User and Group information not updated in Sharepoint 2010

Similar Messages

• AD Group membership not updating in Sharepoint Foundation when adding Active Directory group to Sharepoint group

  I have Sharepoint Foundation installed with the latest CU updates.  It is running on a VMware box (Windows Server 2008 R2 Standard) with its backend on a SQL Server 2008 R2 vmware box.  The farm account is a domain user and has been given all appropriate
  replication rights, etc to active directory.
  Everything seems to be working fine except for security integrated with AD groups.  When I go to edit permissions I can add individual AD users just fine and remove them just fine and their access is taken away right away or given to them right away.
   I can also find AD groups in the people picker and add them to the site. When I add new groups to AD, they are found immediately within Sharepoint, and when I delete groups from AD, they are taken out of the people picker right away.  Now comes
  the weird part.  When I add an AD group to the site, all users currently within that AD group are given access to the Sharepoint Site.  This works for the first time only.  Now when I add or remove users from the AD groups, it does not update
  in SharePoint.  For example, I have an AD testuser1 in the AD Group "All Users".  testuser1 does not have access to SharePoint.  So I add  the AD group to the Sharepoint group "Visitors".  testuser1 now has read access to the sharepoint
  site.  Now, I remove testuser1 from the AD group, but testuser 1 still has access to the site even though he is not part of the AD group, nor does he have any individual permissions to the site.  Now, I add testuser2 to the ad group.  testuser2
  does not have access to the site, even though he is part of the ad group.
  It seems that the only time AD group security is working for me is when I first initially add the AD group to the site.  From then on, it's like sharepoint is caching the members of the group and not updating any new adds or deletes from the groups.
   Any ideas?  I am lost on where to go from here as I have tried everything from clearing cache files, rebooting servers, iisresets....

  I think I have at least cornered the problem, but am not 100% sure yet that it is the correct answer.  I think it could be 1 of the following 2 scenarios.
  Scenario 1:  We have 3 web applications setup on our web server ports 80 - Our sharepoint Web app, 2020 - Our My Site Web App, 2040 - Our Search Web app.  We are using host headers (http://sharepoint.***.com) instead of a server name.  So
  we setup our access mappings (Central Admin -> Application Management -> Configure Alternate access mappings) to use the host header (http://sharepoint.***.com) as the default mapping and the server name as the intranet access mapping.  By
  setting the default access mapping to host headers, i noticed that Sharepoint automatically assumes that all web apps are on port 80.  You can see this by going to (Central Admin -> Manage Web Applications).  The port listed all 3 web apps on
  port 80.  So I think when I was doing a profile sync and using mysites, it was messing with my AD security because of this.  What I did was the following.  I went to Central Admin -> Manage Service Applications -> [Name of your user profile
  service] -> Setup my sites.  I made sure that my preferred search center had the correct port number on it (mine originally had no port number), that my my site host had a port (again no port number originally), as well as the personal site location.
   I then saved this.
  Scenario 2:  Our user profile sync had 2 BDC connections that were corrupt and throwing errors.  I rebuilt the connections, remapped them to the proper user profile property.
  I did both of these scenarios above around the same time.  I then restarted all my servers, and at last the AD Group security is now functioning appropriately.  I have done multiple IIS resets and server restarts.  The issue has only reappeared
  once.  After restarting the machine again, we were back to the AD groups functioning correctly.  Because we had the issue reappear once after doing the above, I still do not feel 100% sure that either one of the above corrected the issue completely.
  As long as we are up and running currently, I am moving on to other tasks with this project.  My only concern that it will break again and I will have to revisit it is when we restart the servers....which is never fun.  I will update as I find
  a "true" answer to this issue....  Let me know if any of the above helped you or if you find something I may not have thought of.

• How to get the user and groups information from http header

  Hi All,
  In my current scneario, we are using Siteminder for SSO setup.. And in this process, after authentication and authorization, they are going to append the user information and group information of the user into a HTTP header and it will be sent back to our presentation services.. We have to extract the user information and group information from the http header.
  My HTTP header will look like as follows..
  SM_USER XYZ
  SM_USERDN CN=Firstname\, Lastname\, xyz, OU=GPO-Low Level Security,OU=Domain Users,OU=BU FDT,
  SM_USERGROUPS CN=GG-CA-SiteminderAdmins, OU=Global,OU=Domain Groups, DC=com^CN=GG-ServiceDeskAdmin-TCCORPCEFS
  And also if anyone explain me the overall working of SSO in detail like how presentation services will make a connection to BI server( I guess using Impersonator User), and also how our BI server will read the URL from presentation services and the over all working flow in our OBIEE..
  Thanks a lot....

