AD, Audiences and AD Group Memberships
Today I was working on attempting to determine the impact of various AD changes to SharePoint. This is because (like many many organizations out there) the AD structure must be revised and groups must be removed and renamed as a great many are no longer used (such as SharePoint Admin 2001 etc).
First of all “How can I find out the memberships (or the users) who are contained in an AD group?” This should be a simple thing to answer but if you don’t have access to AD directly (as I do not) then my recommendation is to use the Audience management functionality of SharePoint as a good alternative.
- Add a new “Test” Audience.
- Add a new rule with “Member Of” being the AD group you want to know more about.
- Compile this new Audience.
- Click “View Membership”
Now you can see the users in various AD groups from within SharePoint and you don’t need access to AD directly (with your user).
So now you can start to look over AD groups (in SharePoint) and you can see them all listed (ignore the nickname ones etc created by SharePoint). You might notice a couple odd things next.
The first one that stands out is multiple listings of an AD group. I struggled with this one for a bit and found this article: http://www.sharepointblogs.com/mcotw/archive/2008/07/28/do-you-use-sharepoint-audiences-beware-of-ad-changes.aspx (Thanks Monty for writing this one.)
So let’s summarize: “What do you need to know about AD and SharePoint?”
- Changing an AD Group’s canonical name can result in duplicate entries in the audience targeting searches.
If I discover anything else I will be sure to update this post and let all of you know,