‘Tis the season of holiday cheer and peace on Earth, so it seems the right time to ask why can’t Active Directory and SharePoint administrators be friends?
They seem to play with the same things. Our research shows that more than 85% of companies are using Active Directory security groups to provide permission to SharePoint sites, so it would seem that the administrators of the domain and the farm would meet for coffee and share pictures of their vacation.
Nope.
The SharePoint guys complain that the Active Directory guys won’t give them permission to Active Directory to create and manage groups the way they need to. Plus, even if they get permission to Active Directory the attributes are either non-existent or so out of date as to be useless for site provisioning. Even worse, it takes them forever to perform simple requests that the business is screaming about.
The Active Directory guys complain that the SharePoint guys are always whining about permissions. It’s not like giving out permissions to Active Directory is a particularly good idea. Everyone knows that the best practice is to limit it as much as is feasible. Plus, once they get into ADUC all they do is complain that the Active Directory team needs to get attributes updated so they can actually be used by the business. And just exactly how and when is that going to happen? Can the SharePoint guys create an extra hour in the day with their magical script machine?
To this argument I bring a message of peace and love. In a word, Automate.
Using a tool like Synchronize to provision, de-provision and update user information gets all that attribute information right in Active Directory. Then, using GroupID Automate to dynamically maintain Active Directory security groups means those groups are always up to date and accurate. Now, the SharePoint and Active Directory administrators both get what they want – a fast and efficient way to create security groups that are valuable and meaningful to the business without having to open up AD permissions.
So, think of Imanami as you are doing your last minute holiday shopping. Which would the administrator on your list rather have, peace in the office or a Sham Wow?
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.