locked
Anyone notice any permissions issues with AD distribution list groups as opposed to AD security groups? RRS feed

  • Question

  • Recently at a client I did an upgrade of their sharepoint environment.  I setup a new farm, took a backup of the old site colletion and restored it to the new farm.  For the most part everything worked without issue.  Recently i've been notified though that a few users are having issues accessing various parts of the site.  After looking into a few of the users, I found that they are members of an "all employees" AD distribution list, and that AD distribution list is what has been given contribute permissions to various parts of teh site. 

    My question would then be, has anyone else noticed any issues with AD distribution lists permissions wise as opposed to AD security groups? 
     
    The site obviously worked fine on the other server, but the new farm has the latest SP's/cumlative updates, so by chance would any of those have done anything about permissions with AD distribution lists?
    Tony Testa www.tonytestasworld.com
    Monday, February 16, 2009 4:14 PM

Answers

  • Hi Tony,

    i don't know of any system that supports giving AD Distribution groups permission to use resources.

    I think you should use Security Groups only.

    (i think you were more or less lucky to have that distribution group working in the first place)

    Cheers,
    Daniel Bugday

    Web: SharePoint Forum Blog: Daniel Bugday's SharePoint Blog

    Monday, February 16, 2009 5:16 PM
  • Hi,

    Adding Daniel’s suggestion, the Distributed List (DL) cannot be listed in discretionary access control lists (DACLs) used to define permissions on resources and objects.

    So you should use security groups in SharePoint.

     

    For more information, please refer to: Choose which security groups to use (Office SharePoint Server) (http://technet.microsoft.com/en-us/library/cc261972.aspx)

     

    Hope the information can be helpful.

    -lambert

     

     


    Lambert Qin | Microsoft Online Support Engineer
    How to ask a question in the forum (http://support.microsoft.com/kb/555375)
    Posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, February 18, 2009 1:30 AM

All replies

  • Hi Tony,

    i don't know of any system that supports giving AD Distribution groups permission to use resources.

    I think you should use Security Groups only.

    (i think you were more or less lucky to have that distribution group working in the first place)

    Cheers,
    Daniel Bugday

    Web: SharePoint Forum Blog: Daniel Bugday's SharePoint Blog

    Monday, February 16, 2009 5:16 PM
  • Hi,

    Adding Daniel’s suggestion, the Distributed List (DL) cannot be listed in discretionary access control lists (DACLs) used to define permissions on resources and objects.

    So you should use security groups in SharePoint.

     

    For more information, please refer to: Choose which security groups to use (Office SharePoint Server) (http://technet.microsoft.com/en-us/library/cc261972.aspx)

     

    Hope the information can be helpful.

    -lambert

     

     


    Lambert Qin | Microsoft Online Support Engineer
    How to ask a question in the forum (http://support.microsoft.com/kb/555375)
    Posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, February 18, 2009 1:30 AM
  • Yes, Tony, do not use groups in AD, instead create groups in Sharepoint.
    groups in AD do not work in SharePoint.

    Wednesday, February 18, 2009 7:12 AM