Single Sign On between SharePoint 2007 and Perimeter and Corporate Domain RRS feed

  • Question

  • Hi All,

    I have a DMZ server where the SharePoint 2007 site is hosted. This site is NT Enabled. It has its own domain. External customers credentials are created in this domain to access the SharePoint site. Internal users are created in Corporate domain and there is a trust relationship between the Perimeter network and the corporate domain. User ACLs are also created in the SharePoint servers. Using the trust the Internal users are authenticated and based on the Access Control List in SharePoint internal users are authorised for the resources. I would like your opinion and valuable suggestion.

    1. Give access to internal users to SharePoint site without having the Trust relationship in place. I want to remove the trust between the perimeter network and my corporate domain.

    2. Keep the Access Control List in the SharePoint server intact and users are validated against this.

    3. Do I need to perform any user profile synchronization for existing users?

    Please let me know if you require further information.

    Thanks & Regards



    Wednesday, July 2, 2014 11:25 AM


  • May I ask why you want to remove the trust? I'm assuming it's a one-way trust where the perimeter domain trusts the internal domain. This is a typical and secure method to having internal users authenticate within DMZ resources.

    1. If you remove the trust, you will need another authentication method for the internal users.

    2. I'm assuming you mean the SharePoint permissions. If you change authentication providers to support removing the trust, you can use the migrateuser stsadm operation to migrate internal users from their old username to their new username. The effort needed for this task is entirely dependent on how many users you have accessing SharePoint.

    3. Are you using user profile synchronization currently?

    Monday, July 7, 2014 5:48 PM