SharePoint is definitely a bottomless pit: the more you know about it, the less you realize there’s so much more to learn about.
Today, after more than 3 years using SharePoint 2010, I finally had my “Aha” moment on a SharePoint peculiarity that had bugged for, well, at least 3 years. In all honesty, I hadn’t investigated it very much up until today, but every time I thought about the People Picker, the “Organizations” selector always came back to the surface to remind me of one of the many mysteries of SharePoint…
The “Organizations”… what?
So what is this “Organizations” selector, really? In SharePoint jargon, the proper term is “Claim Provider”, but aside from being a rather abstruse term, it really doesn’t denote a visual component, so I prefer to refer to it as a “selector” (for lack of a better term). I could have picked “node” or “filterer”, but I didn’t find those terms very compelling. I guess we could ask Microsoft, but since they dropped the People Picker Search UI from the 2013 People Picker, they probably couldn’t care less about the 2010 selectors… or whatever they are.
Since a picture is worth ten thousand words (it’s apparently the original meaning of the Chinese proverb, not “one thousand words”), let’s start with a screenshot of this “Organizations” selector:
If you’ve never seen it, don’t worry, you’re not missing (too) much. Indeed, I originally thought I would include it in the People Picker Limitations I recently discussed, but it’s really a feature. An annoying feature in some cases, but a feature nonetheless. So I’ll treat it as a feature and explain which purpose it serves.
The primary reason why you might not have seen or noticed it is because you use the Foundation version of SharePoint 2010. Indeed, the Organizations selector only appears in SharePoint Server farms, and for a good reason: in the background, it’s tied to the User Profile Service Application associated with the (current) web application. Consequently, a secondary reason why you might not have seen or noticed it is because your SharePoint Server farm simply doesn’t use the User Profile Service… or because your User Profile Service is broken. But the most likely reason why you might have not noticed it is simply because you didn’t have to! Indeed, most people focus on the search results pane on the right-hand side and don’t pay too much attention to the selectors on the left, especially in an Active Directory-only scenario.
What’s the purpose of the “Organizations” selector?
If you carefully look at the screenshot above, you’ll notice something rather odd: though the sole search result is an Active Directory user, the Active Directory selector shows “0″, meaning the search didn’t return any Active Directory user. But the search pane says exactly the opposite!
The reason for that oddity lies into what the Organizations selector really is: a SharePoint Server claim provider that moves all the results marked as “Users” (whether they’re Active Directory, FBA or Claims users) from their corresponding selector into the Organizations” selector and enriches those users with some information coming from the User Profile Service Application (associated to the current web application). For the sake of completeness, the specific user profile properties that become available in the search results are: Picture url, Job Title, Email Address, Location and Presence (SIP) Address.
Trevor Seward wrote an amazing blog post explaining what happens under the hood in that claim provider’s code, so I’m not going to expand too much on that since Trevor does it so well. But I’ll give you a visual clue of the user experience (when your user profiles are populated with the profile data I mentioned above).
Imagine John Adams lived in the 21st century and had a nice SharePoint 2010 profile page (they must use SharePoint at the White House, don’t they?) with just enough data for it to be relevant to the People Picker. That profile page would probably look like the screenshot below:
With this neat profile page in place, the People Picker is certainly a bit fancier and a search on “jo” would bring up something similar to this:
In the “All Search Results” view (which is what most people see), there is little additional information, aside from the profile picture (but that’s a big plus, especially in large organizations where namesakes are most likely than in smaller ones).
Interestingly the “Organizations” view provides slightly more information (essentially, the Job Title property):
But the List View (which probably no one uses at all) proves to be the most interesting one, as it’s the one that displays the most user data (yellow highlights of the data pulled from the user profile service):
If you start playing around with Organizations in the relevant section of the User Profile Service Application…
…it gets a little more interesting…(notice the “Tech Moguls” and “East Wing” organizations below)
…but overall that’s pretty much it. Of course, there’s not much to complain about in a pure Active Directory environment, but when you throw other Authentication providers (such as FBA or CBA – Claims-Based Authentication) in the mix, things quickly get messier.
In fact, both “Active Directory” and “Forms Auth” will now show “0″, even when there are results in those claim providers. But, as expected, they all get folded into the “Organizations” selector:
Although you can still differentiate between Active Directory and FBA users in the search results pane, you can easily see how inconvenient that can be if you have many AD results, but you’re only interested in FBA users: there is no other solution to find your user(s) than to scroll down in the search results pane! (or tweak your search term, but that’s not very productive either).
One of the main reasons why I took a closer look at this “Organizations” selector is that it rendered our custom Extradium claims provider virtually useless in a SharePoint Server environment (with User Profiles). As you can see in the screenshot below, the Extradium selector is empty, and there’s no way to filter the Extradium users by (Extradium) organization:
For the sake of comparison, this is what we would get in a SharePoint Foundation farm or SharePoint Server farm without the User Profile Service. I hope you’ll agree it’s a lot more useful that way.
Can I hide the “Organizations” selector/claim provider?
So that’s really the million dollar question here. And my answer to would be: “Well… sort of”.
The reason why I don’t to give you a straight and resounding “Yes” as an answer, is because you have to been willing to hack into SharePoint a bit. So use my solution at your own risk and be aware that it will be unsupported. The reason why it’s really more a hack than anything else is because the Organization Hierarchy Claim Provider (that’s its real name – at least its API class name) is actually hidden.
If you’re a SharePoint PowerShell guru and type “Get-SPClaimProvider” in your favorite SharePoint Management Shell, you’ll be surprised to see that it doesn’t mention the “Organizations” claim provider at all, though it does list all the other claim providers you see in the People Picker (+ the System Claim Provider – apparently used by the Taxonomy Service, but it’s also present in SharePoint Foundation).
So where does this Organizations claim provider hide? It took me a while to pin it down, but long story short, it’s referenced in the SPClaimProviderManager‘s HierarchyProvider property. But don’t scour the MSDN documentation to find it, because you won’t find it. As a matter of fact, that HierarchyProvider property is an internal property.
Furthermore, I found out that the SPClaimProviderManager has 2 internal methods called UpdateClaimHierarchyProviderInfo and ResetClaimHierarchyProvider which I suspect are called when a User Profile Service Application is provisioned and un-provisioned, respectively. Since those 2 methods are internal as well, there is no other way to call them than by using reflection, which is what my Toggle Organization Claim Provider Visibility tool basically does. And from what I can tell so far, it works fairly well and doesn’t impact SharePoint in a negative way (other than you obviously can’t leverage User Profiles to enrich the People Picker, but the added convenience probably more than makes up for that loss).
The first time you run this tool (from the bin directory), it will disable the Organization Claim Provider:
If you run it again, it’ll enable the Org Claim Provider back:
And so on and so forth (it’s called “Toggle” for a reason ).
For the developers out there, you also get the source code for free, so go ahead and grab it here. Once again, be aware it’s 100% a hack that can be rendered useless if the SharePoint Dev team reads this blog and decides to further hides (or simply change the signature) of those methods
But since I found it an interesting research and exercise, I thought I’d share my findings with you. At least, I hope you’ve enjoyed the information!by