Users Site SSP and AD

Sharepoint Site, SSP Profile and Active Directory Users

This post was derived from an email response to a question about how I think things work with respect to users ("people") and Active Directory, SharePoint, our Lotus Notes email, etc. Specifically, there is detail about users who do not yet exist in a site directory. It is based on research, testing and our experiences. In our environment we create profiles for everyone in our Active Directory domain and add email addresses, names and a little organizational information from another SQL database.

When you create an alert (or use other people lookups), you can pick anybody from the Active Directory domain. In any of the SharePoint look-ups you are selecting these from a listing that is BOTH active directory and SharePoint groups, if groups are shown. In our environment, any of those users should have a profile in SharePoint (even the temporary accounts are imported, but many of those do not have email addresses) - the profiles are created and updated by two processes we run daily.

In practice it would be invalid to pick someone to whom you have not granted access to the site. Although the alert setting would be created, nothing would ever be sent to a user that has no rights to a site except for a notice that the alert was created.

People (site collection users) and profiles are not the same thing, but there is synchronization. If you add a user to a site and they were not previously in the site collection, they get added to people on that site collection and I'm not sure when their email address is looked up from the profiles (I think it depends - immediate if you send them a welcome email, and slightly delayed if you don't).

If you try to set up an alert for someone who has not been previously added to a site collection (or for any other reason does not have an email address - like most administrator accounts, many temporary accounts, etc.) you will get the message (trapped error):

The following users do not have e-mail addresses specified: Username, David. Alerts have been created successfully but these users will not receive e-mail notifications until valid e-mail addresses have been provided

Set my e-mail address…
Troubleshoot issues with Windows SharePoint Services.

Where "Username, David" was my demo user. The "set my email address" won't work for non-administrators and the "troubleshooting" won't be much help, but the main part of the message is correct - the alert is created. If the user has a profile with an email address, the system will set it up in the background and the user WILL get alerts IF there is anything they can access (but clearly the user still needs access to the site). If you had previously added the user to your site, you don't see this message after the email address has been synced.

I thought about prepopulating users in a members list, but I don't think this will be necessary unless we get a lot of site administrators having this problem. Only a someone with "manage alerts" permissions - a site owner - could ever have this problem. If we start seeing this we can look into a having prepopulated "members" list.

Further, it is good to note that there is a timer job to keep the site collection up to date with the profile.

I know this wasn't the best written post, and it may not have wide generic applications. You have to keep in mind that we do not use Exchange, so our Active Directory is pretty weak - it does not even have email addresses, we have to go get those from another database. Another interesting topic to consider would be alternatives to profile creation in advance, and a more standard view of how all this should work (with Exchange and a better AD).

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License