SharePoint/Active Directory Workflow

Similar Messages

• SharePoint 2013 profile service account requirements when using "Use SharePoint Active Directory Import" option

  Hi All,
  I am trying to configure SharePoint Profile service. We would like a straightforward profile import from Active Directory.
  On the "Configure Synchronization Settings" page, we have chosen the option "Use SharePoint Active Directory Import" option.
  We have created a connection to the Active Directory using Configure Synchronization Connections page. We have specified the account that would be used for the import process.
  Question:
  I would like to confirm whether the account configured for the profile import need any special privileges when using "Use SharePoint Active Directory Import" option ?
  Thanks,
  Saurabh

  Grant Replicate Directory Changes permission on a domain
  To do this please follows below procedure
  On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
  In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
  On the first page of the Delegation of Control Wizard, click Next.
  On the Users or Groups page, click Add.
  Type the name of the synchronization account, and then click OK.
  Click Next.
  On the Tasks to Delegate page, select Create a custom task to delegate, and then click Next.
  On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then clickNext.
  On the Permissions page, in the Permissions box, select Replicating Directory Changes (select Replicate Directory Changes on
  Windows Server 2003), and then click Next.
  Click Finish.
  Thanks & Regards
  ShivaPrasad Pola
  SharePoint Developer 

• SharePoint, Active Directory and GMail

  Dears,
  I have SharePoint 2013 connected to Active Directory with <MyDomain> as domain name, i also have gmail domain <MyDomain> - same name-, we are creating users on our firm to have the same id and email address on both domains,
  my questions are:
  1- how can i sync this process automatically?
  2- SharePoint is not sending email to users on Gmail, knowing that i used the following code to send email from my sharepoint server and it's working fine,
  sing (SPSite site = new SPSite("http://onlinesrv/"))
                  using (SPWeb web = site.RootWeb)
                      bool sent = SPUtility.SendEmail(web, true, false, "user@<MyDomain>.com", "Test gmail", "From SharePoint Portal using gmail account as smtp");
                      Console.WriteLine(sent.ToString());
  Any help ??!

  Hi Omar,
  According to your description, my understanding is that you want to send email to users that have Gmail in AD.
  Whether you have installed SMTP. You need to install SMTP for using Gmail , more information, please refer to the link:
  Configuring Outgoing email settings in SharePoint with Gmail SMTP
  Also, you need to create a User Profile Service Application, then start a full sync to sync the user profile.
  More information, please take a look at:
  http://maxteo.wordpress.com/2013/01/16/configure-sharepoint-2013-outgoing-email-using-gmail-smtp-and-resolving-user-profile-synchronization/
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support

• SharePoint Active Directory version support

  Dear All,
  My active directory is on windows server 2003 and now planning to install SharePoint 2013. I have windows server 2012 with seperate hardware and want to install Sharepoint on this server. I have some queries relates on the Sharepoint deployment.
  Sharepoint 2013 is integrated with windows server 2003 Active Directory or need to upgrade with 2008 or R2 Active Directory?
  Sharepoint 2013 integrates with Exchange server 2007 and 2010 or requried Exchange 2013 ?
  Is there any specific edition of windows server and exchange server requirement e.g. (Standard/Enterprise) for SharePoint 2013 ?
  Hi,
  I also have some question that can Exchange Server 2007 be integrated with SharePoint 2013 Server. I know Exchange 2013 has more features and advantages but still wanted to confirm if this is possible, then how ?
  Kindly reply at your earliest to assist me on queries.
  Thanks

  SharePoint 2013 will support Active Directory in a 2003 Native functional mode. The 2003 Domain Controllers should be running 2003 Service Pack 2.
  SharePoint 2013 features, such as SiteMailbox, require Exchange 2013, as do other features (such as Project Server's tasks).
  For SharePoint 2013, needs Standard or higher for Windows Server. There is no specific Exchange requirement.
  For Exchange 2007 and SharePoint 2013, you should be able to use the OWA webparts (I believe they still offer them, haven't looked at it in a long time) and you can of course use Incoming and Outgoing email.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• SharePoint 2013 Workflow (SPD 2013) fails for Active Directory Group members

