Peoplepicker-searchadforests: Stsadm property (Office SharePoint Server)

Updated: July 8, 2010

Applies To: Office SharePoint Server 2007

Updated: 2010-07-08

Permits a user to search from a second one-way trusted forest or domain.

All servers in a farm need to be within one domain. Users in the forest that the server is in (that is, a resource forest) are displayed automatically. Forests that have at least a one-way trust to that forest can be searched for users to add.

When a Web application uses Windows authentication, People Picker searches all two-way trusted forests and all two-way trusted domains. However, if you want to search from a one-way trusted forest or a one-way trusted domain, you must run the setapppassword operation, and then run the peoplepicker-searchadforests property.

The peoplepicker-searchadforests property allows you to search multiple values when users are selected. You also can add multiple forests, domains, accounts, and even specific property searches.

Note:
By default, Microsoft Office SharePoint Server 2007 talks to the domain controller for the domain in which Office SharePoint Server 2007 was installed and all trusted domains for two-way trusted domains.

Syntax

The syntax for the setproperty operation is:

stsadm -o setproperty

-propertyname peoplepicker-searchadforests

-propertyvalue <valid list of forests or domains>

[-url] <URL>

The syntax for the getproperty operation is:

stsadm -o getproperty

propertyname peoplepicker-searchadforests

[-url] <URL>

Note:
You can substitute -pn for -propertyname and -pv for -propertyvalue.

Values

The following table shows possible values.

Name

Value

propertyname

Gets or sets the name of the property.

propertyvalue

A valid list of forests or domains. The format of the list of forests or domains value includes the following:

forest:DnsName,LoginName,Password

domain:DnsName,LoginName,Password

Note:

If Password is used, you need to run stsadm –o setapppassword -password <SomeKey> on every front-end Web server first. The <SomeKey> could be any string, and is used as the key to encrypt the password in the domain:DnsName,LoginName,Password or forest:DnsName,LoginName,Password and store the encrypted password in the database.

However, if the domains or forests are trusted, it is not necessary to pass in the login name or password. The following format is used: forest:DnsName or domain:DnsName.

url

Typically, a path to the URL of the Web application, in the form http://server_name.

Examples

Search additional domains or forests

To enumerate a list of users by using People Picker from a second forest or domain, use the following syntax:

stsadm –o setproperty –pn peoplepicker-searchadforests –pv <list of forests or domains> -url <WebApp>

Specify user account and password from a one way trust

To specify the user name and password from a one-way trust, so that People Picker can look up this information, use the following syntax:

stsadm -o setproperty -url http://<server:port> -pn peoplepicker-searchadforests -pv "forest:contoso.corp.com, <LoginName>,<Password>;domain:bar.contoso.corp.com, <LoginName>,<Password>"

Related properties and operations

You can include additional users and groups from multiple forests. For more information about how to select and add users, see Select users from multiple forest domains¹ and Add users from multiple forest domains².

Links Table

¹http://technet.microsoft.com/en-us/library/cc262051.aspx

²http://technet.microsoft.com/en-us/library/cc263247.aspx

Community Content Add

FAQ

Need to specify forest and domain separately

According to the examples in this article I could use this syntax to only specify username/password once for both forest and domain.
stsadm -o setproperty -url http://<server:port> -pn peoplepicker-searchadforests -pv "forest:contoso.corp.com;domain:bar.contoso.corp.com", <LoginName>, <Password>

However even though people picker browsing worked with this syntax I was still getting the my site issues. (Ie could not create my sites due to person not found errors)
To get correct operation I needed this syntax:
stsadm -o setproperty -url http://<server:port> -pn peoplepicker-searchadforests -pv "forest:contoso.corp.com", <LoginName>, <Password>;domain:bar.contoso.corp.com", <LoginName>, <Password>

That is need to include username / password separately for forest and domain entries.

History

8/26/2010
John Hildebrandt

Error in params - seebelow

To get this to work properly you must speficy both the forest AND domain PLUS specify username / password separately for each.
see below:
stsadm -o setproperty -url http://<server:port> -pn peoplepicker-searchadforests -pv "forest:contoso.corp.com", <LoginName>, <Password>;domain:bar.contoso.corp.com", <LoginName>, <Password>

History

6/9/2010
Aaron Saikovski

How can this be unset?

Is it possible to unset this command after setting it? I've tried

stsadm.exe -o setproperty -pn "peoplepicker-searchadforests" -pv ""

Which results in:

<Property Exist="Yes" Value="" />

I was hoping to see the default:

<Property Exist="No" />

HI
i have test this scenari and you should run the command in the following way
stsadm.exe -o setproperty -pn "peoplepicker-searchadforests" -pv "" -url http://yourURL

cheers,

History

8/14/2009
Gazz1e

4/14/2010
MIguel Godinho

Not able to find all the users

When I set this property for our domain, I can't find all of our users. It isn't looking at all of the ou's in the domain or something. I still haven't found a way to get this to work. We belong to a forest and I only want people to add users in our domain.

History

1/5/2010
Sherry Fackler

Unsetting this Value

I was able to unset this value and see the default value <Property Exist="No"/> using the following command:

setsadm -o setproperty -pn peoplepicker-searchadforests -pv -url http://yoursite:yourport

NOTE: there are two spaces after -pv...the spot where the value would be entered is empty.

History

8/24/2009
Ramseyjacob