In this small article we explore user creation in Active Directory and adding a user to a SharePoint site.
About Active Directory
Active Directory is a directory service created by Microsoft. (from here onward, referred to as AD). AD is used by most of the Windows Server operating systems like 2003, 2008 etc.
AD allows storing user information, credentials, application settings, authentication management etc. AD can be considered as a database.
The following are the components involved:
- Active Directory Domain Services: ADDS is the central location for storing user information, handling authentication requests etc.
- Active Directory Rights Management Services: ADRMS manages the rights of a user within the network. The right could be like read, write and print a file.
- Active Directory Federation Services: ADFS is a highly secured, Internet scalable Identity Access solution. ADFS helps in integration between untrusted resources and domain resources within the organization.
- Active Directory Certificate Services: ADCS allows persisting a user identity along with a private key.
- Active Directory Lightweight Directory Services: ADLDS provides many advantages over Active Directory Domain Services for directory enabled applications. The advantages include lesser bandwidth, less overhead with domain information, easier replication etc.
Note: While installing SharePoint 2010 to a Windows Server machine, please ensure that the Active Directory is already configured.
Back to Practical
In a production deployment SharePoint will be installed in a Windows Server operating system. Now we can try creating a user and adding to a SharePoint site.
You need a Windows Server 2008 Installation / Virtual Machine to try this scenario.
Step 1: Open Server Manager
Open Server Manager Application from the desktop or through Start Menu.
Start Menu > Programs > Administrative Tools > Server Manager
In the application that appears, choose the following node:
Server Manager > Roles > ADDS > (domain) > Users
Step 2: Create a new user inside ADDS.
You can right-click on the Users item and choose New > User menu item.
In the dialog that appears enter the following details:
Click on the Next button; you will get the following Password dialog:
Enter the password and uncheck the change password option. Click Next button to continue.
Now click the Finish button and the user will be created.
You will see the new user inside the list:
Step 3: Try the user in the SharePoint site.
Next you can try signing in using the new user created. You will get the following error message since the user does not have permission to the site.
Step 4: Add the User to SharePoint site.
Now sign in to the SharePoint site with administrative privileges. Choose the Site Actions > Site Permissions option to get the following screen:
You can add the new user to any of the groups above.
- If the user is required to only read operation > Add to the Visitors group
- If the user is required to contribute > Add to Members group
- If the user is required to have full control > Add to the Owners group
For the time being I am adding the new user to the Members group. Click on the Members item and in the page that appears use the New > Add Users menu.
In the dialog box that appears enter the user name, resolve it and click the OK button.
Now the user is added to the list and you are ready to test the New User.
Step 5: Test the New User.
Now open a new browser and enter the home URL.
E.g.: http://corp
Now it will be opened in the previous user context; use the following option to sign in as a new user:
In the prompt that appears, enter the newuser as name and the password for the user. You will be able to see the site.
Possible Error
If you are getting an Access Denied error as following:
Please ensure the following:
- You are accessing the right site URL
- Verify the user is residing in the Members group
References
AD Technologies Overview
Summary
In this article we have explored user creation in Active Directory and adding the user to a SharePoint site.