Step 10: How Authentication Works from a Remote Office Location

The way we authenticate users from our remote branch office locations is to configure a local domain controller at each office as a child domain in an existing domain tree, i.e., the top-level domain.

So, in our organization, if the top-level domain controller in our flagship Sacramento Office is tfplocal.net, we would configure the local domain controller for our distant Eureka Office as a child Domain and name it eureka.tfplocal.net, with its own DNS and Active Directory for local users. Any user from the Eureka Office who has logged on to the Eureka domain will be able to authenticate to the Sharepoint site located on the Sacramento Office server by browsing to http://gsa.tfplocal.net. Properly configured, Sharepoint will not prompt users in Eureka for any credentials since they have already logged on to the domain.

For purposes of this example, we assume there is some sort of VPN connection between the top-level domain and remote branch offices. Configuring a child domain controller is the same as configuring the top-level domain — except at this screen, where instead of checking the first option, check the second one that says: “Child domain in an existing domain tree”:

Other than that, just follow the instructions in the earlier Step 04: Installing and Configuring a Domain Controller.

Next » Step 11: Adding the SharePoint Site Address to Internet Explorer Security Zones

Return to Step-by-Step TOC