[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 988
  • Last Modified:

SharePoint Server 2010 with one way trusted domain -no search results for users from Trusted domain

I have a client with a SharePoint server 2010 environment. We have a local domain set up in the environment that hosts the Site. So we have domain1.local and then a one way trust was set up between the Clients internal domain and the local domain. So we have domain2.com.  The access and users in SharePoint groups are all working as expected from both domains.

The problem found is the users from domain2.com are getting no results when searching while the users with the same SharePoint permissions assigned from domain1.local do see results when searching.

The only fix that seems to be suggested  (that I have found) is to:
1. Change the Web App authentication from Classic-mode to Claims-mode.
or
2. Change the authentication on the SSA from Classic-mode to Claims-mode.

I am not comfortable with #1 since there are other application installed and configured to work with SharePoint that I am unsure if there will be a negative affect with. This environment if fully validated for FDA submissions and the applications have had Test scripts written and run. Changing the Authentication would most likely cause a whole new script having to be run on these apps.

So this leaves me with option #2 which I am trying to understand how this will work.
Will it have negative affects on the Security of the sharepoint configuration ? I am thinking not since it is just the Search ???
One article states "you will have to follow up with changing the web app over to claims-mode also". Is this true ?

Also stated is the "Search Alerts will be broken" - I dont think I have ever set up alerts on the Search - can you give me an example ?

Finally are there any other options that you know of that could help to get this working.
Am I missing something ? Is it really this involved ?

Any information would be appreciated - the security of the info on this site is very important that is why it was set up as a one way trust to begin with.

Thanks
Danielle
0
daniberes
Asked:
daniberes
  • 4
  • 3
1 Solution
 
Justin SmithSr. System EngineerCommented:
This is a 500 pt question, my friend.
0
 
daniberesAuthor Commented:
Okay thanks.
0
 
Justin SmithSr. System EngineerCommented:
Did you set your Enterprise Search application to use claims?
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
daniberesAuthor Commented:
No not yet, I was concerned about the consequences. I dont think there is any negative impact but I wanted to be sure before just going ahead and changing that.
And when questioned by the site owners I would like to be able to explain why this will work and also be a good solution. I am a bit apprehensive of my own understanding of the Claims authentication and it being just on the search service app.

Thanks
Danielle
0
 
Justin SmithSr. System EngineerCommented:
There won't be a negative impact.  I've done it in multiple farms.

The simple answer is, enabling claims allows the service application to properly read user information from all domains.  Without it enabled, the service app won't be able to tell if the end user has access to the search results and won't display them.

http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/2d903f8a-f74b-48e6-9b3e-b9461ae3fa5e/
0
 
daniberesAuthor Commented:
So if I do that, will I have to enable claims in the whole web application as one article had mentioned ? That was my main concern.  There is to much configuration, validation and script testing  done to just go and change the whole web application to claims.
0
 
daniberesAuthor Commented:
Thanks Achilles! Always knows the right answers for my SharePoint woes.....
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now