Checking User Group Membership in Nintex Workflow

I don’t do much with Nintex yet. If I’m able to do my processing with the SharePoint Designer Workflow I will. Unfortunately one thing that can’t be done in SharePoint Designer (OTB) is check if a user belongs to a SharePoint Group. It’s not that straight-forward in Nintex either. Tom O’Connor at CUBE4 wrote a great post instucting exactly how to do it: Nintex: Checking if a user is a member of a SharePoint group.

Create New List Item with Lookup Fields in Workflow

List A and List B both have a lookup field against List C. You’d like to have a workflow so that an entry in List A will generate an entry in List B setting the value of the lookup field from one to the other. However you’re getting the error: “Coercion Failed: Unable to transform the input lookup data into the requested type.”


The key is to get the ID of the field from the lookup table. Even though the field you use in the lookup table is the Title, or something else, the value you’re using to set it with will be the ID from the table.


SharePoint 2010 Groups Display Item Limit

How to increase the view limit of SharePoint groups from 30. Thanks to Strausy’s SharePoint KB for the answer.


  1. Browse to “http://your site collection/_catalogs/users/AllGroups.aspx”
  2. Site Actions > Edit Page.
  3. Modify the List View web part.
  4. Under Selected View click the “Edit the current view” link.
  5. Go to the Item Limit section and choose the radio button for “Display items in batches of the specified size” and Click OK


You can now edit the view settings and change the paging value, like other SharePoint list.

Specify Scope in Search Box Web Part

How to specify the scope to be used in the Search Box Web Part and hide the drop down.

Put the search scope into its own Display Group.

In order to specify the scope, you have to select the “Show scopes dropdown”. To hide the dropdown, fix the dropdown width to 1 pixel.

To set the scope, in the Miscellaneous group, set the Scope display group to the group created.

Scheduled Crawls Don’t Execute


SharePoint 2010 search crawls not executing when scheduled. Crawls are able to be executed manually, but don’t execute when their next scheduled time arrives.


Clear the time cache. The cache is located on the Search Server at C:\ProgramData\Microsoft\SharePoint\Config\GUID. Delete all of the files EXCEPT the cache.ini file.

Order of steps:

  1. Stop the timer service
  2. Copy the GUID folder to another location as a backup.
  3. Delete all of the files except the cache.ini file.
  4. Open the cache.ini file in notepad and change the numbers just a value of 1. Save the file.
  5. Restart the timer service.

Security Trimming SharePoint 2010 InfoPath Form Fields

Security Trimming InfoPath fields with SharePoint 2010 InfoPath Forms Services Based on SharePoint User Groups & Claims-Based Authentication
Infopath List Form – hide/disable fields based on SharePoint group membership
InfoPath: Displaying SharePoint Group List Using “GetGroupCollectionFromUser” method

All of the above sources had most of details, but some steps seemed to be missing when I attempted to follow them. However, I would not have been able to figure it out without them.

Create the Data Connection

On a form that has been created and published back to SharePoint, create the data connection. Create a new connection to receive data from a SOAP Web Service.

Connect to https://WEBAPP/sites/SITECOLLECTION/_vti_bin/usergroup.asmx.

The operation we need is GetGroupCollectionFromUser.

Set the sample value for the user login name; this is an actual login – probably yours. The web application in my example has Claims Based Authentication, so instead of just domain\username, I needed to enter “i:0#.w|domain\username”.

Save and publish the form.

Modify the Schema

The schema, as it is now, can’t be used. We need to modify it to add in the data fields.

Export the source files.

It’s helpful to make a new folder for just this form (we’ll delete it later.)

CLOSE INFOPATH AND OPEN THE FOLDER JUST CREATED. The file we need to modify should be called GetGroupCollectionFromUser1.xsd. Open it with notepad.

After the line:

<s:import namespace=""></s:import> 

Add the following:

<s:complexType name="GetGroupCollectionFromUserType">
      <s:element minOccurs="0" maxOccurs="1" name="userLoginName" type="s:string"/>
      <s:element minOccurs="0" maxOccurs="1" name="Groups">
            <s:element maxOccurs="unbounded" name="Group" >
                <s:attribute name="ID" type="s:unsignedShort"></s:attribute>
                <s:attribute name="Name" type="s:string"></s:attribute>
                <s:attribute name="Description" type="s:string"></s:attribute>
                <s:attribute name="OwnerID" type="s:unsignedByte"></s:attribute>
                <s:attribute name="OwnerIsUser" type="s:string"></s:attribute>

Find this:

<s:element name="GetGroupCollectionFromUser">
       <s:element minOccurs="0" maxOccurs="1" name="userLoginName" type="s:string">

And replace it with this:

<s:element name="GetGroupCollectionFromUser" type="tns:GetGroupCollectionFromUserType">

Save and close the xsd file.

Finish the form design

In the folder with the modified schema, right-click manifest.xsf and design.

*If you don’t use a data connection library, you can skip this step. File name in the DataConnection library would be GetGroupCollectionFromUser.udcx.

Be sure to change the approval status of the connection file to approved.

Form Load Rule

Create a new rule to execute on Form Load.

Add action “Set a field’s value”. Set the field, userLoginName, in GetGroupCollectionFromUser to userName()

Add the action “Query for data”.

Data connection will be GetGroupCollectionFromUser.

Field Rule

Select the field to be secured. Add a new formatting rule.

The condition is where All occurrences of Name (these are the groups the user interacting with the form belongs to) are not equal to the SharePoint Group with permissions.

Save and publish the form.

Retrieving Credentials from the Secure Store Service

I hate that once you set the credentials in a Secure Store Service, you can’t see what they are in the GUI. So this script from Bob Guidinger is a fabulous solution. Thanks Bob! (I would have left a comment on your site, but it wouldn’t let me for some reason :( )

$context = Get-SPServiceContext -Site HTTPS://WEBAPP1

$provider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
$provider.Context = $context

$marshal = [System.Runtime.InteropServices.Marshal]

    $apps = $provider.GetTargetApplications()
    foreach ($app in $apps)
       Write-Output "`n$($app.Name)"
        Write-Output "$('-'*80)"
            $creds = $provider.GetCredentials($app.Name)
            foreach ($cred in $creds)
                $ptr = $marshal::SecureStringToBSTR($cred.Credential)
                $str = $marshal::PtrToStringBSTR($ptr)

                Write-Output "$($cred.CredentialType): $($str)"
            Write-Output "Error getting credentials!"
        Write-Output "$('-'*80)"
    Write-Output "Error getting Target Applications."


Get every new post delivered to your Inbox.

Join 123 other followers