SharePoint 2013 and multiple domains

Hello,

We have two domains; Domain A and Domain B. The SharePoint 2013 server is located in Domain A and users in that domain are currently using the intranet. We would like for users in Domain B to be able to use the SharePoint as well.

Question: How can we configure SharePoint so Domain B user profiles and authentication can access SharePoint?

Currently there's a two-way trust between the two domains (different forests).
I have set up a user profile synchronization to Domain B and in Central Administration I can see the Domain B user profiles.
I have created Universal Security Groups in Domain B which will be used in the SharePoint.

Problem: When I open the permissions for a Document Library, I cannot resolve the users or groups in Domain B. Can someone please help us figure out what's wrong?

Thanks!
AuhnAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rainer JeschorCommented:
Hi,
you first have to configure the people picker, so that the second domain is also searchable:

1. Logon onto your SharePoint server as farm AND local admin.
2. Open a CMD explicitely with "Run as Administrator"
3. Adjust the following two commands to fit your environment and run them one by one
stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:domainone.com;forest:domaintwo.com,DomainTwo\ReaderAccount,C0mplEXPW1" -url http://YourCentralAdminUrl
stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:domainone.com;forest:domaintwo.com,DomainTwo\ReaderAccount,C0mplEXPW1" -url http://YourSharePointAppUrl

Open in new window

Question is: is the second domain a dedicated forest OR an additional domain in the existing forest?

Main configuration possibilities and settings: https://technet.microsoft.com/en-us/library/gg602075.aspx
-searchadforest property: https://technet.microsoft.com/en-us/library/cc263460(office.12).aspx

Additional info about the configuration change in SP 2013:
http://sharepoint-community.net/profiles/blogs/sharepoint-2013-people-picker-problem-with-2-way-trusted-domains

And an alternative solution when you want to use Powershell:
http://www.sp-eg.de/Blog/Beitrag/15/The-People-picker-and-domain-trusts

HTH
Rainer
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AuhnAuthor Commented:
Thanks a lot for a swift and spot on answer! This solved our issues :-)

As an answer to your question: Both domains exist in separate forests.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.