none
two-way domain trust SharePoint

    Question

  • Hi Guys,

    We have 2-way trust and environment is as sharepoint 2007 OS server 2003. When i try to search users from 2nd domain, i cant find users.

    when i do search on server 2008, i can find users.

    How/what should i do on 2003 OS, so i can find users from 2nd domain while using People finder in sharepoint.

    Thanks,

    G


    gurvinder

    Wednesday, February 08, 2012 7:00 PM

Answers

  • If I understand you correctly, you have a MOSS 2007 farm with the SharePoint servers running Windows Server 2003. You have two domains which have a two-way domain trust. I am assuming SharePoint is installed to servers in DOMAIN1 and you want the People Picker to return users from DOMAIN2.

    Out of the box this should work without any configuration. Was the domain trust previously different (perhaps a one-way trust)? Is the trust recent?

    Also, can you please clarify what you mean when you say "when i do a search on server 2008?"

    • Marked as answer by Wayne Fan Monday, February 20, 2012 11:10 AM
    Wednesday, February 08, 2012 11:49 PM
  •  Hi,

    I agree with Jason. By default, Microsoft Office SharePoint Server 2007 talks to the domain controller for the domain in which Office SharePoint Server 2007 was installed and all trusted domains for two-way trusted domains.

    People Picker will issue queries to all two-way trusted domains and two-way trusted forests to search People & Groups out-of-the-box. People Picker uses the Windows SharePoint Services Web Application logon identity to access the target domain/forest.  If the Web Application pool does not have access to the target domain/forest, People Picker will need to be configured to use an account with access to the target domain/forest using the following STSADM operations:

    STSADM –o setapppassword –password <password>

    For the detailed information, see http://blogs.technet.com/b/wbaer/archive/2007/02/21/configuring-sharepoint-products-and-technologies-for-cross-forest-deployments.aspx

    http://technet.microsoft.com/en-us/library/cc263460(office.12).aspx

    Thanks,

    Rock Wang

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Rock Wang TechNet Community Support

    • Marked as answer by Wayne Fan Monday, February 20, 2012 11:10 AM
    Thursday, February 09, 2012 7:28 AM
  • hi guys issue resolved, i had to add IP address to tunel, and once I did that everythings works for me.

    Thanks Everyone for help


    gurvinder

    • Marked as answer by Gurvinder Gill Wednesday, February 22, 2012 3:12 PM
    Wednesday, February 22, 2012 3:12 PM

All replies

  • If I understand you correctly, you have a MOSS 2007 farm with the SharePoint servers running Windows Server 2003. You have two domains which have a two-way domain trust. I am assuming SharePoint is installed to servers in DOMAIN1 and you want the People Picker to return users from DOMAIN2.

    Out of the box this should work without any configuration. Was the domain trust previously different (perhaps a one-way trust)? Is the trust recent?

    Also, can you please clarify what you mean when you say "when i do a search on server 2008?"

    • Marked as answer by Wayne Fan Monday, February 20, 2012 11:10 AM
    Wednesday, February 08, 2012 11:49 PM
  •  Hi,

    I agree with Jason. By default, Microsoft Office SharePoint Server 2007 talks to the domain controller for the domain in which Office SharePoint Server 2007 was installed and all trusted domains for two-way trusted domains.

    People Picker will issue queries to all two-way trusted domains and two-way trusted forests to search People & Groups out-of-the-box. People Picker uses the Windows SharePoint Services Web Application logon identity to access the target domain/forest.  If the Web Application pool does not have access to the target domain/forest, People Picker will need to be configured to use an account with access to the target domain/forest using the following STSADM operations:

    STSADM –o setapppassword –password <password>

    For the detailed information, see http://blogs.technet.com/b/wbaer/archive/2007/02/21/configuring-sharepoint-products-and-technologies-for-cross-forest-deployments.aspx

    http://technet.microsoft.com/en-us/library/cc263460(office.12).aspx

    Thanks,

    Rock Wang

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Rock Wang TechNet Community Support

    • Marked as answer by Wayne Fan Monday, February 20, 2012 11:10 AM
    Thursday, February 09, 2012 7:28 AM
  • Hi Jason/Rock

    "When I do seach on server 2008" means when i m trying to use People picker on Server 2008.

    We have 2 way trust, we never had 1 way trust. I m wodering the IP address for server needs to be on tunnel between two domains?

    Thanks,

    G


    gurvinder

    Thursday, February 09, 2012 3:58 PM
  • "When I do seach on server 2008" means when i m trying to use People picker on Server 2008.

    We have 2 way trust, we never had 1 way trust. I m wodering the IP address for server needs to be on tunnel between two domains?

    The SharePoint servers do need to be able to contact the domain controllers for DOMAIN2 directly to issue the LDAP query used by the people picker. Bill Baer lists the ports required for people picker.

    I'm still confused by your Server 2008 comment. You said the servers in the farm are running Windows Server 2003. Can you please clarify how the Windows Server 2008 machines fit into your farm topology?


    Jason Warren
    Infrastructure Specialist
    Habañero Consulting Group
    www.habaneros.com/blog

    Friday, February 10, 2012 8:33 PM
  •  

    Hi,

    I guess that the server 2008 is the second domain, you access SharePoint site from this server, however, you couldn’t find users from the second domain with people picker.

    I suggest that you let your network team to use network monitor, such as Wireshark or NetMon to analyze the packet while the issue occurs.

    In addition, please make sure the SharePoint server can talk to the GC in the second domain.

    For more information about People Picker in SharePoint ( Functionality | Configuration | Troubleshooting ), please look into the following two articles:

    All you want to know about People Picker in SharePoint ( Functionality | Configuration | Troubleshooting ) Part-1

    http://blogs.msdn.com/rajank/archive/2009/09/01/all-you-want-to-know-about-people-picker-in-sharepoint-functionality-configuration-troubleshooting-part-1.aspx

    All you want to know about People Picker in SharePoint ( Functionality | Configuration | Troubleshooting ) Part-2

    http://blogs.msdn.com/rajank/archive/2009/09/20/all-you-want-to-know-about-people-picker-in-sharepoint-functionality-configuration-troubleshooting-part-2.aspx

    Thanks,

    Rock Wang

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Rock Wang TechNet Community Support


    Friday, February 17, 2012 12:12 PM
  • hi guys issue resolved, i had to add IP address to tunel, and once I did that everythings works for me.

    Thanks Everyone for help


    gurvinder

    • Marked as answer by Gurvinder Gill Wednesday, February 22, 2012 3:12 PM
    Wednesday, February 22, 2012 3:12 PM
  • How can I achieve this. Please give me saome idea because even If I approach network team I have to specify a brief analysis or reason

    Abhishek



    Abhishek

    Wednesday, May 15, 2013 7:59 AM