b

SharePoint 2010 People Picker In Two Way Trust....

Rohit Dixit | Sun, 18 Jun 2017 at 15:10 hours | Replies : 6 | Points : 25

Category : SharePoint & WSS


We have two trust established between two forest. These forest are external. So what will be next task to SharePoint admin to display the users in People picker.

 


This Question is already solved Click To See The Answer


Is this two way trust or one way?

if There is two way trust there is nothing to be done but if one way trust established we need to configure access to them by using the Stsadm command-line tool and selecting an account to use when accessing each forest or domain.

for better understanding refer below article from Microsoft which talks about accessing user list in SharePoint from another Domain\Forest. this will give you much better insight and what will be applicable in your configuration scenario.

 

https://blogs.msdn.microsoft.com/spses/2012/07/18/all-you-want-to-know-about-people-picker-in-sharepoint-functionality-configuration-troubleshooting-part-2/

 

let us know if this helps you or not or if you need to discuss this further..

 

Hi Rohit,

Thanks for your reply.

It is two way external forest trust. AD team established the trust and we are now able to locate the people but in people picker, we are still unable to search them.

So do we need to do follow below points or not? Kindly review and suggest:

1- Need to run user profile crwal in full mode

2- Need to run stsadm command to set property for AD forest

3- Need to make a connection.

Thanks for Update Rohit!

 

as i understand there is already two way trust established between both forests it should not be an issue.

what kind of authentication is configured between forests, is it selective or Forest wide?

With Selective authentication in place and with the Application Pool service account not having any explicit rights in place for destination Domain it wont allow to show users of destination domain in picker.

Thanks

Rohit Rai

 

Hi Rohit,

If you have configured Two-Way Trust then use below command to add domain in picker.

STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv forest:ExternalForest.com;domain:LocalDomain.com -url http://sharepoint

 

If you have configured Two-Way Trust with Selective Authentication then use below command

STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv forest:ExternalForest.com;domain:LocalDomain.com,username,password -url http://sharepoint


Please check and let us know in case of further query.

 

 

Thank you Rohit and Santosh for updates. 

It is very informative and logical.

I will check and update you guys accordingly.

Hi Santosh and Rohit,

We have successfully completed the configuration of  SharePoint 2010 people picker for two way trust by the help of your suggested solution.

Apart of your solution, we need to create a new connection with ADFS of other company.

Please refer below executed steps in sequence:

  1. Create a user profile connection with other forest.
  2. Run the below command: 

STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv forest:ExternalForest.com;domain:LocalDomain.com,username,password -url http://sharepoint

Note: You should have the account and password which have read only permission on trusted forest.