I was reading a great article over at Dave Coleman’s SharePoint and Technology Blog, SharePointEduTech. He proposed a simple question, SharePoint or AD groups to permission your SharePoint deployment.
As a vendor in the discussion, I feel uncomfortable commenting in his article but was very relieved to see that 56% of respondents use AD groups and 35% use a combination of Active Directory and SharePoint groups. That leaves only 9% using SharePoint groups alone. This was at the time of my viewing, it may change.
This corresponds very well with our own research on uses for Active Directory groups, which showed approximately 70% using AD groups for SharePoint access last Spring, a number I would expect to grow.
About a week ago, Max Wallingford wrote a great piece about best practices on using SharePoint or AD groups for site permissions. He covered a lot of the points around when to use each and then brought up the beauty of dynamic AD groups for SharePoint permissions. If you are going to use the “broad stroke” groups as one commenter brought up, you need to be sure they are accurate. Just because it is called “Marketing” doesn’t mean that the membership is up to date. Using dynamic security groups solves that issue.
To try to add to the discussion that Dave Coleman started, I’ve put our own poll over in the right hand sidebar (look to the right about now and you should see it). Imanami’s get-Group blog readers skew to the AD side, I am really interested to see how our results compare to Dave’s readers who probably skew SharePoint-y.