Configure People Picker to search multiple OUs RRS feed

  • Question

  • Hi there

    I've been looking at PeoplePicker - setsiteaccountdirectorypath - and I know that only a single OU can be set at a time when the setsiteuseraccountdirectorypath operation is used. As a result, this operation should only be run once per site collection

    Is there any way that PeoplePicker can be configured to search all OUs except one? Or even to search in more than one OU?



    • Edited by jonjames Thursday, October 11, 2012 1:20 PM
    Tuesday, October 9, 2012 8:36 AM

All replies

  • That doesn't help - this is not about searching under multiple domains it's about searching under multiple OUs

    Tuesday, October 9, 2012 12:49 PM
  • Hi,

    I understand that you want to set the people picker to search all OUs except one. Here is the stsadm.exe commend to set the people picker to search from multiple OUs:

    stsadm -o setproperty

    -propertyname peoplepicker-serviceaccountdirectorypaths

    -propertyvalue <A list of OU names>

    [-url] <URL>

    For more information ,please refer to this site:

    Peoplepicker-serviceaccountdirectorypaths: Stsadm property (Office SharePoint Server): http://technet.microsoft.com/en-us/library/cc263012(v=office.12).aspx


    Entan Ming

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contacttnmff@microsoft.com.

    Entan Ming

    TechNet Community Support

    Wednesday, October 10, 2012 5:37 AM
  • This command only enables a farm administrator to manage the site collection that has a specific organizational unit (OU) setting as defined in the Setsiteuseraccountdirectorypath setting.

    It doesn't configure PeoplePicker to search multiple OUs

    Wednesday, October 10, 2012 9:03 AM
  • Hi ,

    You need to establish a one way trust or two way trust to include all the domains where there are OU you want to include, see:



    If you want to exclude a OU then you don’t establish a two way trust with the domain containing the OU or you can establish a one way trust an configure a user without permission to access the OU.

    If you want a more in depth discussion about your environment then he can open a paid support case.


    Entan Ming

    Entan Ming

    TechNet Community Support

    Monday, October 22, 2012 5:20 AM
  • There is only one domain in this environment

    I think I can conclude now that this cannot be done



    Monday, October 22, 2012 11:34 AM
  • Just a possibilty Jonj,

    If you have access and it's allowable, you can add the user account that the web application pool is running under to the security tab of the particular OU in AD Users and Computers.  If you explicitly deny access to that OU for the account it won't read the users.

    Obviously if you have multiple web applications sharing an application pool this would affect all of them.

    Paul Turner http://redmanta.co.uk/blog Twitter: @RedMantaUK MCTS:WSS,MOSS,2010 MCITP:2010.
    Please remember to click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if it was useful.

    Monday, October 22, 2012 12:01 PM