I am farm Admin of SharePoint 2010 environment. i am trying to delete some user profile from central admin but it is giving me "access denied" error.
This is what i am doing.
1. open central admin
2. go to application management then manage service application
3. select user profile service application. (note that i have given explicit permission to myself for this service by clicking 'administrators' and 'permissions' icon on the top of the page)
4. select Manage user profiles
4. search for specific profile and the delete. here i am getting access denied error.
can anyone tell me why i am getting access denied error.
Try to restart the User Profile Synchronization Service.
Or use PowerShell script to delete user profile.
$spSite=Get-SPSite "http://servername"
$ctx=[Microsoft.SharePoint.SPServiceContext]::GetContext($spSite)
$userName = "spUserToDelete";
$userProfileMgr = [Microsoft.Office.Server.UserProfiles.UserProfileManager, Microsoft.Office.Server.UserProfiles, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c]
$upm=New-Object $userProfileMgr($ctx)
$upm.RemoveUserProfile($userName)
Related
I am using SharePoint 2010 and AD as well.
I have added some users in AD and then I add them to Group called "TestingUsers" in AD, this is group has Group scope Global and Group type Security, in Sharepoint this group holds only "Read" permission,
But when i add user through AD and check permission in SharePoint it shows "None" instead of showing "Read" and
moreover this the same user can log into site with credentials as well
pls help me ....
http://blogs.technet.com/b/yashgoel-msft/archive/2012/04/13/check-permissions-showing-quot-none-quot-for-users-added-through-ad-groups-in-sharepoint-2010.aspx
When you try to do checkpermissions for a user added on the
site through AD group you get “none” even though group has permissions on the
site and user also doesn’t have any issue in logging into the site. It’s just
that the check permission doesn’t work for the group and the user.
Resolution:
Take a ULS while doing check permissions and if you see the
following entry
04/02/2012
17:27:49.89 w3wp.exe
(0x169C) 0x0974 SharePoint
Foundation General 7fdb Unexpected AuthZInitializeContextFromSid
failed! ddd8bfd7-3a2d-4b94-8249-0e22f057a52f
This comes if the farm account doesn’t have permissions to
read the TGGAU attribute of the group or the user ID. To resolve this login to
your Active Directory
AD users
and groups àview
à check advance features
Right click on the SP farm account à member of à add à windows authorization
access control à
click ok
I have a problem with the sharepoint server, I added 2 new domain users and they cannot access the sharepoint site ,they're getting the 'Access Denied' msg,although all users are given permissions to access the main website by default as soon as they're added to the domain
Any suggestions ?? or settings that i can check?
Thank you in advance
First of all, check that they have a clean IE cache, have restarted their browser etc.
Check that they don't have an incorrect stored user name and password against the site host name on their Windows profile.
Ensure that the permissions on the site in question haven't been amended without your knowledge.
Ensure that they are in the correct AD group (if necessary)
Have a look at the IIS logs and ensure that their credentials are being passed in. (Search for their username). If they are not, you'll need to ensure that the SharePoint site is in the correct zone on their browser to get credentials passed in. (Trusted sites?)
Have a look in the Windows Event Logs and ULS logs when they try to hit the site to see if anything unexpected is happening
Ensure that you don't have any Web Application policies set up (go to Central Admin -> Application Management --> Policy for web application) which would deny these specific users access.
Ensure that the user account directory path, and people picker settings for the site are not stopping them from getting access:
stsadm -o getsiteuseraccountdirectorypath -url <site url>
stsadm -o getproperty -pn peoplepicker-seachadcustomfilter -url <site url>
Sharepoint caches the domain user credentials, new users may not be available right away. Try checking the synchronization messages in "Central Administration" -> "Application Management" -> "Manage service applications" -> "User Profile service application" and maybe force a new synchronization.
You must set permissions for newly added domain user in sharepoint. Add it to a group that has permissions to read your root site. See permissions at url: http://server/_layouts/user.aspx
All,
I'm configuring Sharepoint to use forms authentication with LDAP/Active Directory. I'm new to Sharepoint, so if this is obvious, please point me in the right direction.
Whenever I attempt to log in with a bad account or password, I get the very friendly (and correct) error message,
The server could not sign you in. Make
sure your user name and password are
correct, and then try again.
... which implies that Sharepoint is able to communicate with AD. If I log in with a valid account, I get a page that says:
alt text http://img63.imageshack.us/img63/6053/sharepointerror.png
(I added the grey bar to cover up the login name)
Any suggestions? The account I'm logging in with is an administrator and has been granted full control in central administration.
Also, interesting note: If I click the "sign in as a different user" link, and attempt to sign in using with the same credentials I just used, the site just redirects back to the login page, with no error or status message. If I then manually enter the site url, it again shows the "Error: Access Denied" page. Argh.
Go to site action of the actual site and add user in the format of
:loginid
It should resolve and show it underlined then try login in back to application that should fix it.
Your AD connection is working fine just need to add to sharepoint users list
yourprovider:userid
Yourprovider name is the name you gave to the user provider in web config
And you can add this user from parent site that is windows protected and you have all
I suppose it's sharepoint site security issue.
I'm getting the same error when trying to enter Site Settings page with a user that has a lack of permissions.
If you have at least one user that can access the Site Settings page, I suggest you to go to Site Actions/Site Settings/Users and Permissions/People and grops then click New button and add a user from AD to an appropriate group, eg. Team Site Members.
You have made connection with Ad and its working fine. So that you got error, when you try to login with invalid user id.
But you have missed one step in above scenario.
You need to give the permission for all AD users in your SharePoint site. The better way is to create a user group in AD (it may already there) which included all the users and add this user group in your SharePoint site with read permission.
I have acustom sharepoint page.
on my machine I can debug the code normaly by attaching to the w3p process when I'm logged in as the administrator user.
when I log in with another user and try to debug I always get access denied page in the sharepoint and the dubug exists.
is there a way to debug the code while logged in with another user
thanks
Currently, you are trying to attach to sharepoint's processes which run under some specific account, using a non-admin account. You simply don't have enough privileges to do that.
I'd suggest that you keep logged in as administrator and consider the two choices:
run Internet Explorer through runas command under the desired user account:
C:\Windows\System32\runas.exe /user:contoso\sampleuser /savecred "c:\program files\internet explorer\iexplore.exe"
open Internet Explorer as administrator and use the SharePoint's "sign in as different user" feature.
Im trying to run a command on the AddUserToGroup method via webservices (UserGroup.asmx).
I set up the code as follows.
//set up the user group
userGroup = new UserGroup.UserGroup();
userGroup.Url = vtiBin + "/UserGroup.asmx";
userGroup.Credentials = CredentialCache.DefaultCredentials;
So I have my credentials being passed to the webserive. Now I run the following
userGroup.AddUserToGroup("System Group", preferedName, userLogin, email, "");
this throws an exception, my account does not have permission. however if I run this code under a different user with GOD access it works
What is the minimum required permission??
I have given my account
Full Access to the User Information List (on the sharepoint site)
Manage Analytics, Manage Audiences, Manage User Profiles, Personal Features, Personal Site, Set Permissions (sharedServices Admin, Personalization services permissions )
Couldn't this also have more to do with the permission to manage the group rather than permission to use the web service? I know I've run into similar situations via the UI before, and it turned out that I didn't have permissions to edit the group's membership. I believe there are a few situations in which you have permission to edit a group's membership:
You are the creator of the group
The creator of the group (or a site collection administrator) designated you as an owner of the group
The group was configured to allow all group members to edit its membership, and you are a member of the group
You are a site collection administrator
Is it possible that none of those conditions fit for you?
There is a permission in SharePoint to allow for web service calls. It's called "Use Remote Interfaces". Your user should have this permission to make changes via web services.