SharePoint 2007/2010 – People Picker is not showing all domain users

Root Cause:
1. Farm account did not have access to traverse the relevant AD forest / domain.
2. SharePoint servers belong to a separate domain as the AD user domain. (Multiple forest/domain issues)
3. Applicable after SP2 patch – tighten security.

Solution:

1.   1-WAY TRUST DOMAIN
If the AD domain has a 1-way trust and a username and password need to be specified. Run the following command for every WFE:
stsadm –o setapppassword –password Pwd (ensure to use the same password for each WFE)
Run the following command on every WFE:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:mydomain.corp,domain\user,password –url relevant web application 

2.   2-WAY TRUST DOMAIN
If the AD domain has a 2-way trust you do not need to run the stsadm –o setapppassword command, Just need to run the following:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:mydomain.corp,domain\user,password –url relevant web application

3.   Reset to default
If you need to reset the people-picker back to default, run the following command:
stsadm -o setproperty -pn peoplepicker-searchadforests –pv (don’t specify anything here) –url relevant web application

Note:
– You will encounter “callback error” if you do not run for all WFE.
– you can specify multiple domains to lookup as well, just encapsulate the domain names in quotation marks and separate them with a semi-colon
e.g.  (-pv “mydomain1.corp;mydomain2.corp”,domain\username,password)

Sample command:
stsadm -o getproperty -pn peoplepicker-searchadforests -url http://portal:8001
stsadm -o setproperty -url
http://portal:8001 -pn peoplepicker-searchadforests -pv "domain:a1.domain3.corp;domain:a2.domain2.corp;forest:domain1.corp"

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s