Enroll a SharePoint group, an active directory security group or an Exchange distribution list using Employee Training Management or Event Management

By default if you want to enroll users in an event using Event Management or Employee Training Management, you have to enter all users in the enrollment form.

Enroll multiple users

Enroll a SharePoint group

To allow the enrollment of SharePoint groups you have to change the User column and allow ‘People and Groups’.

Open the list settings of the Enrollment list, click on the ‘User’ column and enable ‘People and Groups’.

Change user column

Now you can also enter SharePoint groups in the enrollment form and all group members will be enrolled.

Enroll an active directory security group

To allow the enrollment of security groups, also allow the selection of people and groups in the User columns (see above).

Now run the following script in SharePoint Management shell (change the yoursite URL to the URL of your SharePoint site).

$web = Get-SPWeb http://yoursite
$list = $web.Lists["Enrollments"]
$list.RootFolder.Properties.Add("Sapiens.at.SharePoint.ResolveADGroups", 1)
$list.Update();
$web = Get-SPWeb http://yoursite
$list = $web.Lists["Enrollments"]
$list.RootFolder.Properties.Add("Sapiens.at.SharePoint.ResolveADGroups", 1)
$list.Update();

Now try to enroll a security group. If you click on Manage Enrollments and you only see one enrollment with the security group instead of one enrollment for each group member, please make sure you installed the latest version.

Re-run setup and choose Repair.

Enroll an Exchange distribution list

Distribution lists are mainly used for e-mail distribution and are not security-enabled, so they cannot be used to control permissions for a SharePoint site and the can also not be used in a user column, so that’s the reason why we cannot use them in the enrollment form.

Workaround

As a workaround you can however import distribution lists to a SharePoint group using the following script.

Change the SharePoint site URL and enter the group names you would like to import.

#your SharePoint site URL
$webURL = "http://yoursite"
#names of all distribution lists to import to SharePoint
$groupNames = @("group1","group2")
 
#group description in SharePoint
$importedGroupDescription = 'Imported from AD'
#get groups from ad
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement");
$ctx = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain);
$qbeGroup = New-Object System.DirectoryServices.AccountManagement.GroupPrincipal($ctx);
$srch = New-Object System.DirectoryServices.AccountManagement.PrincipalSearcher($qbeGroup);
 
#open SharePoint site
$web = Get-SPWeb $webURL
#get all groups with groupdescription
$allGroups = $($web.SiteGroups | where { $_.Description -eq $importedGroupDescription })
 
#import ad groups
ForEach($adGroup in $srch.FindAll() | where { ($groupNames -contains $_.Name) })
{
    $groupName = $adGroup.Name.Replace("@", "_")
    $adGroupMembers = $($adGroup.Members)
    $spGroup = ($allGroups | where { $groupName -eq $_.Name })
    if($spGroup.length -gt 0){
        #SharePoint group already exists
        $spGroup = $spGroup[0];
    }
    else{ 
        if($spGroup -eq $null) {
            #create SharePoint group
            $web.SiteGroups.Add($groupName, $web.SiteAdministrators[0], $null, $importedGroupDescription)
            $spGroup = $web.SiteGroups[$groupName]
        }
    }
    #check and add users to SharePoint group
    ForEach($adUser in $adGroupMembers){
        $spUser = $web.EnsureUser($adUser.EmailAddress)
        if($spUser -ne $null){
            $groupUsers = ($spGroup.Users | where { $_.Email -eq $spUser.Email })
            if($groupUsers.length -eq 0 -or $groupUser -eq $null){
                $spGroup.AddUser($spUser)
            }
        }
    }
    #check and remove users from SharePoint group
    ForEach($spUser in $($spGroup.Users)){
        $adUser = $null
        ForEach($m in $adGroupMembers){
            if($spUser.SystemUserKey -ne $null){
                ForEach($sid in $m.Sid){
                    if($spUser.SystemUserKey.ToLower().EndsWith($sid.Value.ToLower())){
                        $adUser = $m
                        break
                    }
                }
            }
            else{
                if($m.EmailAddress -eq $spUser.Email){
                    $adUser = $m
                }
            }
            if($adUser -ne $null){ break }
        }
        if($adUser -eq $null){
            $spGroup.RemoveUser($spUser)
        }
    }
}
#your SharePoint site URL
$webURL = "http://yoursite"
#names of all distribution lists to import to SharePoint
$groupNames = @("group1","group2")
 
#group description in SharePoint
$importedGroupDescription = 'Imported from AD'
#get groups from ad
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement");
$ctx = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain);
$qbeGroup = New-Object System.DirectoryServices.AccountManagement.GroupPrincipal($ctx);
$srch = New-Object System.DirectoryServices.AccountManagement.PrincipalSearcher($qbeGroup);
 
#open SharePoint site
$web = Get-SPWeb $webURL
#get all groups with groupdescription
$allGroups = $($web.SiteGroups | where { $_.Description -eq $importedGroupDescription })
 
#import ad groups
ForEach($adGroup in $srch.FindAll() | where { ($groupNames -contains $_.Name) })
{
    $groupName = $adGroup.Name.Replace("@", "_")
    $adGroupMembers = $($adGroup.Members)
    $spGroup = ($allGroups | where { $groupName -eq $_.Name })
    if($spGroup.length -gt 0){
        #SharePoint group already exists
        $spGroup = $spGroup[0];
    }
    else{ 
        if($spGroup -eq $null) {
            #create SharePoint group
            $web.SiteGroups.Add($groupName, $web.SiteAdministrators[0], $null, $importedGroupDescription)
            $spGroup = $web.SiteGroups[$groupName]
        }
    }
    #check and add users to SharePoint group
    ForEach($adUser in $adGroupMembers){
        $spUser = $web.EnsureUser($adUser.EmailAddress)
        if($spUser -ne $null){
            $groupUsers = ($spGroup.Users | where { $_.Email -eq $spUser.Email })
            if($groupUsers.length -eq 0 -or $groupUser -eq $null){
                $spGroup.AddUser($spUser)
            }
        }
    }
    #check and remove users from SharePoint group
    ForEach($spUser in $($spGroup.Users)){
        $adUser = $null
        ForEach($m in $adGroupMembers){
            if($spUser.SystemUserKey -ne $null){
                ForEach($sid in $m.Sid){
                    if($spUser.SystemUserKey.ToLower().EndsWith($sid.Value.ToLower())){
                        $adUser = $m
                        break
                    }
                }
            }
            else{
                if($m.EmailAddress -eq $spUser.Email){
                    $adUser = $m
                }
            }
            if($adUser -ne $null){ break }
        }
        if($adUser -eq $null){
            $spGroup.RemoveUser($spUser)
        }
    }
}

You can run the script as a Windows Scheduled Task or just run in manually from time to time and that will import all distribution lists to the SharePoint site and create and maintain SharePoint groups for each distribution list.

I hope you found this information useful. If you have any problems or any other questions, please send an e-mail to support@sharepointsapiens.com or post a comment.

For more information about our Employee Training Management or Event Management follow the links below