MOSS 2007 and User Memberships
A new and often misunderstood feature of Microsoft Office SharePoint Server ("MOSS") 2007 is the concept of user memberships. The user membership information is rendered through a few different surfaces within the SharePoint environment.
The following is a list of places the membership information is used and surfaced:
1. Users My Site
2. Top Navigation Bar via the My Links / My SharePoint Sites
3. Office 2007 Client applications via the Open / Save dialog box
The membership feature was added to MOSS to make it easier for users to find the sites they work on often. Once it is implemented and setup correctly, this feature works extremely well.
Membership Functionality Requirements
In order for the MOSS membership functionality to be active and working you need to insure you have the following things in place:
- An established Shared Service Provider ("SSP") with all your web applications associated to it.
- My Sites need to be enabled and each individual needs to set it as their default by clicking the "Set as default My Site" in the top right corner of My Site screen.
- A full Office Search crawl schedule (this is the process that actually updates the membership information).
- The users need to added to the group that is associated with the Members of this Site group setting. The group that is assigned to this setting can be determined by navigating to the site, clicking Site Actions / Site Settings / People and Group / Actions / Setup Groups.
Please note that simply just adding someone to the site will not work with the membership functionality; they need to be explicitly added to the group associated with the Members of this Site group setting.
During my adventures with trying to understand this membership feature I discovered a SQL query that you can run which will output all the site membership information for a specified user.
Simply connect to your SQL server and the database associated with your SSP and execute this query:
declare @RecordId int
select @RecordId = RecordId
from dbo.UserProfile_Full
where PreferredName = ‘<<insert preferred name here>>’
exec dbo.QuickLinksRetrieveAllItems @RecordId,@ViewerItemSecurity=31,@RequestedItemSecurity=16
I hope this helps.
Comments
Pingback from Finding My Links in the Database « Paul Liebrand’s Weblog
Time November 29, 2007 at 3:11 am
[...] My Links in the Database I wrote a post a few months back that explained how to find out the membership information for a specific user (My [...]
Pingback from SharePoint Security / Permission Levels « Paul Liebrand’s Weblog
Time December 6, 2007 at 6:29 pm
[...] Office 2007 and My SharePoint SitesMOSS 2007 and User Memberships [...]
Pingback from My SharePoint Sites and Authentication Popup « Paul Liebrand’s Weblog
Time February 27, 2008 at 5:21 pm
[...] a previous blog post, MOSS 2007 and User Memberships, I explain how the My SharePoint Site gets populated. The check only occurs once a day, [...]
Pingback from Managing and Viewing a Specific User’s Memberships in SharePoint
Time March 13, 2008 at 11:50 am
[...] some searching, I could find only a few references to listing users memberships. The initial solution (scroll to end of post) was to run a SQL query directly from the [...]
Comment from Catherine
Time April 15, 2008 at 9:51 am
Best information I could find on my site memberships/my sharepoint sites…good posting.
Comment from Adrian DeFazio
Time July 8, 2008 at 8:12 am
We have our users organized into Active Directory groups. Those AD groups are then associated with a particular SharePoint group. If I want a user to save documents through his/her My SharePoint Sites, will I then have to add each individual user to the SharePoint group associated with Members of this site group setting? That pretty much tells me I have to manage users at the SharePoint level, not AD like I was hoping. Is that correct?
Comment from liebrand
Time July 8, 2008 at 1:48 pm
You are correct. Although dropping an AD group into the associated SharePoint members group will give everyone access to that site. The SharePoint membership functionality does not look in the AD group to determine who is a member of it.
So if you want to make use of the My SharePoint Site feature, you really have two options. 1) You have to explicitly add the users to the members group in SharePoint, or 2) Use the published links feature of the SSP (not dynamic but can be used publish important links to the Office clients).
Comment from Adrian DeFazio
Time July 9, 2008 at 7:08 am
Thanks for the tips. THis may seem like a silly question, but on in a users mysite, their isn’t an option for them to “set as default my site”. Do you know how this is controlled? I think this is the reason why our users aren’t seeing their My SharePoint Site in Office Client Applications.
Comment from liebrand
Time July 9, 2008 at 9:00 am
The “Set As Default My Site” is normally located in the top right corner of the screen right below the “Site Actions” button.
Generally this link will disappear if the PersonalSiteUrl registry key has a value in the following location:
HKCU\Software\Microsoft\Office\12.0\Common\Portal
(or if the Active Directory Web Site property is set to the URL of your My Site.)
If the value listed here does not match that of your actual “My Site” it will show the “Set as Default My Site” option again.
This functionality is controlled via an ActiveX control, so make sure the URL of the My Sites has been specificed in the Trusted Sites zone of Internet Explorer.
When clicking the “Set as Default My Site” option the following things occur:
- The Active Directory property Web Site gets set for the user
- The HKCU\Software\Microsoft\Office\12.0\Common\Open Find\Places\UserDefinedPlaces\PersonalSite
- The HKCU\Software\Microsoft\Office\12.0\Common\Portal gets a PersonalSiteURL value set
If you clear all these things and then visit your My Site again you should get prompted with a dialog box to set it as your default My Site.
Probably the easiest thing to do is to simply change the value under the registry key ..\Common\Portal for the value PersonalSiteURL to something else. This will cause SharePoint to display the Set as Default My Site link again.
Comment from Adrian DeFazio
Time July 10, 2008 at 6:03 am
O.K. that was a big help. Our My sites are actually on a different web application, so I made the URL of the My Sites a Trusted Site zone on Internet Explorer and the “Set as Default My Site” Link is now available.
It doesn’t seem to be updating properly because the link “Set as Default My Site” is still visisble. I’ve checked the registry settings and they are in place. Anyway I can verify the Active Directory property Web Site?
It only seems to be returning the “My Site” link for My SharePoint Sites under client office applications. I know the search processed successfully last night, so is it related to “My Sites” being on a different web application then my intranet?
Comment from liebrand
Time July 10, 2008 at 7:18 am
I have my “My Sites” on a different web application so that is definitely not the problem. The only way to verify the Active Directory property is to go into the Manage Users of the domain, look up your account, and then look in the Web site field.
Do you have a search schedule created for full and incremental?
Comment from Adrian DeFazio
Time July 10, 2008 at 9:06 am
I looked in AD, and it doesn’t seem like that property is being set.
yeah the full search schedule is every night at 12:00. The incremental runs every 5 minutes
Comment from liebrand
Time July 10, 2008 at 8:06 pm
Adrian,
I am not sure why the Active Directory properties are not being updated. It appears to be a permission issue or something like that. I have not experienced that problem yet.
Have you attempted to run the membership query listed at this post http://liebrand.wordpress.com/2007/11/29/moss-2007-and-user-memberships/ against your account name to see if it returns any results?
Comment from Adrian DeFazio
Time July 11, 2008 at 4:44 am
Paul,
It looks like the My SharePoint Sites is populating with the correct sites now. Is it the full crawl schedule on the “My Sites” Web appliction that populates the My SharePoint Sites in office client applications?
Comment from liebrand
Time July 11, 2008 at 7:32 am
Adrian,
The incremental crawl will pick up your membership information once you have been added, so every 5 minutes in your case. However, the Office Client propagation of this information happens once every 24 hours (unless you blow away the registry key listed in post http://liebrand.wordpress.com/2007/11/29/office-2007-and-my-sharepoint-sites/).
Comment from Mike
Time July 31, 2008 at 10:43 am
have you found a way to create webpart or modify out of the box webpart so it picks up ALL your memberships (where you are owner, visitor, or have custom permissions), not JUST the ones where you’re a member? We are looking to implement this type of functionality.
Comment from Jason Graves
Time January 6, 2009 at 3:51 pm
Per KB 841057, modification of this stored procedure will put your installation in an unsupported state-which means you will need to restore to a date prior to running this stored proc before receiving Microsoft support.
You can take a look here if you would like:
http://support.microsoft.com/kb/841057
Might be worth mentioning in your blog that you “discovered” this in the stored procedures included with SharePoint.
Pingback from SharePoint / Office 2007 and random authentication pop up’s with “My SharePoint Sites” (Memberships) « Paul Liebrand’s Weblog
Time January 25, 2009 at 1:18 pm
[...] http://liebrand.wordpress.com/2007/11/29/moss-2007-and-user-memberships/ [...]
Pingback from links for 2009-05-27 « Jet Grrl
Time May 27, 2009 at 6:02 pm
[...] MOSS 2007 and User Memberships « Paul Liebrand’s Weblog (tags: SharePoint) [...]
Comment from Brad
Time January 15, 2010 at 2:43 pm
I realize this has been here for a long time now, but I just wanted you to know you cut off the end of the stored procedure call when you moved from your other blog to here.
However, the information is very helpful! Thanks!
Comment from Paul Liebrand
Time January 15, 2010 at 3:04 pm
Thank you for bringing this to my attention. It actually was not cut off it was just the way the margins worked on the blog. I changed it around a little to make it all fight.
Thanks again!
Comment from Abhishek Saigal
Time August 5, 2010 at 1:06 am
Boss,
Your statement
3.A full Office Search crawl schedule (this is the process that actually updates the membership information).
IS WRONG!
Full crawl has nothing to do with it. The distrubution list update depends on “Membership & BDC Import Status” under SSP > User profile and properties. The DL gets added to Membergroup table in the SSP db once discovered in AD.
The second part is the most misunderstood one. It happens when the content dbs take part in syncronication with the SSP profile info. Its actually two way. 1. User info is pushed to site collections and sharepoint groups /DL membership is pulled from the site collections and membergroup table is updated.
just to prove this try this out
stsadm -o deleteoldatabases 0
Go to your mysite and you will see that Memberships for sharepoint sites is gone
Now either wait for 1 hour for the sync to happen automatically or schedule it for the next minute by running
stsadm -o sync -synctiming m:1
wait for about a minute and rerun listolddatabases 0 to see if you can see the GUIDS of currently syncronized dbs. once done execute stsadm -o -synctiming h:1 to set it to defaults
Now go back to your users mysite and the info should be back.
Comment from Paul Liebrand
Time August 5, 2010 at 3:28 pm
Abhiskek,
You are absolutely correct. At the time when I wrong this article I believed it was dependent on the crawl but it is just dependent on the Office Search Service being configured correctly.
If you stop the Office Search Service and attempt to do what you outlined above, you will notice nothing works.
Thank you for the clarification.
Paul Liebrand
Comment from Abhishek Saigal
Time August 30, 2010 at 10:17 pm
Hello Paul,
Search Service is used for profile import but not for profile sync. OWSTIMER kicks synctiming & sweeptiming.
But I’ll check and let you know.