• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 361
  • Last Modified:

SharePoint authenticate against 2 Active Directories

We have a new domain that security has created for partners/community.
We would like to have SharePoint authenticate against our employee domain and this new community domain.

Could someone please point me in the right direction.  We also need to have the community domain users have profiles in SharePoint.

Thanks
Ron
0
Capt_Ron
Asked:
Capt_Ron
1 Solution
 
AeridenCommented:
A trusted domain may be the appropriate solution (depending on your topology with your domain controllers).  Check out http://www.sharepointboost.com/blog/how-to-add-trust-domains-in-a-sharepoint-farm/.
0
 
Capt_RonIT Solutions ManagerAuthor Commented:
Unfortunately, security doesn't want to create a 2-way trust.  They don't want users in the comminunity domain to log into computers in the employee domain.  But they do want them to have access to certain employee domain resources, such as SharePoint.
Does that make sense?

I was originally thinking a 2-way trust would solve the authentication problem, then a separate profile service would solve the profile problem.

Ron
0
 
Justin SmithSr. System EngineerCommented:
As long as SharePoint's domain trusts the users's domain, it's not a problem.  You just have to tell your peoplepickers to look into the other domain as well.

http://technet.microsoft.com/en-us/library/cc262051%28v=office.12%29.aspx
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
Capt_RonIT Solutions ManagerAuthor Commented:
is there a sharepoint 2010 version?  I can't find it.
0
 
Justin SmithSr. System EngineerCommented:
THe commands are exactly the same for 2010.
0
 
Shailendra_karveCommented:
Hello

You can follow the below link to pull all the users from active directory

http://www.jppinto.com/2011/04/configure-active-directory-ad-synchronization-for-sharepoint-2010/
0
 
Capt_RonIT Solutions ManagerAuthor Commented:
I talked with security and they would prefer having a 1 way trust and not a 2-way trust between the domains.  Their statement " The purpose of the second domain is to isolate those users from being able to log into the Admin domain computers.  Therefore we can look into a 1-way trust if that is possible"

Now I'm stuck?
0
 
Justin SmithSr. System EngineerCommented:
Ron, I'm a bit confused what you are looking for here.  I answered your question in my comments above.  What else do you need?
0
 
Capt_RonIT Solutions ManagerAuthor Commented:
Ach1lles,
I've been researching the trust issue to get a better understanding of what I need to do and what I need the Security dept to do.
There is currently a 1-way trust.  The Community Domain trusts the Employee Domain.
Based on that, If I have a user, John Doe, in the community domain and he accesses a SharePoint site in the Employee Domain, will he get authenticated?
I know I have to set up the profile import so that John Dow is in the profile store.  But at this point I just need to make sure that John Doe will get authenticated.
Thank you for your patience
Ron
0
 
Justin SmithSr. System EngineerCommented:
No.  If the Employee domain doesn't trust the Community domain, then Community domain users can't authenticate against resources in the Employee domain.
0
 
Capt_RonIT Solutions ManagerAuthor Commented:
Do you know of a way to allow that without the Employee domain trusting the Community domain?
0
 
Justin SmithSr. System EngineerCommented:
Why don't you just deploy your farm in the Community domain?

If you can't and you want people to authenticate using their Employee account, you'd have to set up some AD federation.
0
 
Capt_RonIT Solutions ManagerAuthor Commented:
We are going to deploy a second farm in the community domain.  This is the best solution given that security does not want to use federation.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now