Missing AD Roles

Jul 14, 2015 at 6:37 PM
I have LDAPCP installed and working to verify users, however my AD Roles don't seem to be working for users. I can assign a role to a sharepoint security group, but the users in that role aren't working. I have an identical setup in my dev envronment that IS working fine, but in my QA setup it is not. I can't see any differences, so I'm not sure what the problem may be.
Jul 17, 2015 at 9:24 AM
did you validate that roles are present in the SAML token delievered by the STS, and in the same format as the permission created.
A common issue is that roles are added to the SAML token as "domain\role", but permission in SharePoint is created as "role", which won't work.
Jul 17, 2015 at 1:36 PM
It appears that the problem was actually with the way my users were created. We are using a console app to pull users from a .net site and add them to the AD. The permissions weren't correct and although the users were there, their roles were not being read by sharepoint. Once we corrected this issue, everything worked as expected.
Marked as answer by bwatkins79 on 7/17/2015 at 6:36 AM