none
Two way trust - People Picker not finding users from remote domain, but this affecting only 1 SP web application RRS feed

  • Question

  • I got tired of banging my head against the wall, please help!!!. So, see below what we have done:

    - we have a 2 way transitive trust, run the cmd "nltest /domain_trusts /all_trusts". BTW, this is a 2-way with "Forest-wide auth" and DNS is configured

    - run the PeoplePicker ports tester and all the necessary ports are opened.

    - we have 3 Sharepoint 2010 web applications and only 1 (obviously the main one ) the PeoplePicker is not working, in the other 2 web applications PP works with no issues. I'm able to see users from both domains (local and remote)

    - MS says that in a 2-way trust, there is nothing to configure, but against that I have followed the suggestion  from other users having the same issue and run the PS cmd:

    $wa = Get-SPWebApplication http://webapp
    $adsearchobj = New-Object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
    $userpassword = ConvertTo-SecureString "Password" -AsPlainText -Force #Password for the user account CONTOSO\s-useraccount
    $adsearchobj.DomainName = "contoso.com"
    $adsearchobj.ShortDomainName = "CONTOSO" #Optional
    $adsearchobj.IsForest = $true #$true for Forest, $false for Domain
    $adsearchobj.LoginName = "s-useraccount"
    $adsearchobj.SetPassword($userpassword)

    $wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($adsearchobj)
    $wa.Update()

    and nothing. I have tried with pwd and without it and no luck. I have cleared this since didn't work.

    Finally, the user/identity running the IIS application pool is the same for the 3 SP web apps.

    Just in case we are running Sharepoint  2010 with NTLM

    Thanks and I look forward to hearing from you guys




    Wednesday, August 28, 2019 9:38 PM

All replies

  • For a two-way trust in 2010, there is nothing to configure (especially username/password).

    What I would recommend you do is set the ULS log to Verbose and attempt to resolve a user in the remote domain in a people picker field. Capture that output from the ULS with any errors.


    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, August 28, 2019 10:28 PM
    Moderator
  • Thanks for your update Trevor! and I have set the ULS log to verbose for all the categories. Now, what do i need to look for? that log file is huge.

    Thanks

    Wednesday, August 28, 2019 10:44 PM
  • Search for the word 'ldap' and it should narrow down the entries you need to find -- sorry, I don't remember the exact category.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, August 28, 2019 10:48 PM
    Moderator
  • Trevor,

    I opened it with NotePad++ search for "ldap" and no luck. Am I missing something?

    Thanks

    Wednesday, August 28, 2019 10:55 PM
  • Try searching for the DNS domain name or NetBIOS domain name of the target domain.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, August 29, 2019 12:06 AM
    Moderator
  • Hi Trevor,

    Sorry for the delay getting back to you and I have checked that log file and search for dns domain name, netbios name, etc. and I couldn't find anything... is there any other log file I need to check? or do I need to run another monitoring tool? ......please help!!!!!

    Thursday, August 29, 2019 10:36 PM
  • Trevor,

    Also, I have installed Netmon 3.4, but please advise what to look for?

    Thursday, August 29, 2019 11:38 PM
  • Hi Trevor,

    Sorry for the delay getting back to you and I have checked that log file and search for dns domain name, netbios name, etc. and I couldn't find anything... is there any other log file I need to check? or do I need to run another monitoring tool? ......please help!!!!!

    If you're not finding any results, then honestly you're looking in the wrong log or haven't turned up the verbosity. Make sure you're using Merge-SPLogFile if you have more than one SharePoint server and that you have the verbosity set to verbose. The log entries look like this:

    08/29/2019 17:18:37.86	w3wp.exe (0x03B4)	0x30D8	SharePoint Foundation	Performance	ftq4	Verbose	GetAccountNameFromSid "0x01050000000000051500000054601659E7E0E796E362461299080000" start 	0321ff9e-aadd-80ac-5acc-ab57123fdffc
    08/29/2019 17:18:37.86	w3wp.exe (0x03B4)	0x30D8	SharePoint Foundation	Performance	ftq5	Verbose	GetAccountNameFromSid "0x01050000000000051500000054601659E7E0E796E362461299080000" returned. returnValue=True	0321ff9e-aadd-80ac-5acc-ab57123fdffc
    08/29/2019 17:18:37.86	w3wp.exe (0x03B4)	0x30D8	SharePoint Foundation	Performance	ftq1	Verbose	SearchFromGC name = lab.cobaltatom.com. start 	0321ff9e-aadd-80ac-5acc-ab57123fdffc
    08/29/2019 17:18:37.86	w3wp.exe (0x03B4)	0x30D8	SharePoint Foundation	General	ardb5	Verbose	SearchFromGC query = (&(objectSID=\01\05\00\00\00\00\00\05\15\00\00\00\54\60\16\59\E7\E0\E7\96\E3\62\46\12\99\08\00\00))	0321ff9e-aadd-80ac-5acc-ab57123fdffc
    08/29/2019 17:18:37.87	w3wp.exe (0x03B4)	0x30D8	SharePoint Foundation	Performance	ftq4	Verbose	GetAccountNameFromSid "0x01050000000000051500000054601659E7E0E796E362461299080000" start 	0321ff9e-aadd-80ac-5acc-ab57123fdffc
    08/29/2019 17:18:37.87	w3wp.exe (0x03B4)	0x30D8	SharePoint Foundation	Performance	ftq5	Verbose	GetAccountNameFromSid "0x01050000000000051500000054601659E7E0E796E362461299080000" returned. returnValue=True	0321ff9e-aadd-80ac-5acc-ab57123fdffc
    08/29/2019 17:18:37.87	w3wp.exe (0x03B4)	0x30D8	SharePoint Foundation	Performance	ftq2	Verbose	SearchFromGC name = lab.cobaltatom.com. returned. Result count = 1	0321ff9e-aadd-80ac-5acc-ab57123fdffc
    


    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, August 30, 2019 12:19 AM
    Moderator