Get SID by Powershell for SharePoint

You can use following powershell to check SID from AD.

$NTAccount = new-object System.Security.Principal.NTAccount(‘SamAccountName’)
$TranslatedToSidObject = $NTAccount.Translate( [System.Security.Principal.SecurityIdentifier])
$SID = New-Object System.Security.Principal.SecurityIdentifier($TranslatedToSidObject.Value)
$TranslatedToNTAccount = $SID.Translate([System.Security.Principal.NTAccount])
Write-host $TranslatedToSidObject.Value `t`t $TranslatedToNTAccount.Value

You can use following powershell to check SID in SharePoint

$site = get-spsite http://blog.bugrapostaci.com
$web = $site.OpenWeb()
$user = $web.EnsureUser(“BLOG\bugra”)
$user.Sid

 

Using Distribution Groups in SharePoint for securing SharePoint securables is not possible.

Using Distribution Groups in SharePoint for securing SharePoint securables is not supported. So if you checked fallowing article on SharePoint side,

http://technet.microsoft.com/en-us/library/cc261972.aspx

“In Active Directory Domain Services (ADDS), the following groups are commonly used to organize users:

  • Distribution group A group that is used only for  e-mail distribution and that is not security-enabled. Distribution groups cannot be listed in discretionary access control lists (DACLs), which are used to define permissions on resources and objects.
  • Security group A group that can be listed in DACLs. A security      group can also be used as an e-mail entity.

You can use security groups to control permissions for your site by adding security groups to SharePoint groups and granting permissions to the SharePoint groups. You cannot add distribution groups to SharePoint groups, but you can expand a distribution group and add the individual members to a SharePoint group. If you use this method, you must manually keep the SharePoint group synchronized with the distribution group. If you use security groups, you do not need to manage the individual users in the SharePoint application. Because you included the security group instead of the individual members of the group, ADDS manages the users for you.”

You can not use any Distribution Group for providing  permission on SharePoint securables. Because distribution groups cannot be listed in discretionary access control lists (DACLs), which are used to define permissions on resources and objects.SharePoint is using this ACL objects to make security operations. There is no way or workaround for using Distribution Groups in SharePoint for securing SharePoint objects.

So we have some other options.

1)      As mentioned in above article :  you can expand a distribution group and add the individual members to a SharePoint group and using this SharePoint groups for securing objects.

2)      Changing Distribution Groups as Security Group in AD and use it in SharePoint. (I am suggesting this step because AD Groups will provide more gain on performance issues)

MOSS 2007 – Welcome name is not updated problem.

This is a very well know problem.  Even if you run full profile import on sharepoint 2007 the user’s which is name property has changed in AD , not updated on your site welcome name.
First of all you have to detect that the problem has encounter between Sharepoint and AD connection issues. If you see the updates in Profile Store in SSP correctly but not affecting welcome name this article may help you. If it is not updated correctly in Profile Store , it is another problem that out of scope for this article.

So what you can do :

Here is the command for force the sync operations.

stsadm -o sync -ignoreisactive 1
stsadm -o sync -deleteolddatabases 0
stsadm -o sync -synctiming m:5
stsadm -o sync -sweeptiming m:5
stsadm -o sync

Wait min 5 minutes. and check.

You can get more information about stsadm -o sync operations.
http://technet.microsoft.com/en-us/library/cc263196(office.12).aspx
If this is not solve your problem you can use fallowing tool for a workaround;
https://blog.bugrapostaci.com/2012/01/22/sharepoint-tools-wsscontentdbsync-v1-0-command-line-tool/