Audience Membership Groups Problem

Hi, I wonder if anyone can help me, I have a really strange issue I cannot seem to resolve:

Somewhere along the line our Groups/Memberships seems to have duplicated itself. So when I go to audiences and I look through the list it appears to have duplicate entries. This doesn't happen when I am dealing with permissions as this appears to directly query the AD. However... somewhere there must reside this list of memberships - my question is where is it and how can I empty it and get it to re-import How does this particular process of memberships, etc. work... why are they imported into SharePoint - why not just "talk" directly to AD

Someone suggested there might be an STSADM command I could run, but I have no idea which one... any help much appreciated.

cheers

Baronne Mouton

Hey Baronne,

A quick lesson on Audiences, and then your answer.

Audiences were never meant to be used for security. They are there to help group users based on group membership, or some other defining AD characteristic (such as Department). Audiences are used to show / hide content based off of this principal so people who don't care about PI charts (for example) would not see them by default.

Audiences can be managed via the Shared Service Provider page. Open SharePoint 3.0 Central Administration, click on the SharedServices1 link (or your appropriate Shared Service Provider). Hopefully you will see the audiences you are wishing to get rid of, and purge them appropriately. Let me know if this helps.

Hi, thanks for the reply,

I have already tried that previously. It's not so much a problem with the audiences, it's more related to the security groups that appear to be "imported" along with the profiles. My audiences seem to work ok, I setup one for staff (based on the user being a member of AD security group "All Staff") and one called Students (based on the user being a member of AD security group "All Students"). It's when I go to target an audience to a list or item or whatever, the dialog box shows the list of audiences I created, but if I change that to Distribution/Security Groups - I see duplicates of Security groups. This is not directly querying the AD but instead it is querying some sort of imported list. It's this list I need to purge and re-import somehow.....

Any ideas

cheers

Baronne

Hi Curtis,

The problem exists where you go to target an item in, say for example an Announcement list item. When you choose the "browse" icon next to the Target Audience field in the item being added to the list, a dialog box that pops up allowing you to select an audience. From here, if you drop down the box next to "find" and change it to Security/Distribution Groups, I get a list of security & distribution groups in there which is incorrect it is doubling up on some entries. And it is that very list I am interested in... where is that list coming from because it is definately not directly querying the AD.

Any ideas or suggestions

cheers

Baronne

Curtis Ruppe (MicroStaff IT) wrote:

AD groups do not get imported into SharePoint. If they are being imported by some glitch, it would be because you have an LDAP query specified for your User Profiles that is including group information. Check your User Profile import query, or maybe I'm still not understanding your problem.

Someone correct me if I am wrong, but I don't think the above statement is correct.

AD groups do need to be imported into SharePoint user profiles if you plan on using them with Audiences. (And one very good reason to use them with Audiences is that is extremely tedious to create audiences that allow a specific list of users.)

If you want an example, go into AD and create a group, then immediately try to set up an Audience where the rule specifies "User" "Member Of" with the value of the group name. It will tell you "No exact match was found".

Then run a full profile import (for some reason, an incremental won't get it, at least not for me). Try setting up the Audience again - it will work.

(I also found this because I originally set up SharePoint to use a custom AD query when importing from AD so it only imported active users - SharePoint imports everything from AD - active and inactive users, which I think is insane. When I had it only importing active users, I could not set up any Audiences that used AD groups because my custom AD query only imported users. I had to change it to also import groups.)

I agree 100% with the original poster - the way groups work with Audences make no sense. If I create a site and want to set the permissions on the site by giving access to a AD group, I can specify that AD group at any time - it does not use User Profiles to find the group.

However, when I need to create an Audience, that group will not validate unless it has been imported into the User Profiles.

Now, I know Audiences are not for security - but that doesn't matter. It's not about using Audiences for security - the question is why SharePoint validates AD groups directly from AD when setting site permissions, but requires them to be imported into User Profiles to validate them in Audiences.

Can anyone explain why

I'd also like to know why I need to do a full import into User Profiles to get the groups to be recognized - why doesn't an incremental import work

Do you have some news about this topic I have the same question...

Regards. Carlo.

carlornd@libero.it

I am getting mixed results when trying to populate Audiences based on AD security groups between SPS 2003 and MOSS.

Profiles are fully imported, I am using the same filter (tried few different ones) for profile imports. Yet in 2003 I am able to use all of the Security Groups and in 2007 only some (others are not coming up\validating).

Anyone else is having this problem Solution