SharePoint Dev Center >
Authentication fails after domain change

Traitée Authentication fails after domain change

  • Friday, April 13, 2012 1:53 PM
     
     
    Sign In to Vote
    0

    I'm working with a Farm where the SharePoint Server was moved to a domain (from domainA to domainB).  After the move users are not able to authenticate to the site from either domain.  The issue did not occur immediately after the server was moved which I find noteworthy.  I've verified that the domainB users have been granted rights.

    Central Administration still works.  The portal that is nor working is a claims based authentic web application.

    The one exception is that the account being used as the identity of the web application(domainB\spAdmin) is able to log in.  Interesting enough, when that account clicks the SignIn as different user button, an error message shows.  Tracking down the log entry, it's an access denied exception on the AccessDenied page.  (So they're being denied access to login as a different user, which forwards them to the AccessDenied page, where they're denied access).

    Things I've tried:

    • Creating a fresh blank web application allows authentication without issues.
    • Making a domainB\user account a site collection administrator
    • Creating a security policy on the web app granting domainB\user full control on the web application
    • There was a 2nd portal using claims-based authentication where the same problem was occurring and I was able to create a new web application and attach the content database, allowing authentication.  But it didn't work for the main portal.  In my mind this rules out issues with the Claims to Windows token service.
    • I've checked into files used for branding to ensure users have access to these.

    Thank you for any thoughts you have.


    Nate

     

All Replies

  • Sunday, April 15, 2012 11:59 PM
     
     
    Sign In to Vote
    0

    Hi Nate,

    I am unsure what type of setup you had on domainB but you might want to look at one of the below articles:

    [SP2007/SP2010] Migrate SharePoint across domains:http://share-point.blogspot.com.au/2011/06/sp2007sp2010-migrate-sharepoint-across.html

    Migrating SharePoint users across domains:http://blogs.msdn.com/b/alexander_windel/archive/2006/03/23/559317.aspx

    Kind Regards, Justin Nash

     
  • Monday, April 16, 2012 7:26 AM
     
     Answered
    Sign In to Vote
    0

    Hi,

    You may need to register the domains to be used for your environment. So you can use below mentioned commands to resolve/ make your domain users authenticated.

    stsadm -o setapppassword -password <password>

    Once completed then run

    stsadm -o setproperty -pn peoplepicker-searchadforests -url http://webapplicationurl -pv "forest:domain1.com,domain1\serviceaccount,<serviceaccountpassword>,domain:domain1.com,domain1\serviceaccount,<serviceaccountpassword>; forest:domain2.com,domain2\serviceaccount,<serviceaccountpassword>,domain:domain2\serviceaccount,<serviceaccountpassword>;"

    So here the "serviceaccount" refers to an account in AD which has 'crawling permissions'. once this is done, it will resolve your issue.

    Hope this helps.

    Thanks, Sumit Gupta SharePoint Consultant MCP, MCTS, CCNA