  Please use the search! this topic has come up lots of times already.

• Retrieving user and group information from LDAP using j_securrity_check

  Hi
  I am using j_security_check to authenticate users against LDAP. I have made all necessary configuration for the server to perform LDAP group search as well as mentioned in the WAS documentation of LDAP settings. Now, how can I retrieve the user and the user group info after the j_secuirty_check. Apart from the UserPrincipal object which I can get from the request which just has the user name, is there any other object which will give me the user and user group info by which I need to connect to LDAP using my java code to retrieve these informations?
  Regards
  Deepak

  Hi
  I am using j_security_check to authenticate users
  against LDAP. I have made all necessary configuration
  for the server to perform LDAP group search as well
  as mentioned in the WAS documentation of LDAP
  settings. Now, how can I retrieve the user and the
  user group info after the j_secuirty_check.
  Apart
  from the UserPrincipal object which I can get from
  the request which just has the user name, is there
  any other object which will give me the user and user
  group info by which I need to connect to LDAP using
  my java code to retrieve these informations?Hmm, you don't need the user group info to connect to the LDAP server, right? You would need the user's Id (which you have) and password (which you don't). You could use the LDAP credentials and bind as that to look up the user info via the user id. Or if the server is set up to allow anonymous bind you could do it without credentials. But if all you want is group info then you should be able to call Security.getCurrentSubject().getPrincipals() to get the user principal as well as all groups (this is true in BEA WebLogic at least).
  Good Luck
  Lee

• Lync Status Not Updating in Sharepoint 2010 with IE 11

  After migrating a few users to windows 8.1 with IE 11, Office 2013 these users cannot see their or other lync users status indicator in SharePoint.  In most paces the indicator doesn't even show up clear (Vs red, yellow green etc.).
  On the My site the indicator is clear but if you hover it shows the call, im video call window and status is displayed.
  The site is a trusted site so active X controls are running.
  What in IE 11 is preventing this from working?

  Hi NWCC ,
  the Lync 2013 Windows client maintains a local cache of the address book and they can get in a state that causes a variety of issues with the Contact List in the Lync 2013 client. In my experience the Presence
  for some contacts shows as Unknown or Offline, however it can also cause some Contacts to go missing from the contact list, and to not display their Presence in Outlook.
  The resolution is simple enough – delete the SIP profile directory and restart the client. The SIP profile folder is located here:
  %UserProfile%\AppData\Local\Microsoft\Office\15.0\Lync
  Deleting this SIP profile folder will trigger a complete address book download at a random interval in the next hour from when the client is restarted.
  Reference:
  http://blog.insidelync.com/2013/09/lync-2013-presence-issues/
  http://blogs.technet.com/b/nexthop/archive/2013/09/24/script-to-delete-sip-profile-for-multiple-lync-2013-users.aspx
  http://support.microsoft.com/kb/2813701/en-us
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Office365 Exchange Security Group not updating in Sharepoint Online

  We have created a new Office365 Exchange Security Group that contains several other Exchange Security Groups.  This group will not show up in either the SharePoint Web admin or SharePoint Designer views.
  How can I force SharePoint to re-synchronize the Office365 Tenant users/groups?

  Hi,
  According to your post, my understanding is that Office365 Exchange Security Group does not updating in Sharepoint Online.
  How long did you wait after creating the Group to see if they show up in SharePoint Online? The back-end replication can take some time, even days from my experience.
  Here is a similar thread for your reference:
  http://community.office365.com/en-us/f/156/t/173994.aspx
  More information:
  CIAOPS: Using Office 365 security groups with SharePoint Online
  Regarding SharePoint Online, for quick and accurate answers to your questions, it is recommended that you initial a new thread in Office 365 forum.
  Office 365 forum
  http://community.office365.com/en-us/forums/default.aspx
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• How to change default /Users and /Groups to different Volume?

