Welcome: Guest!

MOSS Forum

 
Home » Forum » MOSS       Ask a questionRSS Feeds

Sharepoint Integration With Active Directory?

  Asked By: Johnpaul Zamora         Date: Jun 12, 2007      Category: MOSS      Views: 1083
 

I have a questions that I was hoping I could get some help with
understanding. We have a MOSS 2007 environment with Active Directory
2003, in non-native mode. We have many groups set up in AD that we
would like to use for Security in sharepoint.

The problem I am encountering is that in Central Admin and through my
web app I am unable to see/browse ALL the groups in our AD, only
certian ones show up to assign permissions. We have done a lot of
research on the variance of groups we see and we don't and cannot
find any correlation.

For granting permissions through the web app, this does not behave as
I expected either. If I try to add a AD group "testdomain\managers"
for access to a site for example...I can add that group to
my "Sharepoint Owners" group, but it doesn't work. It is like it is
treating it as a user. In order for users to have access I need to
create a sharepoint group and add the users. The only group that
seems to work is the "NT Authority\Authenticated users"

Maybe be I am doing something wrong here. Basically we would like to
manage all groups in AD rather then Sharepoint but are not having
much luck getting everything worked out. Any help or suggestion here
would be much appriciated.

Tagged:          

 

10 Answers Found

 
Answer #1       Answered By: Iris Ballard          Answered On: Jun 12, 2007       

First thing I'd check is to make sure the AD "groups" you're selecting are not
actually distribution lists. SharePoint can use AD security groups, however, I
don't think distribution lists are supported in SharePoint.

 
Answer #2       Answered By: Jamila Guthrie          Answered On: Jun 12, 2007       

I have confirmed that this is not the case. They are AD groups.

 
Answer #3       Answered By: Kalpana Ghatge          Answered On: Jun 12, 2007       

Are they Global, Universal or Local groups? There are some places in
SharePoint where it will accept either Global or Local groups, but
others where only Global groups will be acceptable. Since I think you
said you are still in mixed mode they wouldn't be Universal groups, but
I don't think those will work either.

 
Answer #4       Answered By: Bobbie Rodgers          Answered On: Jun 12, 2007       

So the best thing is to have them be Global Groups?

 
Answer #5       Answered By: Bhumi Gokhale          Answered On: Jun 12, 2007       

Yes. Although Local groups and even non-security distribution groups
will work in some cases support for them is spotty. When I used to
teach AD we harped on the idea of AGLP ASSIGN users to a GLOBAL group
add that to the LOCAL group and assign PERMISSIONS to the Local Group.
That has always been Microsoft's recommended strategy. Just think of
SharePoint groups as the Local groups in that statement.

 
Answer #6       Answered By: Davon Henson          Answered On: Jun 12, 2007       

I have confirmed we are using global groups....any other thoughts here?

 
Answer #7       Answered By: Aakash Gavade          Answered On: Jun 12, 2007       

This may or may not be helpful, but we just had an issue with some
groups working and others not (in the context of targeting). The
problem turned out to be that the groups that didn't work had
members in an OU where the SharePoint service account didn't have
read rights for some strange reason.

 
Answer #8       Answered By: Dara Hobbs          Answered On: Jun 12, 2007       

I will look into that. The odd thing is that in Sharepoint I can
sometime "see" the groups, but it shows that there are no members in that
group when in AD, there is. It is just really strange.....any other
thoughts or ideas would be greatly appriciated.

 
Answer #9       Answered By: Abhinivesh Suvarna          Answered On: Jun 12, 2007       

I never saw an answer and I am having a similar problem. Does global groups
resolve this?

 
Answer #10       Answered By: Micheal Knight          Answered On: Jun 12, 2007       

How do you "see" the groups to see that there are no members? AFAIK SharePOint
uses the group,i.e. domainname\groupname, to grant access. It doesn't keep alist
of the group members. If you want to see the members in a group you need to use
the Active Directory Users and Computers MMC.

 
Didn't find what you were looking for? Find more on Sharepoint Integration With Active Directory? Or get search suggestion and latest updates.


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011