I have a question absout how EPiServer is connected to the AD.
Today, we have a lot of groups in our AD that is old and we want to try to update that and import the new 3 groups (editors, superusers and admins) into Epi. I wonder how it will be when we have made the change... will all the old groups dissapear or will they stay in Epi and the new groups will just be added to the list of groups?
Our EPi-specialist said that there was not som much info about that. All she could get me was that if we update our groups, we have to logg in with one user of every group to "activate" the group and import it to Epi.
My problem is that the persons in the groups are members in a lot of groups in the AD and it seems that all the other groups that a person is a member of also is imported to Epi. It becomes incredibly hard-worked and the list of groups is now up to 80.
Can I just have 3 grups in Epi?
So my question is, can i "erase" the old AD-groups and can I specify wich groups I want to add?
Thanx in advance.
It depends on which Role and Membership provider is being used.
It could be the ActiveDirectory*Provider that connects to your AD through LDAP. If so the groups and users are fetched and reflect what you have in your AD straight away.
More likely with what your specialist says, you use the Windows*Provider.
This is a good read on the subject and how the providers work:http://blog.fredrikhaglund.se/blog/2010/03/08/episerver-security-and-access-control-12/
Depending on which provider you have, some things can have support to be configured already. If not then your partner might need to do some coding.
In your case it sounds wise to extend the existing provider and filter the groups so that only the ones you need to use are put into EPi.
Or you could go with a completely "local database" provider just for the roles and do the role creation and assignments manually.