Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Setting up an extranet for an exsisting intranet SharePoint solution

  Asked By: Srikant    Date: Jul 25    Category: Sharepoint    Views: 2030

I am hoping some SharePoint Administrators can give a SharePoint
developer some input here.

Our company's SharePoint Implementation is the following:

Only the internal Boxes exsist.

I am wanting to know if we include an ISA Server can you provide
Extranet access through SSL and Reverse Proxy?


I was wondering if anybody has implemented a solution such as this.



9 Answers Found

Answer #1    Answered By: Alisha Holmes     Answered On: Jul 25

What needs to be on the DMZ box in order for this configuration to

Answer #2    Answered By: Laura Walker     Answered On: Jul 25

Usually, we recommend putting the entire farm in the DMZ along with a
separate Active Directory that trusts your internal  directory that hosts
your extranet  clients.

Does this help?

Answer #3    Answered By: Percy Beach     Answered On: Jul 25

interesting... i am looking into pretty much the same thing, the only thing is that i dont really want to do it with our portal environment, only a collection of WSS sites.

its theoretically as easy as:

create pinholes between an internal  AD server  and your "dmz" AD
establish a 1 way trust so that your dmz ad trusts your internal ad

thats pretty much where im at.. i still dont like the idea of IT creating accounts, so im wondering with this sort of setup, is it possible to run in
"account creation mode" with the dmz AD? if not it certainly puts IT in a strange place.. perhaps thedotnetfactory software and some delegation would be needed.

Answer #4    Answered By: Christop Mcfadden     Answered On: Jul 25

In Account Creation Mode, the trusted "internal AD" is not used. When users are added to sites, WSS is going to look in the configured OU of the domain for an existing account (same email, same site collection). It will not look in your internal  AD.

That said, I am contemplating the setup you describe. I have a WSS Password Reset application, so the IT group can be hands-off.

Answer #5    Answered By: Kundan Jambhale     Answered On: Jul 25

yes.. most interesting...

the WSS password reset thing, is that tough to implement or do you think i should look into something like www.thedotnetfactory.com/PasswordManager.aspx?

wow, so it can be done!

i will work on getting external wss with account creation mode as well as a trust into our domain..

the next question, maybe you guys can provide a quick link:
how is WSS licensed? does it consume a windows cal? our company has use rights for microsoft  but i dont think those use rights extend to partners.. how does that work?

Answer #6    Answered By: Alyssa Butler     Answered On: Jul 25

WSS contains a password reset page. The OOB reset page requires the user to be logged on. The "hole" in the process is, how do you reset if you forgot your password. That is the solution  I wrote. I will send you contact info off-line if you wish to discuss further.

My understanding of the MS licensing is that you require an External Connector: www.microsoft.com/.../sharepoint.mspx

Lastly, the 1:1 correlation is between AD account and site collection (not site).

Answer #7    Answered By: Katy Patton     Answered On: Jul 25

Account creation mode has it’s own problems, like a 1:1 correlation between the AD account the site. So if you need to add the same person to a second site a second AD account is created.

Answer #8    Answered By: Ana Payne     Answered On: Jul 25

We quietly sell a highly configurable Change Password Web Part.
You can download a trial version here:

Answer #9    Answered By: Hema Hegde     Answered On: Jul 25

If a company already has an exsisting SharePoint solution  as we do.

Everything Internal

What is the best solution for providing extranet  access?