2016-11-23

I recently migrated a SharePoint 2010 Farm to 2013 and came across a behavior that was not expected, as it was not even documented on TechNet.

We have two remote domains that are connected via 2-way trust.
Although it has nothing to do with this specific problem, I just want to mention that profile synchronisation works well and the people picker on the SP2010 farm works fine. (still operational with some webapps that will be migrated later)

With SharePoint 2010 there was nothing to do in terms of configuration, to get users from all domains listed within the people picker. Except in the case that 1-way trust was used. So my expectation was, that SP2013 worked in the same way, as nothing contrary was mentioned in the documentation. Even different blogs did not mention any change in that area.

After numerous tests and given the fact that the infrastructure was totally the same and SP2010 worked as ever, I opened a Premier-Support Case with Microsoft.

They came up with an answer that was quite unsatisfying. Basically they said, that the configuration efforts usually only needed for 1-way trusts, now also apply to 2-way trusted domain connections. So you need to specify the remote forest and domain for every single webapplication. The reason behind that is, that they had a lot of support cases where performance was an issue with huge active directories.

Although that answer was quite plausible, it sounded still strange to. Why would they just remove this comfortable default-behavior, when those who experience performance problems (which could not be such a big amount of cases) still have the choice to configure their environment.

So to cut a long story short, I still donĀ“t believe that reason and would like to know from any of you, if you have 2-way trusted domains and experienced the same problem or if it worked for you without doing anything (like it used to with SP2010)

 

About the author 

Thomas Radman