.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Post New Web Links

User Profile Service not returning security groups

Posted By:      Posted Date: September 29, 2010    Points: 0   Category :SharePoint
 

I just got the User Profile Service working, and tried using GetCommonMemberships but I am only getting Distro lists and Sharepoint groups.  No security groups (Domain Local, Global, Universal) are showing up.

I did come across one post where someone was not running in Native mode AD, its possible since I *JUST* ADPrepped and added a 2008 DC today that I'm back in a mixed mode and that is the problem...?  Seems weird tho.   Just checked on the new 2008 DC it says Windows 2003 mode or something along those lines

Sharepoint itself is able to see and use the security groups.  If I change permissions on a List or library, I am able to select security groups.  It seems specific to the User Profile Service.

A little more looking... it seems that DL's show up, and Universal security groups show up.  Domain Local and Domain Global security groups do not.

Thanks

Mark

 




View Complete Post


More Related Resource Links

Profile User Synchronisation Service

  
Hi, I have a problem to open Profile User Synchronisation. It doesn' work, I tried to verify this problem by opening services.msc but It show an error when I try to restart the service : Error 1068 The service or the groupe of dependency can't be restarted.   Thanks

User Profile Service account Write to AD Permissions

  
I followed this guide here (http://www.harbar.net/articles/sp2010ups.aspx) to provision the UPS service in sharepoint 2010. I found the guide very helpful and informative. Everything is working correctly except for the write back to AD I've followed the steps and have assigned the listed permissions to the UPS service account, however I still get permissiong errors in the FIM GUI Our AD is running in a 2008 environment but is in 2003 mode, so I made sure to add the UPS account to Pre Windows 2000 Compatible access built in group and restart the server so that the new group settings would take affect. Do I need to reprovision the UPS service or something? Or am I missing something completely. (Hopefully the latter lol!) Thanks RKB

Unable to start user profile synchronization service

  
Hello, I have the following problem. user profile synchronization service doesn't start up, with the following error in log: The service encryption keys could not be found. User Action Verify that the service account has permissions to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service If the problem persists, run setup and restore the encryption keys from backup. Permissions for registry are availabele. Thank you.    

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

User Profile Service - "The specified user or domain group was not found"

  
Hi there, I had configured the User Profile Service and all was working well (Syncing with AD etc.). However, something has gone wrong. The services still appear to be running; both Forefront Identity Manager services are running, and the services show as 'Started' in Central Administration. The 'My Profile' and 'My Site' options have disappeared though, and browsing to the My Sites page results in an error (Could not load user profile). To make matters much worse, it seems to have also broken the Central Administration site. If I try and go to 'Manage Service Applications' I get another error (The specified user or domain group was not found). This error seems to come up on around half of the pages on the Central Administration site. Looking up the error (abb6b174-0f71-413a-a27a-41cdc87b66d0) in the logs I find this: 09/06/2010 15:35:45.44  w3wp.exe (0x0868)                        0x06A0 SharePoint Portal Server       User Profiles                  cm6y High     User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileA

User Profile Service Synchronization Connection: Client Timout

  
Hi, I have scenario on configuring User Profile Synchronization service on customer site as below. Window AD Server 2003 Domain NetBIOS: foo FDQN: foo.bar.com  User Account to connect: foo\ad-connect This account already set permission as describe in http://technet.microsoft.com/en-us/library/ee721049.aspx  when I try to create connection, system took long time to process then return error as "Client Timeout". I try to check FIM and it's seems to work fine (no error return and can get users data). So could anyone told me what's wrong? Since I've didn't have much knowledge on Network and AD, please advice.Theeraphat.P SharePoint Information Worker

users are known in user profile, but not in security

  
Hi all, I am having this weird issue here: SP2010 was working fine, user profile sync and claims-based security on the web app. Now, with no clear reason, it cannot find users anymore on the security part. People search still works, but I cannot add users on SharePoint to log in. Strange thing is: if I type half a username, it still resolves the full name, but it has a red stripe underneath it as a sign that it does not recognize the user. So it can find the name of the user, but it cannot add it to SharePoint.   Once more, the user profile sync is working great and I can find users on people search.   Any thoughts ? 

User Profile Service lookup in dataview web part

  
I'm attempting to setup a web part in SharePoint Designer 2007 that will list team members that are currently on call.  I've created the data connection to our oncall database and a dataview web part that has two columns.  One column lists the users ID, and the other lists their oncall priority.  This part works great! Example: USERID  |   PRIORITY ID1234   |       1 ID5678   |       2 Now, what i would like to see instead is the user's name instead of their ID. Example: USERNAME  |   PRIORITY John, D       |       1        Jane, B       |       2 I thought originally i could pull this information from AD using the user profile service from here:  http://<servername>/_vti_bin/userprofileservice.asmx?wsdl I've created the data connection to the user profile service, but at this point, i'm unsure how to merge the two data connection columns and get the right user data to display. Any tips?  Has anyone done this before?

