locked
Using the people picker over a one-way trust RRS feed

  • Question

  • Background

    We have a one-way in place and had issues adding those users to our SharePoint sites. To fix it we followed these instructions:

    1. Run SetAppPassword on EVERY machine in the farm.  This will setup your AppCredentialKey for you. 

      StsAdm.exe –o SetAppPassword –password MyPassword 
    2. Run SetProperty for PeoplePicker-SearchADForests on ONE server in the farm.  This information is stored in the configuration database, no need to run it more than once for each URL where you want the people picker 

      StsAdm.exe –o SetProperty –pn PeoplePicker-SearchADForests –pv “domain:TailSpinToys,TailSpinToys\AccountName,AccountPassword” –url URL
    3. Set permissions on the Secure registry key on EVERY machine in the farm, granting the local WSS_WPG read access
      1. Open Registry Editor
      2. Navigate to :  HKEY_Local_Machine\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure
      3. Right-click Secure, select Permissions
      4. Click Add
      5. Find the local WSS_WPG group
      6. Select Read access
      7. Click OK out of the dialogs

    This has worked for some sites and we can add users from the trusted domain, but other sites cannot resolve the users from the trusted domain even though we get “Operation completed successfully”.

    We also have another issue where one site on the same server produces the following error when the command is run.

    “The server administration programs and the Windows SharePoint Services Web applications on this Web server are not compatible.  Ensure that the administration program is the same version as the Web application”.

    With this one we have tried all the url mappings and it is the same error.

    This is the command we have been running as per the article referenced:

    STSADM.EXE -o setproperty -url URL -pn peoplepicker-searchadforests -pv “forest:MYFOREST.local;domain:TRUSTED-DOMAIN.local,user,password”

    Any help would be great, it seems a little inconsistent that the same command works on some sites on the same server and not on others.

    Thursday, October 1, 2015 7:26 AM