SharePoint 2013 One Way Trust Issue

Msdc 271 Reputation points
2020-10-16T12:22:35.217+00:00

Hello,

I have a issue that has started after a one way trust was created within our environment. Domain A has always been the main domain/ad environment used for years. New Domain B users wanted access to our SharePoint environment so a one way trust was created. Now users from Domain B are gaining access but of course SharePoint has no clue of the actual username being pulled in by Domain B. What steps need to be made to allow me to start granting Domain B usernames access to all the lists/sites etc within SharePoint? Is it just a matter of getting a login to setup a user profile sync to DomainB to pull in the users? Thanks a bunch

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,236 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,818 questions
Accepted answer
  1. Trevor Seward 11,691 Reputation points
    2020-10-16T19:15:32.49+00:00

    To configure this for a one way trust, you will need to have an account in the target forest. This account should be a standard Domain User account and have rights to read all of the user objects you want to expose in SharePoint; this is the default config for Domain User accounts.

    1) Set an Application Password. This must be done on each farm member and must be the same value.

    2) Configure the People Picker for each domain you want to show. The domain in the one-way trust will leverage the user account created for you.

    See https://thesharepointfarm.com/2014/01/powershell-for-people-picker-properties/.

    Application Key, run once per farm member:

    $key = ConvertTo-SecureString "Password1" -AsPlainText -Force
[Microsoft.SharePoint.SPSecurity]::SetApplicationCredentialKey($key)

    Domain, performed once per domain with a username and password used for one-way trusts but left out for domains using a two-way trust.

    $wa = Get-SPWebApplication http://webAppUrl
$adsearchobj = New-Object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
$userpassword = ConvertTo-SecureString "UserPassword1" -AsPlainText -Force #Password for the user account CONTOSO\s-useraccount
$adsearchobj.DomainName = "contoso.com"
$adsearchobj.ShortDomainName = "CONTOSO" #Optional
$adsearchobj.IsForest = $true #$true for Forest, $false for Domain
$adsearchobj.LoginName = "s-useraccount"
$adsearchobj.SetPassword($userpassword)

$wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($adsearchobj)
$wa.Update()
    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Emily Du-MSFT 41,946 Reputation points Microsoft Vendor
    2020-10-19T07:49:36.42+00:00

    @Msdc
    If Trevor’s answer is helpful to you, please remember to accept it.

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments