MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Create active directory groups

  Asked By: Harley    Date: Jan 10    Category: MOSS    Views: 1512

I have a MOSS development and the IT department sets up the groups in active
directory then I add the group to the relevant
SharePoint site.

The problem is becasue i am adding the pre created active directory groups the
users on the sites cannot see who is in them and then email each other etc. Also
everytime a new user needs adding I have to log a helpdesk (!) and wait until
the IT dept can add the user into one of the groups.

My IT department is saying this is the best way to manage users in SharePoint
and the most secure, I'm quite new to this but know there must be a better way
to manage this.

Can anyone give me a simple explanation of how this should be done, I have tried
to convey this to the 'powers that be' in my workplace but because i'm not a
technical expert in SharePoint just yet i'm not being taken seriously and i fear
the users in the SharePoint sites will become jaded with their sites and revert
to using emails and bulking up the shared drives to collaborate again.



3 Answers Found

Answer #1    Answered By: Damini Dande     Answered On: Jan 10

You could use SharePoint groups  instead of active  Directory Groups.

To create  a new group  go to "Site Settings", "People and Groups" and
then create a new group with appropriate permissions, you can then add
SharePoint users  to this group and use this group when managing
permissions on lists and sites  etc.....

You can also configure membership rules so that users can request to
join a group and the group owner can approve new members without needed
permissions to edit any active directory  member ship rules.

Answer #2    Answered By: Addison Peck     Answered On: Jan 10

What many AD people do not want to admit is that there is no security
breech in creating an OU and delegating to you the single permission to
create groups.

This is my preferred method of managing sharepoint  groups.

Quite often AD groups  just do not correspond to the membership that
SharePoint needs.

The advantage of AD groups is that they are consistent across all your
SharePoint implementation.

The advantage of SharePoint group  is that they are managed from within

The disadvantage of SharePoint group is that they have to be created  for
each site  Collection.

Now you can add  an AD group to a SharePoint group but you cannot see the
membership from within SharePoint.

However, unless your AD admins have locked AD down, any AD member can
see the membership of an AD group with users  and Computers if they have
access to the tool.

I believe that the upcoming release of DeliverPoint will also show users
the membership of AD groups.

You may want to check out www.barracudatools.com.

Answer #3    Answered By: Jarvis Rowe     Answered On: Jan 10

I'm hoping this isn't a double post...

We recently discussed this topic on our blog. Check out the conversation at blog.imanami.com/.../Security-groups-in-SharePoint-managing-access-dynamically

Didn't find what you were looking for? Find more on Create active directory groups Or get search suggestion and latest updates.