Welcome: Guest!

Sharepoint Forum

 
Home » Forum » Sharepoint       Ask a questionRSS Feeds

Active Directory v/s SharePoint Groups

  Asked By: Naman Ranade         Date: Mar 13, 2009      Category: Sharepoint      Views: 576
 

There is a lot of debate of the use of AD OU admin groups or SharePoint security
groups. What are the true benefits of AD, besides centralized management of
security? It seems like SharePoint groups is a much easier solution. Can you
apply a SharePoint security group that already exists to a site? If so what
level permissions must a user have to do this?
I understand the fact that you can delete someone's account in AD and that
eliminates their access all sites they had access to, but couldn't you just
eliminate that name from the SharePoint Group created? Of course that is if you
can apply an existing SharePoint group to a site.

Tagged:          

 

2 Answers Found

 
Answer #1       Answered By: Mariel Ferrell          Answered On: Mar 13, 2009       

One thing I hate is that you can not use Sharepoint groups  for Sharepoint
alerts...

 
Answer #2       Answered By: Santana Osborn          Answered On: Mar 13, 2009       

Authorization (security) in sharepoint  always uses either SharePoint users or
groups. You can't assign SharePoint permissions  directly to AD users or groups,
they must be added either to SharePoint groups  or as SharePoint users. Adding
AD groups as a SharePoint user  or as a member of a SharePoint group  gives Domain
admins the ability to manage SharePoint permissions centrally by managing
membership in AD groups. But SharePoint groups makes it possible to delegate
management of security  in SharePoint to users who aren't domain admins. The
best rule of thumb is that IF security is managed centrally by AD domain admins,
then use AD groups. If it is managed by non-admins then use SharePoint groups.

I know some will say that if you use SharePoint groups users will not show up in
the local SharePoint site. That is NOT true. Any member of a SharePoint group
who has contributed one item to a list or library in a site  will show as a
member of the site. Read-only users and users who have not contributed will not
show as users. There is no reason not to use SharePoint groups in a
decentralized security model for SharePoint.

I also suggest never delete  an AD user. You should deactivate the user instead.
Deactivating a user will preserve their history in SharePoint, but will remove
their ability to login to the system.

 
Didn't find what you were looking for? Find more on Active Directory v/s SharePoint Groups Or get search suggestion and latest updates.


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011