MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

AD Groups

  Asked By: Tarak    Date: Nov 11    Category: MOSS    Views: 1544

This question may have already been asked but here it goes again. I
could read the manual but its just a simple yes or no question.

Do AD security/distribution groups work for access and privileges as
members of a MOSS group? (Yes/No)

I am having some issues and want to remove this as a possibility. Again,
sorry if its already been asked.



9 Answers Found

Answer #1    Answered By: Alycia Everett     Answered On: Nov 11

Security groups  do work. They are security principals and have SIDs.

Distribution lists do not work. They are not security principals and do
not have SIDs. If you try to add a DL I believe SharePoint just adds
the members of that DL to the site.

Answer #2    Answered By: Kaila Hahn     Answered On: Nov 11

Does anyone have any opinions about the best method of managing users?
AD groups  vs MOSS groups?

Answer #3    Answered By: Ada Sosa     Answered On: Nov 11

Depends on how much work  you want IT to do versus how much work you want
your users to do. If you don't mind having IT create AD groups
frequently then go that way. If you'd prefer that your users do the
work, SharePoint groups  are a better route. One advantage AD security
groups have is that they work on multiple site collections.

Answer #4    Answered By: Cheyenne Lewis     Answered On: Nov 11

There is a discussion on this forum before "AD group  Rights not
reflect in Doc Lib". We are some "people" experiencing problems with
AD groups  in SharePoint. The problems we are experiencing is that
some times AD-users given access  to SharePoint through an AD-group
dont get access. Some times it works some times it dont. I personally
also experiencing problems with nested AD-groups. E.g "ADUserA" is
in "ADGroupB" that is in "ADGroupA" that has access to
SharePoint. "ADUserA" is denied in SharePoint.

I have set up a support case with Microsoft regarding this. But MOSS
support has so much to do. I set it up about two weeks ago and I
havent heard anything yet. It is a MOSS support case but personaly I
dont know if the problem is MOSS relative, AD relative or ASP.NET

I personally prefer managing rights in SharePoint just because its
often give better control. Of course this depends on situation. But I
can imagine it is often you have access to SharePoint and can manage
permissions but you dont have control of the AD. If some strange
things happens, like the ones I am experiencng, it is hard to search
the problem if you only have access to the SharePoint environment.

But (as I said) I find the problem strange. It can be so that if you
choose the AD-group solution you want experiencing any problems at
all. But I want you to know the situation.

Answer #5    Answered By: Liana Alston     Answered On: Nov 11

I have one top level app with a publishing collection. Two departmental
subsites where access  should be restricted to members of certain groups.
I have created the groups  at the top level so I can use them as
content/navigation filters. So that when I add them to the appropriate
top level group, they only see the links they are supposed to see.
Problem is that I cannot see or access the groups in the subsites. I
want to use those same groups in the subsites to give access to the
appropriate subsite without re-adding the users to another group. I
choose not to use audiences because of the limited settings in the
compilation schedule and I dont want to have to recompile everytime I
add a user.

Is this a limitation or can I use groups across all sites in a collection?

I took your advice and moved away from the AD groups based on the
possibility of intermittent issues  and the fact that I was experiencing
similar issues.

Answer #6    Answered By: Daamodar Kolhe     Answered On: Nov 11

Disregard that last post/question. The reason I cant see the groups  is
because I created another collection, not a subsite. Boy was that a
stupid mistake.

Answer #7    Answered By: Emerson Franks     Answered On: Nov 11

I put groups  that will stay relatively stable (Departments, maintenance
groups) in AD and adhoc groups I put in sharepoint (Committees, teams

Answer #8    Answered By: Ned Storm     Answered On: Nov 11

The only way I can see using MOSS groups  is if MOSS is the only resource
you're using in your organization. If you have other resources that need
security management - and most of us do (i.e. file shares, printers) -
then a properly designed AD structure is the way to go. That way, you're
only maintaining group  membership in one place.

DON'T place AD groups into MOSS groups, though. Instead, place AD groups
into MOSS as users. Then you won't get the 'nested group' problem. STAY

Answer #9    Answered By: Myron Calhoun     Answered On: Nov 11

At the moment AD-groups dont work  at all for me. Of course this must
have to do with something in the AD we are using. The only way I get
it to work is when I give the ad-user access  in SharePoint. So even
if I give the AD-group access to sharepoint, as a user without using
SharePoint-groups, it wont work.

Is there an article about the fact that you shouldnt use SP-groups
with AD-groups? Or have you found it out by experience?

Didn't find what you were looking for? Find more on AD Groups Or get search suggestion and latest updates.