How to Add trust domains in the SharePoint Farm?
This article will introduce how to build trust relationship with local domain of SharePoint server, finally the users of the trusted domain can be used in the current SharePoint farm.
Example:
The local domain: spbmd10.com ; IP: 192.168.6.152(Domain control of SP).
The other domain: fl2000.com; IP:192.168.6.193.
I want to build two-way trust between the two domains and the trust type is External so that the users of the two domains can access each other’s resource.
Let’s complete it in the domain control that SharePoint server belong to by the following steps.
First, log in to domain control spbmd10.com with domain admins.
Before building the trust relationship, you need to ensure the other domain fl2003.com can be connected in the current host.
You can check it by the flowing command.
The above snapshot means the current host can’t connect the other domains control, you can complete it according to the following steps.
Add DNS server (192.168.6.193) in the local host.
Do not forget to flush DNS by the flowing command.
Now check the connection status.
It is OK now. Of course you can complete it by the other way that recommended. Because this way can synchronize DNS Records with primary name server in the local host so that increase lookup efficiency.
In the domain control fl2000.com(192..168.6.193)
Click Start >Administration>DNS, modify Zone Transfers in DNS manager, check the checkbox Allow zone transfers and select the radio button To any server or select the radio button Only the following servers and add 192.168.6.152 (the domain control of spbmd10.com), click OK.
Back to the host 192.168.6.152, create the second forward zones for fl2000.com by DNS manager by the following steps.
Click Start >Administration>DNS, right-click Forward Lookup zone,then click New Zone in the drop-down menu.
Select the radio button Second zone, click Next.
Select radio button Forward lookup zone,click Next.
Input the zone name fl2003.com, click Next.
Input the IP of the Master DNS server, press enter key, click Next.
The below snapshot means the second forward zone has been created successfully.
Now let’s start to create trust relationship between the two domains.
Input the domain name, click Next.
Select the radio button External trust, click Next.
Select the radio button Two-way, click Next.
Select the radio button Both this domains the specified domain, click Next.
Input the User name and password correctly, then click Next.
Keep the default value, click Next.
Click Next.
Click Next.
Select the second radio button, Click Next.
Select the second radio button, click Next.
Now the trust relationship was successfully created.
You can see this record in the tab Trusts.
You can check the effectiveness by adding a member to the AD group.
The key moment is connecting, check whether you can add one user of the trusted domain to one site collection which enable windows authentication.
It’s working, now users of the domain fl2003.com can be used in the current SharePoint farm.
Thank you!!! Finally a complete solution which actually works! Tested on 2 VM machines using VirtualBox. Runs perfectly!!
So what about authentication? I can add users from domain B into my Sharepoint Farm on domain A but when users from domain B try to access the sharepoint site, he/she gets prompted to login and Integrated authentication does not work like it does on domain A. I also have the peoplepicker setup correctly and I have a 2-way trust. The site is also part of the trusted sites on domain B.
Hi Brian, add the trust domain only means you can add users of external domain to SharePoint site with people picker and assign permissioms to them, or users of trusted domain
can’t be added to SharePoint site and then can’t access the site. As for “Intergrated authentication does work”, i don’t see your means.
Regards
Rocky
Great info. Just what I am looking for.
Hi Rocky,
Thanks for this. It works but there are no groups being selected from the domain. I am only getting user accounts. I would like to use the Picker Tool to retrieve user groups rather than having to manually select 342 people.
is there some other setting that I am missing?
Thanks
Azubuike
PS: sorry wrong email in the previous comment!
I value the knowledge on your site. Appreciate it!
I have the same issue.
Domain A (Sharepoint 2013 reside in this domain)
Domain B (trusted Domain A)
I can add the trusted domain B users but when user access to SP (domain A) it will prompt for login.
However, if domain A user access SP, it doesn’t require to login as SP already digested their Domain A\user id identity.
Is it possible to do any configuration so that our Domain B users access SP which have the same behaviour as Domain A (no need to login) ?
Looks realy great! Thanks for the post.
Magnificent website. A lot of helpful info here. I am
sending it to a few pals ans additionally sharing in delicious.
And obviously, thank you to your effort!
I am truly thankful to the owner of this web site who has shared this wonderful post
at at this place.
of course like your website however you need to test the spelling on quite a few of your
posts. Several of them are rife with spelling issues and I in finding
it very bothersome to tell the reality on the other hand
I’ll surely come back again.
Excellent, what a website it is! This blog provides valuable data to us,
keep it up.
Hello, I desire to subscribe for this webpage
to obtain most up-to-date updates, so where can i do it please assist.
Please, upgrade for Sharepoint 2016 and Domain Controler 2012 R2!! This is my case.
Thanks.