Using TeamWork with multiple domains

In a single-domain environment, running TeamWork’s AutoManager EDM Server service under a domain account as described in Understanding Active Directory security problems  is sufficient—the service needs to be able to log on to the domain. We highly recommend that the domain account also be a member of the TeamWork application server’s Administrators group.

When TeamWork is installed in an Active Directory environment with multiple domains, for example, one user domain and one resource domain, some additional configuration is needed to allow the vault security to function correctly. The TeamWork service account needs to be able to query the domain controller for the group memberships of users. A default installation of Active Directory allows these queries by including the built-in group Authenticated Users as a member of the built-in Pre-Windows 2000 Compatible Access group.

In order to allow access to users from remote domains (other than the domain where the TeamWork application server resides), the TeamWork application server must first be configured as described in Understanding Active Directory security problems. Additional configuration may be necessary as described in the following topics.