AD Groups vs SP Groups

—–Original Message—–
From: Yeidel, Joshua
Sent: Thursday, December 17, 2009 1:42 PM
To: OAI.Personnel
Subject: FW: [sharepointdiscussions] RE: AD Groups vs SP Groups

In the Rain King Design meeting today we discussed program workspaces in  The notion was put forward that we would control
SharePoint permissions in the spaces, but add a program-managed Active
Directory group as “contributor”.  Then the program would add or remove
people to/from that group via AD to manage their access to the

This note from a SharePoint consultant mentions one consideration for
scheme.  To see who is or is not a contributor, we will have to look in
SharePoint _and_ view the AD group in an Active Directory browser such
“Active Directory Users and Groups” on Windows.  I don’t think that’s a
fatal flaw in the scheme, but we should be aware of it.

— Joshua

—— Forwarded Message
From: “Daniel A. Galant”
Reply-To: “”

Date: Thu, 17 Dec 2009 09:40:59 -0800
To: “”

Subject: [sharepointdiscussions] RE: AD Groups vs SP Groups

When using AD groups to control access to SharePoint there are a few
to consider. SharePoint does not expand or display the AD group
so in SharePoint you will not know who you have given access to.

—— End of Forwarded Message

Comment added to original post

Email to SP groups which contain AD groups

From Leonil Brandel <> via

In addition, another thing to consider when nesting AD groups in
Sharepoint groups is workflows.

Workflows will not be able to distribute email to the members of the AD
group unless the AD Group is email enabled (email address needs to be
assigned to it).  On top of that, if a distribution list is nested in
the AD group, the workflow emails will fail.  The members HAD to be
individual users, not a Distribution List.  I did notice alerts play
nice with AD groups nested in Sharepoint groups.

Has anyone else encountered this problem?

For our current Rain King purposes, the important part is that alerts “play nice”.  However, we should be aware of the other findings in case we extend beyond alerts into workflows.
— Joshua


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: