Unable to find users with peoplepicker accept those within site collections
We have been dealing with this issue for over 3 weeks.Littlebit about our environment.1. We have two way trust between 3 domains one of which is the host domain Moss 2007 SP2.2. Our people picker tool stopped finding users from the domains about three weeks ago accept for the host domain and another domain2, recently it was unable to find users from domain 3.3. We can import profiles from all three domains with no errors.4. Our pools and sites are running under credentials that also run the imports.5. Yet for some reason the site collections cannot find any users unless they have been added to the site collection, which is a parodox now because we cannot add anymore users to our site collections becausepeoplepicker cannot find them.We have run every command in the book like.stsadm -o getproperty -pn peoplepicker-activedirectorysearchtimeoutGives a <Property Exist="No" />stsadm -o setproperty -pn peoplepicker-activedirectorysearchtimeout -pv 30Missing operation name or the operation name is invalid.These all give us <Property Exist="No" />peoplepicker-activedirectorysearchtimeoutpeoplepicker-onlysearchwithinsitecollectionpeoplepicker-serviceaccountdirectorypathsWe don't have a clue we have verified the domain trusts and user accounts over and over again finding no issuesAny one an idea?
October 28th, 2009 9:49pm

Did you include the -url parameter on the stsadm command?Display it:stsadm -o getproperty -pn peoplepicker-onlysearchwithinsitecollection-url http://server/siteTurn it off:stsadm -o setproperty -pn peoplepicker-onlysearchwithinsitecollection -pv no -url http://server/site
Free Windows Admin Tool Kit Click here and download it now
November 6th, 2009 11:37pm

Sorry for late response.We have had this problem now where peoplepicker finds only certain people in a domain even though they show up in the profile database.Their is a two way trust between all domains.Profile Import works correctly for all domains.Search has indexed all sites with no errors.Yet people picker will not find all users when you search for them, not even mine from the one particular domain.If I specifiy just the domain like domain\ it will pull 40 or 50 users then nothing.We have over 107,000 users in this one domain and I have tried everything.Rebuilt SSPcreated new webappsimported and reimported usersreset crawled data and reindexedchecked all ports to the domain controllers.Nothing is wrong it seems just won't pull the userswe have synced from command lineVerified all trustsNEED HELP BADLY A MOB IS FORMING.
January 8th, 2010 10:12pm

Hi,Let us say that you have one domain names "Domain1' where you have installed your MOSS2007 and when you use people picker inside MOSS, you will see that you are able to get the values for Domain1. Even if you have Domain2 also.Here we need to make a new import connection for the Domain2 and from there we need to import user profile.You need to follow following steps to accomplish this:(1) You need to open SSP(Shared Service provider)(2) Click on User Profiles and Properties(3) Click on View Import Connections(4) Create New Connection(5) Add the following entries , also shown in figure belowDomain Name :Domain2Select auto discover domain controller option (as radio button)Search Base : DC=Domain2 (If you have multiple domain then seperate with comma(,)Start Full Import option.Please try this and let us knowBest Regards, Ammar MCT
Free Windows Admin Tool Kit Click here and download it now
January 8th, 2010 10:30pm

Hello - my company is having the same problem since we moved our moss07 farm (non sp1) to a different yet trusted domain. Before we moved, peoplepicker found users in all trusted domains - about 10. Since we moved to one of the trusted domains, we are unable to find some users no matter how the search is formatted. New farm is SP2.both farms are the same configuration.2 ways trusts are in place from the new domain to all other domains.profile imports are successful for all domains - over 87k profiles.Does anyone know the technical details of the peoplepicker process as it communcates through the domain controller to trusted domains AD forest?Thanks. Joe
January 8th, 2010 10:54pm

Rickster M:Please don't propose your own replies as answers. That isn't helpful.By all means propose the good answers of *other people*. That is helpful - but not proposing your own.(Moderator)FAQ sites: (SP 2010) http://wssv4faq.mindsharp.com; (v3) http://wssv3faq.mindsharp.com and (WSS 2.0) http://wssv2faq.mindsharp.com Complete Book Lists (incl. foreign language) on each site.
Free Windows Admin Tool Kit Click here and download it now
January 9th, 2010 1:42pm

This is not the issue all import work correctly, we also cannot use autodiscover on the one domain because they have servers we cannot access from our side of the network and they are using DNS Round Robin.This was found while dealing with this issue.What we did to fix this issue was create an alternate dns entry and pointed it to the servers we can access so we would only hit what was accessible.Then we applied the new dns entry as the domain controller and the connection name and walla it imports only from them then we added all servers into the server host files.We did find out however that if the user attempts login they will successfully sign in then the admin can add the actual user name to the site they need.It's extremely weird and should not work this wasy yet it is.This problem only affects one domain that has a two way trust and inports correctly.
January 11th, 2010 6:11pm

