How to Add trust domains in the SharePoint Farm?
This article will introduce how to build trust relationship with local domain of SharePoint server, finally the users of the trusted domain can be used in the current SharePoint farm.
Example:
The local domain: spbmd10.com ; IP: 192.168.6.152(Domain control of SP).
The other domain: fl2000.com; IP:192.168.6.193.
I want to build two-way trust between the two domains and the trust type is External so that the users of the two domains can access each other’s resource.
Let’s complete it in the domain control that SharePoint server belong to by the following steps.
First, log in to domain control spbmd10.com with domain admins.
Before building the trust relationship, you need to ensure the other domain fl2003.com can be connected in the current host.
You can check it by the flowing command.
The above snapshot means the current host can’t connect the other domains control, you can complete it according to the following steps.
Add DNS server (192.168.6.193) in the local host.
Do not forget to flush DNS by the flowing command.
Now check the connection status.
It is OK now. Of course you can complete it by the other way that recommended. Because this way can synchronize DNS Records with primary name server in the local host so that increase lookup efficiency.
In the domain control fl2000.com(192..168.6.193)
Click Start >Administration>DNS, modify Zone Transfers in DNS manager, check the checkbox Allow zone transfers and select the radio button To any server or select the radio button Only the following servers and add 192.168.6.152 (the domain control of spbmd10.com), click OK.
Back to the host 192.168.6.152, create the second forward zones for fl2000.com by DNS manager by the following steps.
Click Start >Administration>DNS, right-click Forward Lookup zone,then click New Zone in the drop-down menu.
Select the radio button Second zone, click Next.
Select radio button Forward lookup zone,click Next.
Input the zone name fl2003.com, click Next.
Input the IP of the Master DNS server, press enter key, click Next.
The below snapshot means the second forward zone has been created successfully.
Now let’s start to create trust relationship between the two domains.
Input the domain name, click Next.
Select the radio button External trust, click Next.
Select the radio button Two-way, click Next.
Select the radio button Both this domains the specified domain, click Next.
Input the User name and password correctly, then click Next.
Keep the default value, click Next.
Click Next.
Click Next.
Select the second radio button, Click Next.
Select the second radio button, click Next.
Now the trust relationship was successfully created.
You can see this record in the tab Trusts.
You can check the effectiveness by adding a member to the AD group.
The key moment is connecting, check whether you can add one user of the trusted domain to one site collection which enable windows authentication.
It’s working, now users of the domain fl2003.com can be used in the current SharePoint farm.
Thank you!!! Finally a complete solution which actually works! Tested on 2 VM machines using VirtualBox. Runs perfectly!!
Hi Brian, add the trust domain only means you can add users of external domain to SharePoint site with people picker and assign permissioms to them, or users of trusted domain
can’t be added to SharePoint site and then can’t access the site. As for “Intergrated authentication does work”, i don’t see your means.
Regards
Rocky