Restrict people picker to get users from a particular domain.

 

We had a request from client to allow to pick up users in a people picker on a site from particular domain

Let me elaborate the SharePoint environment involved here

The SharePoint farm is on a domain say Contoso.  The client has another domain say Talespin.  There is 2 way trust relationship between Contoso and Talespin.

The SharePoint farm and machine is joined to Contoso.  Now for a particular site the client wants to be able to search and pick users from Talespin and not Contoso.

It took a long time for us to finally nail it.  Some of the commands available on net were working with resolving users but not with search on people picker.

Here are the commands that worked

$wa = Get-SPWebApplication -Identity https://webapp

#List the Domains
$wa.PeoplePickerSettings.SearchActiveDirectoryDomains 

#Below script will add domain to Search of people picker $wa = Get-SPWebApplication -Identity https://webapp $ad = New-Object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
$ad.DomainName = "Talespin.local"
$ad.IsForest = $true
$wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($ad)
$wa.Update()  

stsadm -o setproperty -url https://webapp -pn peoplepicker-distributionlistsearchdomains -pv Talespin.local

#This will restrict people picker to resolve and search only from Talespin stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "(&(userPrincipalName=*Talespin.local)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" -url https://siteurl