We are trying to get all the users/members from a modern SharePoint site using csom code(below) and in doing so we are also getting the office 365 group id which is created for modern site. Is this introduced recently or is this an existing behavior?
RoleAssignmentCollection roleAssignments = clientContext.Web.RoleAssignments;
clientContext.Load(roleAssignments, ra => ra.Include(inc => inc.Member, inc => inc.RoleDefinitionBindings));
The Member property of a RoleAssignment has always held both Users and Groups, long before the existing of O365 and SharePoint in the cloud.
Here are a few very old references and threads citing the usage of groups in SharePoint RoleAssignments from more than 10 years ago, including a reference from SharePoint 2007:
https://social.msdn.microsoft.com/Forums/sharepoint/en-US/7d207fe0-0209-4f15-9b86-e6bf596edaea/determine-sproleassignment-type?forum=sharepointdevelopmentlegacy
https://csharp.hotexamples.com/examples/-/SPRoleAssignment/-/php-sproleassignment-class-examples.html
https://books.google.com/books?id=YbFvTChU9MAC&pg=PA295&lpg=PA295&dq=sproleassignment+member+group&source=bl&ots=vqgNzaAgs9&sig=ACfU3U1wqj_xkD7LGOiFAzKgtFkF2MF7NQ&hl=en&sa=X&ved=2ahUKEwjJ4aS52vLnAhU3mHIEHYT2CZAQ6AEwCHoECAoQAQ#v=onepage&q=sproleassignment%20member%20group&f=false
Related
I'd like to restrict acces to certain items, to certain users, in my sharepoint online list.
I know in List Settings you can restrict access to items only created by user, but this is not enough for me. We have other conditions.
I am currently using Sharepoint Designer, and a sharepoint 2010 workflow with an impersonation step to do Achive this item level permission. this works fine.
However, the end of support for sharepoint 2010 and Designer is scheduled on October 21 2020.
So I have 2 questions:
1) What else could I use in Sharepoint Online to set item level permissions like what I can do with The actions inside an impersonation step with a 2010 workflow?
2) Even though support will end for SP2010 and 2013. will old workflows still work in sharepoint Online sites?
1.Power Automate/flow is the alternative for workflow. You could use Auotmate/flow to set item level permssion.
2.Yes, old workflows will still work in SharePoint Online sites.
As a follow-up question to REST API to manage users on skype for business, I would like to understand how the Sharepoint Server User API differs from MS Graph API for Users. The Graph documentation indicates that we could use it to manage Sharepoint users the same way we would Office 365 users. However, there are standalone Sharepoint installations (like versions e.g. 2007, 2010, etc.,) which don't fall under Office 365 plans.
The Graph API Docs linked above says the User resource represents an "Azure AD user account". However, the Sharepoint User doc says it represents a "user in Microsoft SharePoint Foundation." Are these users entirely different from each other?
All we're looking to do is manage users for our clients some of whom have subscriptions to Office 365 and some who just use standalone Sharepoint setup. We are not bothered about application specific features like Accessing the sharepoint files, sites or even managing Word documents, Excel sheets, etc., So, does the Graph API support managing users in such cases as well?
That API is only for SharePoint 2013+
The user management REST API linked in your question is specifically for SharePoint 2013, and presumably works in SharePoint 2016 as well. This is regardless of whether the SharePoint environment is on premises or in the cloud.
Office 365 is currently a subset of SharePoint 2013/2016 in terms features and functionality.
Note that SharePoint 2007 and 2010 will not have this API.
SharePoint users and Azure AD accounts are not synonymous
Consider that SharePoint and AD can exist independently of each other.
SharePoint does not need to use Azure Active Directory for authentication. It can use a traditional on-premises or cloud-hosted Active Directory, or theoretically (starting with version 2010) can use any claims-based authentication provider aside from Active Directory.
SharePoint 2007 and 2010 could also support simple forms based authentication as well as custom authentication providers, but as noted previously, neither of those versions of SharePoint expose the REST API in question.
AD = Authentication; SharePoint User = Authorization
Azure AD is a claim provider. A claim provider is used for authentication; when you log on to SharePoint, SharePoint relies on Active Directory to determine that you are who you say you are. A user's SharePoint account is used for authorization; the SharePoint account is granted access to content within SharePoint on a site by site basis.
Information in AD vs information in SharePoint
When using Azure AD for authentication, there are usually some areas of overlap between the data in SharePoint and the data in AD.
SharePoint's user profile service is usually set up to synchronize data from Active Directory to SharePoint, so that AD serves as the master data set for things like user display name and title. However, not all information is necessarily sync'd from AD to SharePoint, and additional information can be tacked on to SharePoint user profiles.
Group Membership in AD vs Group Membership in SharePoint
In Azure AD, a user can be a member of multiple groups. Groups can include both Active Directory groups (which can be nested) and Office 365 (SharePoint) groups (which cannot be nested).
A SharePoint user can only be a member of SharePoint groups, since SharePoint does not keep track of membership of Active Directory groups. That said, a user may have access to content in SharePoint indirectly due to an Active Directory group having been granted access.
AD User Scope vs SharePoint User Scope
Unless you're working directly with the user profile service, when you work with SharePoint users programmatically, they need to be retrieved from a specific site in SharePoint. This is because each site collection has its own set of groups which cannot be used on other site collections within the SharePoint farm, so group membership is tracked only on a site-by-site basis.
Note that this means that a user's lookup ID number (which is different from their login name) may vary between site collections. This also means that a user's collection of groups will vary depending on the site from which the user object was retrieved.
An Azure AD user has no such silos.
I was wondering if is it possible to retrieve Office 365 directory information (i.e. security group membership) from SharePoint online programmatically (for example through a workflow custom action)?
By the way, I am not looking for retrieving Sharepoint group membership information.
I know the custom development is pretty limited with SharePoint online since the code has to run as a sandbox solution. Is there any web service or any another solution available?
I have been looking for information about this matter but I could not find anything so I guess there is no way to do this.
In our case there is an active directory synchronized with office 365. So we will use a powershell script to read data from AD and update a sharepoint list every day.
Then we will be able to use this data from custom code (like a workflow custom action).
Is there a way of getting usage statisics across my whole Sharepoint 2007 portal?
I can get the figures at a site level by appending _layouts/SpUsageWeb.aspx
to the path, i.e. http://intranet/teams/hr/_layouts/SpUsageWeb.aspx for the HR page or http://intranet/_layouts/SpUsageWeb.aspx for the front page.
What I'm trying to do is see how many unique users access the portal (across all the sites it contains). Using the above method on each site and summing the total users for each doesn't take into account users who visit more than one site.
I've seen commercial tools that seem to do this but surely there has to be built in functionality that does this for a product as all-singing-and-dancing as Sharepoint?
The URL of the site collection statistics page is http://intranet/_layouts/SpUsageSite.aspx.
This functionality does not exist in SharePoint 2007. It was added to SharePoint 2010. You can now report on stats in central admin for web applications etc.
In MOSS 2007, I want to search/get Computer Names from Active Directory in SharePoint just like search users.
Assuming you want to retrieve these names programmatically:
As far as I know there is no SharePoint API to retrieve computer names from the AD.
Though there are methods on SPUtility to retrieve Users and Groups from the AD.
To query computer names you have to implement you own Ldap query:
Use the .Net types System.DirectoryServices.DirectoryEntry / System.DirectoryServices.DirecorySearcher to query against the AD.
If you were using .Net 3.5 you could use the types System.DirectoryServices.AccountManagement.ComputerPrincipal and System.DirectoryServices.AccountManagement.PrincipalSearcher to do so.