Creating a security group for organisation to use sharepoint.

lianne143
lianne143 used Ask the Experts™
on
Hi

We have Windows 2012 Domain Controllers and windows 10 workstations on our network. We have gone with 0365 and we are going to use SharePoint online and our active directory gets synced with Azure AD.
We have 100 staff and I would like to create a security group called “All Staff group” and would like to give permissions to this group to access the resources.
Firstly, do I need to create a Universal -Security group OR Global- Security group?
Secondly, after creating this group, do I need to add all the 100 staff to this group?
Thirdly, do i need to add any values in the attributes?

Any tutorials  and help much appreciated.
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Rajkumar DuraisamyIT Service Manager
Top Expert 2012

Commented:
Create a Universal Security Group - > Add the 100 members -> No changes required on the attributes..

Opend On-Premise Exchange Management Shell

1. Below will create a mail enabled universal security group - You can use it to assign permission on a resource as well to send a communication email to all the 100 users on any announcements etc..

New-DistributionGroup -Name "All Staff" -Type "Security"

2. Get all the users alias and save it in a csv file (c:\temp\alias.csv) with a csv header as Alias. Run the below command to add all the users as members.

Import-csv c:\temp\alias.csv | foreach { Add-DistributionGroupMember "All Staff" -Member $_.Alias}

Author

Commented:
Hi Rajakumar

I noticed that on our Active directory , i have a "ALL STAFF" group  that has been  already created by my predecessors.
Please see the attach snapshot .

So i think this is a Universal Security Group and i can use this group for setting permission on SharePoint ?

How do i check if this group is mail enabled universal security group.
Thanks
Security-Group.jpg
IT Service Manager
Top Expert 2012
Commented:
It is a mail enabled universal security security.. You can see the email address right ? normal universal security group will not have the email address field.

Yes. You can use that group to assign permissions to users who are member of that group.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Thanks Raj

Yes , i can see the email address on the email address tab.

Also this group has a different display name as shown in the attached snapshot
Right click Group - Attribute Editor -displayName

On the SharePoint, when  i want to give share permission to a resource and when i search  this group , i can see  
This group is listed by the displayName and the Email address .

If the the display name(#[ALLStaff]Sch) is different from the email address (ALLStaff@myorg.co.uk),
Will this cause any permission issues ?


Thanks
Display-Name.jpg
Rajkumar DuraisamyIT Service Manager
Top Expert 2012

Commented:
No issues..

All staff group will have the display name as - #[ALLStaff]Sch and email address as ALLStaff@myorg.co.uk and when you assign permission in SharePoint and you see the display name only? then it is not a problem.. you can continue to assign permission.

Author

Commented:
Great , Thanks so much for confirming .

Point awarded :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial