Thursday, October 17, 2013

SharePoint 2010: People picker not resolving all users from other domains with one-way trust

In a SharePoint environment in which you have a one-way trust domain configuration, you discover that the people picker is not resolving all users from other domains as needed.

Here is the fix:

1) On every server in the SharePoint farm, set an encryption key.



2) Clear the existing peoplepicker-searchadforests property for the web application.



3) Set the new peoplepicker-searchadforests property for the web application. The key point here is to add all domains that need to be available in the people picker within the same command.

Format:



Example:



Notes:

- The service account should have Read permissions for each domain, and the service account credentials should be the same for all instances listed in the command.
- In the example above, the third domain (uk.corp.com) is a child domain under corp.com. As you can see, there is no need to add another forest instance if it is a child domain.

Repeat steps 2 and 3 for each web application as needed.