Wednesday 21 December 2011

Moving Active Directory users into SharePoint Site Groups

For moving all the Active Directory users into SharePont 2010 Groups,
Groups are Active Directory objects that can contain users,contacts,computers and other groups.

Active Directory will have two types of Groups.

One is Distribution Group
  1. Distribution groups have only one function - for e-mail distribution lists.  and that is not security-enabled.
  2. Distribution groups cannot be listed in discretionary access control lists (DACLs), which are used to define permissions on resources and objects.
  3. Distribution groups play no role in security (you do not assign permissions to distribution groups), and you cannot use them to filter Group Policy settings.
  4. Distribution Groups are designed to work with email, but not for the assignment or control of permissions to a resource. 
Second one is Security Group
  1. Security group   A group that can be listed in DACLs. A security group can also be used as an e-mail entity.
  2. You can use security groups to control permissions for your site by adding security groups to SharePoint groups and granting Permissions to the SharePoint groups. You cannot add distribution groups to SharePoint groups, but you can expand a distribution group and add the individual members to a SharePoint group.
  3. This type of group has a unique characteristic in that it has a Security Identifier (SID) assigned to it from Active Directory. This SID enhances the function of the group so that it can be used for assigning and controlling permissions to a resource.
1. From Site-->Site Actions-->click on Site Permissions. In this permissions page click on Gran Permissions at top most left corner and give the Acite Directory Security Group Name. In my enviroment added "Domain Users" group.

If you want to add AD group to particular SharePoint Group(Members,Viewers,Ownes,Desingers) then goto the Site Permissions--> click on the SP Group--> here add your Group.


In case if you want to add different types of security groups to sharepoint site :
Then, Create Security Groups as per permission levels like Domain Members, Domain Viewers, Domain Owners, Domain Visitors ...etc., and then assign the members to this groups.(Active Directory Users and Computers--> created Securitygroup-->properties-->members tab)


So that you can add these security groups into sharepoint site,
Sharepoint Site-->Site Actions-->click on Site Permissions link then add the Security groups to related sharepoint permission level site groups.
By adding security group into sharepoint site, all secrity group members will get the particular sharepoint group permissions.

1 comment:

  1. Hello friends,

    Really it is a very interesting site by you. When you add a user to SharePoint Foundation 2010, the system adds a limited number of properties from the Active Directory to the SharePoint Foundation 2010 Content database’s User Info table. Active Directory is a database of users and network resources that Tier 1's can use to manage security and other functions in a networked computing environment. It will eliminate much of the need to go from workstation to workstation when performing these tasks. Additionally, you can use Active Directory in conjunction with a Windows Update Server to ensure all of the workstations in your organizational unit receive patches and updates for Windows operating systems. Thanks a lot!

    Active Directory Group Membership

    ReplyDelete