SharePoint 2007 and Cross-Forest Configuration.

maddenjc
maddenjc used Ask the Experts™
on
My organization has SharePoint 2007 implemented in our domain and we were recently aquired by another company. The AD integration has been moving forward using Quest Tools which also resulted in a one-way (we trust them) trust being implemented.

I've researched and implemented changes concerning the cross-forest people picker configuration and that works fine; however, I have concern with the fact there two ids for employees in aquired company (one in the domain where SP is and another in the domain of the aquiring company).

I thought about filtering the people picker results using the stsadm commands until we "stsadm -o migrate" the users; however, I came accross the following doucment discussing the use of the MsDs-SourceObjectDN property and how that might perform some sort of mapping:

http://blogs.msdn.com/b/sharepoint/archive/2006/03/15/552331.aspx

The quest migration that the AD team did evidently did not populate this attribute. My question is, can I update this manually and what values should be populated in each respective forest.

My goal would be for a user to be able to use either AD account (original or migrated) to access their SharePoint sites...

Thanks for any help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
you need to put the ID that you want to create the link to in that attribute. So it should
contains the string representation of the distinguished name of the object in another forest that corresponds to this object.
So put the DN of the object that you want to link to and you should be set. (CN=, DC=)

Author

Commented:
Thanks! I'm planning on trying this out in my lab after the holiday.

Just so I'm clear, should the new account in the "aquiring" domain reference the account in the "aquired" domain (the one that has the SharePoint access)? What should the account in the aquired domain reference?

In addition, will this work over a one-way (external) trust (aquired domain trusts the aquiring company's AD only). Ideally we would like a user to log into the aquiring company's domain with their new AD account and then be able access all of the sites in the SharePoint environment where their old account exists.

Thanks again, I really appreciate it....

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial