Supporting Multiple Active Directory Domains

In many environments there is more than one Active Directory forest with users that need access to the SharePoint farm. Setting up support for users on multiple domains is pretty easy and can provide new collaborative features for users throughout the extended organization.

Trust Relationship
The only prerequisite is that there has to be a trust relationship between the forests. Users from the other domain(s) will need to be able to authenticate and access resources on the host domain.

If that trust is not in place, here is a good resource: Support for Cross-forest deployments

Setting up the Import
The Profile import settings are in the Shared Service Provider’s User Profile section. Setting up the primary domain, the domain the server is on, is pretty straight forward and the default settings should be fine.

To setup an import for additional domains click on the “View import connections” link from the main User Profiles and Properties page followed by the Add Connection item in the toolbar. Fill in the domain information and click the Auto Fill Root Search Base button. If the SharePoint Administration account does not have access to read from the target domain you will need to supply an account to read the directory.

People Picker Control
If there is a one way trust, or there are duplicate accounts (display names) on different domains it may be a good idea to set some additional properties. In the article Select user from multiple forest domains it provides a path to specify which forests to search, and allows the passing of credentials if the SharePoint Administration account does not have the required privileges.

The platform does a good job of supporting cross domain collaboration, and it is a lot easier to setup than many enterprise systems. In one environment I had to support over thirty domains so the information included above really came in handy.

Tags: , ,

1 Response to "Supporting Multiple Active Directory Domains"

  • Dipan says:
Leave a Comment