Friday, September 23, 2011

Utilize the Managed Metadata Service application tip #5 – Be aware of "Deletion of this user as a contributor failed" error on AD groups for local term store


In previous blog, I have provide a workaround to to delete users from Contributors group with error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed”. You may have a question why this happened in the first place and how we could prevent it.

First, I would like to emphasize Kerberos is enabled on our SharePoint server. This might be a key contributor to the issue as I will illustrate in this blog. If you have claim based or ADFS based authentication, you might have the similar issue.

Scond, you could check previous blog to understand the issue - try to delete “All users (window)” to Contributors group, we are getting the following error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed.” and user could not be deleted. The key looks here is we could not delete ONLY AD groups not individual users while you have Kerberos enabled!

Third, you could use the following steps to reproduce the issue.
1.       Create a managed metadata column on any list on the site collection
2.       Site Actions -> Set Settings -> Term Store Management -> Click the site collection term store “Site Collection – sbx01-site-Harry
3.       Type any AD group like ”ems.sp.team” to Contributor group and click “Check names” 

4.       Try to delete the group ”ems.sp.team” and get error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed.”


Fourth, you could verify the table ECMPermission and the PrincipalName is like window claim based format  group SID format “c:0+.w|s-1-5-21-945540591-4024260831-3861152641-326370” for group “NA\ems.sp.team”.


Since we had similar issue when we implemented the ADFS with SharePoint. We believe the issue is when we try to delete the group and passing the group name, it may not find the correct group since the group name could not be converted to compare with SID. This is another reason we should not implement ADFS for SharePoint at this time.
Another interesting thing is we were able to delete the group sometime but not constantly. We will follow up with Microsoft to verify whether there is any solution.

Today on 1/24/2012, we received notification from Microsoft that this has been confirmed as bug and targeted to be foxed in April 2010 CU.

Please refer to other blog on managed metadata service.

Utilize the Managed Metadata Service application tip #1 - How to resolve "The required feature is not enabled for this column type" error 

Utilize the Managed Metadata Service application tip #2 - Metadata column not visible for users other than site collection administrators

Utilize the Managed Metadata Service application tip #3 – Impact of message “Earlier versions of client programs might not support this type of column” on Document Library

Utilize the Managed Metadata Service application tip #4 – How to workaround "Deletion of this user as a contributor failed" for local term store 

Utilize the Managed Metadata Service application tip #5 – Be aware of "Deletion of this user as a contributor failed" error on AD groups for local term store

Utilize the Managed Metadata Service application tip #6 – How to fix "The default termstore for this site cannot be identified " error

Utilize the Managed Metadata Service application tip #7 – How to read managed metadata column relationship 

Utilize the Managed Metadata Service application tip #8 - How to resolve error "This operation cannot be completed. The term store may be unavailable."




Utilize the Managed Metadata Service application tip #4 – How to workaround "Deletion of this user as a contributor failed" for local term store

If you are using SharePoint 2010 managed matadata already, you may aware of global matadata termset and site collection local matadata termset.

There are lots of tricks and tips you should be aware of before using it. One of the issues is that if you add people to Contributors group, you may find yourself get to trouble NOT able to remove users from Contributors group. I will explain in different article how it will happen. In deed, one termstore administrator in our company added “All users (window)” to Contributors group for the local termset to one sensitive term set as in the screen shot. As a result, anyone could modify the termset which is not as previous intent.

When we try to delete “All users (window)” to Contributors group, we are getting the following error “The specified user is not a contributor on this group. Deletion of this user as a contributor failed.” and user could not be deleted.


 
After failed to delete from UI, powsershell, and API, we were hoping to delete the user from Managed Metadata Service database table ECMPermission. However, we were not able to remove the entries. Finally we have to use the following way to workaround this issues. Here are the steps.

1.       Install SolidQ Managed Metadata Exporter for SharePoint 2010 by coping the ManagedMetadataExporter.exe to server local drive
2.       Export the termset as csv file
a.       Run ManagedMetadataExporter.exe
b.      Put url of site collection http://sharepoint/mysitecollectionuURL
c.        Click 1.Get TermStores button
d.      Select the TermStore ‘Metadata Service Primary’ that is hosting your metadata service, Check the checkbox ‘include Site Collection Groups’
e.      Click 2.Get Groups button
f.        Select the site collection ‘Site collection-your site collection name’
g.       Click 3.Get TermSets button
h.      Select the TermSet and click ‘Export Selected TermSet’. Give the location where it need to be saved and hit Save
i.         In the similar way, select each Termset and ‘Export Selected TermSet’

 





3.  Delete all termset first as shown in the below screen shot


4.  Delete the Group that is host the site collection termset - the permissions will be deleted also
5. Add an managed metadata column to a list on the site collection. It will recreate the site collection termset Group
6.  Click the site collection metadata Group and "Import Term Set". Select the csv file you have exported.

7.  Import  each Term Set
8. Modify the permissions and add proper users to the term set again

You may noticed even you worked around the issue and you may not delete the user from the metadata control groups in the future that I'll address in the another blogs.

Utilize the Managed Metadata Service application tip #1 - How to resolve "The required feature is not enabled for this column type" error 

Utilize the Managed Metadata Service application tip #2 - Metadata column not visible for users other than site collection administrators

Utilize the Managed Metadata Service application tip #3 – Impact of message “Earlier versions of client programs might not support this type of column” on Document Library

Utilize the Managed Metadata Service application tip #4 – How to workaround "Deletion of this user as a contributor failed" for local term store 

Utilize the Managed Metadata Service application tip #5 – Be aware of "Deletion of this user as a contributor failed" error on AD groups for local term store

Utilize the Managed Metadata Service application tip #6 – How to fix "The default termstore for this site cannot be identified " error

Utilize the Managed Metadata Service application tip #7 – How to read managed metadata column relationship 

Utilize the Managed Metadata Service application tip #8 - How to resolve error "This operation cannot be completed. The term store may be unavailable."