Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sharepoint security setup using AD for authentication.

Posted on 2014-02-06
5
Medium Priority
?
248 Views
Last Modified: 2014-05-22
I need some assistance in the best way to setup AD for sharepoint users.  I have a new extranet (locally hosted server) and the authentication they need to use is AD.  I obviously have AD setup already for the local domain.  Should I create a whole new forest etc to keep it completely separated, or is a separate OU good enough?  I want to insure these external users have no more access than they need for the extranet (sharepoint 2013 site) to work.
Thanks
0
Comment
Question by:rhwimmers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 19

Expert Comment

by:Melih SARICA
ID: 39841154
Do u ave AD for ur local network?
Did u install Sharepoint on a machine thats added to this AD or u create a new domain for Sharepoint Machine?

Authentication and authorization is different things.  

On Authentication side.. Add users u want to access to sharepoint to a AD group
on Authorization side.. Add this group to ur Sharepoint and give read permission..

A user group is enough in ur situtaion.

But if u want external users not to be a part of ur local domain, create  a sub domain to avoid external users to authenticate in ur local domain.
Other things are the same as i told above
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841743
I'm never a fan of giving outside users internal AD accounts so they can access SharePoint.  I'd rather stand up an ADLDS instance and put them there.  It's more secure and I don't *think* you need an AD license for them if they aren't on your corporate domain.

If they have an account on your internal domain, putting them in a specific OU won't necessarily make it more secure.  They would still get access to internal resources that are open to all domain users.
0
 
LVL 1

Author Comment

by:rhwimmers
ID: 39841762
They  will only be signing into a web interface/GUI that gives them access to the extranet, not sure if that matters, but they wont be logging into a PC as a domain user, just the website that is being developed by sharepoint dev team.
Do you have a doc on setting up ADLDS?
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841785
0
 
LVL 19

Accepted Solution

by:
Melih SARICA earned 1580 total points
ID: 39841983
Its from the box setted. u dont ave to anything for ad settings for authentication
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question