cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SP 2019 - no longer able to add AD security group to Sharepoint Group for permissions

William Phillips
Copper Contributor

‎Jul 24 2020 08:44 AM

‎Jul 24 2020 08:44 AM

SP 2019 - no longer able to add AD security group to Sharepoint Group for permissions

We have SP 2019 on premise.  Recently, we attempted to add an AD local security group to a SP group to give permission to a collection.  The name resolves but when I hit the share the group does not show up in the permission list.  No indication of any action at all nor any errors that I could see.  We were able to last Tuesday as I see a group in there with that date added by our developer.  If we attempt to add an AD user to the permission group it works just fine.  This would be painful if we have to add users this way.  I believe there was an update ran over the weekend but need to confirm.  We checked other collections and seems to the same case throughout the entire site.  Is there anything I can check or verify as to why an AD sec group can no longer be added?

4,199 Views
0 Likes
7 Replies
Reply
7 Replies
Trevor Seward

‎Jul 26 2020 03:57 PM

‎Jul 26 2020 03:57 PM

Re: SP 2019 - no longer able to add AD security group to Sharepoint Group for permissions

Can you check the ULS logs and see what log activity there is? You may need to set the log to verbose, Set-SPLogLevel -TraceSeverity Verbose.
0 Likes
Reply
William Phillips

‎Jul 29 2020 11:46 AM

‎Jul 29 2020 11:46 AM

Re: SP 2019 - no longer able to add AD security group to Sharepoint Group for permissions

@Trevor Seward Hey Trevor, thanks for the response.  I looked at those logs and it looks like the user profile sync service account is not working. The account is not locked so I'm not sure if its a different issue as the error indicates a failure to decrypt the connection password.  I have not seen this error before.  I rather not change the password yet as I think my old sharepoint admin used it elsewhere which we are identifying.  Would this be related to my inability to add AD security groups to sharepoint permission.

General 7200                Critical   Failed to decrypt connection password for ConnectionForectName 'domain.local', ConnectionSynchronizationOU 'DC=SOG,DC=Local', ConnectionUserName 'domain\account'. Please refresh connection credentials. a77c6a9f-4b17-a0cf-6cd8-e9f87678dff3

 

0 Likes
Reply
Trevor Seward

‎Jul 29 2020 11:50 AM

‎Jul 29 2020 11:50 AM

Re: SP 2019 - no longer able to add AD security group to Sharepoint Group for permissions

Essentially that is saying you need to re-enter the credentials for the Sync account in the AD Import configuration screen.
0 Likes
Reply
William Phillips

‎Aug 11 2020 10:28 AM

‎Aug 11 2020 10:28 AM

Re: SP 2019 - no longer able to add AD security group to Sharepoint Group for permissions

We ran a full synchronization and it resolved this issue with the user profile sync.  We are still having the issue where we can only ad domain user accounts but not domain security group.  Is there any other way to troubleshoot this? 

0 Likes
Reply
William Phillips

‎Aug 11 2020 12:33 PM

‎Aug 11 2020 12:33 PM

Re: SP 2019 - no longer able to add AD security group to Sharepoint Group for permissions

We figured it out.  We ran a command for the people picker to our trusted 2nd domain and on sharepoint servers and not just frontends.  Needed to be ran on app server as well but had to find the app cred key from front ends and imported them.  Seems to work now.

0 Likes
Reply
Firoz Ozman

‎Apr 28 2021 06:27 AM

‎Apr 28 2021 06:27 AM

Re: SP 2019 - no longer able to add AD security group to Sharepoint Group for permissions

Hi @William Phillips 

 

Whats the command are you referring to?

Are you able to share? I am having the same issue.

 

Thanks

 

0 Likes
Reply