kwizcom banner advertisement

Configure People Picker for Multi-Domains(or Cross Domains), Forests Environments

By default, the people picker will issue queries to all two-way trusted domains and two-way trusted forests to search people & groups. It uses the application pool account to search the target domains and forests.
Configure People Picker for Multi-Domains, Multi Forest

If the application pool account does not have permission to the target domains or forests, or if you want to use different account to search the target domains or forests, you can use the below steps:

If the AD domain has a 1-way trust, then you need to specify a username and password, execute the following commands on every server in the farm:
stsadm –o setapppassword –password MyPassword
ensure you use the same password for each server you execute this command on!

On every WFE in the farm execute the following command to instruct the people-picker to use the corret AD domain:
 stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:YourDomain.com,domain\user,password –url relevant web application
you need to run this for each web application, if you do not run this on the WFE you will see a “callback error” in the people-picker

Note: you can specify mulitple domains to lookup as well, just encapsulate the domain names in quotation marks and seperate them with a semi-colon (-pv "YourDomain1.com;YourDomain2.com”,domain\username,password)

If the AD domain has a 2-way trust you do not need to run the stsadm –o setapppassword command, just execute this one:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:YourDomain.com,domain\user,password –url relevant web application
you need to run this for each web application, if you do not run this on the WFE you will see a “callback error” in the people-picker

If you need to reset the people-picker back to normal, just execute this command:
 stsadm -o setproperty -pn peoplepicker-searchadforests –pv (don’t specify anything here) –url relevant web application
you need to run this for each web application, if you do not run this on the WFE you will see a “callback error” in the people-picker

In case of Cross forests:
stsadm.exe -o setproperty -url <URL> -pn "peoplepicker-searchadforests" -pv "forest:forest.corporate.com (forest:DnsName) ;domain:na.corporate.com", LoginName, P@ssword
Don't forget to do the IISReset!

More Info:
MOSS 2007: http://technet.microsoft.com/en-us/library/cc263318%28office.12%29.aspx
SharePoint 2010: http://technet.microsoft.com/en-us/library/gg602066.aspx#section4
http://technet.microsoft.com/en-us/library/gg602075.aspx
http://blogs.msdn.com/b/joelo/archive/2007/01/18/multi-forest-cross-forest-people-picker-peoplepicker-searchadcustomquery.aspx


Limit the People Picker in SharePoint 2010 to a Specific OU or Domain
Say, There are two Site Collections: Sales and Legal. Active Directory is setup to store Sales department users in the Sales Organizational Unit and Legal department users in the Legal Organizational Unit. The requirement is to prevent Sales users from adding site/library/item permissions for Legal users, and vice versa.

So here is the solution:
Run the following PowerShell commands
Set-SPSite -Identity http://portal/sites/sales -UserAccountDirectoryPath "OU=sales,OU=SharePoint,DC=MYCOMPANY,DC=com"Set-SPSite -Identity http://portal.contoso.com/sites/legal -UserAccountDirectoryPath "OU=Legal,OU=SharePoint,DC=MYCOMPANY,DC=com"

Here is a related post: http://sharepointserver-2007.blogspot.com/2008/10/limiting-sharepoint-people-picker.html
Configure People Picker for Multi-Domains(or Cross Domains), Forests Environments Configure People Picker for Multi-Domains(or Cross Domains), Forests Environments Reviewed by Salaudeen Rajack on June 12, 2011 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.