Skip to content

How to Enable Import of Active Directory Distribution Groups to SharePoint 2007

by on May 28, 2014

By Default, SharePoint pulls in Users and Security Groups, not Distribution groups: (&(objectCategory=Person)(objectClass=User))


Solution 1: Change AD Settings For The Group

Make the Distribution Group a Universal Security group by changing the settings in Active Directory; this allows it to be both email enabled and recognizable by SharePoint. It also has the benefit of being easily configurable and low impact, as well as simple to test in most cases. It also has the benefit of being easier to manage on a case by case basis, if you need more granularity.


Solution 2: Modify SharePoint Active Directory Sync/Import

Change the LDAP Filter

You need to change the Source for Distribution groups with an appropriate LDAP filter.

You can test in PowerShell AD using the below to see what your filter will actually be pulling; below you can see the ldap filter that pulls distribution groups only.

PS C:\Users\emb>  Get-ADGroup -LDAPFilter “(&(objectCategory=group) (!(groupType:1.2.840.113556.1.4.803:=2147483648)))” 

Modify the Import Connection from AD

  1. CA > Shared Services Provider (SSPI)
  2. User Profiles and My Sites > User Profiles and Properties
  3. Click on “View Import Connections”
  4. Click on the existing connection you will need to change.
  5. For “User Filter” enter: (| (&(objectCategory=Person)(objectClass=User)) (&(objectCategory=group) (!(groupType:1.2.840.113556.1.4.803:=2147483648))) )
    • This basically says ( or (users) (distribution lists)) – the pipe character “|” indicates the or option.
  6. save
  7. Select Start New Import in user profiles

NOTE: You cannot just create a new connection, because sharepoint will only let you use the domain name once!

Read More

LDAP Syntax Filters

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: