Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Granting Access in Sharepoint Using an Email Distro Group

  Asked By: Marie    Date: Oct 10    Category: Sharepoint    Views: 13199

The company I work for is getting ready to deploy a WSS 3.0 based
Intranet and I would like to be able to use the exchange distribution
lists from active directory to grant access in Sharepoint. My
question is - if I add the distro list from active directory
(like "All Employees") to a Sharepoint Access Group and then someone
is added to the "All Employees" list in active directory, do I have to
do anything in Sharepoint to get the new person access or is the
linkage between the two dynamic?



6 Answers Found

Answer #1    Answered By: Irving Hurley     Answered On: Oct 10

A distribution list  is not a security principal, so you can't assign it access
to a site. If you try, SharePoint will resolve the members and add  them all
seperately. Obviously that won't change if you add or remove people from the
distribution list.

What you want to use instead are security groups. In your case, mail enabled
security groups. Security groups are security principals so you can add it to a
site and it will reflect current membership as people are added  or removed.

Answer #2    Answered By: Vinay Thakur     Answered On: Oct 10

I did actually try assigning access
to a distribution list  for a site and it seemed to "work". When I
look in People and Groups, it lists the name of the list, not all
the users, so that's why I wasn't sure how it would handle changes
to that list. Should it have shown the name of the dist list as
a "user" or should all the members be listed separately (as if I had
added them individually)?

Answer #3    Answered By: Kristie Hardy     Answered On: Oct 10

It will just show the name of the list

Hence, if you add  users to the list  they're updated automatically

i.e. each user has an access  token, part of which says which security
group they are a member of. When they try and access the site it checks
the users access token. As this token says they are a member of that
group they will be given access

Answer #4    Answered By: Faith Delgado     Answered On: Oct 10

In all honesty I haven't tried this in WSS v3 yet, so I was describing how v2
did it. Are you sure your distribution list  isn't a mail enabled security
group? As far as I know a distribution list doesn't have a SID, so you can't
add it to any ACLs. I could be wrong though. Either way, if the DL/group name
is what shows up in SharePoint then you're probably okay. It's using the
group's SID and each member of that group  will have that SID, so they should be
able to get in.

Answer #5    Answered By: Alisha Itagi     Answered On: Oct 10

I just found out from our Active Directory administrator that the
group is in fact a mail-enabled security group. With that being the
case, it sounds like once I grant access  to the group  in Sharepoint,
it will stay in sync with the group in Active Directory.

Answer #6    Answered By: Judy Pittman     Answered On: Oct 10

SharePoint Groups in v3 are the same as Cross Site Groups were in v2. If
you include an Active Directory (AD) group  in a SharePoint group,
changes to the AD group will be immediately realized in SharePoint. In
fact, AD groups should be used as much as possible, it is a best
practice. While it won't solve common problems associated with a
decentralized security model, it will minimize them.

Didn't find what you were looking for? Find more on Granting Access in Sharepoint Using an Email Distro Group Or get search suggestion and latest updates.