Tuesday, May 15, 2007

People Picker not able to identify users in forest with multiple domain - SharePoint 2007

I am working on this issue from past 2 days and belive me it's very time consuming in case you dont get the solution ASAP . Thanks to Joel Oleson's Life blog which talks about the same.

To keep it short i would just give the problem statement and solution to get it working .

Problem Statement :
When Sharepoint server 2007 is installed in environment with more than one domain , there is a tendency of people picker control to search only in domain where the portal is installed .
E.G Consider following environment as example

Forest Name :test.com
First Domain :First.test.com
Second Domain :Second.test.com

In such case if you install sharepoint server in domain First.test.com , the people picker might not recognize users from Second.test.com.
So what could be done to make it work .

Solution Description :
Note : First make sure that there exist atleast a one way trust between the 2 domains(First.test.com /Second.test.com) and follow the steps.

First Step :
Run stsadm.exe to set the password used for encrytion/de-cryption

stsadm.exe -o setapppassword -password
eg stsadm.exe -o setapppassword -password testpassword

Second Step :

Format of command :
stsadm.exe –o setproperty -url {} –pn "peoplepicker-searchadforests" –pv {list of forests or domains}

The format of {list of forests or domains} is a list of


separated by semicolon.

As per our example the command is like

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN>stsa
dm.exe -o setproperty -url "http://localhost" -pn "people
picker-searchadforests" -pv "forest:test.com;domain:First.test.com;domain:Second.test.com" ,{domainusername},{domainuserpassword}

Last step IISRESET might not be needed (i did that :) ).

And you are all set , try the People picker search and you get all the users.


Anonymous said...

Our issue is the reverse of the solution this article addresses. Our AD is structured this way: root is the parent and dom1 and dom2 are children and have 2-way trusts between each other. What we wnat to do is for peoplepicker to just show us the results from dom1 and not from dom2.

Any suggestions/ideas? Thanks.

Anonymous said...

We have a similar issue in that the reference "localhost" cannot be used on our production server and each site deployed will be unique. Is there a way to set the reference in the context.xml so that it is portable to different servers without manual intervention (or the use of localhost)? Appreciate any suggestions.

Integration Design Best Practice

Over the past few years of working on multiple critical systems solution design initiatives, there is one important thing I have learnt.  &q...