Our company is implementing nested AD
groups and we found some strange behavior how SharePoint support the nested
groups. Here are the nested groups we have.
- parentGroup includes childGroup and some users
- childGroup includes childofchildGroup and some users
- childofchildGroup includes childofchildofchildGroup and some users
- childofchildofchildGroup includes some users
After we added the parent group like parentGroup to owner
group for a site, we could search permissions for any individual users from the
nested groups like user2 from childGroup. However, we are not able to
display permissions for any nested groups.
We tried to use the following powershell to display the users but could not display any nested groups except leaf nested groups childofchildofchildGroup.
$urlWeb = "http://server/sites/n2ktest/"
Get-SPUser
-Web $urlWeb | select UserLogin, @{name="Exlicit given
roles";expression={$_.Roles}}, @{name="Roles given via
groups";expression={$_.Groups | %{$_.Roles}}},Groups | format-Table -auto
Based on the Microsoft resource, the nested AD group is supported for SharePoint. You could verify our testing result that all the individual users in the nested groups will be granted the correct permissions.
However, After looking at other blogs and discussions, it seems like SharePoint 2010 has some limitations to supported nested AD groups. Some Microsoft team especially MPS team does not recommend using nested groups.
However, After looking at other blogs and discussions, it seems like SharePoint 2010 has some limitations to supported nested AD groups. Some Microsoft team especially MPS team does not recommend using nested groups.
For ease of security management, the following items are not recommended in managing Active Directory groups.
- Assign permission levels directly to Active Directory groups.
- Adding security groups that contain nested security groups, contacts, or distribution lists.
- Resources sync performance issues in Project server 2010
- When a security group is added to a SharePoint group for a specific site, the site will not appear in the users’ My Sites. The User Information List will not show individual users until they have contributed to the site
- Security groups with deep nested structure might break SharePoint sites
- We will have issue to list all the users who have access the site
- Performance
Inspiring writings and I greatly admired what you have to say , I hope you continue to provide new ideas for us all and greetings success always for you..Keep update more information..
ReplyDeleteSEO Company in Chennai
SEO Company in India
Digital Marketing Company in Chennai
Digital Marketing Company in India
This comment has been removed by the author.
ReplyDeleteGiven article is very helpful and very useful for my admin, and pardon me permission to share articles here hopefully helped:
ReplyDeleteErp In Chennai
IT Infrastructure Services Software
ERP software company
web design company in india
Remote Infrastructure Services Software
College Management System Software
School Management System Software
Cloud Erp Software Company In India
Best web development company