Solved

Sharepoint security setup using AD for authentication.

Posted on 2014-02-06
5
242 Views
Last Modified: 2014-05-22
I need some assistance in the best way to setup AD for sharepoint users.  I have a new extranet (locally hosted server) and the authentication they need to use is AD.  I obviously have AD setup already for the local domain.  Should I create a whole new forest etc to keep it completely separated, or is a separate OU good enough?  I want to insure these external users have no more access than they need for the extranet (sharepoint 2013 site) to work.
Thanks
0
Comment
Question by:rhwimmers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 19

Expert Comment

by:Melih SARICA
ID: 39841154
Do u ave AD for ur local network?
Did u install Sharepoint on a machine thats added to this AD or u create a new domain for Sharepoint Machine?

Authentication and authorization is different things.  

On Authentication side.. Add users u want to access to sharepoint to a AD group
on Authorization side.. Add this group to ur Sharepoint and give read permission..

A user group is enough in ur situtaion.

But if u want external users not to be a part of ur local domain, create  a sub domain to avoid external users to authenticate in ur local domain.
Other things are the same as i told above
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841743
I'm never a fan of giving outside users internal AD accounts so they can access SharePoint.  I'd rather stand up an ADLDS instance and put them there.  It's more secure and I don't *think* you need an AD license for them if they aren't on your corporate domain.

If they have an account on your internal domain, putting them in a specific OU won't necessarily make it more secure.  They would still get access to internal resources that are open to all domain users.
0
 
LVL 1

Author Comment

by:rhwimmers
ID: 39841762
They  will only be signing into a web interface/GUI that gives them access to the extranet, not sure if that matters, but they wont be logging into a PC as a domain user, just the website that is being developed by sharepoint dev team.
Do you have a doc on setting up ADLDS?
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841785
0
 
LVL 19

Accepted Solution

by:
Melih SARICA earned 395 total points
ID: 39841983
Its from the box setted. u dont ave to anything for ad settings for authentication
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question