Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Question about using AD security groups instead of individual users

  Asked By: Caitlin    Date: Nov 29    Category: Sharepoint    Views: 1941

My company started off managing site users by adding
individual names, not AD groups. I now have a list of our AD
security groups from our IT staff, and I want to begin making the
switch where possible (adding the AD group and then removing all of
the individuals).

Is there anything I should be aware of before doing this? It seems a
little scary deleting users from a site, even though I know they are
in the AD group. Does this process affect anything, like the work
they've done thus far on the site? I doubt it, but I want to be sure.

Will everyone still be "recognized" as him/herself? If there is a
list where folks can only "edit their own" items, will they be able
to edit their own stuff if it was created before I switched from
individuals to groups?

I know this probably sounds silly to IT folks out there, but humor
me. I just want to be 110% sure I won't screw anything up!



6 Answers Found

Answer #1    Answered By: Chantal Rosa     Answered On: Nov 29

You should be fine here. I recommend you add the groups  where they belong "alongside" or "parallel" to the users  so they both exists.

Then pick a wss site  or portal area (just 1), remove the user accounts, and then see the results.

We use security  groups only at the SPS level. Since Team Sites are more dynamic, we usually pick a site administrator to manage the site and let them manage the security on the site. So in a nutshell our SPS (intranet) portal sites - we use security groups and in our WSS (Team sites) we continue to use individual  user accts.

One things to be aware of with groups. If you have LCS (Live Communications Server) in your environment you will lose "presence" information to some webparts. You can only display "presence" of a USER not a group.

One other thing to keep in mind, make SURE that your AD groups are SECURITY groups, NOT distribution groups. Distribution groups are not recognized  correctly by SPS. (See image below.. or attached..)

Answer #2    Answered By: Kyla Eckert     Answered On: Nov 29

Be aware that you can mail enable security  groups tho so they can be used both for security and for sending emails (just a thought)

Answer #3    Answered By: Alisha Holmes     Answered On: Nov 29

Exactly, you can also "convert" distribution groups  to mail-enabled-security-groups on the fly. This is what we had to do actually, just switch the group-type. After this everything worked beautifully.

Answer #4    Answered By: Laura Walker     Answered On: Nov 29

The biggie is that by using groups  rather than users  the little presence peas stop working so if you are using LCS or whatever and want to see the little green lights come on then I don’t think you should use groups

Answer #5    Answered By: Percy Beach     Answered On: Nov 29

I have found that if you delete a user from a team site  using Manage Users, then alerts and other personal settings will be deleted from the site even if the user has access to the site using a security  group.

Answer #6    Answered By: Christop Mcfadden     Answered On: Nov 29

Dont forget that you can also use default security  groups. On my portal I used authenticated users, Instead of creating new Security Groups. Although I need to do more with audiences through security groups, it was quick and easy to give access at the start. The one thing about security groups  on a portal (not wss) is once you give access, well you have given access. Document libraries seem more secure on WSS sites. I can give access to a wss site(contributer) and restrict access to a document library.

As always, have a test account to login and test that user!