Link to home
Create AccountLog in
Avatar of RXGeorge
RXGeorge

asked on

Can/ Should Active Directory groups be used to determine priviledge inside my application.

Partial Credit to all helpful comments.

This is really an opinion question.  

Do you think most IT organization would be receptive to the idea of adding custom groups (like maybe 10 or so) to their Active Directories so that my application (running on their desktops) can query the AD and use group membership as a means of determining feature access.?      
Avatar of TheGorby
TheGorby
Flag of United States of America image

Absolutely. In my experience, the more integrated an application is with AD the better things work and the easier things are to administrate.
Avatar of RXGeorge
RXGeorge

ASKER

TheGorby,

Thanks for the response. So in your experience, IT people won't "Have A Cow" when asked to create new groups for the sole purpose of supporting one application?    I wouldn't think so, but i am a developer and on the other side of the fence.

BTW: am i using the right term "Group" within the AD lingo?
ASKER CERTIFIED SOLUTION
Avatar of TheGorby
TheGorby
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Mike Kline
You really don't need any groups by default a normal user account has read access to most of AD and can see the members of the groups.

You can install AD then fireup a tool like adfind or use the built-in dstools and find a ton of information with a normal user account.  (memberof being one of those things)



mkline71,

Thanks for you input here.   Can you elaborate on that?

If i don't use groups, how would i know if a user has access to one of my ten functions?
ahh ok so you want to give certain groups certain rights to features...ok your plan works.  I though you were trying to query members of groups