Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Others
cms.evaluation
cms.general
comm.businessdesk
comm.campaigns_csf
comm.catalog
comm.datawarehousing
comm.deploy.
comm.general
comm.sdk
comm.solutionsites
comm.userprofilemgt
commerce.analysis
crm
crm.deployment
crm.developer
hiserver.general
mobility.miserver
sharep.portal.config
sharep.portal.dev
sharep.portal.docmgmt.
sharep.portal.installation
sharep.portal.sdk
sharep.portal.search
sharep.team.caml
sharep.teamservices
sharep.windowsservices
sharep.winservices.dev
sharepoint.portalserver
siteserv.knowledgemgr
siteserver.analysis
siteserver.commerce
siteserver.css
siteserver.general
siteserver.publishing
siteserver.sdk
siteserver.search
site-server.site-mgmt
site-server.webpost
  
 
date: Thu, 14 Aug 2008 04:45:48 -0700 (PDT),    group: microsoft.public.sharepoint.portalserver        back       


Controlling AD Access    
Hi All

Can someone tell me how I can effectively seperate two companies from
each other using MOSS in a shared AD environment. I can restrict the
peoplepicker to only select people who are members within a site but I
cannot stop someone typing in a AD user account directly when granting
permissions. This would mean that someone from company A could
effectively guess user accounts from other companies and mistakenly
grant permissions to them.

Each company is a host header based site and therefore shares a web
application. I can see there are a number of possibilities with using
ADAM and SQL as account repositories but from what I understand each
company would need a seperate web application for this to work as the
web.config file needs to contain information that pertains to their
ADAM details i.e what container they are in. Once I start creating web
applications per customer this soon increases costs as server
resources are soon used up.
Does anyone have any smart suggestions on how to achieve what I want?

Thanks

AndyJ
date: Thu, 14 Aug 2008 04:45:48 -0700 (PDT)   author:   AJ

Re: Controlling AD Access    
On 14 Aug, 12:45, AJ  wrote:
> Hi All
>
> Can someone tell me how I can effectively seperate two companies from
> each other using MOSS in a shared AD environment. I can restrict the
> peoplepicker to only select people who are members within a site but I
> cannot stop someone typing in a AD user account directly when granting
> permissions. This would mean that someone from company A could
> effectively guess user accounts from other companies and mistakenly
> grant permissions to them.
>
> Each company is a host header based site and therefore shares a web
> application. I can see there are a number of possibilities with using
> ADAM and SQL as account repositories but from what I understand each
> company would need a seperate web application for this to work as the
> web.config file needs to contain information that pertains to their
> ADAM details i.e what container they are in. Once I start creating web
> applications per customer this soon increases costs as server
> resources are soon used up.
> Does anyone have any smart suggestions on how to achieve what I want?
>
> Thanks
>
> AndyJ

I found the answer to all my prayers. For the benefit of others you
can use a new STSADM switch called setsiteuseraccountdirectorypath and
configure the path to point to your hosted company OU.
date: Thu, 14 Aug 2008 05:55:27 -0700 (PDT)   author:   AJ

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us