SharePoint - How to assign a task to a user that's not in the system?

I have to programmatically create a task for a user that was not explicitly added in the site users. He has permissions to contribute to the task list, though, because he belongs to an AD group that has been granted those permissions. I can assign the task to the user through the UI; how do I do it through code though?

The accepted way of assigning tasks to users is to set the AssignedTo field of the task to an SPFieldUserValue pointing to that user. Except it cannot be done in this case, because the users cannot be found in SharePoint, only his group! Assigning the task to the whole group is a bad idea, for obvious reasons. And our system administrators categorically refuse to add the users to Sharepoint one by one, because that would duplicate the data they have in Active Dire开发者_如何学Goctory, and generally be a pain to manage. What do I do?

---

When a user authenticates to SharePoint, an entry is created for them in the profile store, even if their permission to the site comes from an AD group.

I did a quick test by adding new user (TGroupsUser) and group (SPtestPermissions) to my AD, so there is no chance the user was ever on my site before. I added the user to the group and gave the group "Member" permissions to my site. I then authenticated to SP with this new user.

To show that the user is part of this SPWeb, I wrote a quick webpart to enumerate the users on the web. Note that there are three groups of users with the SPWeb. All Users, Site Users and Users. See this link for full description of these properties. Basically, users are users on the web. Site Users are users and groups on the site collection. All Users is all users of the site including those granted direct permission or granted through group and then visited the site. Here are the results, minus the system accounts.

All Users SPSDEV\rross SPSDEV\sptestpermissions SPSDEV\TGroupsUser

Site Users SPSDEV\rross SPSDEV\sptestpermissions SPSDEV\TGroupsUser

Users SPSDEV\rross

Since this account (TgroupsUser) is part of the user collection for the web, you can treat just like a user added directly to the site. To finish the testing, I created a task with the following code for the assignedTo field.

TaskItem[SPBuiltInFieldId.AssignedTo] = web.SiteUsers.GetByEmail("myemail@domain.com");

Here is a screenshot of the new task assigned to TGroupsUser.

FYI - I needed to use AllowUnsafeUpdates on the web object.