Error while trying to access User Profile Service

  
Hi, I'm tryiong to setup UPA service but having some issues after running the UPA service.UPA service appears running, but clicking on the link in Central Administration does not take me to the Service Configuration page. Instead Central Admin flashes unknown error. Error log shows error message similar to the following o    User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application available to service the request. Contact your farm administrator.     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_PartitionIDs()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.IsAvailable(SPServiceContext serviceContext)                34e709d0-90b0-4419-afd0-44aff54ac385 We have a central admin server and two WFE servers. User Profile Application is created on the application pool in central admin server and the Instance (only instance) runs on the Central Admin Server. If anyone has faced the same issue kindly revert back to me. Regards, A

Report Manager Security: If a user login to Report Service than he should be able to see only a fold

  
Report Manager Security: If a user login to Report Service than he should be able to see only a folder for which he has role assing and rest of the folder should be hidden for him. How this security i can achive with c#

User Profile Service Application_SyncDB_0521bfcf77694b419f8086e9e7d94822 issues

  
HI, I following this try to fix my MOSS2010 USer profile Sych issues, http://social.msdn.microsoft.com/Forums/en-US/sharepoint2010general/thread/398f3553-5de7-456b-b935-4e22cee26b2f 1)    Login as farm account 2)    Backup the User Profile DB and the User Profile Sync DB 3)    Stop the SharePoint 2010 Timer service: PS D:\> net stop sptimerv4 4)    Delete the data in the Sync DB using the following PowerShell script: PS D:\> Get-SPDatabase 5)    Copy the GUID associated with the User Profile Sync DB in the command line below PS D:\> $syncdb=Get-SPDatabase -Id <GUID of User Profile Sync DB> 6)    Execute these commands, in exactly the following order. This is not a script. So please cut and paste each of these commands one by one. PS D:\> $syncdb.Unprovision() PS D:\> $syncdb.Status='Offline' PS D:\> Get-SPServiceApplication #Copy the GUID associated with the User Profile Service and paste it after "Id" in the next command: PS D:\> $upa=Get-SPServiceApplication -Id <GUID of User Profile Service PS D:\> $upa.ResetSynchronizationMachine() PS D:\> $upa.ResetSynchronizationDatabase() 7)    Provision the Sync DB: PS D:\> $syncdb.Provision() 8)    Add the User Profile Synchronization service account (farm account)

Problems with AD Connection in User Profile Service

  
I found a great resource that I have used successfully to set up and configure the User Profile Service: http://www.harbar.net/articles/sp2010ups.aspx I am now tryin to do this in a new environment and everything works until i get to Configure Connection to Do a Sync and click "Populate Containers"  I don't get an AD container for "SharePoint Users" according to the example. Any pointers or assistance you could provide would be greatly appreciated. Thank you, David

Unable to see Active Directory Groups in the User Profile Database after Profile Import

  
SharePoint Server 2010 Enterprise RTM. W2K8R2 w/multi-server setup: AD/DNS SQL 2008 WFE APP Claims Mode Web App only using Windows Integrated Auth So, this was never a problem in 2007, and I didn't even realize it was a problem in 2010 until I started to build a solution that utilized my blog article: InfoPath - User Roles in Browser-Enabled Forms Using AD Groups.  I went to utilize the same web method of the same web service, but I noticed that no data was showing up at all.  Typically, the GetUserMembership/GetCommonMembership methods return the specified user's memberships: AD Security Groups, AD Distribution Lists, and SharePoint Sites (not SharePoint Groups, though). My user profile sync is working.  All AD users are pulled in with the proper profile data. "Users and Groups" is selected in the Synchronization Entities section of my Sync Settings. Security groups are working for permissions and audience targeting.  Confirmed my users are affected properly by the use of Security Groups. My query to the GetUserMemberships web method (and GetCommonMemberships) is running (not failing), but it's not returning anything even though my user is in some Security Groups and has explicit membership to multiple sites. The GetUserProfileByName method of the same UserProfileService.asmx web service returns all the regular profile data

User profile service

  

This is the event viewer  Error I am recieving

The Execute method of job definition Microsoft.Office.Server.Administration.ProfileSynchronizationSetupJob (ID e7651211-f1c0-40a4-a076-8d10d6e787ed) threw an exception. More information is included below.

An update conflict has occurred, and you must re-try this action. The object UserProfileApplication Name=User Profile Service Application was updated by IMRA\spfarm, in the OWSTIMER (3656) process, on machine ENET.  View the tracing log for more information about the conflict.


When I try to change the service account associated with the User Profile service I get this error

An object of the type Microsoft.SharePoint.Administration.SPWindowsServiceCredentialDeploymentJobDefinition named "windows-service-credentials-FIMSynchronizationService" already exists under the parent Microsoft.Office.Server.Administration.ProfileSynchronizationService named "FIMSynchronizationService".  Rename your object or delete the existing object.

Troubleshoot issues with Microsoft SharePoint Foundation.

Correlation ID: 00f4ac26-e40b-4646-849d-8e95d08cff4d

Date and Time: 9/21/2010 9:40:05 AM

 

When I go back to

"Use Social Features" permission in "User Profile Service Application"

  

Hi,

We wish to disable the "Tags and Notes" feature on our SharePoint 2010 site.  When I remove the "Use Social Features" permission from the "User Profile Service Application" this also removes the "My Site" link from the drop down at the top of the page.

Why on earth would this happen?  According to the TechNet page on social features (http://technet.microsoft.com/en-us/library/ee721063.aspx) the Use Social Features permission "Includes social tags, Note Board, and ratings."  Nothing in there indicates that it would remove the link to My Site.

My Site continues to work of course, it is just that the link is removed (which confuses users).

We want to disable Tags and Notes but leave the link to My Site.  Is there a way?

Thanks,
David


User Profile Synchronization service seems to stop on its own accord. What's usually the cause?

  

I've noticed in several environments that the UPS service stops every now and then. All I can do is go an restart it in Central Administration, and it usually retains all synchronization connection settings and works fine again. I've been too busy to examine the cause though.

Does this happen for others as well? What is the usual cause for it to stop?


Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend