Monday 6 February 2012

SharePoint 2010 - People Picker works in Central Admin (for adding Farm Administrators) - but it doesn't recognize them in the Site Collection Administrator People Picker

I had a question from a colleague today as to why users from our main corporate domain were not showing up in the People Picker in SharePoint 2010. This has come up 3 times in the last week, so it warranted a blog entry.

In this situation, the SharePoint 2010 instance was installed in my company's corporate development domain. No 2-way trust relationship exists between the main and the development domains. Users from our main  domain were correctly recognized in Central Admin (when adding Farm administrators) - but were not being recognized in the people pickers in site collections.

Why does this happen? By default, the SharePoint 2010 people picker control (at the site collection level) will not search domains other than the one you used to install SharePoint. The one in Central Administration does work as it has the correct properties set by default.

To correct this situation, you need to run the "peoplepicker-searchadforests" command against the site collections for which you want the people picker control to search additional domains.

A sample of this command can be found below. So all paths are correct (for stsadm), you should run the following command from the "SharePoint 2010 Management Shell"):
stsadm.exe -o setapppassword -password [AppPassword]

stsadm.exe -o setproperty -pn "peoplepicker-searchadforests" -pv "forest:ddkonline.com.au,ddkonline\trusteduserinotherdomain,[password];forest:ddkonline.dev.local,[DevDomainAccount],[DevDomainAccountPassword]" -url https://sitename.com.au

The above command adds 2 forests to be queried when using the people picker - both a development domain (ddkonline.dev.local)  and the main corporate domain (ddkonline.com.au).
DDK

No comments: