Friday, September 23, 2011

Utilize the Managed Metadata Service application tip #5 – Be aware of "Deletion of this user as a contributor failed" error on AD groups for local term store


In previous blog, I have provide a workaround to to delete users from Contributors group with error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed”. You may have a question why this happened in the first place and how we could prevent it.

First, I would like to emphasize Kerberos is enabled on our SharePoint server. This might be a key contributor to the issue as I will illustrate in this blog. If you have claim based or ADFS based authentication, you might have the similar issue.

Scond, you could check previous blog to understand the issue - try to delete “All users (window)” to Contributors group, we are getting the following error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed.” and user could not be deleted. The key looks here is we could not delete ONLY AD groups not individual users while you have Kerberos enabled!

Third, you could use the following steps to reproduce the issue.
1.       Create a managed metadata column on any list on the site collection
2.       Site Actions -> Set Settings -> Term Store Management -> Click the site collection term store “Site Collection – sbx01-site-Harry
3.       Type any AD group like ”ems.sp.team” to Contributor group and click “Check names” 

4.       Try to delete the group ”ems.sp.team” and get error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed.”


Fourth, you could verify the table ECMPermission and the PrincipalName is like window claim based format  group SID format “c:0+.w|s-1-5-21-945540591-4024260831-3861152641-326370” for group “NA\ems.sp.team”.


Since we had similar issue when we implemented the ADFS with SharePoint. We believe the issue is when we try to delete the group and passing the group name, it may not find the correct group since the group name could not be converted to compare with SID. This is another reason we should not implement ADFS for SharePoint at this time.
Another interesting thing is we were able to delete the group sometime but not constantly. We will follow up with Microsoft to verify whether there is any solution.

Today on 1/24/2012, we received notification from Microsoft that this has been confirmed as bug and targeted to be foxed in April 2010 CU.

Please refer to other blog on managed metadata service.

Utilize the Managed Metadata Service application tip #1 - How to resolve "The required feature is not enabled for this column type" error 

Utilize the Managed Metadata Service application tip #2 - Metadata column not visible for users other than site collection administrators

Utilize the Managed Metadata Service application tip #3 – Impact of message “Earlier versions of client programs might not support this type of column” on Document Library

Utilize the Managed Metadata Service application tip #4 – How to workaround "Deletion of this user as a contributor failed" for local term store 

Utilize the Managed Metadata Service application tip #5 – Be aware of "Deletion of this user as a contributor failed" error on AD groups for local term store

Utilize the Managed Metadata Service application tip #6 – How to fix "The default termstore for this site cannot be identified " error

Utilize the Managed Metadata Service application tip #7 – How to read managed metadata column relationship 

Utilize the Managed Metadata Service application tip #8 - How to resolve error "This operation cannot be completed. The term store may be unavailable."




1 comment: