Wednesday, August 15, 2012

Weird AD Security Group problem

Problem:

HRlady1 is member of AD "HR" group.

If I give AD "HR" group full control access to sub site; HR Lady1 doesn't see sub site.
If I give HRLady1 direct access to sub site (without group); HRLady1 DOES see sub site.
What is the difference between giving group full control access & giving 1 user (in that group) direct access ?

Cause:
After some serious testing, it turns out that the group "HR" has been deleted from the AD in the past, and then re-created; if this happens, SharePoint won't recognize the re-created group at all; Adding this group to any securable objects will not work !
(Even deleting this AD group & re-adding the group to the secure able object in SharePoint won't help / work).

Conclusion:
It seems that once you've deleted an AD group ...you should never create one again (with the same name).