Microsoft Project Server Permissions and Active Directory

[Brett Smith]

Hello everybody, hope all are well..it's been a long time since I last posted
here. My question today is how Microsoft Project Server affects the Active
Directory. My Administrator won't allow me to install and configure the
accounts of the EPM Solution myself and I wanted to use Active Directory, but
he is very touchy about the AD. What kind of effect does Microsoft Project
Server and the accounts used on Project Server have on Active Directory.
Does it change anything? What exactly does it do when it synchronizes
accounts? Any and all information on this subject would be very helpful!
Thank you very much fellow Project Experts!

Brett Smith

 

[Gary L. Chefetz [MVP]]

Brett:

It reads AD information in order to populate it to Project Server. The only
write or change actions taking place during the synch are happening in the
Project Server database.

 

[Brett Smith]

Thank you very much Gary, I really appreciate it. Hopefully my Administrator
will allow us to implement Project this way because doing it the other ways
would be I think too many unncecessary steps.

 

[Jonathan Sofer - MCP]

Brett,

Verify, with your AD administrator, what special characters are being used
in the "display name" of the Active Directory accounts. This is important
because there are certain special characters that do not work with Project
Server and the AD synch. Square brackets is one. I would highly suggest to
fully test this AD integration before you move forward in a full
implementation since it sounds like the AD synch feature, for your company,
is the backbone for a successful Project Server environment.

 

[Gary L. Chefetz [MVP]]

Brett:

One further word of caution: The AD synch process is not capable of
attributing resources for the resource pool. So, even though you don't need
to add the account, doesn't mean that you don't have manual work to do to
make the resources fully functional in your environment. If you're looking
to do an initial load of the pool, extracting this information from the
global address list (GAL), or other suitable source, works equally as well
as using AD synch.

--


Gary L. Chefetz, MVP
"We wrote the books on Project Server"
http://www.msprojectexperts.com

For Project Server FAQs visit
http://www.projectserverexperts.com

For Project FAQs visit
http://www.mvps.org/project

 

[Denis in Brisbane]

Gary,

I'm confused. I thought you could define an AD Group called, for example,
PSResources and put people in there. Then through Admin, Server
Configuration, point to that group and synch those people into the resource
pool. This would mean that a person would have to appear in both the
PSTeamMembers AD group and the PSResources AD Group to get a persona as both
Team member and be a resource.

Have I got it wrong?

Denis

 

[Gary L. Chefetz [MVP]]

Denis:

If you're having a problem with AD synch, I suggest you start a new thread
explaining your problem. Your question, as it relates to the thread you've
jumped into, reflects a complete misinterpretation of the conversation. By
the way, a "Team Member," by definition, "is a resource."