Question about AD

[mns117]

Hey, and thanks in advanced to any advice that is offered!!!

I need to find some kind of whitepaper, or documentation out there that proves that we can add users to our AD so outside clients can access certain portions of our sharepoint portal. Basically certain "decision makers" are concerned that if we add users to AD so they can authenticate into the portal, they can also authenticate other places on the network.

Can anyone offer me some "Best Practice" advice. I am no AD expert, but I feel that if we create a seperate 'Client' OU and put all the outside client accounts there and only give them group membership to the portal related groups, we should be ok.

As I said previously, I really appreciate any comments/help/advice!

Thanks

Mike

 

[Thomas2000]

Hello,

Well I would not want to expose an internal A.D to the public. Are these external persons going in through a VPN connection?

We are setting up an extranet solution for SharePoint, but our organization has an external Active Directory in place so I can let external users authenticate through that.

In a security perspective, I would never allow any outside users getting access to the A.D used by the internal network, if they are not going over a secure connection like a VPN.

Regards,
Thomas

 

[alexcop]

Hi,

Users authenticate through SharePoint, so that should be ok. For me, people accessing SharePoint from the internet have to use an SSL connection, so that the credentials are encrypted.

I am also in need for having partners accessing content, and I was wondering whether AD Contacts could be used, instead of AD Users? First tests seem to say yes, but I was wondering if anybody else had tried it?

Thanks!

... Alex ...