****NOTE: Before doing any AD development, be sure your client isn’t going to change their AD structure and that you have an accurate reproduction of their structure in your dev environment.****
I’ll give more detail later, but these posts helped me:
A couple of things on site group creation. Though, I did learn that I can add an AD group to a sitge using the same code as adding an AD user to a site.
Checking the current user’s permission on a web site or a list by code
I never actually got this to work according to the way this post says it should, but it explains a lot about that “Limited Access” role that helped me:
(My problem, btw, was that I was hitting the wrong site when I tried to add permissions–I was grabbing the root site instead of the subsite I wanted to add permissions to.)
This one was a HUGE help–I needed to add permissions to a page that had to be checked out, but I was just creating the page for the first time and setting permissions. Added bonus: if you’re logged in as admin, you just need to change you .Update to .SystemUpdate–no need to worry about the “RunWithElevatedPrivileges”:
Finally, setting anonymous access:
Thanks to all those sites for helping me through a looooong day!