Users Belonging to More than 1 Group in MS Project Server 2007

R

rb

This is for MS Project Server 2007.

We have setup AD groups for each of the Groups in PWA. We have a
general AD for all PWA users and the an AD group for each of the
Groups within PWA (e.g., Project Managers, Team Members, etc.).

We sync the general AD group and the individual AD groups. What
happens when an individual is in more than one group? Or should we
only do this one way and not the other.
 
J

Jonathan Sofer

Your general AD group that includes all your users should probably be used
to synch with the Enterprise Resource Pool. I believe this will also add
them to the Team Members group by default.

The other AD groups should be synched with the corresponding security groups
(i.e. Project Managers, Resource Managers, Executives)

The first AD will create the accounts and de-activate the accounts as needed
based on who is in the group.

The second will only add and remove the users from the respective security
groups but will not deactivate when are no longer in the AD group.

Jonathan
 
R

rb

In the second set of AD groups to sync with the security groups, I
will still have to go in and assign those users to those security
groups, correct?

Is this how most companies do this?
 
J

Jonathan Sofer

If you have AD groups with a subset of your users that represent members you
want in your PWA security groups then synching those AD groups with the
appropriate PWA security groups should be all you need to do. This would
replace the need for you to manually add users to security groups.

As for your second question, I have not seen too many organizations use the
AD synch for several reasons:
1) The organization's AD is not mature enough and the data is not clean
enough.
2) The organization uses too many special characters in AD and MSPS does not
handle many of these special characters very well, causing strange data
input at times and partial AD synch errors.
3) Custom fields are not populated with the out-of-the-box AD and so there
is still a manual effort required to populate this data.

If you want really simple AD synchronization and have a well maintained AD
system without many special characters then this is a viable option. But in
most cases, I have seen the user and resource administration be maintained
by an administrator role manually.

Jonathan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Group for AD Sync 1
Allow external client access to Project Server 0
Users set inactive after every AD sync - Project 2007 2
Project Server 2007 - Synching to Multiple AD groups 2
Active Directory Synchronization Problem 6
Active Directory Sync - AD Group Has No Members 0
Active Directory Resource Pool Synchronization 7
All the users .. gone.. 3

Top