Managing SharePoint permissions via Active Directory?

Posted by rgmatthes on Server Fault See other posts from Server Fault or by rgmatthes
Published on 2011-01-31T22:37:01Z Indexed on 2011/01/31 23:27 UTC
Read the original article Hit count: 213

My company has thousands of employees organized thoroughly via Active Directory. I have confidence in the accuracy of the Department and Title information displayed in the user profiles.

I'm helping to put up a brand new SharePoint 2007 site, and I contacted IT about managing the site's permissions through AD Groups. The goal is to have the site automatically assign read/write/contribute/whatever permissions based on the information in AD.

For example, we could create an AD Group called "Managers" that would contain anyone with the "Manager" title in their AD user profile. I would have SharePoint tap into this AD Group to mass assign permissions if I knew all managers would need a certain level of access (read/write/contribute/whatever). Then if a manager joins the company or leaves it, the group is automatically updated (provided AD gets updated, of course).

My IT rep called back and said it couldn't be done. This seems like a pretty straightforward business requirement, and one of the huge benefits of having Active Directory, but maybe I'm mistaken.

Could anyone shed some light on this?

A) Is it possible to use dynamically-updated AD Groups when assigning permissions via SharePoint? (Does anyone know of a guide I could show my doubtful IT rep?)

B) Is there a "best practice" way to go about this? I've read some debate on whether SharePoint Groups or AD Groups are the way to go. My main concern is dynamic updating.

C) If this isn't available out of the box, can someone recommend third-party software that will provide the functionality I'm looking for?

A big thanks to anyone who can help me out!!

© Server Fault or respective owner

Related posts about active-directory

Related posts about permissions