Welcome: Guest!

MOSS Forum

 
Home » Forum » MOSS       Ask a questionRSS Feeds

Allowing only a single AD domain access to SharePoint

  Asked By: Willis Camacho         Date: Dec 30, 2008      Category: MOSS      Views: 513
 

We're in the process of setting up a new SharePoint 2007 (MOSS) server
and intend to set it up so that it has multiple domains associated
with it; however, we want to limit the AD domains that get used within
SharePoint. For instance, we might allow DomainA, DomainB, and
DomainC via trusts, but we only want users to be able to access using
their accounts on DomainB and disallow access requests from any other
domain. Is this doable in MOSS configuration? We can deal with
having the whole domain allowable or even by limiting to a particular
OU within the domain.

Tagged:                

 

6 Answers Found

 
Answer #1       Answered By: Rosemarie Cervantes          Answered On: Dec 30, 2008       

This is fairly key in our overall implementation planning, so
if anyone has any clues, even if it's just a flat "no", it'd be useful.

 
Answer #2       Answered By: Manan Kadu          Answered On: Dec 30, 2008       

You can limit, on a Site Collection basis, what domains are available.
See mindsharpblogs.com/.../1307.aspx and
blogs.technet.com/.../configuring-sharepoint
-products-and-technologies-for-cross-forest-deployments.aspx for more
info.

However, nothing will stop your users from entering the name in the
format of domain\username. The above commands limit the people picker in
those domains. I am not an AD guru, so there could be a way through AD
permission to control this.

 
Answer #3       Answered By: Tonia Franco          Answered On: Dec 30, 2008       

Interesting question. I imagine it would work like setting  up an extranet in
Sharepoint. (Many ways to do it I am sure) possibly using forms authentication
may provide a solution also.

1) install extranet domain  controller
2) configure one way trust
3) install microsoft certificate services
4) install internet security and acceleration server 2004
5) install sharepoint  Services

 
Answer #4       Answered By: Amareswar Karkera          Answered On: Dec 30, 2008       

The only way I can think to do this is to set up moss in its own fo

 
Answer #5       Answered By: Cheyenne Jacobson          Answered On: Dec 30, 2008       

The only way I csn think to do this is to set up mos in its own forest and then
put in a one way non transitive trust to the domain  that you want to have access

Will mean you need an aditional 2 servers / dc's for your solution tho

 
Answer #6       Answered By: Makayla Lewis          Answered On: Dec 30, 2008       

We pretty much fully expected that the answer - at least OOB - would
be no. We might just go with limiting what's available in the People
Picker, since there aren't that many people that bother with the
"domain\" prefix. However, with the headaches associated with trying
to migrate users within a domain  to another domain in SharePoint
(something we've been bitten by), we were hoping there'd be a way to
just ignore the migration problems entirely and make the deployment
force it for us.

 
Didn't find what you were looking for? Find more on Allowing only a single AD domain access to SharePoint Or get search suggestion and latest updates.


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011