MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Allowing only a single AD domain access to SharePoint

  Asked By: Willis    Date: Dec 30    Category: MOSS    Views: 1921

We're in the process of setting up a new SharePoint 2007 (MOSS) server
and intend to set it up so that it has multiple domains associated
with it; however, we want to limit the AD domains that get used within
SharePoint. For instance, we might allow DomainA, DomainB, and
DomainC via trusts, but we only want users to be able to access using
their accounts on DomainB and disallow access requests from any other
domain. Is this doable in MOSS configuration? We can deal with
having the whole domain allowable or even by limiting to a particular
OU within the domain.



6 Answers Found

Answer #1    Answered By: Rosemarie Cervantes     Answered On: Dec 30

This is fairly key in our overall implementation planning, so
if anyone has any clues, even if it's just a flat "no", it'd be useful.

Answer #2    Answered By: Manan Kadu     Answered On: Dec 30

You can limit, on a Site Collection basis, what domains are available.
See mindsharpblogs.com/.../1307.aspx and
-products-and-technologies-for-cross-forest-deployments.aspx for more

However, nothing will stop your users from entering the name in the
format of domain\username. The above commands limit the people picker in
those domains. I am not an AD guru, so there could be a way through AD
permission to control this.

Answer #3    Answered By: Tonia Franco     Answered On: Dec 30

Interesting question. I imagine it would work like setting  up an extranet in
Sharepoint. (Many ways to do it I am sure) possibly using forms authentication
may provide a solution also.

1) install extranet domain  controller
2) configure one way trust
3) install microsoft certificate services
4) install internet security and acceleration server 2004
5) install sharepoint  Services

Answer #4    Answered By: Amareswar Karkera     Answered On: Dec 30

The only way I can think to do this is to set up moss in its own fo

Answer #5    Answered By: Cheyenne Jacobson     Answered On: Dec 30

The only way I csn think to do this is to set up mos in its own forest and then
put in a one way non transitive trust to the domain  that you want to have access

Will mean you need an aditional 2 servers / dc's for your solution tho

Answer #6    Answered By: Makayla Lewis     Answered On: Dec 30

We pretty much fully expected that the answer - at least OOB - would
be no. We might just go with limiting what's available in the People
Picker, since there aren't that many people that bother with the
"domain\" prefix. However, with the headaches associated with trying
to migrate users within a domain  to another domain in SharePoint
(something we've been bitten by), we were hoping there'd be a way to
just ignore the migration problems entirely and make the deployment
force it for us.

Didn't find what you were looking for? Find more on Allowing only a single AD domain access to SharePoint Or get search suggestion and latest updates.