Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Sharepoint security setup using AD for authentication.

Posted on 2014-02-06
5
Medium Priority
?
253 Views
Last Modified: 2014-05-22
I need some assistance in the best way to setup AD for sharepoint users.  I have a new extranet (locally hosted server) and the authentication they need to use is AD.  I obviously have AD setup already for the local domain.  Should I create a whole new forest etc to keep it completely separated, or is a separate OU good enough?  I want to insure these external users have no more access than they need for the extranet (sharepoint 2013 site) to work.
Thanks
0
Comment
Question by:rhwimmers
  • 2
  • 2
5 Comments
 
LVL 19

Expert Comment

by:Melih SARICA
ID: 39841154
Do u ave AD for ur local network?
Did u install Sharepoint on a machine thats added to this AD or u create a new domain for Sharepoint Machine?

Authentication and authorization is different things.  

On Authentication side.. Add users u want to access to sharepoint to a AD group
on Authorization side.. Add this group to ur Sharepoint and give read permission..

A user group is enough in ur situtaion.

But if u want external users not to be a part of ur local domain, create  a sub domain to avoid external users to authenticate in ur local domain.
Other things are the same as i told above
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841743
I'm never a fan of giving outside users internal AD accounts so they can access SharePoint.  I'd rather stand up an ADLDS instance and put them there.  It's more secure and I don't *think* you need an AD license for them if they aren't on your corporate domain.

If they have an account on your internal domain, putting them in a specific OU won't necessarily make it more secure.  They would still get access to internal resources that are open to all domain users.
0
 
LVL 1

Author Comment

by:rhwimmers
ID: 39841762
They  will only be signing into a web interface/GUI that gives them access to the extranet, not sure if that matters, but they wont be logging into a PC as a domain user, just the website that is being developed by sharepoint dev team.
Do you have a doc on setting up ADLDS?
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39841785
0
 
LVL 19

Accepted Solution

by:
Melih SARICA earned 1580 total points
ID: 39841983
Its from the box setted. u dont ave to anything for ad settings for authentication
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question