Thursday, 2 February 2012

How to Limit the Self-Service Site Creation to only users of a specific AD group


This week, we are finishing the settings and tests of the mySite part of SharePoint 2010.
We will open the mySite for a bench of test users (about 200) until end of February.
After that, we will open the mySite Self-Service Site Creation to all users of the company (more than 10.000).

So, my challenge was to allow the mySite Self-Service Site Creation only to users that are contained into an AD Group.

There is 3 steps :
-          Creation the AD Group as Global Security Group
-          Set the Self-Service Site Creation for the mySite Web App
-          Configure the User Profile Service Application to allow the AD Group to Create Personal Site


1-      mySite Web Application properties :

In Central Administration, highlight your mySite Web App, and check the settings for :

-          Self-Service Site Creation :
Select the "On" radio button, then validate the settings

-          User Permissions :
Check the box " Use Self-Service Site Creation - Create a Web site using Self-Service Site Creation. "


Then, validate the changes

-          User Policy :

Left as default

-          Permission Policy :

Left also as default


2-      Configuration of the User Profile Service Application :

In Central Administration, select the Manage service applications (from Application Management)

-          Select your User Profile Service Application

-          In People => Manage User Permissions do the following :

Uncheck the "Create Personal Site" for the existing users

Add your AD Group, and select only the "Create Personal Site" permissions


Now, people that are not member of your AD Group will not be allowed to create their mySite.



That's all folks 


No comments:

Post a Comment