Setting SharePoint Alerts on Active Directory Security Groups

This post applies to SharePoint 2013 as of the August 2013 Cumulative Update.

If you have ever tried to set an alert on an email-enabled Active Directory Security Group (this will appear in Exchange as a “Mail Universal Security Group”), you may have found that SharePoint indicates that it cannot find an exact match, and just won’t resolve the group.

This may be due to a possible bug in SubNew.aspx located in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\TEMPLATE\LAYOUTS\.  The code for the People Picker is:

Notice the SelectionSet line.  This should indicate that it accepts both User and Security Groups.  However, the ClientPeoplePicker class contains no such property!  It does, however, contain another valid property, PrincipalAccountType.  While I don’t recommend this, as it will most likely be overwritten by new updates, and you must manually make the change, if you do edit SubNew.aspx so the ClientPeoplePicker instead uses the PrincipalAccountType property, mail-enabled Security Groups will now be resolvable within the New Alert dialog.

One issue to note when this configuration completed is that all Security Groups will be visible through the dialog, however when clicking OK to save the Alert, it will validate that the object has an email address, and if not, throw a user-friendly exception.

Note that SharePoint 2010 does not suffer from this issue.  SharePoint 2010 uses the PeopleEditor class which does have the SelectionSet property.

35 Comments

  1. Great! Do you know if this is Microsoft has been notified about this?

  2. Hi Trevor,
    Great post and a good find. Would you mind sending a link to the issue at MS so we can track it? That would be awesome! :)

  3. Guys, what about managing such alerts?
    When I created a new alert only to a sec group, it now showing on the “My Alerts” page, of course))

  4. Thanks Trevor. I tested this and found that making the change to SubNew.aspx does allow me to enter and validate a mail-enabled security group in the alert setup dialog. However, those alerts are never delivered. If I set an alert for a single user they are delivered as expected. I can send an email directly to the security group without problem. Any idea where things might be going wrong? And have you heard anything about when MS might be fixing this? Thx.

  5. Just in case anybody is interested, I found that I had to add the security group as a user to a SharePoint group on the site to get the alerts delivered.

  6. How do you make an existing Security Group in AD mail enabled?

    I have a security group that has all staff from one office in there and I need to send out an email to all of them. I tried sending the email to a distribution list instead and it didn’t work. I then tried sending the email to the AD security group and that didn’t work either.

    Thanks

  7. Thanks Trevor, would the existing AD group have to be changed from Global to Universal? If yes, what impact would this Universal group now have in SharePoint 2013? Would it affect the way users in the group access the site or would it all be the same as it was when it was Global?

    Yoshi

  8. Does anyone know if the recent release of Service Pack 1 for SP 2013 corrects this issue? I just deployed 2013 and when I found out that alerts cannot be set for AD groups, my CIO, myself, and entire staff could not believe a feature that existed in previous versions would be taken away. I can’t even think why Microsoft would remove such a useful feature and hope it is addressed soon because that capability in itself may just be enough for my CIO to make us go back to 2010. Any input or updates on this is greatly appreciated.

  9. Thanks so much for the info and great Blog Trevor…I just found your site and will be following it from here on out.

  10. Trevor, I applied SP1 on my dev environment to test if AD Group names would resolve when creating an alert and they still do not. Did I misunderstand you when you said that this issue was fixed with SP1 or am I perhaps missing something? Can you advise when you have a chance? Thanks

  11. I also just installed SP1 specifically to fix this issue, and it is still not resolved. Guess I’ll try the SubNew.aspx tweak above.

  12. Made the adjustment to the ASPX, and now distribution groups show up in the People Picker drop-down, but when you click OK to save the alert, it sends am email to the group, which is good, but the alert itself doesn’t save — when you go to Manage alerts, there’s no alert there. However, if you setup an alert to an individual user, it does save. Amazing that SharePoint fails to handle something so simple and ubiquitous in the modern world as an AD distribution group.

    Trevor, if you can find out why SP1 didn’t fixed this issue as you thought, I’d be interested to hear about it.

  13. Fooling around with this some more, I was wrong to say that “the alert itself doesn’t save.” I wasn’t seeing anything under Manage My Alerts, but that’s because the alert was not under my name, it was under a group name instead. To view and delete that group alert, I had to go to Site Settings > User Alerts.

    So the SubNew.aspx change detailed above fixed this issue for me, allowing me to make alerts to AD security groups. However, SP1 itself doesn’t seem to have fixed it: groups still don’t come up until you change the property name in SubNew.aspx.

  14. It took hours of digging to find this page. I can’t believe more people are not upset by this. I have a fresh install with SP1 and it still does not work until I modified subnew.aspx. Trevor, you are amazing for finding and fixing this.

  15. Would like to find a solution for this also. Any news?

    • Richard, the above fix by Trevor works, after you have modified the subnew.aspx, you will see groups in your security lists.

      • Hi Leo,
        Thank you for the encouragement to try the subnew.aspx fix. I was hesitant to do that since it is our production site and there was some mention of a possible thrown exception.
        However, I made the change and it worked great. I did take the advice of Tim C above and added the mail-enabled security group as a visitor to the site before setting up the alert. Thanks to all for a great discussion.
        I’m a bit perturbed that Microsoft has not resolved this yet. If not for this conversation I would be explaining to my internal customers “I’m sorry but SharePoint can’t send an alert to a distribution list–yikes!”
        If someone would post to this discussion when a fix does come out I would greatly appreciate it.

  16. Just wondering if there’s any news on this from Microsoft, if a fix has been released. Thanks

  17. Trevor, I have no issues having the Mail Universal Security Groups showin up in the User auto-complete selector as I’m post SP1 2013 on-prem. When I click OK, that group gets an email immediately informing it of the new alert. However, when an update is made to the list that generates an alert to a test user with the same settings, the group does not get any email. Any thoughts? Thanks!

  18. Fixed in May 7, 2014 Cumulative Update for SharePoint 2013.

  19. We have sharepoint 2013 installed recently. We could pick an AD group when trying to set up an alert to email to. However, once we clicked OK, it returned the following error. Both users in the AD group has email addresses. When the alert is set up to send individually, it worked.

    “Alerts have been created successfully but these users will not receive notifications until valid e-mail or mobile addresses have been provided”

    Any ideas? Thank you1

Leave a Reply