To ensure maximum performance from the Office SharePoint Server 2007 crawler and searches, observe the following rules when you are using Active Directory security principals and SharePoint groups:
Place user accounts into global groups, and global groups into domain local groups. Assign permissions to domain local groups. This is the recommended best practice for using security principals in Active Directory. It ensures that domain controllers can look up group memberships quickly and that users can access resources throughout the forest.
If universal groups are necessary, use the same system but put global groups into universal groups and universal groups into domain local groups.Put domain local groups into SharePoint groups to assign permissions to SharePoint sites and other resources.
Limit the number of nesting levels used in group membership.
- Do not Assign Office SharePoint Server site permissions to individual users.
- Do not Use deeply nested Active Directory security groups.
- Do not Use distribution lists or security groups that contain contacts.
For more details -
Search Performance
1 comment:
Hi Suhaib,
Thanks for sharing your insightful thoughts and suggestions - very helpful, and appreciated indeed.
On a related note, we needed a quick and efficient way to enumerate nested security groups for security audits (i.e. find out which groups were nested in other groups.) So we asked our on-site MS consultant and he recommended using the Gold Finger from Paramount Defenses Inc.
Gold Finger pleasantly surprised us because not only was it endorsed by Microsoft but also 100% FREE and loaded with almost 250 useful Active Directory security, Exchange and ACL management reports. BTW, you can download it for free from http://goldfinger.paramountdefenses.com
Thought I'd share this with you incase it could help you too, especially if you're into AD security reporting.
Thanks again, and looking forward to your next post.
Best wishes,
Jonathan
Post a Comment