check permissions showing "none" for users added through AD groups in SharePoint 2010

Issue:

When you try to do checkpermissions for a user added on the
site through AD group you get “none” even though group has permissions on the
site and user also doesn’t have any issue in logging into the site. It’s just
that the check permission doesn’t work for the group and the user.

 

Resolution:

Take a ULS while doing check permissions and if you see the
following entry

04/02/2012
17:27:49.89        w3wp.exe
(0x169C)        0x0974        SharePoint
Foundation        General        7fdb        Unexpected        AuthZInitializeContextFromSid
failed!        ddd8bfd7-3a2d-4b94-8249-0e22f057a52f

 

This comes if the farm account doesn’t have permissions to
read the TGGAU attribute of the group or the user ID. To resolve this login to
your Active Directory

1.
AD  users
and groups àview
à check advance features 2.
Right click on the SP farm account à member of à add à windows authorization
access control à
click ok

  
  
   
  And that should be it J.

For details about the TGGAU attribute refer https://support.microsoft.com/kb/331951

Comments

• Anonymous
  January 01, 2003
  thank you

• Anonymous
  September 20, 2013
  Are there any other prerequisites? I've added my farm and app pool account to this AD group but I still cannot check permissions on individual users.

• Anonymous
  February 15, 2016
  https://support.microsoft.com/en-us/kb/2809787