  Hi
  I have a SharePoint 2013 site called "Team Meetings". There are a number of lists and an InfoPath form library.
  The site's SharePoint Group "Team Meeting Members" has two Active Directory groups (All Club Managers and All Club Police) as members. Those two AD groups contain all the people that I want to have  access to the library and list, except for
  a few additional folk who I have made individual members. 
  My PROBLEM:
  I  have created a SharePoint 2013 Workflow using SPD 2013 associated with the  Form Library. Workflow is set to start on new or modified item. The first action is to write to history list, then determine the status (Submitted or Pending) of
  the form and go to different Stages depending on that status.
  The workflow works perfectly for any user who has been added directly to the SharePoint group (Team Meetings Members) BUT FAILS at the very first action for anyone who is a member of one of the AD groups. I know the Workflow is fine because I've tested it
  with numerous people who are direct members of the SharePoint Group, but whenever a person who is a member of the AD group tries it the Workflow just fails.
  Here's a print of the info from the Workflow Status page (I don't have access to server logs):
  RequestorId: 4494760f-92ff-2e8c-90d2-cc7df0e6baa4. Details: System.ApplicationException: HTTP 401 {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPRequestGuid":["4494760f-92ff-2e8c-90d2-cc7df0e6baa4"],"request-id":["4494760f-92ff-2e8c-90d2-cc7df0e6baa4"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
  RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Mon, 10 Mar 2014 01:31:42 GMT"],"Server":["Microsoft-IIS\/8.0"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]}
  The HTTP response content could not be read. 'Error while copying content to a stream.'. at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance
  instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor 
  Members of the SharePoint Group "Team Meetings Members" have Contribute Access to both the form library and another list that the workflow writes to as well as the Workflow History list (which in SP 2013 uses the credentials of the
  user who started the workflow, unlike 2010 which used System Account).
  All members of the Team Meetings Members group, whether they are individual members or part of one of the AD groups, have no problems opening and saving forms etc. It's just the Workflow that doesn't like them...
  I am stumped. I've spent many hours searching for a reason for this. There are about 200 people in the two AD groups so I really don't want to have to add them all individually - especially when these groups are managed in AD for a whole bunch of other reasons
  and using the AD groups means I'll basically never have to worry about modifying the SharePoint access permissions.
  Does anyone have any ideas why this is happening and what I can try to fix it?
  Mark

  Hi Lars,
  I'm afraid not so far but we are trying a few things today so I will post back with results.
  First thing we are doing is making the AD Group universal because one of our (external provider) gurus remembers seeing something about that. He also sent me a link to a post where they were talking about earlier
  versions but having similar issues and their solution was to make sure the app pool account has sufficient permissions in AD::
  http://social.msdn.microsoft.com/Forums/sharepoint/en-US/27a547da-5cc0-49d7-8056-6eb40b4c3242/failed-to-start-workflow-access-is-denied-exception-from-hresult-0x80070005-eaccessdenied
  This part of that thread looks interesting but we haven't checked it yet as were trying the universal setting first:
  "If the users participating in the workflows have been added to the SharePoint site via Active Directory groups, SharePoint has to update the user’s security token periodically by connecting to
  the domain controller. By default, the token times out every 24 hours. But if the application pool account did not have the right permissions on the domain controller to update the user’s token, user will keep getting the access denied error. The error was
  intermittent because when the user browsed to any page other than the workflow form, the token was getting updated successfully.
  You can try to fix it through granting the application pool account the appropriate permission by adding the account to the group “Windows Authorization Access Group” in Active Directory."
  I'll update when we try these ideas. If you have any luck please do the same.
  Mark
  (sorry about formatting - using my phone....)
  Mark

• SharePoint Foundation Active Directory Problem

  Hey,
  I have a problem with the Active Directory connection to SharePoint Foundation.
  My Situation looks like this:
  I'm working on a kind of project controlling plattform. Each of our customers has its own site. Also each customer has an account in our Active Directory. For the administrative part, we have a list which contains some infos of the customer, the url to its
  site and the contact person.
  I wrote an import-script which creates a site and a new item in the list. To put the contact person in the list-item, I use a code-snippet like this:
  try
  user = web.EnsureUser(loginName);
  catch (Exception ex)
  throw new Exception("LoginName " + loginName + " not found");
  Now the problem is, that the try/catch block fails too often which means: SharePoint doesn't know the loginNames of some of our customers.
  Why does SharePoint not know maybe 1/5 of all our customers? All of them have an account in our active directory, none of them ever logged in the SharePoint (at the time they even doesn't know, that they have a SharePoint site for this project).
  I searched the internet for the problem but all I found where questions related to the synchronization of ad-properties to SharePoint Foundation. But I don't want to sync the phone-number or something like that - I want SharePoint only to know all the loginNames
  of our customers, not only 1/5 of them.
  How do I achive this, what am I doing wrong?
  Thank you!

  web.EnsureUser has nothing to do with the UPS at all. This has nothing to do with synchronisation (it does have a role but it's a maintenance one and nothing to do with authentication.
  The simplest answer is that the login names are being entered wrongly. Having said that there are a few areas you can look at to try to identify the problem:
  Does it fail repeatedly for the same username? Can you add that user to the site manually using a people picker control and if so will the script work afterwards? Are there any trends in the user accounts that SharePoint cannot find?

• Provision Search in SharePoint Foundation 2013 without Domain Controller / Active Directory - Domain accounts

  Hi,
  I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
  in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller 
  When I run Farm configuration wizard to provision search service application, I get an error:
  ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
  The log file logged the details of this error as:
  ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
  that cannot be translated."
  After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
  be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
  I got some pointer from the below thread
  https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
  However, the above thread doesn't state that the solution worked.
  I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
  Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
  Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
  Thanks in advance.
  Himanshu

  Microsoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
  Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Using Groups in SharePoint from Active Directory

  Hello,
  Is it possible to use groups in SharePoint from AD?
  I have several groups in AD that I would like to use in SP. Of course SP has its own set up groups in permission (Owner, Member and Visitor). I do not want to use these groups. What I would like to do is use groups that are in my AD and assign those the
  designer, contributor, read-only..etc permission.
  For example, SP people picker finds my AD group called "Finance_Project" and assign this group with permission rights as a contributor.
  Is this doable in SharePoint. I would think since SharePoint can be authenticated with AD, you should be able to use your own AD groups.
  Any suggestions, articles and answers are greatly appreciated.
  artisticweb

  You can do this in SharePoint. are you importing the AD groups via UPA?
  Creating a SharePoint group and adding an Active Directory group to its members…this allows anyone in the Active Directory group to participate in the SharePoint group
  Mapping roles directly to Active Directory groups and not using SharePoint groups at all.
  here is couple of article which will explain your choices one over to other
  Assign permission levels in SharePoint 2013
  Using Active Directory Vs. SharePoint Groups
  http://sergeluca.wordpress.com/2013/07/06/sharepoint-2013-use-ag-groups-yes-butdont-forget-the-security-token-caching-logontokencacheexpirationwindow-and-windowstokenlifetime/
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Choosing Server for SharePoint, Exchange, Active Directory, SQL

  Hello
  We want to migrate from work-group type network and setup an interoffice mail server and ,  ... with SharePoint, Exchange, outlook. There are less than 40 clients. I prefer to minimize the number of servers. Is it possible to use one system for some
  of this servers:
  1. SharePoint
  2. Exchange Server
  3. SQL Server
  4. Active Directory DC
  Thank you

  You could combine #1 and #3, but none of the other services. Or you could look at just getting a Domain Controller and using Office 365.
  I'd recommend you have more than one Domain Controller for redundancy.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• SharePoint 2013 Active Directory Groups represented as c:0+.w| SID in UserInformation list instead of c:0+.w|Domain\Groupname

  Hi
  We are running on SharePoint Server 2013.When we add AD groups as permissions, we see that the group name is being displayed properly in the permissions. Whereas when I click on the groupname I see the SID with the Sharepoint specific claims characters,
  instead of domain\groupname. I understand that the claims characters are because of claims mode. But I expected domain\groupname instead of SID. Is this the right behaviour.
  When I call SiteData.GetContent web service, I get the SID of the group name instead of the domain\groupname.
  Can someone please clarify?
  Thanks
  Naga

  Hi,
  Yes, the identity claim for an AD group is based on the SID of the group. The claim encoding for an Active Directory group consists of the following sections:
  c:0+.w|<SID>
  •"c" for a claim other than identity
  •"+" for a group SID
  •"." for a string
  •"w" for a Windows claim
  More information:
  http://www.sharepointfire.com/MyBlog/2013/11/get-ad-group-identity-claim-in-sharepoint-2013/
  Thanks,
  Dennis Guo
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Dennis Guo
  TechNet Community Support

