Switch from PS to Windows authentication.

A

ah.longoria

Hi all,

Our (very small) team is currently using a single-computer installation of
Project Server 2003. As it is now, all of the PWA users log on with Project
Server authentication. We've never had an Active Directory sync or used
Windows authentication.

We're trying to switch to Windows authentication, but there a few issues
that I'm not sure will allow that, and I'd like to hear if anyone has any
suggestions/comments.

My supervisor is hoping that we can use an Active Directory that resides on
a domain different from the one on which Project Server is installed and
different from the one that authenticates users when they log on to the local
network. In order to make things a bit clearer, here's what's currently
going on: user John Doe logs on to his machine and the local network with the
user DOMAIN1\user1. User1 then navigates to PWA and enters his Project
Server username "jdoe," his password, and accesses his timesheet with no
problems. Would it be possible to have Project Server, which is installed on
DOMAIN2, authenticate to an Active Directory on DOMAIN3? Does this mean that
when navigating to PWA, users will have to click on "Log on using a different
Microsoft Windows user account," and then enter their DOMAIN3 username since
their current Windows account is DOMAIN1\user1?

Also, when switching from PS to Windows authentication, is the only step
required to log on as Administrator, and under "Manage users and groups,"
modify each user so that they authenticate with the Windows account info
provided?

I'm not very knowledgeable with Windows authentication, so if more
information is needed, please let me know. Any other suggestions would also
be welcome.

Thanks,
Art
 
K

Kevin W Flanagan

Your issue is goint o be with your network security and whether or not they
will allow a trust to be established between the domains. It is as easy as
just changing the way they log in in order for you to keeop historical data
on the resource.
 
R

Rolly Perreaux

Hi all,

Our (very small) team is currently using a single-computer installation of
Project Server 2003. As it is now, all of the PWA users log on with Project
Server authentication. We've never had an Active Directory sync or used
Windows authentication.

We're trying to switch to Windows authentication, but there a few issues
that I'm not sure will allow that, and I'd like to hear if anyone has any
suggestions/comments.

My supervisor is hoping that we can use an Active Directory that resides on
a domain different from the one on which Project Server is installed and
different from the one that authenticates users when they log on to the local
network. In order to make things a bit clearer, here's what's currently
going on: user John Doe logs on to his machine and the local network with the
user DOMAIN1\user1. User1 then navigates to PWA and enters his Project
Server username "jdoe," his password, and accesses his timesheet with no
problems. Would it be possible to have Project Server, which is installed on
DOMAIN2, authenticate to an Active Directory on DOMAIN3? Does this mean that
when navigating to PWA, users will have to click on "Log on using a different
Microsoft Windows user account," and then enter their DOMAIN3 username since
their current Windows account is DOMAIN1\user1?

Also, when switching from PS to Windows authentication, is the only step
required to log on as Administrator, and under "Manage users and groups,"
modify each user so that they authenticate with the Windows account info
provided?

I'm not very knowledgeable with Windows authentication, so if more
information is needed, please let me know. Any other suggestions would also
be welcome.

Thanks,
Art

Hi Art,

A couple of questions...

1. What version of Windows Server are running in your network
environment?

2. Are your Active Directory domains under a single Active Directory
forest or separate AD forests?

3. Can you provide us more detail on the AD Domain structure.
The more info, the better...

4. What are the Domain and Forest Function levels? You can verify this
as a Domain Administrator by opening Active Directory Domains and Trusts

Forest Functional Level:
Right click Active Directory Domains and Trusts in the console and
select "Raise Forest Functional Level"

Domain Functional Level:
Right click <domain name> in the console and select "Raise Domain
Functional Level"

Please do not change the levels!! I just need to know what levels they
are currently set

Look forward to hearing from you

Cheers,

--
Rolly Perreaux, PMP, MCSE
Project Server Trainer/Consultant

TriMagna Corporation
Microsoft Gold Partner
http://www.trimagna.com
 
R

Rolly Perreaux

Your issue is goint o be with your network security and whether or not they
will allow a trust to be established between the domains. It is as easy as
just changing the way they log in in order for you to keeop historical data
on the resource.

Hi Kevin,

If Art's organization is using Active Directory and multiple domain in a
single forest, then trusts between domains will not be an issue, because
all domains trust each other implicitly.

Now if Art's organization network are multi-forest, then their Active
Directory Administrator will need to create explicit trusts either
between the 2 domains in question or for the entire 2 forests.

Also if they do as you suggest by changing there login as in from
Domain1 and Domain2, then Art's Active Directory Administrators will
need to create an AD User Object in each domain, as AD domains are
security units for administration.

We just need more information from Art...

Cheers,

--
Rolly Perreaux, PMP, MCSE
Project Server Trainer/Consultant

TriMagna Corporation
Microsoft Gold Partner
http://www.trimagna.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top