Multiple ActiveDirectoys?

Vote:
 
Hello, Is it possible to integrate EPiServer with multiple ActiveDirectorys? Lets say that there is 2 AD's that needs to be used from 1 EPiServer site. Can this be done and how? I tried to look for info regarding ActiveDirectoy trusts and maybe if that would work but havent been able to find any useful info on the subject. Thank you.
#13204
Mar 25, 2008 18:35
Vote:
 

Hi,

I'm looking for more information regarding this as well. Has anyone sucessfully used multplie ADs? Or letting a user from a trusted AD log in?

 

// Kind regards, Torbjörn

#54308
Oct 10, 2011 7:52
Vote:
 

Yes i have manged this and by using the GC:\\ moniker, it works although their is a small bug in EPiServer where you have to use the following format :

GC://fabrikam.com/DC=sales,DC=fabrikam,DC=com

To enable the global catalog please see : http://technet.microsoft.com/en-us/library/cc758330(WS.10).aspx 

#54378
Oct 12, 2011 16:29
Vote:
 

Hi,

I'm not really good at Active Directory, but are you sure that this solves the problem with connecting to multiple ADs? I found this definition of Global Catalog (http://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx):

"The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest."

So, doesn't the Global Catalog only support mutiple domains within one, and only one AD? Or are Trusted ADs added to the forest?

// Regards, Torbjörn

#54382
Oct 12, 2011 17:15
Vote:
 

I will need to double check this although i think trusted AD's were also added to the forest, as the primary active directory should replciate every object in all of the other AD's.

“When a workstation in one forest attempts to access data on the resource computer in another forest, Kerberos contacts the domain controller for a service ticket to the SPN of the resource computer. Once the domain controller queries the global catalog and identifies that the SPN is not in the same forest as the domain controller, the domain controller sends a referral for its parent domain back to the workstation. At that point, the workstation queries the parent domain for the service ticket and follows the referral chain until it gets to the domain where the resource is located.”

Please see : http://technet.microsoft.com/en-us/library/cc773178(WS.10).aspx and http://technet.microsoft.com/en-us/library/cc772808(WS.10).aspx

#54383
Oct 12, 2011 17:41
Vote:
 

Thanks Anders, those three blog posts looks promising!

Thank you Minesh as well!

#54388
Oct 12, 2011 21:54