Add domain to people picker in Foundations 2010 and 2013

Hello everyone,

Recently I ran across a scenario where I needed to add in a new domain full of new users to my SharePoint Foundations farm.

Originally in my test setup we were dealing with a one way domain trust between my original dev forest and the newly created forest, so I went to searching and found the following article:

http://jantjesworld.blogspot.com/2013/06/configuring-peoplepicker-in-sharepoint.html

So I went in and followed the steps in his article and everything seemed to work just fine. That is until we went to production with this same scenario and discovered that we weren’t using a one way trust, but a two way trust.

After many hours of research and even a support ticket with Microsoft, we finally found our answer. And so far from the research I have done, there are many people who have figured out the one way trust issue, but no one has specifically noted what to do in a two way trust. That’s what I’m here for. 🙂

In a one way trust your PowerShell should include accounts that have permissions in the domain or forest so they can cross properly. In my case though with a two way trust the login information is not needed. Also with a two way trust, I did not need to set an encryption key.

For the new two way trust, all I had to enter was:

Stsadm -o setproperty -pn peoplepicker-searchadforests -pv “forest:Contoso.com; domain:Fabrikam.com” -url http://myintranet

I’m not sure if it was necessary, but after running this I did reset my web servers just for good measure and then, viola! I am now able to see my existing domain users as well as the new domain users in my people picker settings in SharePoint Foundations.

I have also tested this on both 2010 and 2013 versions of the product and it worked like a charm. My last bit of advice in this scenario is to make sure that you work closely with your Active Directory admin on this and ask many detailed questions…

It will go far and save you many headaches and possibly even a support call with Microsoft.

Thanks,

BJ

Advertisements

8 thoughts on “Add domain to people picker in Foundations 2010 and 2013”

  1. I had a multiple forest trust to my Sharepoint domain, and this worked perfect. Once I ran this in the SP powershell and restarting the web services, I was able to add security groups form the other domains. Thank you!

    I ended up using: Stsadm -o setproperty -pn peoplepicker-searchadforests -pv “forest:Contoso.com; forest:Contoso2.com; forest:Contoso3.com; domain:Fabrikam.com” -url

  2. Hey Bj,
    Great article, thanks for that! If only I found it earlier. I was trying to connect my SP 2013 Foundation to two domains in separate forests (with two-way trust) and I previously used (in my failed attempts) the Set-SPSite command with the -Identity option. Now I see that it actually limits the People Picker to a certain OU (or domain in my case). Do you know if I can undo that?
    If I use the “stsadm -o getproperty -pn peoplepicker-searchadforests” command I can confirm that it is correctly set to the 2 forests but I can only choose people from the domain SP is installed on.
    Dimiter

    1. Thanks Dimiter for the comment. I have run into this issue before and what I had to do was make sure that my service accounts for the UPS settings in SharePoint have the proper permissions in order to show users from the second domain. Check hose there and let me know if you still have trouble finding users from the second domain.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s