Wednesday, April 25, 2018

Get Users from AD Group added in SharePoint Group

Requirement - I want to get all members which are there in AD group (added in SP group).

In SharePoint If you add AD group then SharePoint will consider AD group as a single user instead of group. So you will not able to get users directly from AD group after adding in SharePoint groups.


Option 1: Use group membership visibility as a workaround
One potential work around is to exploit a combination of two properties that you can access on groups via the JavaScript client object model: OnlyAllowMembersViewMemberhip and CanCurrentUserViewMembership.
If the current user can view group membership for a group that is only set to allow group members to do so, we can assume the user is a group member.

var clientContext = new SP.ClientContext();
var groupId = 5; // the group membership ID for the group you want to check
var group = clientContext.get_web().get_siteGroups().getById(groupId);
clientContext.load(group,"CanCurrentUserViewMembership");
clientContext.load(group,"OnlyAllowMembersViewMembership");
clientContext.executeQueryAsync(
    function(sender,args){
        var isMemberOfGroup = group.get_canCurrentUserViewMembership() && group.get_onlyAllowMembersViewMembership();
        if(isMemberOfGroup){
            doSomething();
        }
    },
    function(sender,args){"Whoops! "+alert(args.get_message());}
);
This approach will only work if you've set the groups to only be visible to members, and it'll always return a false positive if you have elevated access, such as if you're a site collection administrator or the group owner.
Edit: How to Iterate Through All Site Groups
If you want to apply the same logic as above to check the current user's membership in all groups on the site (instead of specifying a group by its ID), you can use the modified JavaScript code below.
var clientContext = new SP.ClientContext();
var groups = clientContext.get_web().get_siteGroups()
clientContext.load(groups,"Include(CanCurrentUserViewMembership,OnlyAllowMembersViewMembership,Title)");
clientContext.executeQueryAsync(
function(sender,args){
    var groupIterator = groups.getEnumerator();
    var myGroups = [];
    while(groupIterator.moveNext()){
        var current = groupIterator.get_current();
        var isMemberOfGroup = current.get_canCurrentUserViewMembership() && current.get_onlyAllowMembersViewMembership();
        if(isMemberOfGroup){
            myGroups.push(current.get_title()); // this example adds group titles to an array
        }
    }
    alert(myGroups); // show the array
},function(sender,args){"Whoops! "+alert(args.get_message());});
Option 2: Use Audience Targeting as a workaround
Of course, as I mentioned in a comment, for your requirements you may not even need programmatic access to the group membership. You could just set audience targeting on the web parts that you want to be visible only to certain groups; audience targeting should respect AD group membership.

Option 3 : Using REST API 

function spjs_isCurrentUserInGroup(groupIdOrName){
var endpoint;
if(typeof groupIdOrName === "string"){
endpoint = _spPageContextInfo.webAbsoluteUrl+"/_api/web/sitegroups/getbyname('"+groupIdOrName+"')/CanCurrentUserViewMembership" 
 }else{
 endpoint = _spPageContextInfo.webAbsoluteUrl+"/_api/web/sitegroups("+groupIdOrName+")/CanCurrentUserViewMembership" 
 }
 return jQuery.ajax({ 
 "url":endpoint,
 "type":"GET", 
 "contentType":"application/json;odata=verbose",
 "headers":{ 
 "Accept": "application/json;odata=verbose"
 }
 });
}

function checkADGroupMembership(){
 spjs_isCurrentUserInGroup(18).success(
 function(data){
 if(data.d.CanCurrentUserViewMembership){
 setTimeout(function(){
 spjs.dffs.triggerRule(["isInADGroup"]);
 },10);
 }
 }
 );
}

1 comment:

  1. I tried Option-3 but didn't work. As the AD Group added as a User instead of group, I don't how the rest API call '_api/web/sitegroups' works?

    ReplyDelete

Clearing Person/Group Values

To clear out or empty the values in person or group columns, how you do it depends on if the column is single-value or multi-value. For ...