CODEWITHSUNDEEP
sharepointcross-domain
lexeme
lexeme

Reputation: 2973

Cross domain access in Sharepoint 2010

There are two domains A and B (separate forests). Sharepoint site is deployed in A domain. Is it possible to user from domain B to get access to the site?

As far as I understand Sharepoint is based on Active Directory accounts. Is it possible to have the user in both domains or are there any other alternatives?

Upvotes: 0

Views: 12645

Answers (2)

Wiktor Zychla
Wiktor Zychla

Reputation: 48279

Another option, not mentioned in the answer from Johny, would be to set up your Sharepoint applications to authenticate via ADFS2.

This options is easy to set up but in the same time it's very flexible. You tell your sharepoint to trust one particular ADFS but then, you can federate your ADFS with other ADFSes on different domains or break existing federation relations. You don't touch your Sharepoint when configured once.

The relation graph would be:

Sharepoint -> (trust) -> ADFS2 on domain A -> (possible trust) -> ADFS on domain B, C, others

Technically, if ADFS2 is federated with other ADFSes, your users get an option to login using A, B or other identity provider. The default ADFS page shows just a combo of identity providers but you can customize the page and show anything, like friendly images for example.

Upvotes: 4

Johnny
Johnny

Reputation: 795

Yes you can create cross domain access, but it requires a bit of work with the servers not code.

1.cross domain access:
You have to create a trust between the domains. Furthermore I believe you have to set up DNS, so the users (domain B) can 'talk' to the DNS in domain A. The trust will mean that, users in domain B can authenticate in domain A, and find the sharepoint site. Also remember if there are firewall between the domains, this needs to be taken into account. Here you can read about setting this up, but I recommend you research more before implementing this solution: http://www.quantumofgeek.com/2010/09/configure-sharepoint-to-authenticate-cross-forest-ad-users/

2. users in both domain
If you have the users in both domains (duplicate username/password) it will still be different logon because of the domain name. And if users change their password it will not be reflected in the other domain.

Upvotes: 3

Related Questions