Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

AD Import - Users not available to SP

  Asked By: Judith    Date: May 17    Category: Sharepoint    Views: 2394

Just did an import from AD, and the users are not available to be added to
groups or sites. What would cause this? Does the import have to finish
completely to add users to sites and such?



14 Answers Found

Answer #1    Answered By: Erika Price     Answered On: May 17

We've been over this before in the group, but let me say it one more time.

There is NO connection between user profiles in MOSS and user security.
MOSS uses the same mechanism for security that is used by WSS which doesn't
have user profiles. You do not need to sync user profiles in MOSS before
you can add  a user t SharePoint. When adding users  to SharePoint it queries
the server's AD connection with the Domain controller. I do believe there
is some caching that goes on, but it has nothing to do with Profiles. You
don't need to start or finish profile import  before adding users. The
processes run in parallel and are not connected.

The problem is that ASP.net in IIS caches AD objects so that they are
readily available when IIS needs them. This is where SharePoint gets them.
Unfortunately, I don't know how you can flush the ASP.net ADSI cache other
than an IISreset.

Answer #2    Answered By: Otis Blackwell     Answered On: May 17

I thought I had to use the profile import  tool in CA to get users  access to SP.
Sorry, I haven't been a member here since the beginning, and the yahoo search
mechanism isn't the best.

So how do I go about getting users in so that I can add  them to sites  and

Answer #3    Answered By: Virendar Chaudhari     Answered On: May 17

Is your SharePoint server a member of the domain? It should see them

Answer #4    Answered By: Mitchel Villarreal     Answered On: May 17

I need for users  of other domains to be able access the site as well.

Answer #5    Answered By: Ranu Badhan     Answered On: May 17

Then you need to configure forms based authentication or create accounts for
them in your domain.

Answer #6    Answered By: Irene Moss     Answered On: May 17

Can smart card authentication take the place of FBA?

Answer #7    Answered By: John Scott     Answered On: May 17

Some form of Forms Based Authentication is required if the users  aren't

1. In a domain trusted by the domain that SharePoint is in.

2. In a domain federated to the forest the SharePoint domain is in.

Smart card authentication alone won't change that. Smart card authentication
could be used with a custom membership provider for authentication. But any
kind of membership provider is essentially FBA.

Answer #8    Answered By: Donald Torres     Answered On: May 17

Are the users  not available in People Picker?

Answer #9    Answered By: Courtney Scott     Answered On: May 17

As long as they are in the same Domain as the SharePoint server you shouldn't
need to do anything before adding them into SharePoint. One thing I've seen
is that you often have to add  them with the Domain prefix just like you do when
you log in. Try typing their name in as Domain\UserId when adding them. That
should be all that is necessary.

Answer #10    Answered By: Jagdeep Hor     Answered On: May 17

I will try that when I get some domain\userid info. Part of the problems is that
I have no access to the AD info. It's like hunting in the dark.

Answer #11    Answered By: Aja Howe     Answered On: May 17

To be slightly more accurate...
SharePoint does not authentication, IIS does per the web.config settings
SharePoint does authorize users  to access site collections and whatnot

SharePoint does cache user profiles. They are added  to the database at
either first login, OR with the profile sync.
For instance, user Bob first logs into sharepoint. He has an email address
of bob@... at that time.
Someone updates's Bob's email address to bob1@.... This change will
not automatically be reflected in sharepoint unless user profile synch is
turned on OR the ability to let user's update their own profile is enabled.
This generally only applies to AD/ADAM based scenarios.

Answer #12    Answered By: Cecil Mckenzie     Answered On: May 17

I agree that SharePoint caches user profiles. But the point of the original
post was someone thinking that the problem they were having adding AD users
as SharePoint users  was related to not having completed a user profile
import yet. Although SharePoint does cache user profiles that has nothing
to do with the ability to add  AD users in the people picker.

Answer #13    Answered By: Jaclyn Gordon     Answered On: May 17

Can someone tell me what account SharePoint uses when the people picker
queries AD? I think this might be part of my problem. If it not using the
connection, but rather the account that it is running on.

Answer #14    Answered By: Bhupendra Bajpai     Answered On: May 17

It should be using the Application Pool identity account for the Web Application
that the SharePoint site is running in.

Didn't find what you were looking for? Find more on AD Import - Users not available to SP Or get search suggestion and latest updates.