November Happy Hour will be moved to Thursday December 5th.
AI OnAI Off
Multiple ActiveDirectoys?
Vote:
Hello,
Is it possible to integrate EPiServer with multiple ActiveDirectorys? Lets say that there is 2 AD's that needs to be used from 1 EPiServer site. Can this be done and how?
I tried to look for info regarding ActiveDirectoy trusts and maybe if that would work but havent been able to find any useful info on the subject.
Thank you.
Sep 17, 2007 11:49
Hi,
I'm looking for more information regarding this as well. Has anyone sucessfully used multplie ADs? Or letting a user from a trusted AD log in?
// Kind regards, Torbjörn
Oct 10, 2011 7:52
Yes i have manged this and by using the GC:\\ moniker, it works although their is a small bug in EPiServer where you have to use the following format :
GC://fabrikam.com/DC=sales,DC=fabrikam,DC=com
To enable the global catalog please see : http://technet.microsoft.com/en-us/library/cc758330(WS.10).aspx
Oct 12, 2011 16:29
Hi,
I'm not really good at Active Directory, but are you sure that this solves the problem with connecting to multiple ADs? I found this definition of Global Catalog (http://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx):
"The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest."
So, doesn't the Global Catalog only support mutiple domains within one, and only one AD? Or are Trusted ADs added to the forest?
// Regards, Torbjörn
Oct 12, 2011 17:15
I will need to double check this although i think trusted AD's were also added to the forest, as the primary active directory should replciate every object in all of the other AD's.
“When a workstation in one forest attempts to access data on the resource computer in another forest, Kerberos contacts the domain controller for a service ticket to the SPN of the resource computer. Once the domain controller queries the global catalog and identifies that the SPN is not in the same forest as the domain controller, the domain controller sends a referral for its parent domain back to the workstation. At that point, the workstation queries the parent domain for the service ticket and follows the referral chain until it gets to the domain where the resource is located.”
Please see : http://technet.microsoft.com/en-us/library/cc773178(WS.10).aspx and http://technet.microsoft.com/en-us/library/cc772808(WS.10).aspx
Oct 12, 2011 17:41
The easy solution is to build your own Membership /Role provider
Take a look at thos blog post
http://world.episerver.com/Blogs/Anders-Hattestad/Dates/2010/11/AD-RoleProvider/
or these
http://world.episerver.com/Blogs/Anders-Hattestad/Dates/2010/12/Multiplexing-providers/
Oct 12, 2011 20:51
Thanks Anders, those three blog posts looks promising!
Thank you Minesh as well!
Oct 12, 2011 21:54
