locked
Forcing domain switch on Sharepoint login? RRS feed

  • Question

  • We have an interesting problem in that we have users in two domains (let's call them DOM1 and DOM2 for anonimity's sake) and we use Windows Integrated NTLM authentication. All the accounts in DOM2 are duplicated in DOM1 (& have the same passwords). What we would like is for users to be authenticated against DOM1 even 'tho the user is currently logged in to the DOM2 domain. We want this to be transparent to the user; ie, DOM2\user1 "becomes" DOM1\user1 without the user having to do the "sign in as a different user" operation. Is this somehow possible at the IIS level or with some coding trick on the Sharepoint end? It would seem to be a simple thing (at least, in concept), changing DOM2\user1 to DOM1\user1 and then everything subsequently would be as if the user had intentionally logged in as DOM1\user1.
    Thursday, November 4, 2010 2:08 AM

Answers

All replies

  • It is possible on Domain level. Make domains trusted http://technet.microsoft.com/en-us/library/cc961481.aspx
    Oleg
    • Marked as answer by David HM Thursday, November 11, 2010 6:54 AM
    Thursday, November 4, 2010 1:53 PM
  • Glen,

    Simply changing from DOM1\user1 to DOM2\user1 will not work. We are talking about NTML which have token created based on GUID of users which is unique.

    Method described by Oleg is one approach, the other one is to setup Active Directory Federation Serveice which will allow you to implement SSO.

     

    • Marked as answer by David HM Thursday, November 11, 2010 6:54 AM
    • Edited by Mike Walsh FIN Thursday, December 9, 2010 5:48 PM Sig removed. Do NOT ask people to mark your posts.
    • Unmarked as answer by Mike Walsh FIN Thursday, December 9, 2010 5:48 PM
    Thursday, November 4, 2010 5:33 PM