Solved

Sharepoint security setup using AD for authentication.

Posted on 2014-02-06
5
241 Views
Last Modified: 2014-05-22
I need some assistance in the best way to setup AD for sharepoint users.  I have a new extranet (locally hosted server) and the authentication they need to use is AD.  I obviously have AD setup already for the local domain.  Should I create a whole new forest etc to keep it completely separated, or is a separate OU good enough?  I want to insure these external users have no more access than they need for the extranet (sharepoint 2013 site) to work.
Thanks
0
Comment
Question by:rhwimmers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 19

Expert Comment

by:Melih SARICA
ID: 39841154
Do u ave AD for ur local network?
Did u install Sharepoint on a machine thats added to this AD or u create a new domain for Sharepoint Machine?

Authentication and authorization is different things.  

On Authentication side.. Add users u want to access to sharepoint to a AD group
on Authorization side.. Add this group to ur Sharepoint and give read permission..

A user group is enough in ur situtaion.

But if u want external users not to be a part of ur local domain, create  a sub domain to avoid external users to authenticate in ur local domain.
Other things are the same as i told above
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841743
I'm never a fan of giving outside users internal AD accounts so they can access SharePoint.  I'd rather stand up an ADLDS instance and put them there.  It's more secure and I don't *think* you need an AD license for them if they aren't on your corporate domain.

If they have an account on your internal domain, putting them in a specific OU won't necessarily make it more secure.  They would still get access to internal resources that are open to all domain users.
0
 
LVL 1

Author Comment

by:rhwimmers
ID: 39841762
They  will only be signing into a web interface/GUI that gives them access to the extranet, not sure if that matters, but they wont be logging into a PC as a domain user, just the website that is being developed by sharepoint dev team.
Do you have a doc on setting up ADLDS?
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841785
0
 
LVL 19

Accepted Solution

by:
Melih SARICA earned 395 total points
ID: 39841983
Its from the box setted. u dont ave to anything for ad settings for authentication
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question