How to configure SharePoint Server 2007 to use a database that is hosted on a server that is running SQL Server in an untrusted domain

Applies to: SharePoint Server 2010Microsoft SQL Server 2005 Enterprise EditionMicrosoft SQL Server 2005 Standard Edition

INTRODUCTION


This article describes how to configure Microsoft Office SharePoint Server 2007 to use a server that is running Microsoft SQL Server in an untrusted domain to host the configuration and content databases.

More Information


To configure SharePoint Server 2007 to use a server that is running SQL Server in an untrusted domain, follow these steps:
  1. Configure SQL Server to use mixed authentication. You can configure SQL Server to used mixed authentication when you install SQL Server. For information about how to change the authentication mode after you install SQL Server, visit the following Microsoft Web site:
  2. Add a new SQL Server account in Microsoft SQL Server 2005. Then, grant the roles of security administrator and database creator to the account. To do this, follow these steps:
    1. Click Start, point to All Programs, point to Microsoft SQL Server 2005, and then click SQL Server Management Studio.
    2. In SQL Server Management Studio, expand Security, right-click Logins, and then click New Login.
    3. In the Login - New dialog box, type the name of the SQL Server account, click SQL Server Authentication, type the password, and then click Server Roles.
    4. In the results pane, click to select the following check boxes, and then click OK:
      • dbcreator
      • securityadmin
  3. In the domain in which the server that is running SharePoint Server resides, create new domain accounts for the SharePoint Server service account and for the SharePoint Server Application Pool account. To do this, follow these steps:
    1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
    2. In the Active Directory Users and Computers snap-in, right-click Users, point to New, and then click User.
    3. In the New Object - User dialog box, type the account name that you want to use for the SharePoint Server service domain account, and then click Next.
    4. Type the password two times.
    5. Click to clear the User must change password at next logon check box, click to select the Password never expires check box, click Next, and then click Finish.
    6. Repeat steps 3b to 3f to create the SharePoint Server Application Pool account.
  4. Install SharePoint Server 2007. However, do not select the stand-alone installation. After SharePoint Server 2007 is installed, click Cancel when you are prompted to run the SharePoint Products and Technologies Configuration Wizard.
  5. Log on to the server that is running SharePoint Server 2007, click Start, click Run, type cmd in the Open box, and then click OK.
  6. At the command prompt, move to the following folder:
    \Program Files\Common Files\Microsoft Shared\web server extensions\14\BIN
  7. At the command prompt, type the following command:
    psconfig -cmd configdb -create -server <SQL server name>
    -database <database name> -dbuser <SQL account> -dbpassword <SQL password>
    -user <AD user account> -password <AD user password>
    The placeholders in this command are defined as follows:
    • <SQL server name> is the name of the server that is running SQL Server and that hosts the SharePoint Server databases.
    • <database name> is the name of the SharePoint Server configuration database.
    • <SQL account> is the name of the SQL Server account that you created in step 2.
    • <SQL password> is the password for the SQL Server account.
    • <AD user account> is the domain user account.
Note All SharePoint Server 2007 services use accounts that exist in the Active Directory domain in which the server that is running SharePoint Server 2007 resides. However, when you create the initial SharePoint Server 2007 configuration database, shared services providers, and Web applications, you must specify the SQL Server account information.

Note When you use SQL authentication, you must use the -user and
-password parameters. These parameters correspond to a domain account in the domain in which the SharePoint Server 2007 servers reside. This domain account is used as the SharePoint Central Administration application pool account and the service account for the SPTimer service. However, this account is not used to access the SQL Server database.

You must use domain accounts when you configure the application pool identity accounts for Web applications that you want to create. When you create new Web applications, you can specify whether you want to use SQL authentication.