Synchronizing Sharepoint and Active Directory Groups?

2
votes

Not sure if this belongs here or on Serverfault.

I have a Sharepoint installation and several Active directory domains. In each domain, I have some Security groups.

I need to create Sharepoint groups that contain those Active Directory groups, but I need to inlude the actual users instead of just the security group. (So in I have Group G1 with Users U1 and U2, my Sharepoint group needs to contain U1 and U2 instead of G1).

Before I build something like this myself (which is rather straight-forward with a Timer Job and some Management forms), I just wonder if something like this is already built in to Sharepoint 2007? Or if they are existing solutions?

Googling brought only results about the normal AD<>SP Profile import, which works fine, but nothing about Security Groups.

2
sharepointsharepoint-2007moss
why do you need to have SharePoint groups that contain the members of those groups? so you can see the membership? so you can change it? - Kevin Davis
I had problems with Audiencing. Audiencing something to a Sharepoint Group that contains an AD Group does not work. I am currently investigating on that issue, because the AD<>SPGroup mapping "feels" like the wrong thing to do. - Michael Stum♦

2 Answers

3
votes

This definitely isn't built into SharePoint. It may be available in a third party solution, however my guess is it would be an uncommon requirement so unlikely.

I would probably develop the solution myself. It shouldn't take long.

1
votes

I would write a timer job for this (if you want to keep the AD groups and SP groups in sync).

Make sure all your groups are in 1 OU (to make for an asy stsrting point for an LDAP query), then iterate through all the security group objects with Directory Services in the TimerJob execute method. Then, iterate through all user objects in the group and add them to the corresponding SP group, remove users that are removed from the AD group from the SP group too.