Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SharePoint Server 2010 with one way trusted domain -no search results for users from Trusted domain

Posted on 2013-05-24
7
Medium Priority
?
975 Views
Last Modified: 2013-05-28
I have a client with a SharePoint server 2010 environment. We have a local domain set up in the environment that hosts the Site. So we have domain1.local and then a one way trust was set up between the Clients internal domain and the local domain. So we have domain2.com.  The access and users in SharePoint groups are all working as expected from both domains.

The problem found is the users from domain2.com are getting no results when searching while the users with the same SharePoint permissions assigned from domain1.local do see results when searching.

The only fix that seems to be suggested  (that I have found) is to:
1. Change the Web App authentication from Classic-mode to Claims-mode.
or
2. Change the authentication on the SSA from Classic-mode to Claims-mode.

I am not comfortable with #1 since there are other application installed and configured to work with SharePoint that I am unsure if there will be a negative affect with. This environment if fully validated for FDA submissions and the applications have had Test scripts written and run. Changing the Authentication would most likely cause a whole new script having to be run on these apps.

So this leaves me with option #2 which I am trying to understand how this will work.
Will it have negative affects on the Security of the sharepoint configuration ? I am thinking not since it is just the Search ???
One article states "you will have to follow up with changing the web app over to claims-mode also". Is this true ?

Also stated is the "Search Alerts will be broken" - I dont think I have ever set up alerts on the Search - can you give me an example ?

Finally are there any other options that you know of that could help to get this working.
Am I missing something ? Is it really this involved ?

Any information would be appreciated - the security of the info on this site is very important that is why it was set up as a one way trust to begin with.

Thanks
Danielle
0
Comment
Question by:daniberes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39195977
This is a 500 pt question, my friend.
0
 

Author Comment

by:daniberes
ID: 39200902
Okay thanks.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39201028
Did you set your Enterprise Search application to use claims?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:daniberes
ID: 39201578
No not yet, I was concerned about the consequences. I dont think there is any negative impact but I wanted to be sure before just going ahead and changing that.
And when questioned by the site owners I would like to be able to explain why this will work and also be a good solution. I am a bit apprehensive of my own understanding of the Claims authentication and it being just on the search service app.

Thanks
Danielle
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 2000 total points
ID: 39201637
There won't be a negative impact.  I've done it in multiple farms.

The simple answer is, enabling claims allows the service application to properly read user information from all domains.  Without it enabled, the service app won't be able to tell if the end user has access to the search results and won't display them.

http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/2d903f8a-f74b-48e6-9b3e-b9461ae3fa5e/
0
 

Author Comment

by:daniberes
ID: 39201650
So if I do that, will I have to enable claims in the whole web application as one article had mentioned ? That was my main concern.  There is to much configuration, validation and script testing  done to just go and change the whole web application to claims.
0
 

Author Closing Comment

by:daniberes
ID: 39201707
Thanks Achilles! Always knows the right answers for my SharePoint woes.....
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Leon
Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
In case you ever have to remove a faulty web part from a page , add the following to the end of the page url ?contents=1
Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question