본문 바로가기

IT 관련 이야기/SharePoint

How to use Active Directory Security Groups within SharePoint Audiences


How to use Active Directory Security Groups within SharePoint Audiences

SharePoint comes with this wonderful concept called Audience. The purpose of audiences is to target information to users with the same attribute. These attributes could be an expertise, a hobby, a subscription, a location or something else. During the creation of an Audience you select one or more attributes. The Audience can be used target information only to those users who are interested in this data. Audiences can be use hide or view Web Parts and they can be used to hide or view items in a list. 

By default you can create Audiences bases on user properties derived from Active Directory. Unfortunately it is not possible to use Active Directory security groups. This is because SharePoint does not import these groups, SharePoint only imports user and their properties. Luckily this default behavior can be changed. but before we go into detail we will discuss some important facts:

1. SharePoint does an Active Directory import periodically, i.e. once a day.

2. SharePoint uses this copy to create Audiences, there is no live reading in Active Directory.

3. Audiences need to ‘refresh’ after an import, this is not done automatically.

There are two essential steps to achieve is you want to use Active Directory security groups to create an Audience. The first one is to let SharePoint import users and groups from Active Directory. The second one is to create the Audience.

The first step, import all users and groups into SharePoint:

We need to go to Central Administration > Shared Services > User profiles and properties > Configure Profile Import

Active Directory Security Groups koppelen aan SharePoint Audiences

You will see that the default setting is Current Domain, which means all users from the domain. Since we want to import the users and groups we go for Custom Source. Then Click OK

Now we see import connection, the connection which ‘reads’ from Active Directory. Here we have the possibility to create extra connections to other databases or to change the behavior of this connection. We choose the last option.

Active Directory Security Groups koppelen aan SharePoint Audiences

 

On the next page we find query that is responsible for the import. This is what we need to edit.

Active Directory Security Groups koppelen aan SharePoint Audiences

But before we should see what this query actually retrieves. This can be seen from a command boc by typing the following on a domain controller:

dsquery * -filter "(&(objectCategory=Person)(objectClass=user))"

This should give you a list with all users in Active Directory. A similar query will give us al the groups:

dsquery * -filter "(&(objectCategory=Group)(objectClass=Group))"

When we combine both queries we will get both users and groups:

dsquery * -filter "(|(&(objectCategory=Person)(objectClass=user))(&(objectCategory=Group)(objectClass=Group)))"

This is the query we need! So you should copy/paste this query into the User Filter edit box in SharePoint.

Active Directory Security Groups koppelen aan SharePoint Audiences

After editing this filter we need to do a re-import from Active Directory. To do this we go back to User Profiles and Properties and we click Start Full Import. An incremental import is not sufficient because that does not re-read the new filter settings.

The second step, create the Audience:
Now we have all users and groups in place we can start creating our Audience.  Audiences are created via Central Administration. Please go to Shared Services Administration > Manage Audiences and click Create Audience.

Active Directory Security Groups koppelen aan SharePoint Audiences

Now we go for “User is a Member Of SomeGroupInActiveDirectory

Active Directory Security Groups koppelen aan SharePoint Audiences

When an existing group is given press check names. You will notice that the is recognized, this wouldn’t have happened if didn’t follow step 1. After creating the Audience you should select Compile Audience. Please do not forget this last step, audiences are not automatically filled after creation. This new Audience  can now be used to target specific information to your Audience. Here is one of the many examples:

Active Directory Security Groups koppelen aan SharePoint Audiences