SQL Server Windows Authentication using ADFS

Hi SQL experts,

I have two AD forests without any kind of trust:

  • customer.internal (forest level 2012 R2)
  • service.internal (forest level 2012 R2)

Now I have a SQL Server 2012 Standard in the service.internal domain and I need to authenticate to this server from the domain customer.internal.

Can I use ADFS for this?

Thank you very much!
Sebastian

May 27th, 2015 7:10am

Hello,



It seems it does not work completely based on the following thread.

http://dbaspot.com/ms-sqlserver/399116-using-adfs-authenticate-sql.html  

Please read the following resources. You will find two different options to do that.

http://www.mssqltips.com/sqlservertip/3250/connect-to-sql-servers-in-another-domain-using-windows-authentication/

http://drekendrop.blogspot.com/2011/03/sql-server-2008-r2-connect-to-different.html



Hope this helps.

Regards,

Alberto Morillo
SQLCoffee.com

Free Windows Admin Tool Kit Click here and download it now
May 27th, 2015 10:34am

Also this is a scenario where SQL Auth is typically used.

David

May 27th, 2015 11:42am

Hello,



It seems it does not work completely based on the following thread.

http://dbaspot.com/ms-sqlserver/399116-using-adfs-authenticate-sql.html  

Please read the following resources. You will find two different options to do that.

http://www.mssqltips.com/sqlservertip/3250/connect-to-sql-servers-in-another-domain-using-windows-authentication/

http://drekendrop.blogspot.com/2011/03/sql-server-2008-r2-connect-to-different.html



Hope this helps.

Regards,

Alberto Morillo
SQLCoffee.com

Free Windows Admin Tool Kit Click here and download it now
May 27th, 2015 2:28pm

Hi David,

I know well this possibility but it is not an option, because the application (Enterprise Vault) does not support this.

Thanks anyway and best regards,
Sebastian

May 28th, 2015 2:33am

Hi Alberto,

thank you for this link, I will give it a try myself.

Best regards,
Sebastian

Free Windows Admin Tool Kit Click here and download it now
May 28th, 2015 2:34am

There is another way to connect across domains that works with services. That is to create local accounts on the client and server with the same name and password. This so-called "workgroup auth" will allow you to use NTLM authentication between computers in different domains or in no domains.

David

May 28th, 2015 9:35am

Hi David,

thanks for this suggestion! Only one question to really clarify this:

SQL Server domain: domsql

Enterprise Vault domain: domev

So I want to connect with DOMEV\vsa to the SQL server, therefore I create a local user "vsa" on the SQL server with the same password? Do I have to specify the workgroup somewhere on this account?!

Thanks!

Free Windows Admin Tool Kit Click here and download it now
May 29th, 2015 2:52am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics