Is it possible to have different SharePoint web applications authenticating against different sub-domains in AD?

Question

Hi,

We are trying to get different SharePoint web applications to authenticate against different sub-domains.
We have three web applications:

http://customers.xyz.com

http://internal.xyz.com

http://partners.xyz.com

and we have three sub-domains in our active directory. Now we want the three web-applications to authenticate against different sub-domains. Is this possible?

Kind regards,

Answer 1

Here is how I would solve this:

• Import profiles from the entire domain to SharedServices Provided
• For each application X give access only to users from subdomain X

Answer 2

I think the scheme that Toni suggested could work but there are some caveats.

1. Granting access 'All Authenticated Users' group would break your security model. This may be problematic, as power users can sometimes grant rights to items in SharePoint.
2. If you didn't want to manually enter new users into SharePoint user groups on each of the site collections (Within the web application), you would need to work out some AD group scheme whereby users in each of the sub-domains are added to a security group, each security group is granted base-line permissions on a site collection.

Alternatively you could create 3 Shared Service Providers, one for each Sub-domain and associate them with the appropriate Web Application.

jt