Question about User Information List
Closed this issue · 13 comments
is it possible that the metadata in the UIL is updated via AzureCP (e.g. JobTitle)?
What is responsible that the UIL is updated if you do not have a User Profile Service?
@ivanrusso yes it is possible (and it does it by default). If there is no User Profile Service, it will remain with what is set by AzureCP.
But there was a bug in AzureCP: If you changed the config related to the JobTitle in AzureCP, it was no longer set correctly in UIL.
This is fixed in v20 (just published).
@Yvand I have updated to v20, but JobTitle and Department are still empty on UIL.
how is the metadata updated in the UIL, according to the source code there is no job that updates this information?
@ivanrusso can you go to central admin > security > AzureCP Claim types configuration: Confirm that you have "AAD Property to query" JobTitle linked to "PickerEntity metadata" Title ?
If yes, can you test again in a new site collection?
@Yvand I have tested it on a new SiteCollection.
When I add a user to a SP Group, then JobTitle and Department, OfficeLocation are empty.
With the following PS Script I was able to update the the UIL
Add-PSSnapin Microsoft.SharePoint.PowerShell
$webApp = Get-SPWebApplication
foreach($site in $webApp.Sites)
{
$cpm = [Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager]::Local
$azurecp = $cpm.GetClaimProvider("AzureCP")
$init = $azurecp.ClaimProvider.Initialize($null, $null)
$web = $site.RootWeb
$users = $web.SiteUsers
foreach ($user in $users)
{
if ([Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager]::IsEncodedClaim($user.LoginName))
{
$claim = [Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager]::Local.DecodeClaim($user.LoginName)
$issuerType = [Microsoft.SharePoint.Administration.Claims.SPOriginalIssuers]::GetIssuerType($claim.OriginalIssuer);
if ($issuerType -eq [Microsoft.SharePoint.Administration.Claims.SPOriginalIssuerType]::TrustedProvider)
{
$pickerEntity = $azurecp.ClaimProvider.Resolve($web.Url, @("User"), $claim) | Select -First 1
if ($null -ne $pickerEntity)
{
$userItem = $web.SiteUserInfoList.GetItemById($user.ID)
$update = $false
foreach ($entityEntry in $pickerEntity.EntityData.GetEnumerator())
{
switch ($entityEntry.Key)
{
"Email"
{
if ($userItem["EMail"] -ne $entityEntry.Value)
{
$userItem["EMail"] = $entityEntry.Value
$update =$true
}
}
"Title"
{
if ($userItem["JobTitle"] -ne $entityEntry.Value)
{
$userItem["JobTitle"] = $entityEntry.Value
$update =$true
}
}
"Department"
{
if ($userItem["Department"] -ne $entityEntry.Value)
{
$userItem["Department"] = $entityEntry.Value
$update =$true
}
}
"MobilePhone"
{
if ($userItem["MobilePhone"] -ne $entityEntry.Value)
{
$userItem["MobilePhone"] = $entityEntry.Value
$update =$true
}
}
"WorkPhone"
{
if ($userItem["WorkPhone"] -ne $entityEntry.Value)
{
$userItem["WorkPhone"] = $entityEntry.Value
$update =$true
}
}
"OfficeLocation"
{
if ($userItem["Office"] -ne $entityEntry.Value)
{
$userItem["Office"] = $entityEntry.Value
$update =$true
}
}
}
}
if ($update)
{
$userItem.Update()
}
}
}
}
}
}
Can you set the logs to verbose:
"LDAPCP:*"| Set-SPLogLevel -TraceSeverity Verbose
Then, when you add a user from the people picker, LDAPCP will record (in verbose) the metadata it sets for each user added (including the title, office, etc...)
I have set the log to verbose.
"AzureCP:*"| Set-SPLogLevel -TraceSeverity Verbose
Merge-SPLogFile -Path "C:\Tmp\AzureCP_logging.log" -Overwrite -Area "AzureCP" -StartTime (Get-Date).AddMinutes(-10)
In the log I can't see any metadata for (title, office, etc...)
04/25/2022 13:33:50.29 w3wp.exe (srvsp13deviru1:0x125C) 0x14A4 AzureCP Core 1337 Verbose [AzureCP] Access token for tenant '***.onMicrosoft.com' expired, renewing it...
04/25/2022 13:33:50.29 w3wp.exe (srvsp13deviru1:0x125C) 0x14A4 AzureCP Core 1337 Verbose [AzureCP] Getting new access token for tenant '***.onMicrosoft.com' on cloud instance 'AzurePublic' using client ID *** and a client secret.
04/25/2022 13:33:50.73 w3wp.exe (srvsp13deviru1:0x125C) 0x2974 AzureCP Core 1337 High [AzureCP] Got new access token for tenant '***.onMicrosoft.com' on cloud instance 'AzurePublic', valid for 1 hour(s) and retrieved in 435 ms
04/25/2022 13:33:50.96 w3wp.exe (srvsp13deviru1:0x125C) 0x0E14 AzureCP Lookup 1337 Medium [AzureCP] Got 1 users/groups in 661 ms from '***.onMicrosoft.com' with input 'ivan'
04/25/2022 13:33:50.96 w3wp.exe (srvsp13deviru1:0x125C) 0x1E40 AzureCP Lookup 1337 Verbose [AzureCP] 1 entity(ies) to create after filtering
04/25/2022 13:33:50.96 w3wp.exe (srvsp13deviru1:0x125C) 0x1E40 AzureCP Claims Picking 1337 Verbose [AzureCP] Added entity: display text: 'Ivan Russo', claim value: 'ivan.russo@***.ch', claim type: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
04/25/2022 13:33:50.96 w3wp.exe (srvsp13deviru1:0x125C) 0x1E40 AzureCP Claims Picking 1337 Medium [AzureCP] Returned 1 entities from input 'ivan'
04/25/2022 13:33:55.12 w3wp.exe (srvsp13deviru1:0x125C) 0x1E40 AzureCP Lookup 1337 Medium [AzureCP] Got 1 users/groups in 57 ms from '***.onMicrosoft.com' with input 'ivan.russo@***.ch'
04/25/2022 13:33:55.12 w3wp.exe (srvsp13deviru1:0x125C) 0x1BD4 AzureCP Lookup 1337 Verbose [AzureCP] 1 entity(ies) to create after filtering
04/25/2022 13:33:55.12 w3wp.exe (srvsp13deviru1:0x125C) 0x1BD4 AzureCP Claims Picking 1337 High [AzureCP] Validated entity: display text: 'Ivan Russo', claim value: 'ivan.russo@***.ch', claim type: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
Ok, so it looks like Azure AD does not return any of those properties.
Can you use the Graph explorer to replay the query below and confirm if Azure AD returns the metadata?
https://graph.microsoft.com/v1.0/users?$select=UserType, Mail, UserPrincipalName, DisplayName, GivenName, Surname, DisplayName, Mail, MobilePhone, JobTitle, Department, OfficeLocation&$filter=accountEnabled eq true and startswith(UserPrincipalName,'<username>')
The query returns the metadata.
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(userType,mail,userPrincipalName,displayName,givenName,surname,mobilePhone,jobTitle,department,officeLocation)",
"value": [
{
"userType": "Member",
"mail": "ivan.russo@***",
"userPrincipalName": "ivan.russo@***",
"displayName": "Ivan Russo",
"givenName": "Ivan",
"surname": "Russo",
"mobilePhone": "****",
"jobTitle": "CEO",
"department": "Management",
"officeLocation": null
}
]
@ivanrusso ok, thank you for the verifications, I will do some tests on my side and come back to you
@ivanrusso there were some confusions I'll try to clarify:
- To see the metadata set by AzureCP in SharePoint logs, you need to set logging to verboseEx (verbose is not enough, my mistake)
"AzureCP:*"| Set-SPLogLevel -TraceSeverity Verboseex
Then you get an output like this:
04/26/2022 16:25:40.83 w3wp.exe (0x03E0) 0x123C AzureCP Lookup 1337 Verbose [AzureCP] 1 entity(ies) to create after filtering 058737a0-6955-50ba-00fa-7bfbf034d82d
04/26/2022 16:25:40.83 w3wp.exe (0x03E0) 0x123C AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'DisplayName' of new entity to 'Christie Cline' 058737a0-6955-50ba-00fa-7bfbf034d82d
04/26/2022 16:25:40.83 w3wp.exe (0x03E0) 0x123C AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'Email' of new entity to 'ChristieC@TENANT.OnMicrosoft.com' 058737a0-6955-50ba-00fa-7bfbf034d82d
04/26/2022 16:25:40.83 w3wp.exe (0x03E0) 0x123C AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'Title' of new entity to 'Buyer' 058737a0-6955-50ba-00fa-7bfbf034d82d
04/26/2022 16:25:40.83 w3wp.exe (0x03E0) 0x123C AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'Department' of new entity to 'Sales' 058737a0-6955-50ba-00fa-7bfbf034d82d
04/26/2022 16:25:40.83 w3wp.exe (0x03E0) 0x123C AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'Location' of new entity to '131/2105' 058737a0-6955-50ba-00fa-7bfbf034d82d
