We are running into a host of interesting little problems getting SharePoint Foundation 2010 to work and play well in a DMZ where its only access to Active Directory is through a read-only domain controller (RODC). Our SharePoint server is on the
DMZ, along with an RODC, while our database server is on our internal network, along with our main AD domain controllers.
The SharePoint Configuration Wizard simply WOULD NOT complete successfully until we set up a temporary firewall rule that granted the SharePoint full access to AD. At that point, we could successfully run the SharePoint and SharePoint Farm configuration
wizards, and create a site collection, identifying two domain users as site collection admins. After we turned off the firewall rule, once again restricting the server to AD access via the RODC, we could create and access SharePoint sites just fine,
so long as the users involved were the two identified as site collection administrators.
However, when I tried to create a new SharePoint site group and identify a third domain user as the group owner, or add a new user to one of the existing SP site groups, or even just grant site-level permissions directly to a domain user (other than the two
site collection admins), the user name would not resolve. I suspect that the site admins resolve okay because SharePoint already has them cached in it
View Complete Post