Who are you speaking to?I myself have the issue and have been posting everything we found while working this issue.
Free Windows Admin Tool Kit Click here and download it now
January 11th, 2010 6:13pm

Any updates?
January 12th, 2010 11:16pm

Found a work around for now.Try having the user login even though they get the access denied they have still signed in.Then try adding the user.We are still researching and troubleshooting this issue If I find something more I will update this thread.
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2010 11:51pm

Thanks we are testing getting them to do that here.***Subnote:I did come up with tidbit (mind you we are only using a single Forest and single domain).Looking in the WSS logs ther ewas an error in the logs as below:Where the Sharepoint is spiting errors on trying to resolve name to the GLOBAL CATALOG SERVERNot sure if this helps any but just a bit more info.***Medium Error in resolving user 'USERID' : System.ComponentModel.Win32Exception: Unable to contact the global catalog server at Microsoft.SharePoint.Utilities.SPActiveDirectoryDomain.GetDirectorySearcher() at Microsoft.SharePoint.WebControls.PeopleEditor.SearchFromGC(SPActiveDirectoryDomain domain, String strFilter, String[] rgstrProp, Int32 nTimeout, Int32 nSizeLimit, SPUserCollection spUsers, ArrayList& rgResults) at Microsoft.SharePoint.Utilities.SPUserUtility.ResolveAgainstAD(String input, Boolean inputIsEmailOnly, SPActiveDirectoryDomain globalCatalog, SPPrincipalType scopes, SPUserCollection usersContainer, TimeSpan searchTimeout, String customFilter) at Microsoft.SharePoint.Utilities.SPActiveDirectoryPrincipalResolver.ResolvePrincipal(String input, Boolean inputIsEmailOnly,...****
January 13th, 2010 3:50pm

You may want to check the credentials of the Service account for the IIS Application Pool that is running the Sharepoint Web Service (under the IIS)~~~The work around dose work. (in our case something had happened to the account that was running the SharePoint Application Pool). We had the IIS Applicatoin Pool running as a Local account, once we recreated the matching account in the AD User. Verify that the user account that is running the pool, can see the domain and login the domain.Our Search in People Picker worked and also was pulling all data over not just the user account.Just something to check into.Adam
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2010 9:46pm

I think you need to run the stsadm command:stsadm -o setproperty -pn peoplepicker-searchadforestsJoel Oleson has a great article on all the people picker properties located here:http://blogs.msdn.com/joelo/archive/2007/01/18/multi-forest-cross-forest-people-picker-peoplepicker-searchadcustomquery.aspxJeff DeVerter, MCSERackspaceblog:http://www.social-point.comtwitter: http://www.twitter.com/jdeverter
January 14th, 2010 9:58pm

We have already run these commands with no errors.It is funny its like something is broken in the link to the profile database.We can add users only after they have tried to sign in then we can find at least some by last name and sometimes by user id.We have verified app pool credentials and the sql server no errors found it just will not find the users unless they are in the sites groups.We have verified there is no property value for it to only read the site collections as well.
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2010 10:11pm

Quicj updateWe still have not found the issue causing this but we have also found that some sites the users from the affected domain can login to a site but will have no rights and the user is still not found with peoplepicker.At this point we are actually considering dumping Sharepoint because we cannot correct this issue on any of our 120 plus sites.We also cannot find users from this domain on the central admin server.
January 22nd, 2010 10:53pm

I am having exactly the same issue as you, but found the following workaround - Add the user’s full “Account” name e.g. “Domain\username” into the “users/Groups” box and then click on the “check name” tick (for some reason SharePoint verifies the user if you do this) you might need to do a full search crawl to retrieve the users full details i.e. first name etc .. This is not the perfect solution but has bought me some extra time to find a permanent solution I hope that works for you
Free Windows Admin Tool Kit Click here and download it now
February 4th, 2010 9:19am

I had to open a case with MS. We did not id a root cause, but we did find a solution.We had to set the peoplepicker property -searchadforests to include every domain we already had 2-way trusts with. Once we did that, searching pulled results from all trusted domains on even only partially complete names.We have never had to set this before but it fixed the issue.Joe
February 5th, 2010 5:53am

Hi Joe, I've installed SF 2010 and is experiencing the same issue as you mentioned. We can only add users after they have signed in. Did you get a reply from MS? Sherry
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2010 7:18pm

Hello You have to use the following command to make people picker search through the domains you specify in the command for the particular site stsadm -o setproperty -propertyname peoplepicker-searchadforests -propertyvalue <valid list of forests or domains> [-url] <URL> Mohamed Hachem ;) CheersMomo
August 23rd, 2010 11:05pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics