SharePoint 2013 on-premises not assigning permission to AD Security Group

Rajesh Lohar 26 Reputation points
2020-11-11T09:11:11.847+00:00

Hi,

I have two AD domains A1 and B1 and these contains security groups. I can assign permission security group in SharePoint 2013 on-premises for A1 domain only. SharePoint showing security groups from both the connections, but permission is not be assigned to a security group that is under B1 domain connection. I checked SharePoint Central Administration and connections are proper and synchronizing working well.

Please help.

Thanks,

SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,605 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,935 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Trevor Seward 11,701 Reputation points
    2020-11-11T20:27:27.883+00:00

    Keep in mind the User Profile Service has no impact on People Picker nor security.

    One thing SharePoint doesn't support is foreign security principals, that is, if you assign a UserB in DomainB to GroupA in DomainA. Is that what you're attempting to do, or are you attempting to assign GroupB in DomainB to a SharePoint ACL?

    How do you have your People Picker Settings configured (SPWebApplication.PeoplePickerSettings)? Even in a two-way trust, this will be required for name resolution.


  2. ChelseaWu-MSFT 6,326 Reputation points
    2020-11-12T01:58:35.4+00:00

    Hi @Rajesh Lohar , thank you for posting in the Q&A forum.

    If you plan to support connections for multiple AD domains with one SharePoint farm, domain trust (one way or two way) needs to be configured accordingly, for domain B1 in this scenario.
    Here is a post with discussion that might be helpful: Support Multiple Active Directory Domains.

    Please feel free to point out and share more information if we have misunderstood your situation.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    **Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. **


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.