locked
People Picker stsadm -searchadforests RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Two forests: SharePoint 2010 is installed in A. A trusts B. We see all users in B, but new groups in A don't appear in the People Picker. However, we see that FIM 2010 synchronizes them.

    We have used the command below to see users and groups in forest B, and this works (we've added the password for encryption).

    stsadm –o setproperty –pn peoplepicker-searchadforests –pv <list of forests or domains> -url <WebApp>

    Now, should we have added forest A (where SharePoint is installed) to the list of forests or domains? The link below could suggest this.

    add domain thorough stsadm Peoplepicker-searchadforests - Access Denied
    http://social.technet.microsoft.com/Forums/en-NZ/sharepointadmin/thread/52070216-982b-4b92-b933-4e291f8b309d

    MCTS: Messaging | MCSE: S+M
    Monday, August 22, 2011 1:41 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Thank you so much for answering. However, I might not have been clear enough. Profile synchronization is working perfectly. The problem was with the stsadm syntax for the People Picker to work in a cross-forest scenario. Both forests consists of one domain. Now I think, I have found the solution.

    SharePoint is installed in domain/forest A, or better alpha.local. Most of the user accounts do also reside there.
    Domain/forest B, or better beta.local, has some 2000 accounts. 100 of them are SharePoint users, accessing SharePoint in alpha.local.

    Now this syntax appears to work:

    stsadm -o setproperty -url http://portal -pn peoplepicker-searchadforests -pv "forest:alpha.local",ALPHA\SP-Admin,pwd;"domain:beta.local",BETA\SP-Sync,pwd

    At first, I believed you would only need to add the foreign forest (beta.local) with stsadm. But his appears  not to be true. You need to add all forests/domains that the People Picker needs to see. Is that correct?

    MCTS: Messaging | MCSE: S+M
    • Marked as answer by GuYuming Wednesday, August 24, 2011 1:47 AM
    Tuesday, August 23, 2011 6:33 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Have you taken a look at the Configure profile synchronization (SharePoint Server 2010) Guide at http://technet.microsoft.com/en-us/library/ee721049.aspx?  There is a section that prescribes how to create a Profile Synchronization connection to a directory service.  Once the trust is established, it should be as simple as following the guide.

    Has yet to fail me, and was updated after Service Pack 1 & CU June 2011 release.  

    ---- http://www.sharepointlonghorn.com
    Monday, August 22, 2011 2:03 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thank you so much for answering. However, I might not have been clear enough. Profile synchronization is working perfectly. The problem was with the stsadm syntax for the People Picker to work in a cross-forest scenario. Both forests consists of one domain. Now I think, I have found the solution.

    SharePoint is installed in domain/forest A, or better alpha.local. Most of the user accounts do also reside there.
    Domain/forest B, or better beta.local, has some 2000 accounts. 100 of them are SharePoint users, accessing SharePoint in alpha.local.

    Now this syntax appears to work:

    stsadm -o setproperty -url http://portal -pn peoplepicker-searchadforests -pv "forest:alpha.local",ALPHA\SP-Admin,pwd;"domain:beta.local",BETA\SP-Sync,pwd

    At first, I believed you would only need to add the foreign forest (beta.local) with stsadm. But his appears  not to be true. You need to add all forests/domains that the People Picker needs to see. Is that correct?

    MCTS: Messaging | MCSE: S+M
    • Marked as answer by GuYuming Wednesday, August 24, 2011 1:47 AM
    Tuesday, August 23, 2011 6:33 AM