Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SharePoint authenticate against 2 Active Directories

Posted on 2012-09-18
13
Medium Priority
?
359 Views
Last Modified: 2012-11-13
We have a new domain that security has created for partners/community.
We would like to have SharePoint authenticate against our employee domain and this new community domain.

Could someone please point me in the right direction.  We also need to have the community domain users have profiles in SharePoint.

Thanks
Ron
0
Comment
Question by:Capt_Ron
13 Comments
 
LVL 9

Expert Comment

by:Aeriden
ID: 38411027
A trusted domain may be the appropriate solution (depending on your topology with your domain controllers).  Check out http://www.sharepointboost.com/blog/how-to-add-trust-domains-in-a-sharepoint-farm/.
0
 
LVL 1

Author Comment

by:Capt_Ron
ID: 38411116
Unfortunately, security doesn't want to create a 2-way trust.  They don't want users in the comminunity domain to log into computers in the employee domain.  But they do want them to have access to certain employee domain resources, such as SharePoint.
Does that make sense?

I was originally thinking a 2-way trust would solve the authentication problem, then a separate profile service would solve the profile problem.

Ron
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38411619
As long as SharePoint's domain trusts the users's domain, it's not a problem.  You just have to tell your peoplepickers to look into the other domain as well.

http://technet.microsoft.com/en-us/library/cc262051%28v=office.12%29.aspx
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 1

Author Comment

by:Capt_Ron
ID: 38411731
is there a sharepoint 2010 version?  I can't find it.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38411737
THe commands are exactly the same for 2010.
0
 
LVL 2

Expert Comment

by:Shailendra_karve
ID: 38411767
Hello

You can follow the below link to pull all the users from active directory

http://www.jppinto.com/2011/04/configure-active-directory-ad-synchronization-for-sharepoint-2010/
0
 
LVL 1

Author Comment

by:Capt_Ron
ID: 38471648
I talked with security and they would prefer having a 1 way trust and not a 2-way trust between the domains.  Their statement " The purpose of the second domain is to isolate those users from being able to log into the Admin domain computers.  Therefore we can look into a 1-way trust if that is possible"

Now I'm stuck?
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38473251
Ron, I'm a bit confused what you are looking for here.  I answered your question in my comments above.  What else do you need?
0
 
LVL 1

Author Comment

by:Capt_Ron
ID: 38487260
Ach1lles,
I've been researching the trust issue to get a better understanding of what I need to do and what I need the Security dept to do.
There is currently a 1-way trust.  The Community Domain trusts the Employee Domain.
Based on that, If I have a user, John Doe, in the community domain and he accesses a SharePoint site in the Employee Domain, will he get authenticated?
I know I have to set up the profile import so that John Dow is in the profile store.  But at this point I just need to make sure that John Doe will get authenticated.
Thank you for your patience
Ron
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38487335
No.  If the Employee domain doesn't trust the Community domain, then Community domain users can't authenticate against resources in the Employee domain.
0
 
LVL 1

Author Comment

by:Capt_Ron
ID: 38487357
Do you know of a way to allow that without the Employee domain trusting the Community domain?
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 2000 total points
ID: 38487381
Why don't you just deploy your farm in the Community domain?

If you can't and you want people to authenticate using their Employee account, you'd have to set up some AD federation.
0
 
LVL 1

Author Closing Comment

by:Capt_Ron
ID: 38594131
We are going to deploy a second farm in the community domain.  This is the best solution given that security does not want to use federation.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Scenario: Let’s say you have a quote worksheet in Excel that you use to work up sales figures and such for your clients. You utilize SharePoint to manage and keep track of these documents. You would like values from your worksheet to populate Sh…
If you create your solutions on SharePoint sooner or later you will come upon a request to set  permissions of the item depending on some of the item's meta-data - the author, people assigned as approvers, divisions, categories etc. The most natu…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month14 days, 11 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question