Hi Folks I'm curious about how groups in AD sync to groups in SharePoint. If i have userA in ADGroup1 and add that group to SPGroup1 in SharePoint and assign SPGroup1 to a site as a reader, userA can access that site. If i then add userB to ADgroup1 does that user then get access to the site? Is it automatically sync'd to SharePoint, or does SharePoint go and check AD or do i need to kick off some kind of manual update? David

Yes, UserB would automatically get access to the site. The authentication process looks at the people who are approved as readers, finds an AD group there - then looks to AD to see if the current user is a member of that group. There isn't a "sync" required for this to work. The moment a user exists in that AD Group you mention - they will have access to the SharePoint site based on how you describe the scenario above.I hope this helps and answers your question-Jeff DeVerter, MCSERackspaceblog:http://www.social-point.comtwitter: http://www.twitter.com/jdeverter

Thats what i expected to see, but it doesnt seem to be happening. I created a Global Security Group in AD. I then created a SharePoint Group, added the new AD group to it and it has read permission to SiteA. I goto SiteA and login as userA = permission denied. Go back to AD and add userA to the AD Group I got SiteA and login as userA again and still permission denied.

For trouble shooting.... add the user directly to the read group in SharePoint. Make sure there isn't any other data on the site that has other permissions.I hope this helps and answers your question-Jeff DeVerter, MCSERackspaceblog:http://www.social-point.comtwitter: http://www.twitter.com/jdeverter

Thats what i expected to see, but it doesnt seem to be happening. I created a Global Security Group in AD. I then created a SharePoint Group, added the new AD group to it and it has read permission to SiteA. I goto SiteA and login as userA = permission denied. Go back to AD and add userA to the AD Group I got SiteA and login as userA again and still permission denied. Did you ever find a solution to your above problem? Seems like we are seeing the same issue. If adding users directly on SharePoint Group no problems. However if adding AD group to SP group, it doesnt work. Member count for AD Group is 0.

Thats what i expected to see, but it doesnt seem to be happening. I created a Global Security Group in AD. I then created a SharePoint Group, added the new AD group to it and it has read permission to SiteA. I goto SiteA and login as userA = permission denied. Go back to AD and add userA to the AD Group I got SiteA and login as userA again and still permission denied. Did you ever find a solution to your above problem? Seems like we are seeing the same issue. If adding users directly on SharePoint Group no problems. However if adding AD group to SP group, it doesnt work. Member count for AD Group is 0.

Thats what i expected to see, but it doesnt seem to be happening. I created a Global Security Group in AD. I then created a SharePoint Group, added the new AD group to it and it has read permission to SiteA. I goto SiteA and login as userA = permission denied. Go back to AD and add userA to the AD Group I got SiteA and login as userA again and still permission denied. Did you ever find a solution to your above problem? Seems like we are seeing the same issue. If adding users directly on SharePoint Group no problems. However if adding AD group to SP group, it doesnt work. Member count for AD Group is 0.