How to give every user in the domain read access to the SharePoint Intranet

1. Login to the SharePoint Central Administration.

2. Go to ‘Shared Services Administration: ssp1’.

3. Click on ‘User Profile and Properties’.

4. Click on ‘View import connections’.

5. Click on ‘Create New Connection’ and you will see the screen below.

6. Select the ‘Type’. In my case it was Active Directory. Enter the domain name and click on the ‘Auto Fill Root Search Base’. The string ‘DC=yourdomain,DC=com,DC=au’ will appear in the ‘Search Base’ text. Oviously you will use your domain name instead on ‘yourdomain’. Modify this string if required to point to the particular OU where all users and groups live. For example, ‘OU=Users,OU=User & Groups,DC=yourdomain,DC=com,DC=au‘.

7. Under ‘User filter’ textbox the default string is
(&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2)))
Remove this string and add the string below,
(|(objectCategory=group)(&(objectCategory=person)(objectClass=user))( !(userAccountControl:1.2.840.113556.1.4.803:=2))).

8. Once all the groups are imported add the ‘Domain Users’ group into the ‘Visitor’ group in SharePoint. Now all users in the domain will have read access to the SharePoint Intranet.

Diganta Kumar is an experienced Technical Program Manager with a passion for technology. He has architected and developed software for over a decade for a broad range of industries. Diganta is a founder of two online IT businesses. He likes to help, mentor, and manage software development teams to improve and produce great software. He currently works as a Principal Program Manager for Microsoft. Before joining Microsoft, he was with AWS for five years, where he managed large cross-functional programs on a global scale.

Posted in SharePoint

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: