locked
Accessing Sharepoint 2013 across two domains (domain trust) RRS feed

  • Question

  • I have just installed SharePoint 2013 in our domain.  I have two web servers sat on windows 2012 and a backend SQL 2008 r2 database.  We have a 2 way domain trust set up and I want people in both domains to be able to access sharepoint but I can't seem to configure it so.

    However if for example I go to the C drive on my web server and view the properties of a folder and under security I try and add a user in for domain B I can so it does lead me to beleive that this is a sharepoint issue but how do I configure it so I can see that second domain?

    We also have in place a sharepoint 2010 pilot environment and that can see users from domain b so maybe i'm missing something in my 2013 environment or Microsfot have changed something.

    any advice would be much appreicated.

    Friday, January 18, 2013 2:45 PM

Answers

  • All SharePoint Servers in the farm must be able to query the remote DCs.  Since you have a two way trust in place, you don't need to configure the peoplepicker-searchadforests property.

    I have a utility you can run from the SharePoint Servers in the farm to validate they can reach the remote domain - PeoplePicker Port Tester.


    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, January 18, 2013 3:46 PM

All replies

  • All SharePoint Servers in the farm must be able to query the remote DCs.  Since you have a two way trust in place, you don't need to configure the peoplepicker-searchadforests property.

    I have a utility you can run from the SharePoint Servers in the farm to validate they can reach the remote domain - PeoplePicker Port Tester.


    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, January 18, 2013 3:46 PM
  • Brilliant thanks for this.  Run the tool and it returns a failure on the following ports 137/138/749/750

    Looks like it's a firewall issue

    thanks

    Monday, January 21, 2013 9:00 AM
  • Unfortunately it's not just a firewall issue. We have an open ticket with Microsoft support right now around this issue and it is one they can replicate in their own labs. Apparently, even with a proper two-way trust and with proper firewall access, SharePoint 2013 cannot resolve users across two-way trusted domains. Microsoft support was unable to give us a good reason why and we still have this ticket open so presumably they are still looking into it.

    According to their support team, the same issue occurs in their test lab so this to me indicates a universal problem with SharePoint 2013 authentication across domains and not a firewall issue. We also have a SP2010 farm running on the same domain and we have no issues authenticating across two-way domain trusts. It is an issue specific to SharePoint 2013.

    The PeoplePicker Port tester shows no problems when run on our SP2013 server farm and yet this issue still manifests. I would venture to guess that DWhiteley still has the same problem as before.

     

    Tuesday, January 22, 2013 9:11 PM
  • Have you added the peoplepicker-searchadforests property?  It isn't supposed to be required, but I've heard it helping with certain two-way trust scenarios.

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, January 23, 2013 5:42 AM
  • It turned out that our issue was with a dns forwarder and not with SharePoint. Good luck to the original poster.

    -Dale Kirby

    ps. I am having a lot of trouble posting on TechNet lately so I am trying from a colleague's account.


    Jonathan Gardner PMP
    Website: http://jonathanagardner.com
    Twitter: jgardner04

    Thursday, January 31, 2013 3:10 PM