domainA <-> domainB <-> domainC
^-----------------------------------^
Between all domains is a two-way trust
All domains have 2008R2 domain controllers
SharePoint with SSRS and PowerPivot installed in domainA
SQL DB Engine installed in domainA
SQL Analysis installed in domainA
SQL PowerPivot installed in domainA
We have computers in domainA
We have computers in domainB
We have computers in domainC
We have users in domainA logging in on a copmuter in domainA
We have users in domainB logging in on a computer in domainB
We have users in domainC logging in on a computer in domainC
If a user1 is created in domainA the user is also created in domainB and domainC
Users travel from location and thus using their appropiate domain account/computer per location
Currently we are experiencing issues that users are returning multiple times in search cause they are using their different account and thus a seperate SharePoint profile is created for each 1 of the 3 accounts they use.
As a temporarily workaround we want to place a TMG in front of SharePoint and force each user to use a single account en prevent them from SSO into sharepoint from each location.
The accounts in domainC will be leading and the account to be used.
So if a user is in locationA logs in a computer in domainA with a user account in domainA and the goes to SharePoint (which is in domainA), TMG asks for credentials and the user enters credentials for domainC
So if a user is in locationB logs in a computer in domainB with a user account in domainB and the goes to SharePoint (which is in domainA), TMG asks for credentials and the user enters credentials for domainC
Is this a possible scenario and will it work wth Kerberos Constrain Delegation ,or am i missing things in the bigger picture
Will users experience problem cause SharePoint is in domainA, the computer can be in domainB and the user in domainC?
Will BI piece still work in this scenario and if we have a TMG reverse proxy in the chain?