Baronne

Hi, I wonder if anyone can help me, I have a really strange issue I cannot seem to resolve:

Somewhere along the line our Groups/Memberships seems to have duplicated itself. So when I go to audiences and I look through the list it appears to have duplicate entries. This doesn't happen when I am dealing with permissions as this appears to directly query the AD. However... somewhere there must reside this list of memberships - my question is where is it and how can I empty it and get it to re-import How does this particular process of memberships, etc. work... why are they imported into SharePoint - why not just "talk" directly to AD

Someone suggested there might be an STSADM command I could run, but I have no idea which one... any help much appreciated.

cheers

Baronne Mouton



Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

Curtis Ruppe

Hey Baronne,

A quick lesson on Audiences, and then your answer.

Audiences were never meant to be used for security. They are there to help group users based on group membership, or some other defining AD characteristic (such as Department). Audiences are used to show / hide content based off of this principal so people who don't care about PI charts (for example) would not see them by default.

Audiences can be managed via the Shared Service Provider page. Open SharePoint 3.0 Central Administration, click on the SharedServices1 link (or your appropriate Shared Service Provider). Hopefully you will see the audiences you are wishing to get rid of, and purge them appropriately. Let me know if this helps.





Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

Baronne

Hi, thanks for the reply,

I have already tried that previously. It's not so much a problem with the audiences, it's more related to the security groups that appear to be "imported" along with the profiles. My audiences seem to work ok, I setup one for staff (based on the user being a member of AD security group "All Staff") and one called Students (based on the user being a member of AD security group "All Students"). It's when I go to target an audience to a list or item or whatever, the dialog box shows the list of audiences I created, but if I change that to Distribution/Security Groups - I see duplicates of Security groups. This is not directly querying the AD but instead it is querying some sort of imported list. It's this list I need to purge and re-import somehow.....

Any ideas

cheers

Baronne





Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

Curtis Ruppe (MicroStaff IT)

AD groups do not get imported into SharePoint. If they are being imported by some glitch, it would be because you have an LDAP query specified for your User Profiles that is including group information. Check your User Profile import query, or maybe I'm still not understanding your problem.



Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

Baronne

Hi Curtis,

The problem exists where you go to target an item in, say for example an Announcement list item. When you choose the "browse" icon next to the Target Audience field in the item being added to the list, a dialog box that pops up allowing you to select an audience. From here, if you drop down the box next to "find" and change it to Security/Distribution Groups, I get a list of security & distribution groups in there which is incorrect it is doubling up on some entries. And it is that very list I am interested in... where is that list coming from because it is definately not directly querying the AD.

Any ideas or suggestions

cheers

Baronne





Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

JXJ

Curtis Ruppe (MicroStaff IT) wrote:
AD groups do not get imported into SharePoint. If they are being imported by some glitch, it would be because you have an LDAP query specified for your User Profiles that is including group information. Check your User Profile import query, or maybe I'm still not understanding your problem.

Someone correct me if I am wrong, but I don't think the above statement is correct.

AD groups do need to be imported into SharePoint user profiles if you plan on using them with Audiences. (And one very good reason to use them with Audiences is that is extremely tedious to create audiences that allow a specific list of users.)

If you want an example, go into AD and create a group, then immediately try to set up an Audience where the rule specifies "User" "Member Of" with the value of the group name. It will tell you "No exact match was found".

Then run a full profile import (for some reason, an incremental won't get it, at least not for me). Try setting up the Audience again - it will work.

(I also found this because I originally set up SharePoint to use a custom AD query when importing from AD so it only imported active users - SharePoint imports everything from AD - active and inactive users, which I think is insane. When I had it only importing active users, I could not set up any Audiences that used AD groups because my custom AD query only imported users. I had to change it to also import groups.)

I agree 100% with the original poster - the way groups work with Audences make no sense. If I create a site and want to set the permissions on the site by giving access to a AD group, I can specify that AD group at any time - it does not use User Profiles to find the group.

However, when I need to create an Audience, that group will not validate unless it has been imported into the User Profiles.

Now, I know Audiences are not for security - but that doesn't matter. It's not about using Audiences for security - the question is why SharePoint validates AD groups directly from AD when setting site permissions, but requires them to be imported into User Profiles to validate them in Audiences.

Can anyone explain why

I'd also like to know why I need to do a full import into User Profiles to get the groups to be recognized - why doesn't an incremental import work





Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

CarloRnd

Do you have some news about this topic I have the same question...

Regards. Carlo.

carlornd@libero.it





Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

Shamanovsky Victor

I am getting mixed results when trying to populate Audiences based on AD security groups between SPS 2003 and MOSS.

Profiles are fully imported, I am using the same filter (tried few different ones) for profile imports. Yet in 2003 I am able to use all of the Security Groups and in 2007 only some (others are not coming up\validating).

Anyone else is having this problem Solution





Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

PatrickWSteele

I'm having the same issues. I create a group in AD (I've tried all combinations of domain local, global, universal, security, distribution) and add users to it. I try to create an audience and specify the group in a "member of" rule, and when I search for groups, only some of the AD groups show up, the new groups do not.





Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

phydroxide

For some reason when I'm in the shared service provider setting up audiences the only thing I get in the address book are the actual NAMES of the SPWeb websites.

It validates them as a "group" and when I return all I see is a GUID.

I've imported profiles and I still don't see these groups. Does anybody else have this experience






Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

phydroxide

FWIW I tried an incremental import and that did not fix the problem.

I did a full import and it did not SEEM to fix the problem

Then I added a custom property (aliased and indexed) of groupmembershipSAM, removed my custom AD connection and did another full import and I can now see the security groups I was looking for.

The Site Names are still there with an alias of "nickname" I have no idea why, but if I choose one it comes back with the error: "non existant membership group"

I removed the custom property so now it seems that it was either the full import or changing the custom connection to a default connection that worked for me. I guess i'll never know.






Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

michawi

Hi, I have a similar or even the same problem. After doing a profile import, when I try to target a webpart to a group of users I switch to Security/Dustribution and try to find that AD group.

What i see is that some groups are duplicated, while other groups are empty and show 0 members, although they have in fact members.






Re: SharePoint - Setup, Upgrade, Administration and Operation Audience Membership Groups Problem

michawi

Hi, I think I've solved this problem.

As I wrote, I had a problem with using AD groups as audiences. The appeared doubled and some of them were missing members.

I found that the reason of such behaviour was simple (at least in my case).

These problematic groups where created in OU that had a name containing language characteristic marks and spaces.

As I've noticed that MOSS had a similar problem with indexing service, I simply removed language characteristic marks and spaces from the name of the OU.

It looks like it was that! It works perfectly now.

I add a user to an AD group and then only incremental import profile is enough to work.