Publishing cross farm Managed Metadata in cross forest environment with one way trust
Recently we ended up in a situation where there was a need to publish services from one farm to another. Basically there’s nothing special, but we needed to do that between SharePoint farms located in different forests. Only a one way trust was established.
The main idea is that Farm 2 will produce Managed Metadata Service (MMS) to be consumed in Farm 1. The setup can be seen in the figure.
Publishing services between two farms can be done through Central Admin or by using PowerShell. There is an excellent guide for publishing cross farm services written by Mark Rhodes. http://mrhodes.net/2010/05/19/publishing-service-applications-between-sharepoint-2010-farms-part-1-8/
We did everything as written in Rhodes’ guide. The outcome was that we were able to share the service, but it couldn’t be accessed through the consuming farm (Farm 1). When trying to access the Term Store following Error message appeared.
The problem was that although we had granted permission for the service application we hadn’t granted permissions to the Term Store.
Granting permissions to the Term Store can be done with the following PowerShell (PS)script.
In the consuming farm (Farm 1) run the following command:
Run the following PowerShell commands on the publishing farm:
$security = Get-SPMetadataServiceApplication $ap | Get-SPServiceApplicationSecurity
$principal = New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimProvider -ClaimValue "farm id from previous"
Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Access to Term Store"
Get-SPMetadataServiceApplication $ap | Set-SPServiceApplicationSecurity -ObjectSecurity $security
After running the script we could access the MMS through farm 1, but all groups were grayed out and we were not able to make any changes.
The solution is to grant the user permissions to the term sets. One can grant the permissions in farm A. OOTB the people picker doesn’t recognize users in Forest B, but this problem can be solved by using the following stsadm script. The script should be run on the server where CA is running for all web applications including CA.
After that we were able to grant permissions for term sets for users in both forests in farm 1. Unfortunately because the Farm 2 can’t see users in Forest 1 the MMS management site won’t open if you have granted permissions for users in both forests. In our case this was acceptable because the idea is that Managed Metadata is fully administered in Farm 2. So we granted Farm 1 write permissions, run our code that generated the Metadata structures and then changed the write permission back to Farm 2.
Conclusion
It is possible to publish Managed Metadata between two farms when there is only one way trust between the forests present. In any case this causes problems if you want to add or edit terms in both farms.
Popularity: 6% [?]
Great article and very informative thanks for share it. Must check my link: swingers for the best free sexy hot chat!
If you want to find fine ladies for casual chat contacts in EU you must to visit Sex Scharnhorst
sex in innsbruck is great web place created for your own sexy contacts in EU
For your own pleasure check hot girls from France only at Virtuel Escort Bourgogne Franche Comte
transexuelle sex le havre is web place created for finding casual contacts with fine ladies in France
I find this so cool and interesting. Keep sharing! https://goo.gl/maps/coSf5dtgDSZer882A
Interesting article, you don’t get that sort of thing down here in Brisbane.