Solved

SharePoint Server 2010 with one way trusted domain -no search results for users from Trusted domain

Posted on 2013-05-24
7
910 Views
Last Modified: 2013-05-28
I have a client with a SharePoint server 2010 environment. We have a local domain set up in the environment that hosts the Site. So we have domain1.local and then a one way trust was set up between the Clients internal domain and the local domain. So we have domain2.com.  The access and users in SharePoint groups are all working as expected from both domains.

The problem found is the users from domain2.com are getting no results when searching while the users with the same SharePoint permissions assigned from domain1.local do see results when searching.

The only fix that seems to be suggested  (that I have found) is to:
1. Change the Web App authentication from Classic-mode to Claims-mode.
or
2. Change the authentication on the SSA from Classic-mode to Claims-mode.

I am not comfortable with #1 since there are other application installed and configured to work with SharePoint that I am unsure if there will be a negative affect with. This environment if fully validated for FDA submissions and the applications have had Test scripts written and run. Changing the Authentication would most likely cause a whole new script having to be run on these apps.

So this leaves me with option #2 which I am trying to understand how this will work.
Will it have negative affects on the Security of the sharepoint configuration ? I am thinking not since it is just the Search ???
One article states "you will have to follow up with changing the web app over to claims-mode also". Is this true ?

Also stated is the "Search Alerts will be broken" - I dont think I have ever set up alerts on the Search - can you give me an example ?

Finally are there any other options that you know of that could help to get this working.
Am I missing something ? Is it really this involved ?

Any information would be appreciated - the security of the info on this site is very important that is why it was set up as a one way trust to begin with.

Thanks
Danielle
0
Comment
Question by:daniberes
  • 4
  • 3
7 Comments
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39195977
This is a 500 pt question, my friend.
0
 

Author Comment

by:daniberes
ID: 39200902
Okay thanks.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39201028
Did you set your Enterprise Search application to use claims?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:daniberes
ID: 39201578
No not yet, I was concerned about the consequences. I dont think there is any negative impact but I wanted to be sure before just going ahead and changing that.
And when questioned by the site owners I would like to be able to explain why this will work and also be a good solution. I am a bit apprehensive of my own understanding of the Claims authentication and it being just on the search service app.

Thanks
Danielle
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 39201637
There won't be a negative impact.  I've done it in multiple farms.

The simple answer is, enabling claims allows the service application to properly read user information from all domains.  Without it enabled, the service app won't be able to tell if the end user has access to the search results and won't display them.

http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/2d903f8a-f74b-48e6-9b3e-b9461ae3fa5e/
0
 

Author Comment

by:daniberes
ID: 39201650
So if I do that, will I have to enable claims in the whole web application as one article had mentioned ? That was my main concern.  There is to much configuration, validation and script testing  done to just go and change the whole web application to claims.
0
 

Author Closing Comment

by:daniberes
ID: 39201707
Thanks Achilles! Always knows the right answers for my SharePoint woes.....
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We had a requirement to extract data from a SharePoint 2010 Customer List into a CSV file and then place the CSV file into a directory on the network so that the file could be consumed by an AS400 system. I will share in Part 1 how to Extract the Da…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now