Sharepoint user security best practices question
Question
I am new to the realm of Sharepoint. I am wondering if there is a best-practice for setting up user accounts for Sharepoint. We will be having employees of our company, as well as clients, sub-contractors, and 3rd parties all sharing documents via Sharepoint.
I am wary of setting up our Sharepoint server on our primary domain because of security concerns. But our primary domain is where all of our user accounts exist. So, either I have to maintain user accounts in two different domains, or I have to allow clients, sub-contractors and 3rd parties to have accounts on our primary domain.
How is this typically managed in real-world scenarios by veteran Sharepoint administrators?
Thanks for your help!
ps - I'd like to tag this with "user-administration" or similar tag, but am unable to because I am a new user.
Solution
You dont have to use AD DS with SharePoint. Form based authentication is another option, for example with SqlMemberShip-/SqlRoleProvider.
In SharePoint 2007 you need to either create a seperate site for this, or extend your existing site with a new zone for form based authentication, but in SharePoint 2010 you can run with two different authentications on the same web application.
Externals can then be assigned rights in a SQL database instead of being added to the AD.