May 18 2021 12:50 AM
May 18 2021 12:50 AM
We use Office 365 with a hybrid set up. We create our Security / distribution gruops in our On prem Exchange which then syncs to O365. I want to use Security groups in our On prem AD to control security groups in SharePoint online.
When i try to add people to SPO groups (members, owner, visitor o a new created group) i can only see individual users, or already existing SharePoint sites.
I read in different forums people is able to do it but haven't been able to find how to do it.
If anybody has any information please...
May 18 2021 05:13 AM
May 18 2021 06:40 AM
May 18 2021 08:44 AM - edited May 18 2021 08:45 AM
The Sharing functionality in SharePoint/OneDrive/Teams uses SharePoint Security Groups to give people access to items that have been shared. It creates a new SharePoint Security Group every time a new Sharing link is created for an item. You might want to consider that before you spend too much time worrying about SharePoint permissions in the first place.
However, if you are going to try using AD security groups to manage access and permissions to SharePoint sites, one good approach is to use a combination of SharePoint Security Groups plus AD Security Groups inside of those SharePoint Security Groups.
For example, every SharePoint site comes with three SharePoint Security Groups - Owners (Full Control), Members (Edit), and Visitors (Read). You should put your AD Security groups inside one of these default SharePoint Security Groups.
May 19 2021 02:24 AM
May 19 2021 05:20 AM - edited May 19 2021 06:13 AM
I would again suggest understanding the Share functionality in SharePoint before getting too far into trying to control access and permissions via groups.
However, if your situation calls for using AD Security Groups and SharePoint Security Groups, I don't see a problem in using them. I have created SharePoint Security Groups for a specific List or Library if I needed to give people a different level of permissions to that particular list or library.
For example, if our HR department has Read access to most of a SharePoint site, they will be in the SharePoint Visitors group to give them that access. But then if I need the HR department to have Edit access to a specific HR Document Library, I would probably create a SharePoint Security Group specifically for assigning Edit permissions on that HR Document library and then add the HR department to that group.
SharePoint Online has made it a little more difficult to get to the Groups page in site settings to create a new SharePoint Security Group, but you can still get there when needed.