Quick Tip: Adding an Active Directory Group Through the Permissions Web Service
This post is over a year old, some of this information may be out of date.
When working with the addpermission method from the permissions.asmx web service, you have the possibility to add permissions to a list or site for users or groups.
When you specify a group as permissionType, you could only specify a SharePoint group that exists on the site. You are not able to specify an Active Directory group, but that does not mean that it is not possible.
The trick to add Active Directory group permissions, is by adding them as an user instead of specifying group.
Here is an example of a SOAP message to add an Active Directory group to the site:
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <AddPermission xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/"> <objectName>SiteName</objectName> <objectType>web</objectType> <permissionIdentifier>contoso\AllUserGroup</permissionIdentifier> <permissionType>user</permissionType> <permissionMask>-1</permissionMask> </AddPermission> </soap:Body></soap:Envelope>Two things are important:
- Set the permissionType to user;
- In the permissionIdentifier specify the Active Directory group as: DOMAIN-NAME\GROUP-NAME.
Related articles
Use Fiddler In Combination With SharePoint Designer to Retrieve Data Source Information
Approve a multitenant permission scope for a SPFx solution
Troubleshooting SharePoint Permission Approval: Learn how to create a Service Principal and define the correct resource for successful permission scope approval
Report issues or make changes on GitHub
Found a typo or issue in this article? Visit the GitHub repository to make changes or submit a bug report.
Comments
Let's build together
Manage content in VS Code
Present from VS Code