• SharePoint - Automated Active Directory User Management

  We are currently using a custom list to capture data from our HR team related to Employee Changes such as New Hires, Change of Information, and Exits.  The next step after the form is filled out is to make the AD/Exchange change for that request.  I'm
  looking for a way to take the data from that list and automate the Active Directory change.  Curious if anyone else is doing that or if you know of any products that allow that sort of integration.
  I've seen a number of products that manage the AD accounts outside of SharePoint, and I've seen a number of products that will manage accounts in AD using SharePoint as the front end.  I've yet to find anything that automates the process.
  Thanks in advance.
  Environment is SharePoint 2010 Enterprise, Server 2008 R2, and Exchange 2010

  The other option is I do have a .net/C# developer on staff.  I could have her write the code behind the scenes to pull this out of the list and automate if that is the best route.  I'd just rather used an out of the box product if there is one.

• Sharepoint 2013 - Active Directory Import User Profile Property manager fields

  Hi there,
  I juste encountered actually a little issue regarding the Active Directory Import User Profil.
  Importation seems to work well but I have a little problem regarding the Manager field.
  When I verify a user profil through the sharepoint admin page ("Manage user profil") , I can see the manager field is correctly populated, but if I want to check my profil as a user (personal information), the manager field is not visible.
  With Sharepoint Admin and Manage Profil Properties, I haven't the possibility to modify some settings for the manager.
  For example, Policy parameters is greyed.
  The only way I found to show this field in a user profil is to give the permission "allow users to Edit values ...".... setting I don't want to set.
  Have you already this sort of issue ?
  Thanks for your help/idea.

  Hi Michael,
  I don't remember well what I did exactly regarding this issue because I played a lot with user profil.
  I know I used this powershell script from Sheyia which in fact help me a lot to clean and create a good profil setting.
  http://blogs.technet.com/b/sheyia/archive/2013/10/09/sharepoint-2013-another-way-to-change-order-for-user-profile-properties-via-powershell.aspx
  For example, this script help me to resolve some double entries.
  Let-me know if it help you (or not of course)

• Sharepoint 2013 Active Directory Import- Manager field not updating

  Hi,
    SharePoint 2013 Active directory import  -Manager field not updating
  Concern/Issue-
   We are using SharePoint and configured the Active Directory Import .First import it seems everything is working fine and OOB Organization chart  built using User profile data is coming out right.
  Now the user is moved from one Organization Unit to Another.
  Now our Manager field is not Updating .There is change in AD manager attribute but not reflecting in the SharePoint User profile.
  Manger field is mapped to "manager" attribute in SharePoint.
  We tried removing the user and Re-Import using Incremental import but no luck.
  Thanks for help in advance
  Sachin

  Moving a user from one OU to another in AD won't normally change the Manager attribute in AD.  You would need to edit the user's organization settings to change the manager value in AD.  I've also seen these changes not be picked up unless something
  other than just the manager field in AD changing.  Try changing something like Office location and see if the manager change is picked up by AD Import.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Active Directory SSO Sharepoint with External sources

  I hope someone can advise me.  We use Active Directory (AD FS 2.0 SAML) for authorization/authentication for SSO.  Our new library platform that is hosted by a 3rd party complies with CAS 3 (SAML is only supported with CAS 4) they have no plans
  to update to CAS 4 anytime soon.
  How can I achieve a SSO solution from our SharePoint for users to have seamless access to their respective libraries using the attributes in AD??

  where did you see this error ? is there anymore details.
  i think the account you are using for Sync does not have Replicate Directory Changes permission in AD. follow below article and give Replicate directory changes permission.
  http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
  Thanks, Noddy

• Active directory integration SharePoint Project server 2013

  Hello all, Looking for a definitive answer.  Our environment runs in Active Directory 2003. We are looking into upgrading our Sharepoint and Project Server from 2007 to 2013.  Is it a true statement that SharePoint 2013 will not run in a 2003
  Active Directory environment. 

  AD 2003 with SP2 is supported
  Cheers, Badal