One of the things that jumped out at me in our recent survey seemed to be confirmed by visiting with a number of folks who stopped by our booth at TechEd. People are using Active Directory to secure SharePoint groups!
Our survey showed that nearly 50% of organizations are, and based on the conversations we had with folks in the trenches, that number might even be a little low!
And no wonder, by using Active Directory groups to secure many of your SharePoint groups you get some great benefits.
- It can scale better. Incremental crawls go faster with Active Directory groups.
- Active Directory groups look like a single “user” to SharePoint. No hassles overpopulating security principals.
- Existing Active Directory groups often map well to your current organization. No need to re-invent the wheel!
Since you are using Active Directory groups, make them dynamic wherever possible. By doing so, you only have to look at the groups once, when you create them. After that your SharePoint site group gets updated whenever one of the members falls in or out of the bounds of your query or hierarchy.
By using dynamic Active Directory groups SharePoint site administrators won’t face the bottleneck of an overworked Active Directory guy, and they won’t have to learn (or be given rights to) Active Directory. Most importantly, the users automatically get properly provisioned into the right groups for their current role.
Dynamic groups have the added benefit of improving your security. When a user changes roles or locations their site permissions change with them automatically. It’s the same when a user leaves the organization. As soon as their Active Directory account is disabled, so is their site access.
Everybody wins!
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.