check permissions showing "none" for users added through AD groups in SharePoint 2010


When you try to do checkpermissions for a user added on the
site through AD group you get “none” even though group has permissions on the
site and user also doesn’t have any issue in logging into the site. It’s just
that the check permission doesn’t work for the group and the user.



Take a ULS while doing check permissions and if you see the
following entry

17:27:49.89        w3wp.exe
(0x169C)        0x0974        SharePoint
Foundation        General        7fdb        Unexpected        AuthZInitializeContextFromSid
failed!        ddd8bfd7-3a2d-4b94-8249-0e22f057a52f


This comes if the farm account doesn’t have permissions to
read the TGGAU attribute of the group or the user ID. To resolve this login to
your Active Directory

  1. AD  users
    and groups àview
    à check advance features
  2. Right click on the SP farm account à member of à add à windows authorization
    access control à
    click ok

  And that should be it J.

For details about the TGGAU attribute refer

Comments (3)

  1. M-Dub says:

    Are there any other prerequisites? I've added my farm and app pool account to this AD group but I still cannot check permissions on individual users.

Skip to main content