So you have successfully imported all the AD users into MOSS and can search them fine, now you have a problem where you are not able to see all of these users in the people-picker.
One of the main causes of this is that when you specified the AD connection, you were required to use a separate account as the farm account did not have access to traverse the relevant AD forest / domain.
Another reason this can happen is that your MOSS servers belong to a separate domain as the AD user domain.
You would think that the people-picker would use the user profile store / use the same account specified in the AD connection, well it actually uses the farm account to connect to AD. You may often see only some users and this is because those users exist in the same domain as the MOSS server.
Don't panic! This is actually quite easy to fix with a standard stsadm command, be aware though that you will need to execute this on every WFE in the farm AND for each web application.
INSTRUCTIONS:
If the AD domain has a 1-way trust and you need to specify a username and password, execute the following commands on every server in the farm:
- stsadm –o setapppassword –password MyPassword (ensure you use the same password for each server you execute this command on!)
- On every WFE in the farm execute the following command to instruct the people-picker to use the corret AD domain:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:YourDomain.com,domain\user,password –url relevant web application (you need to run this for each web application, if you do not run this on the WFE you will see a “callback error” in the people-picker)
Note: you can specify mulitple domains to lookup as well, just encapsulate the domain names in quotation marks and seperate them with a semi-colon (-pv “YourDomain1.com;YourDomain2.com”,domain\username,password)
If the AD domain has a 2-way trust you do not need to run the stsadm –o setapppassword command, just execute this one:
- stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:YourDomain.com,domain\user,password –url relevant web application (you need to run this for each web application, if you do not run this on the WFE you will see a “callback error” in the people-picker)
RESET :)
If you need to reset the people-picker back to normal, just execute this command:
- stsadm -o setproperty -pn peoplepicker-searchadforests –pv (don’t specify anything here) –url relevant web application (you need to run this for each web application, if you do not run this on the WFE you will see a “callback error” in the people-picker)
Hope this helps anyone out there.
Doug “bob-the-builder” McCusker