In our environment we have trust between a test environment and our production environment. This allows test account IDs (which were created for everyone without thier knowledge) to be among the possibilities when users click the check names button when they are assigning permissions to other users to their sites or lists in SharePoint. This has become a problem because for example when I enter John Doe - SharePoint is saying "Oh hey I know that guy!" and it grabs the first account for him that it finds which in some cases is one of these test accounts. It then underlines the name as usual and the user thinks "Cool, got him" and they press the ok button and think they have granted users permission successfully. Of course when the user tries to acces this site, they find that they DO NOT have access because they are not signed into a test account. Is there a way to deny SharePoint from accessing this test domain when it is trusted within the organization in general?

Hi, I would suggest you to not to import test IDs in your production environment. Configure your profile import and use the domains you want to provide access.The connections should have to be created in such a way that it should exclude the test domain accounts. I hope this will help you out. Thanks, Rahul Rashu

Hi Lalewicz, Rashu is right, we need to make sure that the “import connections” in User Profile and Properties doesn’t include the test domain. For more information about Configure connections to Profile Services, Configure profile import, please refer to: http://technet.microsoft.com/en-us/library/cc263320(office.12).aspx http://technet.microsoft.com/en-us/library/cc263382(office.12).aspx Xue-Mei Chang

Thank you for your response. However to me it has raised more questions than it has answered. Question #1 - I guess I never realized that you could specify an Active Directory, Active Directory Resource, or an LDAP connection for the SSP. What would be the difference between the results of the three? Question #2 - We have currently got Active Directory as our connection and since we are not using an LDAP connection here, I am thinking it makes no difference to us if the company moves to LDAPS - our SSP should continue working as it has when they change over. Is this true? Question #3 - I still see no way to avert the disaster of the fully trusted test domain in any of the setting s available in this area. It is my understanding that even if we had no SSP set up, the name checker would still work in SharePoint (and still return the infernal test account) Is this true? If so is there some place else this can be adjusted outside of the SSP?

I am having the same issue in 2010, the User Profile import has no affect on the people picker finding users in another trusted domain. How does one filter this out?