How to Add trust domains in the SharePoint Farm?
This article will introduce how to build trust relationship with local domain of SharePoint server, finally the users of the trusted domain can be used in the current SharePoint farm.
Example:
The local domain: spbmd10.com ; IP: 192.168.6.152(Domain control of SP).
The other domain: fl2000.com; IP:192.168.6.193.
I want to build two-way trust between the two domains and the trust type is External so that the users of the two domains can access each other’s resource.
Let’s complete it in the domain control that SharePoint server belong to by the following steps.
First, log in to domain control spbmd10.com with domain admins.
Before building the trust relationship, you need to ensure the other domain fl2003.com can be connected in the current host.
You can check it by the flowing command.
The above snapshot means the current host can’t connect the other domains control, you can complete it according to the following steps.
Add DNS server (192.168.6.193) in the local host.
Do not forget to flush DNS by the flowing command.
Now check the connection status.
It is OK now. Of course you can complete it by the other way that recommended. Because this way can synchronize DNS Records with primary name server in the local host so that increase lookup efficiency.
In the domain control fl2000.com(192..168.6.193)
Click Start >Administration>DNS, modify Zone Transfers in DNS manager, check the checkbox Allow zone transfers and select the radio button To any server or select the radio button Only the following servers and add 192.168.6.152 (the domain control of spbmd10.com), click OK.
Back to the host 192.168.6.152, create the second forward zones for fl2000.com by DNS manager by the following steps.
Click Start >Administration>DNS, right-click Forward Lookup zone,then click New Zone in the drop-down menu.
Select the radio button Second zone, click Next.
Select radio button Forward lookup zone,click Next.
Input the zone name fl2003.com, click Next.
Input the IP of the Master DNS server, press enter key, click Next.
The below snapshot means the second forward zone has been created successfully.
Now let’s start to create trust relationship between the two domains.
Input the domain name, click Next.
Select the radio button External trust, click Next.
Select the radio button Two-way, click Next.
Select the radio button Both this domains the specified domain, click Next.
Input the User name and password correctly, then click Next.
Keep the default value, click Next.
Click Next.
Click Next.
Select the second radio button, Click Next.
Select the second radio button, click Next.
Now the trust relationship was successfully created.
You can see this record in the tab Trusts.
You can check the effectiveness by adding a member to the AD group.
The key moment is connecting, check whether you can add one user of the trusted domain to one site collection which enable windows authentication.
It’s working, now users of the domain fl2003.com can be used in the current SharePoint farm.
Thank you!!! Finally a complete solution which actually works! Tested on 2 VM machines using VirtualBox. Runs perfectly!!
So what about authentication? I can add users from domain B into my Sharepoint Farm on domain A but when users from domain B try to access the sharepoint site, he/she gets prompted to login and Integrated authentication does not work like it does on domain A. I also have the peoplepicker setup correctly and I have a 2-way trust. The site is also part of the trusted sites on domain B.
Hi Brian, add the trust domain only means you can add users of external domain to SharePoint site with people picker and assign permissioms to them, or users of trusted domain
can’t be added to SharePoint site and then can’t access the site. As for “Intergrated authentication does work”, i don’t see your means.
Regards
Rocky
Great info. Just what I am looking for.
Hi Rocky,
Thanks for this. It works but there are no groups being selected from the domain. I am only getting user accounts. I would like to use the Picker Tool to retrieve user groups rather than having to manually select 342 people.
is there some other setting that I am missing?
Thanks
Azubuike
PS: sorry wrong email in the previous comment!
Thanks for the purpose of giving these types of well put together data.
Greate article. Keep writing such kind of info on your
blog. Im really impressed by your site.
Hello there, You’ve done an incredible job. I will certainly digg it
and individually recommend to my friends. I’m sure they’ll be benefited from this website.
I value the knowledge on your site. Appreciate it!
I have the same issue.
Domain A (Sharepoint 2013 reside in this domain)
Domain B (trusted Domain A)
I can add the trusted domain B users but when user access to SP (domain A) it will prompt for login.
However, if domain A user access SP, it doesn’t require to login as SP already digested their Domain A\user id identity.
Is it possible to do any configuration so that our Domain B users access SP which have the same behaviour as Domain A (no need to login) ?
too many thanks for info
ممنون مطلب خوبی بود
thanks man