Hi all,
I have a scenario where I need to make "contractor" AD account that will be used by non-employees to access a certain portion of our SharePoint infrastructure. I created some test accounts, and a new default group (DOMAIN\ctr domain users) and added that group to the Builtin "Users" group.
Now, I grant access to SharePoint for the thousands of other AD accounts by adding DOMAIN\Domain Users with X permissions to our SharePoint sites. However, I do not want to allow these contractors to have access. So, when I created these accounts, I removed them from the "Domain users" group and assigned them to the "Ctr domain users" as their default group.
I then assigned the "Ctr domain users" group permissions to the primary site they will be accessing at the top level. However, now when I try and access this specific SharePoint group with one of my test accounts, it just says Access Denied. What am I misisng from the group or account perspective? Is there some requirement in SharePoint that an AD account needs to be a member of Domain users to authenticate with SP?
Thanks!