradoc.common.IdcMethodHolder.invokeMethod(IdcMethodHolder.java:86)
    at intradoc.common.ClassHelperUtils.executeMethodEx(ClassHelperUtils.java:310)
    at intradoc.common.ClassHelperUtils.executeMethod(ClassHelperUtils.java:295)
    at intradoc.server.Service.doCodeEx(Service.java:549)
    at intradoc.server.Service.doCode(Service.java:504)
    at intradoc.server.ServiceRequestImplementor.doAction(ServiceRequestImplementor.java:1622)
    ... 39 more
    Caused by: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated
    at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:89)
    at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:135)
    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:210)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:473)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:423)
    at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1095)
    at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:193)
    at oracle.jdbc.driver.T4CStatement.executeForRows(T4CStatement.java:1028)
    at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1379)
    at oracle.jdbc.driver.OracleStatement.doScrollExecuteCommon(OracleStatement.java:5846)
    at oracle.jdbc.driver.OracleStatement.doScrollStmtExecuteQuery(OracleStatement.java:5989)
    at oracle.jdbc.driver.OracleStatement.executeUpdateInternal(OracleStatement.java:2012)
    at oracle.jdbc.driver.OracleStatement.executeUpdate(OracleStatement.java:1958)
    at oracle.jdbc.driver.OracleStatementWrapper.executeUpdate(OracleStatementWrapper.java:301)
    at weblogic.jdbc.wrapper.Statement.executeUpdate(Statement.java:503)
    at intradoc.jdbc.JdbcWorkspace.execute(JdbcWorkspace.java:564)
    ... 50 more
    I checked in database , the security group Test_111 is not present in ROLEDEFINITION table.
    What could be the issue?
    Regards,
    Minal

    1) Try importing CMU bundle with 'Overwrite Duplicates' option unchecked .
    2) In the CMU bundle, open file roles_guest.hda and see if 'guest' role has access to any group that start with special character or group you haven't created in the system..
    Eg: guest
    #AppsGroup
    0
    Also open securitygroups folder in CMU bundle, and see if you can find any groups that starts with special character or group you haven't created in the system.
    3) Identify that group and execute below query in the UCM database.
    select * from roledefinition where dgroupname= '#AppsGroup';
    Replace '#AppsGroup' with the groupname you identified.
    4) Solution would be to delete all the rows with dgroupname= '#AppsGroup' from the 'roledefinition' table.
    delete from roledefinition where dgroupname= '#AppsGroup';
    Replace '#AppsGroup' with the groupname you identified.

  • How to create a site and add security groups through code: scripts, csom, ... ?

    Hi,
    I'm new to CSOM and are looking for a way to create sites in SharePoint Office365 and especially add user to it with a specific role eg. 'visitor' or 'owner'.
    I use this code to add sites from a csv file, so far so good.
    But now I want to add security groups based on the csv file and assign a role. The security groups allready exists.
    and also how to add a user with a 'owner' role for some sites.
    That would make my life easier :-)
    so thank you in advance!
    # load assemblies
    #[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
    #[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
    # site collection
    $siteUrl = “https://mysharepoint.com”
    # admin
    $username = "[email protected]"
    $password = Read-Host -Prompt "Enter password" -AsSecureString
    # get clientcontext as object
    $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
    # assign credentials to clientcontext object
    $credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
    $ctx.Credentials = $credentials
    # create site from template 'teamsite' => STS#0
    $data = Import-Csv "c:\tools\CSOM\vakwerking_test.csv"
    foreach ($row in $data) {
    $webCreationInformation = New-Object Microsoft.SharePoint.Client.WebCreationInformation
    $webCreationInformation.Url = $row.vakwerkingurl
    $webCreationInformation.Title = $row.vakwerkingnaam
    $webCreationInformation.WebTemplate = "STS#0"
    $webCreationInformation.UseSamePermissionsAsParentSite = $false
    $newWeb = $ctx.Web.Webs.Add($webCreationInformation)
    Write-Host "Title" $newWeb.Title
    #send to sharepoint
    $ctx.Load($newWeb)
    $ctx.ExecuteQuery()

    Hi,
    The command above about creating a group only works for the root site of the site collection, because the scope of the user group is site collection level, these groups
    can be used in all the sites in this site collection.
    With the existing groups in the root site, we can add users into them and grant specific permissions of a specific sub site to these groups.
    Here is a demo about how to assign permission to a group using Client Object Model(though in C#) for your reference:
    http://www.c-sharpcorner.com/UploadFile/54db21/set-permission-to-group-in-sharepoint-2010-programmatically/
    Best regards,
    Patrick
    Patrick Liang
    TechNet Community Support

  • How to make clone of active directory security group

    Hi
    i am having one Security group in AD, i want to make copy or clone of that group with same members in different name in AD.
    Anybody help me out...

    Hi Vino1985,
    Just do it with ds-tools.
    dsquery group -samid %SamidOfYourReferenceGroup% | dsget group -members |  dsmod group %distinguishedNameOfYourNewGroup% -addmbr -c
    This should work as
    "dsquery group -samid " will return the distinguished name of your reference group and pipe it to dsget group
    "dsget group -members" will return all distinguished-names of the members and pipe it to dsmod group
    "dsmod group -addmbr" will all DN's to the membership-attribute of the new group the switch "-c" will continue on errors.
    best regards
    Switch
    MCITP Enterprise Administrator
    MCSA Windows Server 2012
    MCTS Windows 7 Configuration
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

  • How to change the values in custom profiles based on security group ??

    Hi,
    i am facing problem for my requirement, can anybody help me for below scenario...
    i have custom check in profiles , there are content types and sub types. sub type nothing but a categories on for particular content type. For example i have News content type , same in the below subtypes drop down list are press release, events, articles etc.
    what i want to do is, when i open custom checkin profile, subtype values need to be changed( some values in subtype should hide) based on security group changes .
    In the Sub type listed values, some values need to hide only when i choose different security groups.. sub types values should display based on the particular security group only. when ever i change the security group, drop down Values in subtypes needs to change.
    hope understand my requirement.
    How to achieve this task. Any help would be greatly appreciated.
    Thanks,
    yt

    Hi,
    Thanks alot. its working fine
    Can we configure DCL Relation two times in one information filed ??? i should not create not more than fields to this requirement.
    Type -> subtype = DCL already existed
    Now, i want to Create DCL to
    Subtype ---> Security group
    As per my requirement, if i change the security group in checkin form, values should be change in the SubType drop down list.
    Created checkin profile there was DCL relation to " Type and "Sub Type" . now i want to map Relation ( DCL ) for subtype to security group.
    i was trying do for DCL for subtype and security group. but there was already existing DCL created for subtype information field (Relation configuration done for content type). even though i was trying to do for DCL in Security group information field. but, i could not find security group information field in configuration manager.
    Now what should i do ?? how to create DCL to subtype and security group ??
    Help would be appreciated.
    yt

  • How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

    How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

    Hi,
    According to your description, my understanding is that you want to set security group as admin of primary and secondary site collection using PowerShell command in office 365.
    I suggest you can use the command below to set the group to site owner, then it will have the site collection admin permission.
    Set-SPOSite -Identity https://contoso.sharepoint.com/sites/site1 -Owner [email protected] -NoWait
    Here are some detailed articles for your reference:
    https://technet.microsoft.com/en-us/library/fp161394(v=office.15)
    http://blogs.realdolmen.com/experts/2013/08/16/managing-sharepoint-online-with-powershell/
    Thanks
    Best Regards
    Jerry Guo
    TechNet Community Support

  • File Server Migration - For ORG A Forest to ORG B Forest ( Need to create and Map Security Group automatically on new Migrated Folders - Please Help

    I have two forest With Trust works Fine .
    I have file server in ORG – A ( Forest ) with 2003 R2 Standard
    I have a File server in ORG  - B ( Forest ) With Windows server 2012 ( New Server for Migration )
    I have 1000 + folders with each different permission sets on ORG-A. We are using Security groups for providing permission on the share Folders on ORG A
    I need to Migrate  all the folders from ORG – A to ORG – B.
    I am looking for an automated method of creating Security Groups on AD during the Migration, Once the Migration is Done, I can add the required users to the security groups manually.
    Example.
    Folder 1 on ORG – A has Security Group Called SEC-FOLDER1-ORGA
    I need an automated method of Copying the files to ORG – B and Creating a new security Groups on ORG –B Forest with the same permission on parent and child Folders. I shall Add the users manually to the Group.
    Output Looks Like
    Folder 1 on ORG – B has Permission called SEC-FOLDER1-ORGB ( New Security Group )
    Also I need a summarized report of security Group Mapping, Example – Which security Group on ORGA is mapped with Security Group Of ORGB

    Hi,
    I think you can try ADMT to migrate your user group to target domain/forest first. Once user groups are migrated, you can use Robocopy to copy files with permission - that permission will continue be recognized in new domain as you migrated already. 
    Migrate Universal Groups
    http://technet.microsoft.com/en-us/library/cc974367(v=ws.10).aspx
    If you have any feedback on our support, please send to [email protected]

Maybe you are looking for

  • My iphone 4s voice mail is not working. Can you help?

    I travel between CA and India. When I am in india, I put in GSM chip in India and it works. When i came back -- I removed the chip and sprint phone is working -- except that voice mail and visual voicemail are not working. in fact, when people call m

  • What is the latest version of Adobe Acrobat to work on Vista, and how does one obtain it?

    I already bought Creative Cloud, but apparently I can't use the new version of Acrobat on Vista (even though I had a working version last week that they somehow destroyed by making it crash when saving my work). I upgraded specifically to get around

  • Can't Open the "Library palette" in xcode 5

    Hi every body I installed xcode 5 but I cant "Open the Library palette" ?!!!  befor xcode 5 We can see all of  atributs of class in "Library palette -> Classes" every classes that we defined was exist but in xcode 5 I don't find this Capability in xc

  • How can I turn off the pulsing Sleep Indicator Light?

    I swear I remember seeing this option somewhere when setting the computer up initially. I'd rather the light be off when charging, or at least steady on. The pulsing is lighting up my whole bedroom.

  • The Critical Problems for Creating Standby Database

    The Critical Problems for Creating Standby Database:(I want to create a physical standby database on the same system of the primary database) 1. Should I copy all the backup datafiles, standby controlfile and password file to a same directory before