| Return to User Directory Configuration |
|---|
User Group Permission
If you selected to read user profiles from Active Directory earlier in this configuration, then you have the option of selecting the user groups allowed to update to user profiles. The Web Part displays the site groups on SPS 2003 and SharePoint Groups on MOSS 2007 on the site where the Web Part is installed. You can choose from the default groups as well as any custom groups you may have created. Select a group that has permission to UPDATE the user accounts. Only the users in this site group can modify user profile information. Please read the Security Considerations section for additional information.
Security Considerations
User Directory requires you to provide credentials for accounts that have read and write access to either the Active Directory or the SharePoint User Profile. In order to ensure User Directory is being used without compromising security in your domain, the following must be considered:
Active Directory (AD) Access Domain Account
This domain account is used to read and update the Active Directory profile data. This account must belong to a group that has Read and Write permission to the Active Directory user profile. To check if the account has the appropriate permissions, do the following steps:
| Step | Action | Result |
| 1. | Open the Active Directory Users and Computer console application. |  |
| 2. | Select View and check the Advanced Features. | |
| 3. | Select a Forest or Organization Unit, right click and select Properties. | |
| 4. | Select the Security tab. | |
| 5. | Make sure that the Access Account you are using has the Read and Write permissions to read and update the particular object. | |
Understand Who Can Modify a User Profile for Active Directory Profiles
- All users can view other user profiles.
- Only domain users who have Read and Write permissions can edit another user’s profile. The Domain Administrator group has this right by default.