User Profile Import from a trusted domain
Hello Experts
Here is the scenraio:
SharePoint2007 is joined to Domain A (resource forest)
Users are from Domain B (Account forest)
We have a One Way Forest Trust between the Domains, where Domain A trusts Domain B.
When configuring User Profile Import from Domain B, we get the below error message and the connection si not created.
"An error occurred while validating or updating the directory service connection. No connection was added."
Yes, we are giving the correct Domain name, using port 389, auto discovery of domain controller and using an account from Domain B for authentication.
We referred this article though it didnt apply in our case -
http://support.microsoft.com/kb/928622.
Any thoughts why this is happening ?
And question in mind is, do we need a trust in place for user profile import to work ?
Please help.
/T
January 13th, 2011 9:54am
Hi,
Please refer
http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/b8e639c5-859e-4e5c-83a5-880b71d9923f
which says
n order to set up the user import from external domain - the trust will have to be a 2-way trust at the time the import is configured. Once the import is configured you can drop the trust back to a one-way trust.Regards, Pratik Vyas | SharePoint Consultant | http://sharepointpratik.blogspot.com/
Free Windows Admin Tool Kit Click here and download it now
January 13th, 2011 10:44am
Hi
THanks for the reply. We have another setup similar to this with the One way trust and the same user profile import feature works. 2-way trust is guess is NOT a requirement.
/T
January 13th, 2011 11:15am
Hi,
Please try the following steps to troubleshoot your issue:
1.
check
the
following
list of ports,
make sure they have
be opened on the firewall:
389 (UDP / TCP) for LDAP
135 (TCP) for RPC
139 (TCP) for communication, then the DCOM port (TCP) that is returned by the 139 request.
88 (TCP) for kerberos authentication
*445 (TCP) (Directory services)
2.
Have you set AAM for your SSP web application? If yes, make sure it configure
properly.
3.
Which account are you using for importing user profiles from the connection? Did the account have access to the target domain?
I think this article can help you:
http://technet.microsoft.com/en-us/library/cc263247(office.12).aspx
Let me know the result.
Xue-Mei Chang
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comXue-Mei Chang
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2011 4:19am
Hi,
Please try the following steps to troubleshoot your issue:
1.
check
the
following
list of ports,
make sure they have
be opened on the firewall:
389 (UDP / TCP) for LDAP
135 (TCP) for RPC
139 (TCP) for communication, then the DCOM port (TCP) that is returned by the 139 request.
88 (TCP) for kerberos authentication
*445 (TCP) (Directory services)
2.
Have you set AAM for your SSP web application? If yes, make sure it configure
properly.
3.
Which account are you using for importing user profiles from the connection? Did the account have access to the target domain?
I think this article can help you:
http://technet.microsoft.com/en-us/library/cc263247(office.12).aspx
Let me know the result.
Xue-Mei Chang
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comXue-Mei Chang
January 14th, 2011 4:19am