1

I'm trying to grant permissions to other people to view a SharePoint site but when granting permissions it uses "Check Names" and claims any user or group that is part of a domain does not exist. It does this if I try granting permissions to the team site or in central admin BUT if I try to add someone to Farm Administrators in Central admin then all of the sudden it can find all domain users.

Why is it finding domain users in that one context but not others? It is supposed to be using NTLM authentication and has Windows configured as the authentication provider (And IIS is configured to use NTLM). What's even more strange is I enabled Anonymous Access for the team site which I thought would allow anyone to view it but others say they can't access it.

quani
  • 21
  • 1
  • 1
  • 3
  • Found additional error in the log: Error when trying to get trusted forests and domains. Exception message: Current security context is not associated with an Active Directory domain or forest. – quani Mar 17 '11 at 19:24

3 Answers3

1

Two different issues here. For Anonymous access you need to enable it for the site in central admin, then enable it at the site collection.

For user lookup that's called the "people picker" so google on that. Have you setup user profile sync? site permissions shouldn't need that to add permissions but you might check. Any event log errors about user look up or related like unable to talk to Domain Controller?

Bret Fisher
  • 3,963
  • 2
  • 20
  • 25
  • Anonymous access was enabled in central admin. User profile sync doesn't affect permissions. I have not enabled it because I have no use for user profiles (and mysites) on this server). The funny thing is that sharepoint IS able to talk to the domain controller as it will find any user if I try to add them to the Farm Administrators group but won't in any other context (Grant Permissions to Site Collection). – quani Mar 17 '11 at 16:53
  • Did you enable Anonymous on the site collections permissions page on the root site itself? This will only show up after you enable in central admin. – Bret Fisher Mar 17 '11 at 17:21
  • Ye sit was enabled in Central Admin and then on the individual site collection – quani Mar 17 '11 at 19:19
1

Figured it out - It was because the site collection was running under an IIS app pool that was using a local user as its identity. I changed the identity to a domain user.

quani
  • 21
  • 1
  • 1
  • 3
0

Check your App pool account, it should have access to your AD, otherwise just select Network services account to run your app pool

chalapathi
  • 1