7 Appendix B: Product Behavior

  • Article

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

  • Active Directory Domain Services (AD DS)

  • The 2007 Microsoft Office system

  • Microsoft Office 2010 suites

  • Microsoft Office 2013

  • Windows SharePoint Services 2.0

  • Windows SharePoint Services 3.0

  • Microsoft SharePoint Foundation 2010

  • Microsoft SharePoint Foundation 2013

  • Microsoft Office 2016

  • Microsoft SharePoint Server 2016

  • Microsoft Office 2019

  • Microsoft SharePoint Server 2019

  • Microsoft Office 2021

  • Microsoft SharePoint Server Subscription Edition

  • Microsoft Office 2024 Preview

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 2.2.4.5:  The SharePoint Products and Technologies UI does not provide access to the Hidden attribute.

<2> Section 2.2.4.6:  The SharePoint Products and Technologies UI does not provide access to the Hidden attribute.

<3> Section 3.1.4.3: In SharePoint Products and Technologies, "role definition" is the standard terminology and is used instead of "role" in all descriptions of this protocol's behavior. However, SharePoint Products and Technologies provides two distinct but entirely equivalent operations to add role definitionsAddRole and AddRoleDef—and two distinct but entirely equivalent operations for updating role definitions—UpdateRoleInfo and UpdateRoleDefInfo.

<4> Section 3.1.4.4: Windows SharePoint Services 2.0 does not support this operation.

<5> Section 3.1.4.4: In SharePoint Products and Technologies, "role definition" is the standard terminology and is used instead of "role" in all descriptions of this protocol's behavior. However, SharePoint Products and Technologies provides two distinct but entirely equivalent operations to add role definitions—AddRole and AddRoleDef—and two distinct but entirely equivalent operations for updating role definitions—UpdateRoleInfo and UpdateRoleDefInfo.

<6> Section 3.1.4.5: If the Active Directory Domain Services (AD DS) account creation mode is enabled, the AddUserCollectionToGroup operation (section 3.1.4.5) in SharePoint Foundation 2010 works, as specified in section 3.1.4, with the following differences:

  • If a user with the login name specified in the operation exists in the site collection, the server adds the user to the group or role definition as specified in the operation.

  • If a user with the login name specified in the operation does not exist in the site collection, the protocol server responds as follows:

    • If an e-mail address specified in the operation is not in a valid format, the server returns a SOAP fault with error code 0x80004005.

    • If one or more of the users in the site collection have the e-mail address specified in the operation, the protocol server responds as follows:

      • The server chooses one of the users with the e-mail address specified in the operation.

      • In the case where the login name and e-mail address for this user in the site collection do not match the login name and e-mail address in AD DS, the server also creates a new AD DS account for this user with a random, but unique login name.

      • The server adds the user to the group  or role definition as specified in the operation.

    • Otherwise, if the e-mail address specified in the operation is valid and none of the users in the site collection have the e-mail address specified in the operation, the server creates a new AD DS account for the user with a random but unique login name and adds the user to the group or role definition as specified.

<7> Section 3.1.4.6: If the Active Directory Domain Services (AD DS) account creation mode is enabled, the AddUserCollectionToRole operation (section 3.1.4.6) in SharePoint Foundation 2010 works, as specified in section 3.1.4, with the following differences:

  • If a user with the login name specified in the operation exists in the site collection, the server adds the user to the group or role definition as specified in the operation.

  • If a user with the login name specified in the operation does not exist in the site collection, the protocol server responds as follows:

  • If an e-mail address specified in the operation is not in a valid format, the server returns a SOAP fault with error code 0x80004005.

  • If one or more of the users in the site collection have the e-mail address specified in the operation, the protocol server responds as follows:

    • The server chooses one of the users with the e-mail address specified in the operation.

    • In the case where the login name and e-mail address for this user in the site collection do not match the login name and e-mail address in AD DS, the server also creates a new AD DS account for this user with a random, but unique login name.

    • The server adds the user to the group or role definition as specified in the operation.

  • Otherwise, if the e-mail address specified in the operation is valid and none of the users in the site collection have the e-mail address specified in the operation, the server creates a new AD DS account for the user with a random but unique login name and adds the user to the group or role definition as specified.

<8> Section 3.1.4.7: If the Active Directory Domain Services (AD DS) account creation mode is enabled, the AddUserToGroup operation (section 3.1.4.7) in SharePoint Foundation 2010 works, as specified in section 3.1.4, with the following differences:

  • If a user with the login name specified in the operation exists in the site collection, the server adds the user to the group or role definition as specified in the operation.

  • If a user with the login name specified in the operation does not exist in the site collection, the protocol server responds as follows:

    • If an e-mail address specified in the operation is not in a valid format, the server returns a SOAP fault with error code 0x80004005.

    • If one or more of the users in the site collection have the e-mail address specified in the operation, the protocol server responds as follows:

      • The server chooses one of the users with the e-mail address specified in the operation.

      • In the case where the login name and e-mail address for this user in the site collection do not match the login name and e-mail address in AD DS, the server also creates a new AD DS account for this user with a random, but unique login name.

      • The server adds the user to the group or role definition as specified in the operation.

    • Otherwise, if the e-mail address specified in the operation is valid and none of the users in the site collection have the e-mail address specified in the operation, the server creates a new AD DS account for the user with a random but unique login name and adds the user to the group or role definition as specified.

<9> Section 3.1.4.8: If the Active Directory Domain Services (AD DS) account creation mode is enabled, the AddUserToRole operation (section 3.1.4.8) in SharePoint Foundation 2010 works, as specified in section 3.1.4, with the following differences:

  • If a user with the login name specified in the operation exists in the site collection, the server adds the user to the group or role definition as specified in the operation.

  • If a user with the login name specified in the operation does not exist in the site collection, the protocol server responds as follows:

    • If an e-mail address specified in the operation is not in a valid format, the server returns a SOAP fault with error code 0x80004005.

    • If one or more of the users in the site collection have the e-mail address specified in the operation, the protocol server responds as follows:

      • The server chooses one of the users with the e-mail address specified in the operation.

      • In the case where the login name and e-mail address for this user in the site collection do not match the login name and e-mail address in AD DS, the server also creates a new AD DS account for this user with a random, but unique login name.

      • The server adds the user to the group or role definition as specified in the operation.

    • Otherwise, if the e-mail address specified in the operation is valid and none of the users in the site collection have the e-mail address specified in the operation, the server creates a new AD DS account for the user with a random but unique login name, and adds the user to the group or role definition as specified.

<10> Section 3.1.4.10: This operation is not available in Windows SharePoint Services 2.0 or Windows SharePoint Services 3.0.

<11> Section 3.1.4.15:  In SharePoint Products and Technologies, if a site inherits permissions from a parent site, in order for a group to have permissions for that site, the group has to have permissions for the parent site.

<12> Section 3.1.4.22: Windows SharePoint Services 2.0 does not support this operation.

<13> Section 3.1.4.23: Windows SharePoint Services 2.0 does not support this operation.

<14> Section 3.1.4.30:  In SharePoint Products and Technologies, if there are multiple users with the same e-mail address, the protocol server treats this case as no user can be found for a specified e-mail address.

<15> Section 3.1.4.30.3.1:  In SharePoint Products and Technologies, if the value in the Email attribute is "login name", this method returns the user based on the login name; login name accepts both complete "Domain\Alias" format and "Alias only" format.

<16> Section 3.1.4.34:  In SharePoint Products and Technologies users are removed in sequential order, which means that if a user name is invalid or does not exist in the site collection, an error code 0x81020054 will be returned, but all previous valid users will be removed.

<17> Section 3.1.4.35:  In SharePoint Products and Technologies users are removed in sequential order, which means that if some a user name is invalid or does not exist in the site collection, an error code 0x81020054 will be returned, but all previous valid users will be removed.

<18> Section 3.1.4.36:  If AD DS account creation mode is enabled, the RemoveUserCollectionFromSite (section 3.1.4.36) and RemoveUserFromSite (section 3.1.4.39) operations also delete users from AD DS.

<19> Section 3.1.4.36:  In SharePoint Products and Technologies users are removed in sequential order, which means that if a user name is invalid, an error code 0x81020054 will be returned, but all previous valid users will be removed.

<20> Section 3.1.4.39:  If AD DS account creation mode is enabled, RemoveUserCollectionFromSite (section 3.1.4.36) and RemoveUserFromSite (section 3.1.4.39) operations also delete users from AD DS.

<21> Section 3.1.4.41: Windows SharePoint Services 2.0 and Windows SharePoint Services 3.0 return a SOAP fault with error code 0x81020043.

<22> Section 3.1.4.42:  In SharePoint Products and Technologies, "role definition" is the standard terminology and is used instead of "role" in all descriptions of this protocol's behavior. However, SharePoint Products and Technologies provides two distinct, but entirely equivalent operations to add role definitions—AddRole and AddRoleDef—and two distinct, but entirely equivalent operations for updating role definitions—UpdateRoleInfo and UpdateRoleDefInfo.

<23> Section 3.1.4.43.2.1:  In SharePoint Products and Technologies, "role definition" is the standard terminology and is used instead of "role" in all descriptions of this protocol's behavior. However, SharePoint Products and Technologies provides two distinct, but entirely equivalent operations to add role definitions—AddRole and AddRoleDef—and two distinct, but entirely equivalent operations for updating role definitions—UpdateRoleInfo and UpdateRoleDefInfo.