Recently I ran across a scenario where I needed to add in a new domain full of new users to my SharePoint Foundations farm.
Originally in my test setup we were dealing with a one way domain trust between my original dev forest and the newly created forest, so I went to searching and found the following article:
So I went in and followed the steps in his article and everything seemed to work just fine. That is until we went to production with this same scenario and discovered that we weren’t using a one way trust, but a two way trust.
After many hours of research and even a support ticket with Microsoft, we finally found our answer. And so far from the research I have done, there are many people who have figured out the one way trust issue, but no one has specifically noted what to do in a two way trust. That’s what I’m here for. :)
In a one way trust your PowerShell should include accounts that have permissions in the domain or forest so they can cross properly. In my case though with a two way trust the login information is not needed. Also with a two way trust, I did not need to set an encryption key.
For the new two way trust, all I had to enter was:
Stsadm -o setproperty -pn peoplepicker-searchadforests -pv “forest:Contoso.com; domain:Fabrikam.com” -url http://myintranet
I’m not sure if it was necessary, but after running this I did reset my web servers just for good measure and then, viola! I am now able to see my existing domain users as well as the new domain users in my people picker settings in SharePoint Foundations.
I have also tested this on both 2010 and 2013 versions of the product and it worked like a charm. My last bit of advice in this scenario is to make sure that you work closely with your Active Directory admin on this and ask many detailed questions…
It will go far and save you many headaches and possibly even a support call with Microsoft.