CAML Query – Membership attribute

Hello everyone,

Today I’ll talk about a CAML query attribute, the “membership” attribute. This attribute allows especially to query the groups the current user!

If we look at the msdn documentation, we see that there are 5 different settings possible. However, this documentation is not very detailed. The purpose of this article is to detail the different possibilities.

We will see these possibilities through tests.

Here are the parameters used for the tests:

Site structure :

RootSite based on « TeamSite »

Susbsite based on « TeamSite »

Groups and users :

The tests were performed on the subsite. The site was created by inheriting from the parent security, then security has been broken and a new group “subtestgroup” was created.

  • Groups :
    • Test Owners
    • Test Members
    • Subtestgroup
  • Users :
    •  User 1 :
      • Current user
      • Member of “Test Owners” and “subtestgroup”
  • User 2
    • rights granted directly on the subtestsite.

Query :

<Membership Type=””{0}””>

<FieldRef Name=””AssignedTo””/>


The 0 is replaced by different parameters.

List and tasks targeted:

Standard task list. The following tasks were created.

  • T1 assigned to user1
  • T2 assigned to test owners
  • T3 assigned to subtestgroup
  • T4 assigned to user2
  • T5 assigned to test members

Here the parameters, up to the test!

1) SPWeb.AllUsers :

This value is used to identify the tasks assigned to users (not groups)

Test result: T1 and T4

2 ) SPGroup :

Using this parameter, you must add an ID parameter with the ID of the desired group. This parameter will return the list of tasks assigned to members of this group.

The test will be performed using the ID of groups “members tests “(ID 7, empty group) and “test owners’”(ID 5, containing User 1)

If we change the query used by this one

<Membership Type=””SPGroup”” ID=”7”>

<FieldRef Name=””AssignedTo””/>


Test result : no tasks

Test with ID 5

Test result : T1

3 ) SPWeb.Groups :

The tasks assigned to the group site collection appear but not the tasks assigned to specific groups site

Test result : T2 and T5

4 ) CurrentUserGroups :

The tasks assigned to the current user groups will appear but not tasks assigned directly to the user.

Test result : T2 et T3

5 ) SPWeb.Users :

Tasks assigned to users who have received rights to the site directly (not through a group).

Test result : T4

Voilà !

Hope this helps!


Get all users from SharePoint group including active directory group V2

Hello everyone,

Some time ago, I wrote about how to retrieve the list of all users of a SharePoint group, including the list of Active Directory users if an AD group was present.

The proposed solution does not appeal to me because the LDAP binding was HardCoded.

I told you about the SPPrincipalInfo class and I had used the method “SPUtility.GetPrincipalsInGroup“.

But I had underestimated this function!

I didn’t thought to pass the Active Directory group name! Indeed, this function works on SharePoint groups but also on AD groups!

So just check if the group is an active directory group with one of the following functions


if(SPPrincipalInfo.PrincipalType == SPPrincipalType.SecurityGroup)

If this is the case just make a GetPrincipalsInGroup passing the loginname of the active directory group for a list of users!

No need the LDAP query!

Here is the full code!

DataTable dtuser = new DataTable();

dtuser.Columns.Add("Group User");

SPGroup groupToDisplay = SPContext.Current.Web.SiteGroups.GetByID(DisplayingGroup);

foreach (SPUser user in groupToDisplay.Users)


if (user.IsDomainGroup)

dtuser = GetUsers(user.LoginName, dtuser);




DataTable GetUsers(string userLoginName, DataTable dtuser)


bool reachedMaxCount;

SPPrincipalInfo[] adUsers = SPUtility.GetPrincipalsInGroup(SPContext.Current.Web, userLoginName, int.MaxValue - 1, out reachedMaxCount) ;

if (adUsers != null && adUsers.Length > 0)


foreach (SPPrincipalInfo principal in adUsers)


if (principal.PrincipalType == SPPrincipalType.SecurityGroup)

dtuser = GetUsers(principal.LoginName, dtuser);





return dtuser;


Hope this helps!


Configuration failed – Service running under Network Service account not supported

Hello everybody,

Today I’ll talk about an error that can occur when installing the beta of SharePoint 2013.

When running the SharePoint Configuration Wizard Product, it may be that it ends in failure with the following error message:

Configuration failed – Service running under Network Service account not supported

After some research I came across this topic:

To fix the problem, we must start psconfig.exe with the following arguments:

psconfig.exe -cmd Configdb create SkipRegisterAsDistributedCacheHost

To reminder the psconfig is located in the folder « C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\BIN »

After completing this command and restarting the Wizard, this time I got the following message:

The SDDL string contains contains an invalid sid a sid that cannot be translated

Well, I have not yet found where it was coming but the central administration finally works! At least we can finally see the new SharePoint looks like!