Sharepoint Authentication between two domains

Posted on 2012-08-17
Last Modified: 2012-08-17
To the Experts,

I have a question which may be complex. Here is my situation: we are currently running WSS 3.0 and need to upgrade WSS to Sharepoint 2010. At the same time, we will be upgrading the servers to Windows 2008 R2 and use SQL Server 2008 R2. This is no problem at all. However, my company has two network domains. One is the main network domain while the other network domain is considered a developmental network for engineers and programmers.

By stating this, the main network is locked down. The other network is more flexible and would not require us to jump through hoops in terms of upgrading the software and hardware. For testing purposes, I set up a test Sharepoint 2010, SQL Server 2008, and Win 2008 servers on the development network. The issue that I ran into is when I want to access the Sharepoint site or download/upload documents from the main network, I have to use a local computer account (created on the Sharepoint server) to access the site.

The current WSS 3.0 site (runs on the main network) uses LDAP for user/group authentication. My question is how or what can I use to possibly integrate LDAP user/group authentication from the main network for the Sharepoint 2010 site being hosted on the developmental network? Any suggestions or third party software that could do this would be great.

Question by:thef284
    LVL 38

    Expert Comment

    Is there any type of AD trust currently between the Main and Dev domains?
    LVL 38

    Expert Comment

    Does the Main SharePoint site truly use an LDAP store for users and groups?  Or do you just mean, it uses Active Directory?

    Author Comment

    At this moment, there is no AD trust between the two domains. I do not forsee AD trust for these two domains in the future due to the company wanting to keep them separate.

    The Main Sharepoint site uses AD authentication, not an actually LDAP store. Sorry for not clarifying that info for you.

    Besides using AD for authentication, I wonder if there is a way for users to access the site with different credentials, enter those credentials, and then gain entry to sites/libraries based on the permissions specified for that user login? Kind of similar to using a local user account, but instead of having to type in your credentials every time you want to upload/download a file, the credentials are remembered after initial login.

    I am grasping at straws right now... :)
    LVL 38

    Accepted Solution

    Why dont you just create user accounts for people in the Dev domain, and have them use those to log into the 2010 site?  The 2010 is just for testing anyways, right?  I'm assuming that "Dev" is an Active Directory environment??

    The only option you have where users could use their Main credentials to authenticate in 2010 is to set up AD federation between the domains.  Seems way overkill and pointless though.

    Author Comment

    The 2010 is just for testing anyways, right?
    Well, for the most part SP 2010 is for testing purposes. However, we will migrate WSS 3.0 to SP 2010 for production purposes starting in December 2012.

    We can definitely setup an AD environment for the development network. But, it would be nice to have only one set of user credentials to be used than to make users use one set of credentials for the main network and another for the dev network.

    However, this may be the route taken in which we setup an AD environment for the development network which will be used to create 300 user accounts for authentication with Sharepoint.

    The whole point to move away from the main network is to give us more flexibility and control of the Sharepoint web design, functions, and administrative responsibilities such as backing up the Sharepoint farm.

    I agree that we could setup AD federation, but the company would probably kill this idea since the dev network is considered less secure.

    Thanks for your input... this confirms what I was thinking about doing, but wanted to make sure there was not another alternative.

    Featured Post

    Are end users causing IT problems again?

    You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

    Join & Write a Comment

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now