Solved

Sharing SharePoint2010 access within two different domain

Posted on 2010-11-09
15
537 Views
Last Modified: 2012-08-14
Hi All,

I've got SharePoint 2010 already setup and working in MyDomain, suppose I'd like to allow people from the other domain to have access into the site (OtherDomain) is there anything that i should do before ?

My goal is to test whether is it easier to make some modification in the SharePoint 2010 or i can / should create another domain in the domain controller server ?

Cheers,

JJ
0
Comment
Question by:jjoz
  • 7
  • 4
  • 4
15 Comments
 
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 200 total points
ID: 34098727
Is this a domain in the same AD forest?  If so, you don't have to do anything special.  

If it's from another AD Forest, you have to run an STSADM command to enable SharePoint to see the other domain.

0
 
LVL 1

Author Comment

by:jjoz
ID: 34098750
yes it is from the other domain completely different.
the test that I'd like to use is that my client from the extranet will be trying to login to the system rather than I create their login one by one in my AD
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 34098758
do you already have a connection and trust set up to their AD?
0
 
LVL 1

Author Comment

by:jjoz
ID: 34098772
no at the moment i don't have access and never think of that since they are our customer.
0
 
LVL 15

Accepted Solution

by:
sharepointguru14 earned 300 total points
ID: 34098913
what is the purpose of the site? Who will access it and for what?
The reason I ask is you have many different options and the best one depends on the answers. What I have gathered so far and correct me if I'm wrong. You have a customer on a completely different AD forest and in a different building and network. There is no Trust in place and there is no plan to put one in place in the future.
Is your current SharePoint site accessible on the internet?
Are you looking to share an existing site or looking to setup a new one?
1. You options could be put a trust in place and add their user accounts to sharepoint resources (not an option based on above)
2. you can create a new web application and use forms based authentication where you can have then signup for accounts and store them in a SQL repository or AD etc.
3. SharePoint 2010 supports claims based authentication and this is probably your best option. You can enable claims authentication on the web application that the site you are looking to share with them in on. And then either by using ADFS to create a trusted STS provider you can point to their AD environment as a "trusted" source and they will actually look back to their domain to see if their credentials are valid. OR if you didn't want to work with them at all on it, you could use windows LiveID as a trusted provider. Then they sign up for a windows live account and use that to sign into your sharepoint farm. Let me know what sounds best for you and I can post more specific details on that solution.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 34099024
So yeah you would probably want to look into federation with the new Claims security model in 2010.

0
 
LVL 1

Author Comment

by:jjoz
ID: 34099263
what is the purpose of the site?
### The test web application that we create for our client

Who will access it and for what?
### Our client from the Internet

Is your current SharePoint site accessible on the internet?
### Not yet, since I haven't secured it yet for Internet facing.

Are you looking to share an existing site or looking to setup a new one?
### Setup new one is better since I've got one already setup now, but of course I'm using DOMAIN\myusername to access it now.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 200 total points
ID: 34101439
guru's answer #2 might be your best bet.  i think if it's just a test thing it would be easiest to use a secondary user store like sql or lightweight AD to put the client's accounts in.  You could use their email address as the log in.

This is a pretty good artcile for SharePOint 2007:  http://www.bloggersbase.com/computers/ad-lds-sharepoint-forms-based-authentication/
0
 
LVL 15

Expert Comment

by:sharepointguru14
ID: 34102767
are you looking at doing sharepoint site hosting or is this for collaboration between you and your client?
0
 
LVL 1

Author Comment

by:jjoz
ID: 34108121
are you looking at doing sharepoint site hosting or is this for collaboration between you and your client?
### this is for hosting temporarily before we migrate the whole site into their production site.
0
 
LVL 15

Assisted Solution

by:sharepointguru14
sharepointguru14 earned 300 total points
ID: 34108306
so set the site up in its own web application using forms authentication with a membership repository in SQL or AD whichever you are more comfortable with. Or use Claims and either federate with the customer or setup the site to accept Windows Live ID credentials and just have your customer create live id logins to access the site.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34108319
sounds great Guru, because at the moment I'm about to setup Windows Server 2008 Active Directory in VM which mimics the customer domain.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34168924
do i have to setup "Active Directory Federation Services 2.0" in my Domain Controller ?
0
 
LVL 15

Assisted Solution

by:sharepointguru14
sharepointguru14 earned 300 total points
ID: 34180900
only if you plan on federating your customers domain and your own OR if you are looking to setup your own STS provider. If you are going the forms authentication or LIVE ID route, then ADFS is not needed.
0
 
LVL 1

Author Closing Comment

by:jjoz
ID: 34182649
thanks man !
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now