Hi
We have a windows authenticated SharePoint 2010 web application very well integrated with AD. In our organization, there is an HR data base, all users who are in this get sync to AD too. But there are few users who are directly created in AD but not there in HR DB. Now when such users try to access SharePoint application i should restrict them from logging as they are not in HR DB and hence they are not authorized to access this site. What are the best options to implement this? I had a following thought...
- Get the users list from both AD and HR DB and have a list who are there in AD but not in HR DB(as of now this will be manual, will try to do as a job)
- Create a group in AD and add these users to that group
- While importing users to SharePoint, we can restrict users who are part of these group should not be pulled in SharePoint
- By doing this when the user tries to access any SharePoint url he’ll keep entering his credentials but will not be able to login to our application
Let me know if there are any better options. Guide me to implement this.
Thanks, Ranjana
![Alice In Chains – Sap – EP [iTunes Plus M4A]](http://is1-ssl.mzstatic.com/image/thumb/Music/47/35/c7/mzi.ljwsgbez.jpg/592x592bb.webp)
![Chad Lawson – Awakening: The Stillness Within (2026) [FLAC 24bit/48kHz]](http://imghd.xyz/images/2026/05/09/x5d03jw9bi367_600.jpg)
