We have created in our AD, several global security group to which we associate domain users as members.
Our goal is to facilitate the management of access rights and permissions on all our website developments Sharepoint.
We encounter the following problem.
On sharepoint site in the site permissions, when we add for the first time a global security group from AD : it works very well.
All members of this group are properly recognized by our sharepoint and Have all the rights that we gave to our security group AD.
After that if we do, any changes of our security group in AD : it is not taken into account in SharePoint.
For example, if we add or remove members in our group AD: SharePoint is not informed of changes.
Same problem if we decide to rename the name of the security group
We tried to force synchronization with AD using PowerShell commands
Example:
Set-SPUser-identity "mydomain\usertest" http://devweb01 -web-syncfromad
This command works very well to synchronize a domain user but doesn’t work if we try to synchronize a security group.
If we try this command on a domain security group, we get the following error:
Set-SPUser: Unable to get the full name or e-mail address
user "mydomain \ usertest."
At line: 1 char: 11
+ Set-SPUser <<<<-identity $ user-web-http://devweb01 syncfromad
+ CategoryInfo: invalidData (Microsoft.Share ... SPCmdletSetUser:
SPCmdletSetUser) [Set-SPUser] SPException
+ FullyQualifiedErrorId: Microsoft.SharePoint.PowerShell.SPCmdletSetUser
Why SharePoint Fundation is not automatically synchronized with changes in the AD?
Is it possible to force SharePoint to synchronize with the changes in our AD security groups for overall? whether with any command or solution?
