Solved

Sharepoint security setup using AD for authentication.

Posted on 2014-02-06
5
240 Views
Last Modified: 2014-05-22
I need some assistance in the best way to setup AD for sharepoint users.  I have a new extranet (locally hosted server) and the authentication they need to use is AD.  I obviously have AD setup already for the local domain.  Should I create a whole new forest etc to keep it completely separated, or is a separate OU good enough?  I want to insure these external users have no more access than they need for the extranet (sharepoint 2013 site) to work.
Thanks
0
Comment
Question by:rhwimmers
  • 2
  • 2
5 Comments
 
LVL 19

Expert Comment

by:Melih SARICA
ID: 39841154
Do u ave AD for ur local network?
Did u install Sharepoint on a machine thats added to this AD or u create a new domain for Sharepoint Machine?

Authentication and authorization is different things.  

On Authentication side.. Add users u want to access to sharepoint to a AD group
on Authorization side.. Add this group to ur Sharepoint and give read permission..

A user group is enough in ur situtaion.

But if u want external users not to be a part of ur local domain, create  a sub domain to avoid external users to authenticate in ur local domain.
Other things are the same as i told above
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841743
I'm never a fan of giving outside users internal AD accounts so they can access SharePoint.  I'd rather stand up an ADLDS instance and put them there.  It's more secure and I don't *think* you need an AD license for them if they aren't on your corporate domain.

If they have an account on your internal domain, putting them in a specific OU won't necessarily make it more secure.  They would still get access to internal resources that are open to all domain users.
0
 
LVL 1

Author Comment

by:rhwimmers
ID: 39841762
They  will only be signing into a web interface/GUI that gives them access to the extranet, not sure if that matters, but they wont be logging into a PC as a domain user, just the website that is being developed by sharepoint dev team.
Do you have a doc on setting up ADLDS?
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841785
0
 
LVL 19

Accepted Solution

by:
Melih SARICA earned 395 total points
ID: 39841983
Its from the box setted. u dont ave to anything for ad settings for authentication
0

Join & Write a Comment

I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now