none
User permissions are not getting synchronized with project site RRS feed

  • Question

  • Hi,

    User permissions are not getting synchronized with project site. In URL logs shows below error.

    12/11/2013 09:45:47.02 Microsoft.Office.Project.Server (0x07E4)              0x3B60  Project Server                   Sharepoint Integration        adgmi    Verbose               PWA:http://project/PWA, ServiceApp:Project Server Service Application, User:i:0#.w|dev\svc.psadmin, PSI: AddSPUsersToSPGroup: Failed to add 80 users to group HR Project Managers (Project Web App Synchronized). Error: The user "i:0#.w|corp\bross" does not exist and could not be added. All users specified after "i:0#.w|corp\bross" were also not added., LogLevelManager Warning-ulsID:0x000C6308 has no entities explicitly specified.         074f5f9c-549d-f0ce-6117-52365367dedb

    Thanks in advance.

    Hazeq.

    Wednesday, December 11, 2013 7:10 PM

Answers

  • Hi Hazeq,

    "i:0#.w|corp\bross"  user is not exist in the either Active directory or in PWA users tthat is why you are facing issue.

    As in project server Operation executes in queue hence users which are queued after "i:0#.w|corp\bross"  are not getting sync with project site.

    remove User "i:0#.w|corp\bross"  from project team and then save and publish the project .

    also you can inactive this user "i:0#.w|corp\bross"  from manage users tab then remove from project team then you publish the plan again it will work.


    kirtesh


    • Edited by Kirteshtiw Wednesday, December 11, 2013 8:03 PM
    • Proposed as answer by Kirteshtiw Thursday, December 12, 2013 7:56 AM
    • Marked as answer by Hazeq Thursday, December 12, 2013 10:50 AM
    Wednesday, December 11, 2013 7:18 PM

All replies

  • Hi Hazeq,

    "i:0#.w|corp\bross"  user is not exist in the either Active directory or in PWA users tthat is why you are facing issue.

    As in project server Operation executes in queue hence users which are queued after "i:0#.w|corp\bross"  are not getting sync with project site.

    remove User "i:0#.w|corp\bross"  from project team and then save and publish the project .

    also you can inactive this user "i:0#.w|corp\bross"  from manage users tab then remove from project team then you publish the plan again it will work.


    kirtesh


    • Edited by Kirteshtiw Wednesday, December 11, 2013 8:03 PM
    • Proposed as answer by Kirteshtiw Thursday, December 12, 2013 7:56 AM
    • Marked as answer by Hazeq Thursday, December 12, 2013 10:50 AM
    Wednesday, December 11, 2013 7:18 PM
  • Hi Kirtesh,

    Thanks for your reply, your answer worked. User corp\bross is deleted in AD, so I have deactivated this account.

    Now I can see lot many such user accounts which are deleted from AD and are active in PWA site. Need your help to get some easier way to deactivate such accounts from PWA site. And I don’t have list of such accounts, to get such account do I need to deactivate user one by one which popup in ULS logs? If yes then it will take lot of time, is there any easier way to do so?

    Thanks in advance,

    Hazeq.

    Thursday, December 12, 2013 7:43 AM
  • If you are using project server Groups and synchronizing groups from AD groups then once you will synchronize the project server group all the users which are not present in AD will be deactivated automatically.

    As Proejct server 2013 is using claim based authentication it will check for each and every user present in the group.

    But if you are manually adding users from Manage Users and while adding you are giving group permission to users then you have to check it manually. IN this case project server 2013 can not help you.

    You can use AD utility available in some sites then check which user is available in the AD and which one is not.

     

    kirtesh

    • Proposed as answer by Kirteshtiw Thursday, December 12, 2013 8:03 AM
    Thursday, December 12, 2013 8:03 AM
  • Thanks again Kirtesh,

    As of now we are adding users manually in Project Server groups. Can we create AD group now and update project server groups with AD groups name to get sync from AD? Do you think it will affect any existing users access?

    Also can you please elaborate more on last point. Where I can find AD utility?

    Thanks in advance..

    Hazeq.

    Thursday, December 12, 2013 10:23 AM
  • It will not affect user access provided you make sure.

    1. when you create groups in AD, add all the users in the respective groups as per the Project server group then sync.

    AD utility:

    1. You can export all the users in the Excel sheet from Project Server (Manager User  Page)

    2. Create a batch file using AD Command for User property suppose first name and last name 

    3. This will give you first name and last name only for the users which are present in the AD for others you will not get any value. It means users for which you are not getting Any value are no more with organization 

    then you can verify and inactive  those user from Project Server.

    For this actually you have to make a procees which you go through either every month or every week.

    It will certainly help to achieve your goal  

     

    kirtesh

    Thursday, December 12, 2013 12:54 PM