  Users are created in /Volumes/<boot>/Users and groups in /Volumes/<boot>/Groups.
  We need these to be created on a different volume, eg., /Volumes/External/Users, and /Volumes/External/Groups.
  Setup Assistant correctly put user Backups into */Volumes/External/Shared Items/Backups* and also correctly put web services on /Volumes/External/ServiceData -- we want to do the same for Groups and Users.
  Groups are the most critical, as the group needs bulk storage. Users we could leave as is if it can't be done.
  How can this be configured? We've read File Server Admin, Open Directory Admin, and Advanced Server admin from http://www.apple.com/server/macosx/resources/documentation.html without finding an answer.
  Thanks in advance.

  1. Create new folders on the external volume to hold users and groups, but to prevent confusion name them something other than "Users" and "Groups". /Volumes/External/NetUsers and /Volumes/External/NetGroups would be reasonable choices.
  2. Share both of these folders (in Server Admin -> server name in sidebar -> File Sharing -> Volumes & Browse modes -> select each folder -> click Share near the top right).
  3. Enable both folders for automounting on clients (Server Admin -> server name in sidebar -> File Sharing -> Share Points-> select each folder -> Share Point tab under that -> Enable Automount option) with the default options (Directory: /LDAPv3/127.0.0.1, Protocol: AFP, Use for: User home folders and group folders). Be sure to click Save (not just OK in the dialog).
  4. To migrate users, run Workgroup Manager, and change the home location for the users you want to move (select Accounts in the toolbar -> /LDAPv3/127.0.0.1 from the hidden pop-up menu under that -> User icon tab at the left -> select the user(s) you want to change -> Home tab on the right -> select the NetUsers option from the "Where" list). Then, for each user, run this command on the server: "sudo cp -Rp /Users/username /Volumes/External/NetUsers".
  5. Similarly, move Group folders in WGM (Accounts -> /LDAP... -> Groups icon on left -> select groups to move -> Group Folder tab on right -> NetGroups in the list). Then, for each group, run "sudo cp -Rp /Groups/groupname /Volumes/External/NetGroups".
  6. Test to make sure all is working before deleting the old user and group folders from /Users and /Groups (do NOT delete /Users and /Groups themselves, just the individual folders from under them).

• Using users and groups from LDAP in ADF application

  Hi there,
  I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
  I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
  Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
  But I can't find proper/up-to-date info about how to do this.
  I tried 2 major things:
  1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
  Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
  2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
  Any help or documentation that could help me?

  Since we aren't using EM I had to find an other way. And I found it.
  In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
  Thanks for the help.

• LDAP User and Group import

  My client has OAM as SSO provider. They want the LDAP Agent to import only users and groups but not the group memberships.
  What setting should I Use for LDAP authentication ?

  I have below changes in files
  1] In jps-config.xml
  -- Added identity store and selected it from drop down in Security Context tab.
  2] In weblogic-application.xml
  In Security tab --> Role assignment mapped valid-users to principle name.
  <security>
  <realm-name>myrealm</realm-name>
  <security-role-assignment>
  <role-name>valid-users</role-name>
  <principal-name>DERDev</principal-name>
  </security-role-assignment>
  </security>
  3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
  4] Added security role "DERDev" along with the default/automatically added role "valid users"
  <security-role>
  <role-name>DERDev</role-name>
  </security-role>
  Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
  Mukesh

• User and group field values not propagating in Sharepoint 2013 variation

  Hi,
  I have a issue, we have a User and group field in my Content type and this content type is attach to Pages library.
  I created one Page in source variation site and fill User and Group field with two user one is domain user and another is sharepoint\system account user.
  After variation work and page propagate to target variation , there is only sharepoint\system account and no domain user in user and group field.
  *****The main issue is domain user are not propagating in target variation site's fields.
  Thanks,
  dinesh

  can any one hep me on this

• User Profile email address not updated on Site Collection User Information

  Hi All,
  Ok here we go....SharePoint 2007 with SSP profile sync not enabled, however I have a few profiles I need to update (email address).  This has been completed by editing the user profile in SSP, but when viewing the information via Site Collection >
  People & Groups > User Information "Work E-mail" is still showing the old one.
  All alerts are still being sent to the old email address, SSP DB UserProfile_Full shows the new email address as per SSP.
  Anyone know where else user profile emails are stored which is used by Exchange?
  Many Thanks, Roger

