Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2137
  • Last Modified:

SharePoint People Picker over External Two Way Trust

Experts:

Here is the situation: I have Domain A and Domain B.  The two have a two way, domain wide trust relationship.  I have a SharePoint server in each domain, we'll call them SP Server A in Domain A and SP Server B in Domain B.

SP Server A is running SP 2010 on Win 2K8 R2 in a Win 2K8 R2 AD environment (Domain A).

SP Server B us running SP 2007 on Win 2K3 in a Win2K3 AD environment (Domain B).

I can add users from Domain A or B to SP Server A with no issues.  I can add users from Domain A or B to *files and folders* on SP Server B with no issues.  But, I *cannot* add users from Domain A to any of the SharePoint permissions groups on any web applications on SP Server B.

The Server B people picker simply doesn't see anyone from Domain A.  I have tried multiple times to run:

stsadm.exe -o setproperty -url http://domain1.example.com:80 -pn “peoplepicker-searchadforests” -pv “domain:domain1.example.com,domain1\LoginName, P@ssword; domain:domain2.example.com,domain2\LoginName, P@ssword; domain:domain3.example.com,domain3\LoginName, P@ssword“

And it always reports back succesful, but no matter what I put in those fields, it has no effect on what the names that the people picker pulls (it always only sees people from Domain B).

I have been able to add users from Domain A to a security group in Domain B, then add that security group to SP Server B.  It takes the group, but am I still unable to access any sites on SP Server B using credentials from users in Domain A.

What am I doing wrong?  It seems like every little thing is in its place and yet my older SP web application won't recognize that the other domain exists, even though the server itself (that is, Windows) sees it just fine.

Thanks,
Matt
0
mhentrich
Asked:
mhentrich
  • 4
  • 3
1 Solution
 
Justin SmithSr. System EngineerCommented:
Since you have a two way trust, you shouldn't have to set the AppPassword.  So my advice would be to go ahead and specify the Forest names as well.  Also, you don't need to specify a user/password for the local forest and domain names.

stsadm -o setproperty -pn peoplepicker-searchadforests -pv forest:remoteforest.int,remote\user,password;forest:localforest.int;domain:remotedomain.int,remote\user,password;domain:localdomain.int -url http://sharepointurl
0
 
Justin SmithSr. System EngineerCommented:
i'm curious.....when you deployed SharePoint server B....did you run that stsadm command right away?  Or did you try to add people before running it?  SharePoint should be able to see all two way trusts by default.  Wondering if running the command threw it off.
0
 
Justin SmithSr. System EngineerCommented:
The more I think about this.....even my script isn't right.  You shouldn't have to designate user/passwords for the remote domain since there is a two way trust.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
mhentrichAuthor Commented:
Achilles,

Thanks, I agree that I shouldn't have to.  It's odd, I can put username/passwords in or leave them out, the command still completes succesfully, but has no impact on the people picker.

I ran the getproperty command against SP Server A (the one that sees both domains) and it returns "Property Exist=No".  So, I didn't even have to run this command or set any such properties on that server and it works fine.  Server B, however, doesn't work no matter what I do.  Any ideas?

Matt
0
 
mhentrichAuthor Commented:
Quick note though: the first time I ran this command on Server B, it DID make me set an app password.  I have no idea why, because the trust it two-way and each SP server is standalone (i.e. not part of a larger farm).
0
 
mhentrichAuthor Commented:
Folks,

Since I got no solid answers here, I resorted to calling MS themselves.  A gentleman there instructed me to set up a Forest Trust instead of an External Trust.  That did not solve the People Picker issue but it did allow me to add users from the one domain to the other.

Thanks anyways,
Matt
0
 
mhentrichAuthor Commented:
Nobody else answered it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now