SOLVED

Change internal group names

%3CLINGO-SUB%20id%3D%22lingo-sub-114860%22%20slang%3D%22en-US%22%3EChange%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-114860%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Etoday%20we%20had%20problems%20with%20the%20provisioning.%20To%20fix%20that%20I%20saw%20that%20Microsoft%20has%20change%20by%20some%20groups%20form%20%E2%80%9Cc%3A0-.f%7Crolemanager%E2%80%9D%20to%20%E2%80%9Cc%3A0t.c%7Ctenant%E2%80%9D.%20Can%20anybody%20please%20explain%20why%20the%20do%20the%20change%3F%20And%20where%20I%20can%20read%20about%20it%3F%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3EStefan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-201985%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-201985%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20what%20it's%20worth%20Web.EnsureUser%20no%20longer%20works%20using%20App-Only%20permission%20but%20still%20works%20using%20the%20new%20IDs%20and%20user%20authenticated%20ClientContext.%20So%20I'm%20back%20in%20business.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-201979%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-201979%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20breaking%20provisioning%20code%20for%20me%20as%20well.%20It%20doesn't%20seem%20that%20EnsureUser%20works%20with%20the%20new%20ID%2C%20whereas%20it%20worked%20with%20the%20old%20one.%20Has%20anybody%20been%20able%20to%20use%20EnsureUser%20against%20one%20of%20the%20new%20IDs%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-199002%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-199002%22%20slang%3D%22en-US%22%3ETypical%20Microsoft%20response%2C%20I%20think%20we%20all%20realise%20that%20this%20is%20%22by%20design%22%20the%20point%20is%20that%20they%20roll%20it%20out%20without%20telling%20anyone!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198990%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198990%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20made%20a%20support%20ticket%20and%20got%20the%20following%20response%3A%3C%2FP%3E%3CP%3E%3CFONT%20color%3D%22%23000000%22%20face%3D%22Calibri%22%3E%22This%20is%20by%20design.%20This%20tenant%20is%20using%20the%20objectID%20as%20the%20claim%20encoded%20loginName%20in%20userinfo.%20This%20is%20something%20that%20all%20tenants%20will%20be%20transitioned%20to%20in%20the%20future.%20We%20will%20start%20using%20objectID%20instead%20of%20SID%20values%20for%20groups%20within%20SPO.%20%22%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198439%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198439%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20not%20really%20aware%20of%20this%20issue%20or%20the%20change%20behind%20of%20it.%20Please%20open%20an%20official%20SharePoint%20Online%20support%20case%20for%20asking%20details%2C%20so%20that%20the%20request%20would%20fall%20on%20the%20official%20process.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198410%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198410%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20very%20interesting%20respond.%20The%20change%20of%20the%20internal%20group%20names%20comes%20over%20a%20time%20period%20in%20different%20tenants.%20What%20says%20MS%20to%20it%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F369%22%20target%3D%22_blank%22%3E%40Vesa%20Juvonen%3C%2FA%3E%26nbsp%3Bcan%20you%20please%20somting%20to%20it%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198310%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198310%22%20slang%3D%22en-US%22%3E%3CP%3ESame%20happend%20in%20our%20tenant.%20Seems%20over%20the%20weekend%20something%20has%20changed%20without%20any%20heads%20up%2C%20which%20now%20is%20causing%20our%20sites%20to%20be%20provisioned%20(using%20PnP%20Provisioning%20templates)%20without%20the%20correct%20permissions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-197457%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-197457%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20now%20seeing%20this%20as%20well%20and%20it%20is%20affecting%20our%20provisioning.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-197142%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-197142%22%20slang%3D%22en-US%22%3ESame%20here.%20We%20have%20duplicate%20%22Company%20Administrators%22%20now%20with%20the%20%E2%80%9Cc%3A0-.f%7Crolemanager%E2%80%9D%20one%20being%20outdated%20.%20This%20is%20messing%20up%20scripts%20for%20us.%20What%20does%20this%20change%20mean%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-194941%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-194941%22%20slang%3D%22en-US%22%3ESame%20happened%20on%20our%20tenant%20without%20any%20announcement.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-186419%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-186419%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20happened%20on%20our%20tenant%20also.%20What%20a%20farce%2C%20I%20use%20these%20groups%20in%20various%20scenarios%2C%20nothing%20from%20Microsoft%20as%20usual!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-135392%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-135392%22%20slang%3D%22en-US%22%3E%3CP%3ESame%20here...%20Does%20anyone%20have%20an%20idea%20what%20happened%3F%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-124304%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20internal%20group%20names%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-124304%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20the%20same%20problem%20can%20anyone%20answer%20this%20question%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

Hi,

today we had problems with the provisioning. To fix that I saw that Microsoft has change by some groups form “c:0-.f|rolemanager” to “c:0t.c|tenant”. Can anybody please explain why the do the change? And where I can read about it?

Thanks

Stefan

13 Replies
Highlighted

I have the same problem can anyone answer this question?

Thanks!

Highlighted

Same here... Does anyone have an idea what happened??

Highlighted

Just happened on our tenant also. What a farce, I use these groups in various scenarios, nothing from Microsoft as usual!

Highlighted
Same happened on our tenant without any announcement.
Highlighted
Same here. We have duplicate "Company Administrators" now with the “c:0-.f|rolemanager” one being outdated . This is messing up scripts for us. What does this change mean?
Highlighted

I am now seeing this as well and it is affecting our provisioning. 

Highlighted

Same happend in our tenant. Seems over the weekend something has changed without any heads up, which now is causing our sites to be provisioned (using PnP Provisioning templates) without the correct permissions.

Highlighted

It is very interesting respond. The change of the internal group names comes over a time period in different tenants. What says MS to it?

 

@Vesa Juvonen can you please somting to it?

Highlighted
Best Response confirmed by Tom Resing (Microsoft)
Solution

I'm not really aware of this issue or the change behind of it. Please open an official SharePoint Online support case for asking details, so that the request would fall on the official process.

Highlighted

Just made a support ticket and got the following response:

"This is by design. This tenant is using the objectID as the claim encoded loginName in userinfo. This is something that all tenants will be transitioned to in the future. We will start using objectID instead of SID values for groups within SPO. "

Highlighted
Typical Microsoft response, I think we all realise that this is "by design" the point is that they roll it out without telling anyone!
Highlighted

This is breaking provisioning code for me as well. It doesn't seem that EnsureUser works with the new ID, whereas it worked with the old one. Has anybody been able to use EnsureUser against one of the new IDs?

Highlighted

For what it's worth Web.EnsureUser no longer works using App-Only permission but still works using the new IDs and user authenticated ClientContext. So I'm back in business.