SharePoint Review Center

Everything about SharePoint – Architecture, Design, Development, Configuration, Administration, Issues, and Fixes

Using People Picker in Multi-Domain Environment

Posted by Anthony Odole on August 21, 2009

When you have more than one domain, you have issues selecting users – especially if those users are not in the same domain as the one in you install MOSS. If you have problem selecting users in People picker, you need to be aware of the following:


1. People Picker will only allow you to select users from the same domain in which MOSS is installed – this is by design in MOSS


2. To provide visibility to users who exist in domain other than the one in which MOSS is installed, you need to add entries to MOSS specifying the other domain(s)


3. There two issues that must be considered –


  1. If the domain in which MOSS is installed has a two-way trust, then you can provide those entries and the application pool account must be granted permission to access the other domain. The stsadm syntax for this settings is STSADM.exe -o setproperty -pn peoplepicker –searchadforests” The argument you provide must include the dns name of the forest. You must include forest as the first word. If your forest name is mycompany.local, then a valid argument will be forest:MyCompany.local. If you have a second forest to include, you must separate the first and second forest with a semi-colon. Example forest:MyCompany.local;My2ndCompany.local where My2ndCompany is a valid dns name of your second forest


    The full argument will be …

    STSADM.exe -o setproperty -pn peoplepicker –searchadforests –pv “forest:MyCompany.local;My2ndCompany.local”


  1. If the domain only has a one-way trust, you use the same stsadm syntax as above, but because this is a one way trust, you must specify the username and password needed to authenticate to the forest/domain. Using the same example above, your syntax and argument will be as follows:


    STSADM.exe -o setproperty -pn peoplepicker –searchadforests –pv “forest:MyCompany.local, MyCompany/mark,Password;My2ndCompany.local My2NDCompany/Matthew,Password”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: