In previous blog, I have provide a workaround to to delete users from Contributors group with error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed”. You may have a question why this happened in the first place and how we could prevent it.
First, I would like to emphasize Kerberos is enabled on our SharePoint server. This might be a key contributor to the issue as I will illustrate in this blog. If you have claim based or ADFS based authentication, you might have the similar issue.
Scond, you could check previous blog to understand the issue - try to delete “All users (window)” to Contributors group, we are getting the following error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed.” and user could not be deleted. The key looks here is we could not delete ONLY AD groups not individual users while you have Kerberos enabled!
Third, you could use the following steps to reproduce the issue.
1. Create a managed metadata column on any list on the site collection
2. Site Actions -> Set Settings -> Term Store Management -> Click the site collection term store “Site Collection – sbx01-site-Harry”
3. Type any AD group like ”ems.sp.team” to Contributor group and click “Check names”
4. Try to delete the group ”ems.sp.team” and get error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed.”
Fourth, you could verify the table ECMPermission and the PrincipalName is like window claim based format group SID format “c:0+.w|s-1-5-21-945540591-4024260831-3861152641-326370” for group “NA\ems.sp.team”.
Since we had similar issue when we implemented the ADFS with SharePoint. We believe the issue is when we try to delete the group and passing the group name, it may not find the correct group since the group name could not be converted to compare with SID. This is another reason we should not implement ADFS for SharePoint at this time.
Another interesting thing is we were able to delete the group sometime but not constantly. We will follow up with Microsoft to verify whether there is any solution.
Today on 1/24/2012, we received notification from Microsoft that this has been confirmed as bug and targeted to be foxed in April 2010 CU.
Please refer to other blog on managed metadata service.
Utilize the Managed Metadata Service application tip #7 – How to read managed metadata column relationship
Today on 1/24/2012, we received notification from Microsoft that this has been confirmed as bug and targeted to be foxed in April 2010 CU.
Please refer to other blog on managed metadata service.
A very helpful article.
ReplyDeleteAngela