Project Server 2010 Active Directory Synchronization and One Way trust

Recently, worked on a scenario with Project Server 2010 AD sync with cross forest one way trust. You have two domains A and B. Project sever is on a member server in Domain A. All the users are located in Domain B. A trust B.

Outgoing: Users in the specified domain can authenticate in the local domain, but users in the local domain cannot authenticate in the specified domain. This trust is not transitive. Only users from the directly trusted domain may authenticate in the trusting domain.

In a one way trust scenario if the PSVR is configured using the domain A service account, Active Directory sync will not work as Domain A service account does not have access to read the Domain B resource information. However, You can use domain B account as service account and reconfigure the service application and application pool accounts in Project Server farm. I would suggest to reconfigure the farm using all the service accounts from Domain B to avoid any other access related issues.

Few of the recommendations around successful AD Sync

• Avoid having Inactive users in AD group. This may cause AdminNTAccountNotFound error,
• Avoid empty AD groups
• Avoid nested groups with circular dependencies.
• Avoid duplicate accounts. This may cause 'ResourceNameAlreadyInUse' error .

And you are good to go.

An extract from the link https://technet.microsoft.com/en-us/library/gg982985.aspx

Note:

Project Server 2010 does not support synchronizing your Enterprise Resource Pool or security groups with Active Directory users across different domains in which only a one-way trust relationship exists between domains. It is possible for Active Directory user to synchronize with SharePoint Server 2010 in a cross-forest deployment in which a one-way trust relationship exists between domains (see Resolve accounts across multiple forests (SharePoint Server 2010). However, Project Server 2010 does not support this scenario.