Plan for domain trust relationships in an EPM/Office SharePoint Server 2007 extranet environment

Article
01/10/2017

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

Topic Last Modified: 2015-03-09

This article describes how to plan for domain trust relationships in an Enterprise Project Management (EPM)/ Microsoft Office SharePoint Server 2007 extranet environment. For an overview of this chapter about how to plan for EPM extranets, see Plan an EPM/Office SharePoint Server 2007 extranet environment.

Plan domain trust relationships

When the server farm is located inside a perimeter network, this network requires its own Active Directory service infrastructure and domain. Typically, a perimeter domain and a corporate domain are not configured to trust one another. However, there are several scenarios in which a trust relationship might be required. The following table summarizes scenarios that affect requirements for a trust relationship.

Table 12. Summary of scenarios

Scenario	Description
Windows authentication	If the perimeter domain trusts the corporate network domain, you can authenticate both internal and remote employees by using their corporate domain credentials.
Forms authentication and Web single sign-on (SSO)	You can use forms-based authentication and Web SSO to authenticate both internal employees and remote employees against an internal Active Directory environment. For example, you can use Web SSO to connect to Active Directory Federation Services (ADFS). Using forms-based authentication or Web SSO does not require a trust relationship between domains. However, several features of Office SharePoint Server 2007 might not available, depending on the authentication provider. For more information about features that might be affected when forms-based authentication or Web SSO is used, see Plan authentication settings for Web applications in Office SharePoint Server.
Content publishing	A trust relationship between domains is not required to publish content from one domain to the other. To avoid a requirement for a trust relationship, ensure that you use the appropriate account for publishing content.

Windows authentication

If the perimeter domain trusts the corporate network domain, you can authenticate both internal and remote employees by using their corporate domain credentials.

Forms authentication and Web single sign-on (SSO)

You can use forms-based authentication and Web SSO to authenticate both internal employees and remote employees against an internal Active Directory environment. For example, you can use Web SSO to connect to Active Directory Federation Services (ADFS). Using forms-based authentication or Web SSO does not require a trust relationship between domains.

However, several features of Office SharePoint Server 2007 might not available, depending on the authentication provider. For more information about features that might be affected when forms-based authentication or Web SSO is used, see Plan authentication settings for Web applications in Office SharePoint Server.

Content publishing

A trust relationship between domains is not required to publish content from one domain to the other. To avoid a requirement for a trust relationship, ensure that you use the appropriate account for publishing content.

For more information about how to configure a one-way trust relationship in an extranet environment, see Plan security hardening for extranet environments.

Plan for domain trust relationships in an EPM/Office SharePoint Server 2007 extranet environment

Plan domain trust relationships

Table 12. Summary of scenarios

Additional resources