locked
Problem with Audiences (MOSS 2007) RRS feed

  • Question

  • Hi

     

    What I want

    I need to use Audience to restrict access to some Navigstion menu items for "Approvers".

     

    Problem

    We have many users so we use AD Security Group to add users to Sharepoint groups. E.g. i have added the "XXX Company Newsdesk" AD Security Group to the Sharepoint "Approvers" group. Secuirty wise this works fine. But when using Audience restricted to Sharepoint groups members of the "XXX Company Newsdesk" AD Security Groups does not see the items that have Audience enabled.

     

    If I add a given user specifically to the Approvers group it works!

     

    Why do I see this behavior? And how do i fix it? I can't add every single user manually to my Sharepoint groups just to make Audience work.

     

    Alternative

    I have also looked into compiloing a Global Audience but I see no way to add a whole AD Security Group as a Audience Rule so that seems a dead-end too...

     

    Hope someone can help out.

     

    Thanks in regards

    /Anders

     

    Friday, February 15, 2008 10:14 AM

Answers

  • I also had problem with creating audiences out of AD security groups. Then i raised the domain functional level to 2003 and voila! It worked.

     

    Thursday, March 20, 2008 1:42 PM

All replies

  • Hi,

     

    What schedule do you have for compiling audiences and do you compile the audience after you have added the AD security group to it.

     

    Sorry seems a little obvious, but you have to ask

     

    Cheers

    Friday, February 15, 2008 11:01 AM
  •  Toby Statham wrote:

    What schedule do you have for compiling audiences and do you compile the audience after you have added the AD security group to it.

     

    I compile manually. But the problem is that i can not choose an AC Security Group as basis for Audience! I can add a User and define a User Property (like Name etc,). Alternativly i can choose the "Member Of" option but this does not list AD Secuirty Groups but only Sharepoint Groups.

     

    If you could guide me through on how to create a Audience rule that includes users from a given Active Directory Security Group I would appriciate it alot!

     

    Thanks!

    Friday, February 15, 2008 11:26 AM
  • Hi,

     

    You need to make sure that the account you are using for the identity of the Shared Service Admin site application pool has the correct permssions to see the AD groups you are trying to add

     

    I have tested this in my environment and it definetely should show AD groups.

     

    Cheers

    Friday, February 15, 2008 11:44 AM
  • Hmmmmm this makes no sence. I have googled and everything supports you. I am logged into the SSP with domain\administrator and the App Pool of the SSP is running under this account as well. The account is member of the Domain Admins and Local Adminstrator bulletin groups (and others). So it has sufficent rights to access the AD.

     

    But not a single AD Security Group is listed in the search box. I have tried to enter the group name directly like "domain\thegroupname" but it says that it does not exist. Sad

     

     The only groups I see is groups with the names of all my sub-sites in the Site Collections of my Sharepoint portal. None has anything to do with the AD groups.

     

    Any suggestion for "error searching"?

    Friday, February 15, 2008 12:08 PM
  • Hi,

     

    Have a look at post by Joel Oleson here and see if any of these options can help.

     

    You could turn on verbose logging through Central admin and then check the SharePoint logs (in the 12 hive). This may give you some useful messages.

     

    Cheers

     

    Friday, February 15, 2008 3:39 PM
  • I really don't think that audience targeting works off AD security groups, but rather AD distribution groups.

     

    If I'm right, then that could well be your problem.

     

    It will definitely work off Sharepoint groups and you can always create a custom rule (though I don't know how you would create a rule to use AD security groups).

     

    If someone knows differently, please let me know.

     

    --Paul Galvin, Conchango
      RSS @ http://feeds.feedburner.com/PaulGalvinsSharepointSpace
      Web site @ http://paulgalvin.spaces.live.com

     

    Monday, February 18, 2008 10:47 PM
  • Hi,

     

    Audiences do work with AD Security groups along DLs. I have used this in a few of the audiences I have setup in my environment.

     

    http://office.microsoft.com/en-us/sharepointserver/HA101690531033.aspx

     

    Something that you need to be aware of is that a few companies use nested security groups for permissioning, so the group users are added to is different to the one that would be provisioned to SharePoint.

     

    Cheers

    Tuesday, February 19, 2008 9:23 AM
  • Target Audiences feature works as long as the AD groups (both security and DL) are not moved. Once AD groups are moved from one container to another, SSP is confused with two groups (check MemberGroup table) and Target Audiences feature ceases to work. In addition, SSP does not seem to be able to handle dead AD groups.

     

    We are still trying to find a way to work around this problem. I know the duplicate groups are kept in SSP's MemberGroup table. Clean up the old groups (before the AD move) from that table helps a bit. However, we have yet to figure out what other tables are using those old AD groups. I would guess the Target Audiences feature will work again after all references to obsolete groups are clean up.

    Saturday, March 1, 2008 5:06 PM
  • I also had problem with creating audiences out of AD security groups. Then i raised the domain functional level to 2003 and voila! It worked.

     

    Thursday, March 20, 2008 1:42 PM
  •  

    Would that credential area be the SSP Credentials? I'm having the same proble of not seeing the AD security groups.

     

    Thanks.

     

    Jason

    Tuesday, May 13, 2008 8:24 PM
  • Would this KB be of help?
    http://support.microsoft.com/default.aspx?scid=kb;en-us;948681
    Wednesday, May 14, 2008 2:03 AM
  • HI anders,
    From what I can tell you are having the same issue that I was having. Hot Fix 942819 took care of it for me. I would try it on a dev or test environment first to make sure it works for you.

    Also, I have a AD Global Security Group that SharePoint recognizes in both the case of adding it to a group as well as using it to audience Target but when it is a Local Security Group it does not work. I am trying to find out why that is.

    Hope the Hot Fix worls for you.

    Sabin
    Tuesday, September 9, 2008 8:22 PM