  As per the following post from GuYuming
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/319d5b0e-336a-4815-9ee5-5d1685db867f/how-to-send-sharepoint-alerts-to-users-on-different-domain?forum=sharepointadminlegacy
  After the email address in SharePoint user profile is updated to [email protected], you have to wait until
  they are synchronized into the user information list in SharePoint site collections so that alert can be sent to that address. For detail, please read http://vspug.com/mirjam/2009/06/17/user-profiles-and-the-user-information-list-or-userinfo-table/ and http://blogs.technet.com/paulpaa/archive/2009/10/01/user-profile-information-not-updated-on-site-collection-s-people-and-group.aspx
  --Cheers

• In system settings 15 item are not accessible, get the message: cannot open it, is not possible on intel based MAC. Items like security, i cloud user and groups network and more

  in system settings 15 item are not accessible, get the message: cannot open it, is not possible on intel based MAC. Items like security, iCloud user and groups network and more.
  Genius bar told me to erase the harddisk and install OSX Maverick again. This has not changed the problems with the system settings

  You need to Repartition the drive as One partition which will erase all data from it and then reinstall OS X. then with the initial setup system you chose the language on the first screen that comes up. That sets the language for the whole system.
  There is no other way of completely removing certain information created by a previous owner. this hold strue whether you are selling or give a Mac to someone.
  To do the repartitioning you need to use the Online Internet Recovery system, if the Mac came with Lion 10.7 or above, or from the original system reinstall discs that came with it when it was new.

• I would like to inform you that my account suspended and I can not update applications have been refused my credit card and when my review of a bank to get the reason for the refusal card, the bank employee as explained by you please do me a proper soluti

  I would like to inform you that my account suspended and I can not update applications have been refused my credit card and when my review of a bank to get the reason for the refusal card, the bank employee as explained by you please do me a proper soluti

  We are all itunes users just like you.  Informing us is of little use.
  Contact itunes support

• What third party tools exist to show a user or groups permissions and access rights for an entire SharePoint 2010 site collection?

  Our admin crew has just inherited a 4 year old SharePoint site that was developed on SP 2007 and later migrated to SP 2010.  We are trying to determine which users and groups have access to the 150+ sub-sites of the site and at what permission levels.
  Research tells me SharePoint 2010 has no means to simply list out a user's permission levels over an entire site collection, but that it must be done at each sub-site, list & library that has permission inheritance broken to create a unique permissions
  object.
  Has anyone found a solution to this issue?  Without days of research at each sub-site, list & library, how would one more economically go about such an investigation of a user's permissions on an entire SharePoint 2010 site?

  Hello,
  There is no direct way to see user and group broken permission within a site collection. However you can write powershell script to get the permission. You can modify the below script based on your need and export result in CSV. You may also need to add
  code to iterate all subsites within site collection.
  http://social.technet.microsoft.com/wiki/contents/articles/14242.sharepoint-2010-export-all-unique-permissions-from-site-collection-using-powershell.aspx
  http://en.community.dell.com/techcenter/windows-management/b/weblog/archive/2012/09/25/sharepoint-security-reporting-using-powershell
  Codeplex tool is also available to check permission but it is not always fulfill business need. You may also look at this if it suits you.
  https://permissionsmanager.codeplex.com/ 
  Hope it could help
  Hemendra:Yesterday is just a memory,Tomorrow we may never see<br/> Please remember to mark the replies as answers if they help and unmark them if they provide no help

• User and group settings are not pushed

  Hello,
  I am just setting up a Mavericks environment including Server.app and I am facing a problem that I could not solve up to now.
  None of my profile manager settings for users or groups are pushed to the mobile users on my client computer. The device registration worked without problem and also the computer settings are pushed but not the ones for user and group settings. 
  In my productive mountain lion environment this is no problem.
  Is there any was to force the settings update for users as it is possible for computers?
  Any hints are appreciated
  Michael

  I too am having this issue.. I had my school environtment running great on 10.8... then we had to upgrade the server to 10.9 to use the new volume purchashing stuff with ipads.. now this 10.9 has broken all my previous macbooks in the school... I can enroll, install certs, and some networks stuff but the main group with all the macbooks and restrictions will not push... it even removed them from the machiens that were working with 10.8... very big issue.. apple needs to help?