Managing SharePoint permissions via Active Directory?
Posted
by
rgmatthes
on Server Fault
See other posts from Server Fault
or by rgmatthes
Published on 2011-01-31T22:37:01Z
Indexed on
2011/11/27
9:54 UTC
Read the original article
Hit count: 240
My company has thousands of employees organized thoroughly via Active Directory. I have confidence in the accuracy of the Department and Title information displayed in the user profiles.
I'm helping to put up a brand new SharePoint 2007 site, and I contacted IT about managing the site's permissions through AD Groups. The goal is to have the site automatically assign read/write/contribute/whatever permissions based on the information in AD.
For example, we could create an AD Group called "Managers" that would contain anyone with the "Manager" title in their AD user profile. I would have SharePoint tap into this AD Group to mass assign permissions if I knew all managers would need a certain level of access (read/write/contribute/whatever). Then if a manager joins the company or leaves it, the group is automatically updated (provided AD gets updated, of course).
My IT rep called back and said it couldn't be done. This seems like a pretty straightforward business requirement, and one of the huge benefits of having Active Directory, but maybe I'm mistaken.
Could anyone shed some light on this?
A) Is it possible to use dynamically-updated AD Groups when assigning permissions via SharePoint? (Does anyone know of a guide I could show my doubtful IT rep?)
B) Is there a "best practice" way to go about this? I've read some debate on whether SharePoint Groups or AD Groups are the way to go. My main concern is dynamic updating.
C) If this isn't available out of the box, can someone recommend third-party software that will provide the functionality I'm looking for?
A big thanks to anyone who can help me out!!
© Server Fault or respective owner