Just wondering if anyone can help me with a problem i am having.
in work we have office 365 synced with Active directory and i want to know if i could do the following.
we have a employee details list on sharepoint which holds all an employees contact number including the following; work numner, home number and mobile. we use this list to update an employees details, so for example if an employee gets a new number we would update the employee details list on sharepoint. can i sync this list with AD directory so that when i update an employees details on the sharepoint list the changes are also made to active directory ? any guidance on this would be much appreciated
This issue cannot be solved using SharePoint out-of-box features, so I advise you try the third-part tool, such as AD Information Sync.
This tool can sync the user, contact or computer information from AD to SharePoint list, also can update the changes between AD and list.
Related
We just created a rather complex power app which will be used by numerous users (in the company). Although there will be a small team who will handle over viewing the inputs from these users.
The goal is to restrict the users to go into the sharepoint site and delete or edit any records which them or others created. We cannot use any other datasource only sp lists.
I tried creating permissions for specific groups but they don't seem to be working properly.
thank you for your help in advance
Take a look at item level permission on SharePoint, I believe this is what you need
In addition Take a look here as well.
Follow below process:
Create two groups in SharePoint site - Admins and Normal users
On item creation in SharePoint list, run a Power automate flow which will grant Full control access to Admins and only Read permissions to normal users (or just the user who created list item - as per your requirements).
Follow below article for setting permissions for individual list items using power automate: Set Item Level Permission in SharePoint List using Power Automate
Is it possible, in SharePoint 2010 Foundation to find out when a user was added to a particular user group? I have full admin privileges as a site owner. I can find this information out through Audit Log reports but unfortunately I did not turn these on from day one so am looking for another method. I assume that SharePoint must be storing this information somewhere.
You can achieve this using Powershell, use the repadmin command. Like below
repadmin /showobjmeta dc1 'CN=Domain Admins,CN=Users,DC=rivendell,DC=com'
For more detail check this post
Several fields in MOSS profiles are mapped to fields in active directory and we have given the user the ability to modify these.
But when the incremental profile import runs it overwrites these with the old values from active directory.
How do we make it so that AD is updated with the new values from the profile?
Thanks for any suggestions.
From http://blog.seancleaver.com/sean_cleaver/2008/07/sync-ad-users-to-sharepoint---2-way.html
So some of you have requested support to provide 2-Way Synchronization of AD Users between a SharePoint List and Active Directory. The good news is that the AD Provider for Data Synchronization Studio now supports this.
So you can effectively publish your AD Users to an Intranet Site to create a "Staff List" or "Telephone List" and then from this you can now allow your staff to update the personal information stored in the AD themselves by just simply editing the records in SharePoint. Then when the Synchronization occurs all changes are applied to the AD. There are a few limitations you can't create new AD Users this way and you can't delete users from the AD and certain properties are not updateable such as Member-Of etc.
We've given up on an easy way to do this and are writing a scheduled task that gets the recent change info from the users profile and updates AD from that.
Will try to post code once I've got something working.
Hi guys i am new to sharepoint . Actually we are using WSS not the MOSS 2007. we don't have shared service provider installed and no user profile service web service installed.Now I need to populate the active directory data to sharepoint list and after that I have to sync both Active directory and sharepoint list.which means the changes happened to Active directory data it must reflect in sharepoint list also.
What we are doing is extracting active directory data to SQL Server database and populating sharepoint list from SQL server database. I need a solution to populate sharepoint list from SQL Server database and sharepoint list must synchronize with SQL Server database table or stored procedure all the time automatically.
Can anyone suggest me the best solution to solve both importing the active directory data and sync the active directory and sharepoint list.
If anyone of you provide the sample source code that will be helpful.
I just want to clarify a bit first. Not sure if you're looking to configure sync for proper user profiles (which mundeep's answer solves nicely) or a generic SP list.
If you're looking to:
AD <-> SharePoint list
It's probably easier to break this problem down into two parts:
AD -> SP list
and:
SP list -> AD
For AD -> SP list
Microsoft provides some guidance on monitoring the AD for changes. Unfortunately, neither of these methods is a specific event message system (if anyone knows of one, please chime in!) both are essentially polling.
I would create a Windows service to handle this part of the solution.
The service would (in pseudo-code):
look for records that have changed
for each record that has changed:
get the matching SP item from the SP list (probably based on username)
update/add/remove the properties of the SP item
save the SP item
For SP list -> AD
I would create a custom event handler and attach it to the SP list.
Again in pseudo-code:
On SP item delete:
remove the matching AD record (if that's the behaviour you want)
On SP item create:
create a new AD record
On SP item update:
find the matching record in the AD
update the changed properties (which are flagged in the SP event handler)
The SP side of things is a little more elegant because events are raised only when something happens. This is definitely more efficient than polling.
What I'm suggesting has the added benefit of removing SQL (explicitly) from the solution. You can use the ADSI interface in the .NET framework to handle the AD update code. It's in the System.DirectoryServices assembly.
The AD polling service could use the SP object model if it's installed on the WSS box or the web services if it's on another system.
Again, if you're just looking to use the actual WSS/SP user profiles, use mundeep's solution.
1) Have you look into the User Information Lists & User Profiles? Sahil Malik has a very good overview of 'All you ever wanted to know about user profiles'. Keep in mind that because you are using WSS you don't have SSP Admin.
2) If you read the above article you will he mentions "How can profile information be kept up to date, if in case I am not using MOSS (and have no SSP)?" and his answer is an import/export utiltiy, the codebase of which (or even the utility itself) should give you a good start on what you want to do.
3) Also mentioned in the above article is a good diagram on how user information flows.
I have to import a lot of old data into SharePoint. In this data, I need to create a lot of users who are no longer in AD. Does anyone have any idea how to do that?
Cheers
The options I can come up with:
Recreate the users in Active Directory and disable the accounts
Attribute the files to a generic account
Tie into a SQL database for user accounts in addition to Active Directory
On a sidenote, I've seen it to be a best practice to never delete users from Active Directory due to issues like these. Instead, just disable the accounts and move them to an out of the way OU.
I don't think this is possible as you are really trying to create orphaned users. Better just revert these users to the System Account - that is what I did when I last migrated a SharePoint 2003 farm to MOSS 2007.
You can use CSVDE to import a comma separated file, or dsadd command to add each user. See this link for details.