MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Sharepoint Integration With Active Directory?

  Asked By: Johnpaul    Date: Jun 12    Category: MOSS    Views: 3400

I have a questions that I was hoping I could get some help with
understanding. We have a MOSS 2007 environment with Active Directory
2003, in non-native mode. We have many groups set up in AD that we
would like to use for Security in sharepoint.

The problem I am encountering is that in Central Admin and through my
web app I am unable to see/browse ALL the groups in our AD, only
certian ones show up to assign permissions. We have done a lot of
research on the variance of groups we see and we don't and cannot
find any correlation.

For granting permissions through the web app, this does not behave as
I expected either. If I try to add a AD group "testdomain\managers"
for access to a site for example...I can add that group to
my "Sharepoint Owners" group, but it doesn't work. It is like it is
treating it as a user. In order for users to have access I need to
create a sharepoint group and add the users. The only group that
seems to work is the "NT Authority\Authenticated users"

Maybe be I am doing something wrong here. Basically we would like to
manage all groups in AD rather then Sharepoint but are not having
much luck getting everything worked out. Any help or suggestion here
would be much appriciated.



10 Answers Found

Answer #1    Answered By: Iris Ballard     Answered On: Jun 12

First thing I'd check is to make sure the AD "groups" you're selecting are not
actually distribution lists. SharePoint can use AD security groups, however, I
don't think distribution lists are supported in SharePoint.

Answer #2    Answered By: Jamila Guthrie     Answered On: Jun 12

I have confirmed that this is not the case. They are AD groups.

Answer #3    Answered By: Kalpana Ghatge     Answered On: Jun 12

Are they Global, Universal or Local groups? There are some places in
SharePoint where it will accept either Global or Local groups, but
others where only Global groups will be acceptable. Since I think you
said you are still in mixed mode they wouldn't be Universal groups, but
I don't think those will work either.

Answer #4    Answered By: Bobbie Rodgers     Answered On: Jun 12

So the best thing is to have them be Global Groups?

Answer #5    Answered By: Bhumi Gokhale     Answered On: Jun 12

Yes. Although Local groups and even non-security distribution groups
will work in some cases support for them is spotty. When I used to
teach AD we harped on the idea of AGLP ASSIGN users to a GLOBAL group
add that to the LOCAL group and assign PERMISSIONS to the Local Group.
That has always been Microsoft's recommended strategy. Just think of
SharePoint groups as the Local groups in that statement.

Answer #6    Answered By: Davon Henson     Answered On: Jun 12

I have confirmed we are using global groups....any other thoughts here?

Answer #7    Answered By: Aakash Gavade     Answered On: Jun 12

This may or may not be helpful, but we just had an issue with some
groups working and others not (in the context of targeting). The
problem turned out to be that the groups that didn't work had
members in an OU where the SharePoint service account didn't have
read rights for some strange reason.

Answer #8    Answered By: Dara Hobbs     Answered On: Jun 12

I will look into that. The odd thing is that in Sharepoint I can
sometime "see" the groups, but it shows that there are no members in that
group when in AD, there is. It is just really strange.....any other
thoughts or ideas would be greatly appriciated.

Answer #9    Answered By: Abhinivesh Suvarna     Answered On: Jun 12

I never saw an answer and I am having a similar problem. Does global groups
resolve this?

Answer #10    Answered By: Micheal Knight     Answered On: Jun 12

How do you "see" the groups to see that there are no members? AFAIK SharePOint
uses the group,i.e. domainname\groupname, to grant access. It doesn't keep alist
of the group members. If you want to see the members in a group you need to use
the Active Directory Users and Computers MMC.

Didn't find what you were looking for? Find more on Sharepoint Integration With Active Directory? Or get search suggestion and latest updates.