Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can associate external FQDN with internal FQDN to prevent logon popup?

Posted on 2007-12-06
10
Medium Priority
?
1,068 Views
Last Modified: 2012-06-21
Hi,

We've developed our corporate intranet in MOSS on Windows 2003 and linked it to our active directory so that if you enter https://portal.ourcompany.local from the LAN, you get through to the MOSS intranet, and are logged in to the portal automatically because we are logged in to our desktops.

Through MOSS, we have changed the FQDN of the intranet to https://portal.ourcompany.com so that those out on the road can access it. Works fine externally with a logon popup shown for the user, but internally on the LAN where people log onto the ourcompany.local domain through active directory we'd still like them to be able to log in to https://portal.ourcompany.com without getting the popup box.

By entering their details again they are taken to the portal but we'd like to omit this additional prompt. The DNS records have been changed so that someone on the LAN gets portal.proctorgroup.com resolving locally to the MOSS server.

How can we get rid of the additional login prompt for local LAN users?

Cheers,

Jim.
0
Comment
Question by:e-matters
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 22

Expert Comment

by:cj_1969
ID: 20419514
Both domains need to be in AD and then set up a trust between the domains so that the portal domain will trust the internal.
0
 
LVL 9

Expert Comment

by:moss_guru
ID: 20419637
I believe that adding the  https://portal.ourcompany.com address to your Local Intranet "Sites" list in your browser would fix that issue.  This would be (in IE7) in Internet Options, on the Security Tab, in the Intranet Zone.  Click Sites, then Advanced, and you should be able to add it.  The problem is that the browser will not pass Authenticated credentials to a non-trusted location (ie the Internet), and it cannot tell that your ".com" address is really an internal trusted location.  You can update this via the registry as well (see code)
Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ourcompany.com\portal]
"*"=dword:00000001

Open in new window

0
 

Author Comment

by:e-matters
ID: 20442543
Hi,

I had already tried this but still received the pop-up.

Best regards,

Jim.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:e-matters
ID: 20442577
Hi,

Thanks for your response. Is it possible to set up the ourcompany.com domain name without having a domain controller for it, by simply adding it as a record into DNS or something similar?
 
0
 
LVL 9

Accepted Solution

by:
moss_guru earned 450 total points
ID: 20442597
Yes.  DNS domains do not require an AD domain controller.  Just create the new domain in DNS and add your host record in that domain. (ie Host or A Record for "Portal" in the new domain "ourcompany.com")...
0
 

Author Comment

by:e-matters
ID: 20442683
And then it is straightforward to get the two domains to trust each other?

0
 
LVL 9

Expert Comment

by:moss_guru
ID: 20442721
Trust is an AD term for allowing two Active Directory's to "trust" each others' (two-way or one-way) authentication.  This means that DomainA\User1 can be given access to DomainB\Server1's fileshares, even yought they are not part of the same AD Forest.

DNS Domains have no need of such a trust, as they are resolution only resources.  They resolve names to IPs, no security involved.
0
 

Author Comment

by:e-matters
ID: 20442894
Sorry to be thick, but if I need to establish a trust then presumably I need to Active Directories. At the moment I have one, and an external domain name. I guess one alternative is to set up a barebones server with an Active Directory for ourcompany.com and then trust them, but I'd rather there was a cleaner way.

0
 
LVL 9

Expert Comment

by:moss_guru
ID: 20443521
If you have the DNS domain resolving correctly, and you are importing the profiles and security from the correct AD structure, there should not be an issue.  Are you sure you need a matching AD domain for the external DNS name?  I would not think this would be necessary.  If your PC's are in the same Domain as your profiles, and you are logging in to that same AD, and your IE client recognizes the URL as a trusted internal site, your credentials should be passed to the MOSS servers... If some point along that chain fails, then you will be prompted.
0
 

Expert Comment

by:Skarkroe
ID: 26823714
I am having this exact same problem, but feeling sort of ignorant.  My internal and external domain are the same?  What am I missing?
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question