04/26/2022 16:25:40.83 w3wp.exe (0x03E0) 0x123C AzureCP Claims Picking 1337 VerboseEx [AzureCP] Created entity: display text: 'ChristieC@TENANT.OnMicrosoft.com', value: 'ChristieC@TENANT.OnMicrosoft.com', claim type: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn', and filled with 5 metadata. 058737a0-6955-50ba-00fa-7bfbf034d82d
Things to note:
- The metadata Title does not correspond to column tp_Title in SQL table UserInfo. Metadata Title is used in the people picker, as the 2nd line of result
- The SQL column tp_Title seems to be set based on metadata Email
@Yvand This is the log output:
04/27/2022 11:17:49.31 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Core 1337 VerboseEx [AzureCP] Configuration 'AzureCPConfig' was found, version 666771 cdc737a0-a275-a0d4-960e-fd32f48ce7c4
04/27/2022 11:17:49.31 w3wp.exe (srvsp13deviru1:0x25D0) 0x02D0 AzureCP Lookup 1337 VerboseEx [AzureCP] Querying Azure AD tenant 'TENANT.onMicrosoft.com' for users and groups, with input 'ivan'
04/27/2022 11:17:49.31 w3wp.exe (srvsp13deviru1:0x25D0) 0x02D0 AzureCP Debug 1337 VerboseEx Waiting on Task.WaitAll for TENANT.onMicrosoft.com starting
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x1F7C AzureCP Lookup 1337 VerboseEx [AzureCP] Query to tenant 'TENANT.onMicrosoft.com' returned 0 group(s) with filter "startswith(DisplayName, 'ivan')" cdc737a0-2275-a0d4-960e-f51385d5cb82
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x0A74 AzureCP Lookup 1337 VerboseEx [AzureCP] Query to tenant 'TENANT.onMicrosoft.com' returned 1 user(s) with filter "( (startswith(UserPrincipalName, 'ivan') and UserType eq 'Member') or (startswith(Mail, 'ivan') and UserType eq 'Guest') ) or startswith(DisplayName, 'ivan') or startswith(GivenName, 'ivan') or startswith(Surname, 'ivan') or startswith(Mail, 'ivan')"
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x0808 AzureCP Debug 1337 VerboseEx Waiting on Task.WaitAll for TENANT.onMicrosoft.com finished
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x0808 AzureCP Lookup 1337 Medium [AzureCP] Got 1 users/groups in 297 ms from 'TENANT.onMicrosoft.com' with input 'ivan'
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Lookup 1337 Verbose [AzureCP] 1 entity(ies) to create after filtering cdc737a0-a275-a0d4-960e-fd32f48ce7c4
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'DisplayName' of new entity to 'Ivan Russo' cdc737a0-a275-a0d4-960e-fd32f48ce7c4
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'Email' of new entity to 'ivan.russo@xxxx.ch' cdc737a0-a275-a0d4-960e-fd32f48ce7c4
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'MobilePhone' of new entity to '****' cdc737a0-a275-a0d4-960e-fd32f48ce7c4
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'Title' of new entity to 'CEO' cdc737a0-a275-a0d4-960e-fd32f48ce7c4
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Claims Picking 1337 VerboseEx [AzureCP] Set metadata 'Department' of new entity to 'Management' cdc737a0-a275-a0d4-960e-fd32f48ce7c4
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Claims Picking 1337 VerboseEx [AzureCP] Created entity: display text: 'Ivan Russo', value: 'ivan.russo@xxxx.ch', claim type: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', and filled with 5 metadata. cdc737a0-a275-a0d4-960e-fd32f48ce7c4
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Claims Picking 1337 Verbose [AzureCP] Added entity: display text: 'Ivan Russo', claim value: 'ivan.russo@xxxx.ch', claim type: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' cdc737a0-a275-a0d4-960e-fd32f48ce7c4
04/27/2022 11:17:49.61 w3wp.exe (srvsp13deviru1:0x25D0) 0x2150 AzureCP Claims Picking 1337 Medium [AzureCP] Returned 1 entities from input 'ivan' cdc737a0-a275-a0d4-960e-fd32f48ce7c4
@ivanrusso SharePoint does not update the data in the userinfo list based on metadata returned by AzureCP.
SharePoint uses the metadata returned by AzureCP only if the user is added for the very 1st time to the site collection. Then, within 5 minutes, the quick sync job will overwrite it using the data in the User Profile service.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.