Today a customer asked me how to add the Active Directory “Domain Users” group from DomainB into a SharePoint Group hosted on a DomainA as described below:
When we try to add the AD “Domain Users” group from “DomainB” into SharePoint “Visitors” group or any other, we are not able to retrieve the correct “domain\group” as described below:
So, to solve this problem, we had to execute the command related with “Peoplepicker-searchadforests” (http://technet.microsoft.com/en-us/library/f3988343-c57a-4f92-b523-682b7a5e9aa8(office.12).aspx).
As our environment is configured with two-way trust, it should suffice to run the following commands:
1) stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:domainA.local;forest:domainB.local" -url http://webapp.domainA.local
2) stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:domainA.local;forest:domainB.local" -url http://centraladminURL
The first command, is related to web application that we are trying to add the AD group from other domain and the second, is related to SharePoint Central Administration that will allow you to resolve names when adding a web application user policy for users from a trusted domain.
If you want all web applications to behave the same way, you should to run the first command for each web application.
I hope this information could be useful for you guys.
No comments:
Post a Comment