"welcome to sharepoint" Depending on the wind direction, all groups in AD is the "best practice", even though it makes auditing impossible and breaks many parts of the sharepoint API (see the earlier threads about permission denied problems).
The organization I belong to has brought it up with MS (it breaks our *MAIN* navigation web part!) and the reaction is basically "quirk, not a bug" and "why would you need to audit this from sharepoint?" etc. If you want to do this, you will have to write a tool which recurses through AD _manually_, checking every AD group a user belongs to against every SP group (good luck if you have a complex hierarchy). Sorry for the somewhat pointed response, and hopefully someone else will have a "duh, just do this!" solution, but we've been struggling with this since release without any respite. On Fri, Dec 19, 2008 at 11:43 PM, Diego Costamagna < [email protected]> wrote: > Hi guys, > > I'm working on a web part that for certain functionality it requires to > analize all permission levels on all SP groups the user belongs. > All users are AD users and some AD Groups could be found. > > I used *SPContext.Current.Web.CurrentUser.Groups*, but I noticed that when > the current user permissions come from an AD Group that is included in a SP > Group, that line of code doesn't add that particular SP Group into the > returned collection. > > AD User --> AD Group --> SP Group --grants access to--> Site XaX (SP Group > contains AD Group) > > The AD User has access to the site XaX, but * > SPContext.Current.Web.CurrentUser.Groups* is not recognizing the SP Group. > > Any ideas? > > Thanks in Advance ! > > Diego Costamagna > > > > ------------------------------ > Get news, entertainment and everything you care about at Live.com. Check > it out! <http://www.live.com/getstarted.aspx> > ------------------------------ > List address: [email protected] > Subscribe: [email protected] > Unsubscribe: [email protected] > List FAQ: http://www.codify.com/lists/ozmoss > Other lists you might want to join: http://www.codify.com/lists > -------------------------------------------------------------------------------- List address: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists
