Configure People Picker for Multi-Domains (or Cross Domains), Forests Environments in SharePoint
By default, the people picker will issue queries to all two-way trusted domains and two-way trusted forests to search people & groups. It uses the application pool account to search the target domains and forests.
If the application pool account does not have permission to the target domains or forests, or if you want to use different account to search the target domains or forests, you can use the below steps:
If the AD domain has a 1-way trust, then you need to specify a username and password, execute the following commands on every server in the farm:
stsadm -o setapppassword -password <Password>
Ensure you use the same password for each server you execute this command on!
On every WFE in the farm execute the following command to instruct the people-picker to use the correct AD domain:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:YourDomain.com,domain\user,password -url <web-app-url>
You need to run this for each web application, if you do not run this on the WFE you will see a “callback error” in the people-picker
Note: you can specify multiple domains to lookup as well, just encapsulate the domain names in quotation marks and separate them with a semi-colon (-pv “YourDomain1.com;YourDomain2.com”,domain\username,password)
If the AD domain has a 2-way trust you do not need to run the stsadm -o setapppassword command, just execute this one:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:YourDomain.com,domain\user,password -url relevant web application
you need to run this for each web application, if you do not run this on the WFE you will see a “callback error” in the people-picker
If you need to reset the people-picker back to normal, just execute this command:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv (don’t specify anything here) -url <relevant web application>
you need to run this for each web application, if you do not run this on the WFE you will see a “callback error” in the people-picker
In case of Cross forests:
stsadm.exe -o setproperty -url <URL> -pn “peoplepicker-searchadforests” -pv “forest:forest.corporate.com (forest:DnsName) ;domain:na.corporate.com”, LoginName, Password
Don’t forget to do the IISReset!
More Info:
MOSS 2007: https://technet.microsoft.com/en-us/library/cc263318%28office.12%29.aspx
SharePoint 2010: https://technet.microsoft.com/en-us/library/gg602066.aspx#section4
https://technet.microsoft.com/en-us/library/gg602075.aspx
Limit the People Picker in SharePoint 2010 to a Specific OU or Domain
Say, There are two Site Collections: Sales and Legal. Active Directory is setup to store Sales department users in the Sales Organizational Unit and Legal department users in the Legal Organizational Unit. The requirement is to prevent Sales users from adding site/library/item permissions for Legal users, and vice versa.
So here is the solution:
Run the following PowerShell commands
Set-SPSite -Identity https://portal/sites/sales -UserAccountDirectoryPath “OU=sales,OU=SharePoint,DC=MYCOMPANY,DC=com”Set-SPSite -Identity https://portal.contoso.com/sites/legal -UserAccountDirectoryPath “OU=Legal,OU=SharePoint,DC=MYCOMPANY,DC=com”
Here is a related post: Apply filter to SharePoint People Picker
Thans man, very grateful. It’s helmp me a lot.
I post in this forum.
https://docs.microsoft.com/en-us/answers/questions/503278/sharepoint-foundation-2013-multi-tenancy-deploymen.html