After installing SharePoint, and importing all the User Profiles, you’ll find if you are using the People Picker, you’ll only see users from the trusted domain that have successfully logged on the SharePoint 2007 server, rather than all of them. This is rather bizarre, as you’ve imported all the profiles, and can see them!
You actually need to configure the PeoplePicker to do a lookup to the Domain Controllers, as its here the People looks, NOT the SharePoint user profile store. It seems unusual, but true! It’s quite a complex task.
Before you do anything else, work out a list of all of the domains the PeoplePicker needs to look at, INCLUDING the domain SharePoint is installed on. If SharePoint is on Domain1 and you want to see all the Domain1 users and all the users from the trusted domain Domain2, you’re going to need to list them both, something most of the guides online don’t make clear. You’ll also need the fully qualified domain names – doing use the older NetBIOS name. If your domain is exampledomain.local, don’t just use “exampledomain” – we’ll need the full thing.
Next, make sure you have a valid Active Directory user account on each of the domains you want to look at. You don’t need to worry about the domain the SharePoint server is on – the accounts SharePoint should be running under will already have access.
Now, we first need to set up an encryption key, so SharePoint can securely store the usernames and passwords for the other domains. Use the following command on every server in the farm – if you don’t, the other SharePoint servers won’t be able to decrypt the stored user names and passwords:
stsadm –o setapppassword –password MyPassword
Replace MyPassword with your chosen encryption key, of course!
Next, we need to tell each Web Front End server, which domains to use. I always list the current domain SharePoint is a member of first, for ease of reference. Normally, I’d expect at least two entries – the current domain and the trusted domain (or domains) – if there isn’t a trusted domain, why are you doing this???. We’ll need to separate the entries in the domain list with semi-colons.
stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:domain1.com;domain:domain2.com,domain2\user,password –url https://sharepoint.domain1.com
Here, the url should be replaced by that of your web application – don’t forget to use https if you’ve set the application up to use SSL. Domain names should obviously be replaced with your own, and you should use the usernames and passwords from each domain that you either created or ensured were available earlier. A more realistic looking example might be:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:technet.microsoft.com;domain:kb.microsoft.com,kb\AD_Lookup,LookUp2009 –url https://sharepoint.technet.microsoft.com
Please note this is an entirely hypothetical example, so don’t think of trying the links or usernames!
Fianlly, though this generally isn’t mentioned in most of the other guides, you need to reset IIS before SharePoint will pick up the changes. As always, I prefer the noforce option, just in case.
issreset -noforce
You should now see all of the available people from the domains you’ve selected in the people picker!
No comments:
Post a Comment