Hi all,
I have had an ongoing call open with MS now for about 5 months trying to achieve User Profile Synchronization to an external domain to map user profile data against my ADFS Trusted Claims Provider claims. I am sure I acheived this in a lab but in a live environment I am having problems.
I have a SharePoint 2010 resource forest (DomainA) and a user forest (DomainB), I have ADFS2.0 federation working perfectly to allow users from DomainB to authenticate to the SharePoint farm in DomainA. I pass across the sAMAccountName as my ADFS claim.
I am at the point now where I want to syncrhonise user profile data from DomainB and map this against my ADFS claim. I have configured the mapping and have successfully created a User Profile Sync connection using an account (DomainB\mySyncAccount with Replicating Directory Changes permissions. The sync connection pulls through the OU structure of my external domain, allows me to pick my OU and then creates the connection.
Problem is the sync connection does not sync, and I see failed authentication in the FIM client.
Has anybody been able to successfully get this working in an environment where there is no AD trust between the domains?
My lab seemed to work, but in an environment with a multi-server farm and firewalls to add to the complexity I am stumped. The engineers working on the call I have logged with MS seem to be suggesting that it isnt possible without a two-way trust, which really negates the point in my customer using ADFS.
PLEASE HELP!!! :)
Thanks guys...
Chris