Hello all,As you can well surmise, I've installed SharePoint 2007 on a server and require assistance. We have two sites. The primary site is for internal use only and the other site, a sub-site, is for communications and collaboration with select colleague organizations who are not members of our domain. How can I add these users to allow them access to this sub-site without giving them user accounts in our domain?What I have done so far is enable SSO and add our users to have rights on the root site. That all works. I then created the sub-site. As a test from a thread I found, I added my GMail account username as a local user account on the SharePoint server. This did, indeed, allow me to add that user and give him rights to login, but I discovered that there is no way to modify the user's profile and, thusly, cannot specify an email address. What good is SharePoint is you can't get email notifications from it?It then occured to me to create a new user group in the DC and create accounts for them there while at the same time limiting their access to only the SharePoint server and not have any local or remote login rights. Interestingly, the accounts will login after three tries, and then shows blank pages. Anyway, what I need is to get these users in, have enough profile information that they can receive email from the server as needed and uniquely identify themselves in some ways (i.e., avatar, position/title, etc.), and not allow them even basic access to any internal systems. I must admit some surprise that there's no way to have a simple RADIUS authentication scheme in place which works alongside domain authentication. Thoughts on this will be most appreciated. Sincerely,Tyler * Tyler Regas | MSP Administrator | General Nerd * MSPBoards.com | http://www.mspboards.com * Servicing The Managed Service Provider Community

Hi, Did you consider a custom membership provider? For example, a xml membership provider. You can put all your external users in a xml file and configure the provider in SharePoint. I have configured one, and it is working like a charm. In case, you are interested by this solution you can find more details in this article : http://msdn.microsoft.com/en-us/library/bb975135.aspx Hope this was helpful. Regards, Djamel Chagour http://spbyexamples.blogspot.com/ http://mosslogviewer.codeplex.com/

Djamel,Thanks, but having looked it over, its way past my scope of ability. I'm sure that I could eventually implement it, but I'm not a coder. That said, I can cut and paste and I'm handy with existing code in PHP and HTML, but C# isn't in my radar and I'm not even sure where I'd start. I know I'd have to have whatever development suite MS is offering these days just to get it rolled and compiled, and that kind of statement clearly indicates where I'm lacking :) Here's another question which is associated with this: Is there a way to edit user profiles in SP? If I can get them in on the server's local users and groups, then I can simply edit the profiles to add what's missing. Its not like we're expecting a large crew on this site. Thanks again!Tyler * Tyler Regas | MSP Administrator | General Nerd * MSPBoards.com | http://www.mspboards.com * Servicing The Managed Service Provider Community

Hi Tyler, If you can add the group of users to your AD the SharePoint will recognize them. SharePoint manages user via the Share Services Provider (SSP). You can open the SSP by going to : Central Admin > Click your SSP link on Shared services administration section on the left pane > User profiles and properties > View user profiles. Ensure that the users you want are there. If not, Click on Start Incremental import. After this, you must grant access to those users to your site collection by navigating to it, then Site Actions > Site settings > People and groups > Choose the SharePoint group (vistors for example) and add your users or the group they are member of. Regards, Djamel Chagour http://spbyexamples.blogspot.com/ http://mosslogviewer.codeplex.com/

Hi Tyler, Could you please let me know if Djamel's suggestion is helpful for your issue? If you need further assistance, please feel free to let me know. Have a nice day! Lambert Qin TechNet Subscriber Support in forum If you have any feedback on our support, please contact mtngfb@microsoft.com Sincerely, Lambert Qin Posting is provided "AS IS" with no warranties, and confers no rights.

This didn't work as it turns out that the problems we're having with our PDC appear to be affecting our ability to better manage SP2007. I can, however, add them to the SP2007 server as local users, but then I have no way of modifying the user's profiles, and without email addresses applied through which the server can send out notifications, its someone useless. I have tried to install SP2010, following all procedures and meeting all of the hardware and storage requirements x4, and I was unable to get it to work. I have to say that, so far, SharePoint has been very disappointing. I find it rather inconceivable that a SharePoint admin with full admin rights does not have the ability to modify a users profile data at all. Very unprofessional. If you have any ideas on how to make 2007 do what it should do or make 2010 actually work at all, that would be fantastic.I apologize for my unpleasant tone. Of late we have been "sold" a number of things and the reality doesn't meet the promise, not even half way. Thank you,Tyler * Tyler Regas | MSP Administrator | General Nerd * MSPBoards.com | http://www.mspboards.com * Servicing The Managed Service Provider Community

Tyler - Did you try what Djamel mentioned? I did the same thing in my company long back and it works perfectly. Just add the external users to the AD and Sharepoint will automatically pick them up during synchronization. No change is required on the sharepoint end.If the external users are from a different domain, make sure Trust is created in AD.- Abi

Abi,I did try this and for some reason the users I added cannot login. I simply added an OU to our domain and created the users I needed with the profile data required. Two things happen, though. One, when I add them and select the option to email them notification, outgoing mail will not work. Two, when I go into the SSO settings I find that the two admin account fields are empty, and when I try to insert valid domain admin accounts in there and save them, it denies that these accounts have rights. 1. What can I do to get this working correctly?2. Is there a simple method which will allow me to directly edit user profile data in SharePoint, either in the UI or even if I have to modify the SQL tables?3. I wouldn't need to add a domain trust to the AD since the user accounts exist in our AD, correct?Thank you,Tyler * Tyler Regas | MSP Administrator | General Nerd * MSPBoards.com | http://www.mspboards.com * Servicing The Managed Service Provider Community

Tyler, I'm in a similar position to you as I have a number of Internal Sharepoint sites and running up a number of 'External' sites for which I need to give access to both our internal staff and a few external people. When I say 'external people' I mean people not from our organization who work for other unrelated companies. At this stage I have incoming email running fine. Various lists are all mail enabled as per the various instruction about the place. That all works fine. I can access my Sharepoint site externally - all good. Now adding external users so what I did was: 1) Create a new OU called Sharepoint in AD (this is the same OU that the incoming mail looks for to create groups etc) 2) I made a separate OU in here for my particular project 3) I created new accounts for all the external people 4) I went into their accounts and specified their external email addresses 5) I made a group in AD called ExternalSharepointUsers and put all these people in that group 6) Set that group NOT to have access to anything on the network At this point I added a single one of these external users as a member of that particular Sharepoint site - and this is where it plays up. It adds the users fine BUT I get an error trying to send the email to their external email address. I have checked over and over the Outgoing mail settings and they are fine. Adding an internal domain user works fine and it sends out an email. So I appear to be stuck at the same point as you :( The stupid thing is, it adds the user to the site and despite the email notification error the external user can log in and use the site fine! They jsut cannot get any emails from the site :( Exchange 2007 if it helps. Any assistance is and would be greatly appreciated.

Dread73, It's been a long time since you posted this but thought I would replyanyway. I'm looking at some of these issues as well and it may be that your sharepoint server is not allowed to relay email to the Internet. We have our email system setup that only specific machines are allowed to relay to the outside. Scott

Cheers ZSquared, I had forgotten all about this myself as I shelved the project. We do have our Exchange box locked to only send/receive to a third party mail filtering service but I did include the Sharepoint mail relay in the allowed list with no result :(