locked
People picker - Users from other domain RRS feed

  • Question

  • Hi

    I have a SharePoint farm with two WFE:s in a domain (INTERNAL). Most of the users reside in the same domain but we also have another domain EXTERNAL where there is a one-way trust (EXTERNAL trust INTERNAL).

    To be able to solve this we have one WFE in the farm in the EXTERNAL domain. Users that reside in the EXTERNAL domain is being redirected to the EXTERNAL WFE where they can access the web application. 

    Most of the site administrators resides in the INTERNAL domain so they would like to manage permissions for users both in INTERNAL and EXTERNAL domain. I would like to be able to add users with the people picker from the EXTERNAL domain from the WFE:s in the INTERNAL domain but it doesn't seem to work. We have tried peoplepicker-searchadforests with different combinations but with no luck. The user profile import from the EXTERNAL domain is working just fine.

    When going directly against the WFE in the EXTERNAL domain we can add users from both domains.

    I just would like to verify that this setup where EXTERNAL trusts INTERNAL and not the other way should work when using the people picker from the INTERNAL domain. I would be very grateful if someone could give a clear answer on that.

    Best regards,
    Niclas


    Niclas Carlsson
    • Edited by BlindBoyGrunt Thursday, December 30, 2010 9:53 AM Missing text
    Thursday, December 30, 2010 9:38 AM

Answers

  • Hey Niclas,

    Your explanation already defines what's going on.  As you noted, the EXTERNAL domain trusts the INTERNAL domain, but not the other way around.  This being the case, one would expect the PeoplePicker to work for both EXTERNAL and INTERNAL users when conducted from the EXTERNAL WFE.  In the same way, since there is not trust, one would expect the PeoplePicker to only work with INTERNAL users from the INTERNAL WFE.

    This appears to be the case, judging from your description above.

    That being so, it is working as designed and expected.

    Hope that helps.


    I trust that answers your question...

    Thanks
    C

    http://www.cjvandyk.com/blog
    • Marked as answer by BlindBoyGrunt Tuesday, January 4, 2011 6:47 AM
    Thursday, December 30, 2010 2:05 PM
    Answerer

All replies

  • Hey Niclas,

    Your explanation already defines what's going on.  As you noted, the EXTERNAL domain trusts the INTERNAL domain, but not the other way around.  This being the case, one would expect the PeoplePicker to work for both EXTERNAL and INTERNAL users when conducted from the EXTERNAL WFE.  In the same way, since there is not trust, one would expect the PeoplePicker to only work with INTERNAL users from the INTERNAL WFE.

    This appears to be the case, judging from your description above.

    That being so, it is working as designed and expected.

    Hope that helps.


    I trust that answers your question...

    Thanks
    C

    http://www.cjvandyk.com/blog
    • Marked as answer by BlindBoyGrunt Tuesday, January 4, 2011 6:47 AM
    Thursday, December 30, 2010 2:05 PM
    Answerer
  • Hi

    Ok so there is no way for tricking the people picker from adding EXTERNAL users when accessing the INTERNAL WFE:s? I thought that it somehow could be achived as the user profile import works when importing users from the EXTERNAL domain to the SSP that is located in the INTERNAL domain.

    One thing that I find strange is that the people picker worked instantly in the EXTERNAL WFE:s for users for from both EXTERNAL and INTERNAL. I thought that if there was a one-way trust the we have to run the peoplepicker-searchadforests for accessing users in the other domain.

    Best regards,
    Niclas


    Niclas Carlsson
    Thursday, December 30, 2010 2:11 PM