Tag Archives: Active Directory

Creating a simple Microsoft Flow for a SharePoint list

For anyone using the new style SharePoint lists, there is now a new action for Microsoft Flow integration. It’s a really cool product that integrates all the Office 365 products (and more) into your workflow.

SharePoint Designer workflows still have their place but the Microsoft Flow interface offers rich functionality and is easy to view and structure workflows.

One downside to using Microsoft Flow is the error messages. They come back as error messages from the REST API as headers which can be very confusing for non-technical users. SharePoint Designer errors were much clearer and easy to understand for general users.

In the video below, I go through quickly creating a Microsoft Flow from a new style SharePoint list in an Office 365 group site.



Setting up Azure Connect (DirSync) for Office 365

I’ve made a quick video guide on how to set-up Azure Connect (DirSync) to sync with Office 365. It’s done using a simple demo environment and I suspect that you may find complications and other errors when trying this out in a production live environment. Hopefully this is of use to you (even if it just makes it seem less scary!). I will try to get chance to write up this blog post in more detail rather than just the video at some point in the future.



Using PowerShell to find last DirSync

When troubleshooting DirSync issues with Office 365, it is sometimes difficult to know if the DirSync successfully applied to Office 365.

There is a quick way to check this and it provides the data for when the update last took place. First you will need to make sure that you have installed the Azure AD Module for PowerShell, you can download from here.

When this has installed, run Connect-MsolService to connect to the Office 365 tenancy, this should be a global administrator account.

Azure Connect PowerShell

Then run Get-MsolCompanyInformation to get the tenancy information which includes the last dirsync time and last password sync



Using SharePoint Groups

What is a SharePoint group?

A SharePoint group is a group of users which can be used to permission a site. Groups can be re-used around the site collection and can be used to permission, sites, lists, libraries, folders and items. Using SharePoint groups allows the administrator to control access without having to edit individual permissions, only the SharePoint group membership requires editing rather than each permission level.

Creating a SharePoint Group

Select “Site settings” from the SharePoint menu.

SharePoint Group Permissions

Select “People and Groups” from the “Users and Permissions” menu.

SharePoint Group Permissions

Select “Groups” on the left side menu, this will show a list of all the groups on the site collection.

SharePoint Group Permissions

Create a new group by selecting “New Group” from the “New” drop down menu.

SharePoint Group Permissions

Enter a name and description for the new group.

SharePoint Group Permissions

The Group owner has overall control of the group settings and members. This is usually either an administrator or someone you have delegated the running of the group to.

SharePoint Group Permissions

You can decide to keep the membership of the group private to the users in the group or let everyone see the group membership. There is also an option to allow group members to edit the membership of a group. This is great for collaborative sites where members may wish to share with others without having to go to the group owner. It helps remove some of the burden from the group owner and can open up sharing and collaboration without admin intervention.

SharePoint Group Permissions

Membership requests allow users who are not members of the group, the ability to request membership. This can be set to auto-accept which is useful for open groups or the requests can be sent to an email address for approval by the group owner (or members if this option was enabled earlier).

SharePoint Group Permissions

Permission levels can be set when creating the group. Please note that setting permissions here will only apply to the site which you are currently on. It is advised that you create the group without any permissions and then go back into the sites to add relevant permissions to avoid any confusion.

Click “Create” to finish setting up the group.

Adding members to the group

Once the group has been created, you may notice that the only member is the group owner. Additional users can be added by going to the “Add Users” option under the “New” menu.

SharePoint Group Permissions

Enter the name(s) of the members(s) you wish you add to the group. Under advanced options, you will see that the default setting is to send an email to any users added to the group. This is optional and can be deselected. In addition to this, you can customise the personal message in the email invitation for these users.

Note: Active Directory security groups can also be added here if using DirSync (in Office 365)

SharePoint Group Permissions

Click Share to add the users to the group.

Permissioning a site with a SharePoint Group

Once the group has been created, it can be used to permission subsites, lists, libraries, folders and even items. To give the group’s members permissions on a SharePoint site, first navigate to the SharePoint site itself.

Select “Site Settings” from the menu.

SharePoint Group Permissions

Select “Site permissions” from the “Users and Permissions” menu.

SharePoint Group Permissions

Select “Grant Permissions” from the “Permissions” tab.

SharePoint Group Permissions

As you start to type in the name of the group, SharePoint will pick up the group name.

SharePoint Group Permissions

Click “SHOW OPTIONS” to view the permission levels.

Select a permission level from the drop down and decide whether you would like to send an email to the group.

SharePoint Group Permissions

Avoid adding the group to another SharePoint group (this is usually the default option and can over complicate your permissions). Use one of the permission levels available:

  • Read – Can view the site but cannot edit any items or pages
  • Contribute – Can add, edit and delete list items. User cannot create new apps or sites.
  • Design – Users have contribute but in addition, they can also create and delete apps and subsites. Apply themes and designs.
  • Full Control – Users can do anything on the site including change permissions (usually admins only)

There are other permission levels, you can also specify your own. For a full reference of permission levels please see the Microsoft site:

Microsoft Office 365 Support – Permissions

Troubleshooting “this site has not been shared with you”

I’m often asked to solve permission errors in SharePoint. It’s not hard to do with the tools available in SharePoint, you don’t even have to know much about AD especially if you use SharePoint groups.

Ways to permission a SharePoint site:

  • Permission directly against the user – not recommended as a lot of maintenance required when someone joins or leaves the organisation.
  • Use SharePoint Groups – SharePoint groups allow you to manage users within the SharePoint interface, they can be reused all over the site collection
  • Active Directory Security Groups – AD groups might already exist on your domain, these can be used but be aware that SharePoint 2013 caches the membership of these groups for around 2 hours and when using Office 365, DirSync will need to run to replicate these groups in the cloud.

What can be permissioned in SharePoint?

  • Sites – entire subsites
  • Lists – individual lists and libraries such as a document library
  • Folders – folders within a library
  • Items – items within a list or library

SharePoint permissions flow down the site from the root of the site collection unless otherwise changed. If permissions are changed at any level, any items below it will inherit the changed permissions.

SharePoint has a very easy way to check permissions of an individual user, check out my video below on how to use it.