check permissions showing "none" for users added through AD groups in SharePoint 2010

check permissions showing "none" for users added through AD groups in SharePoint 2010

  • Comments 2
  • Likes

Issue:

When you try to do checkpermissions for a user added on the
site through AD group you get “none” even though group has permissions on the
site and user also doesn’t have any issue in logging into the site. It’s just
that the check permission doesn’t work for the group and the user.

 

Resolution:

Take a ULS while doing check permissions and if you see the
following entry

04/02/2012
17:27:49.89        w3wp.exe
(0x169C)        0x0974        SharePoint
Foundation        General        7fdb        Unexpected        AuthZInitializeContextFromSid
failed!        ddd8bfd7-3a2d-4b94-8249-0e22f057a52f

 

This comes if the farm account doesn’t have permissions to
read the TGGAU attribute of the group or the user ID. To resolve this login to
your Active Directory


  1. AD  users
    and groups àview
    à check advance features

  2. Right click on the SP farm account à member of à add à windows authorization
    access control à
    click ok




  
  
   
  And that should be it J.

For details about the TGGAU attribute refer http://support.microsoft.com/kb/331951

Comments
  • Are there any other prerequisites? I've added my farm and app pool account to this AD group but I still cannot check permissions on individual users.

  • thank you

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment