Sharepoint 2010, People Picker (peoplepicker-searchadforests), 1 way Active Directory trust …. process monitor to the rescue!

If you run Sharepoint 2010 in one forest, users in another forest and a 1-way forest in-place.  There is some additional configuration needed in Sharepoint 2010.  I included links below that discuss the details.  My post is not to be in-depth how to setup, rather share a tidbit not discussed in documentation (not that I could find).  Thanks to a smart co-worker and process monitor, it was found there is a registry entry, the application pool needs READ access.  You can either manually grant permissions on the server or add registry permission in AD Group Policy.  Hope this helps.


People Picker overview (SharePoint Server 2010)
http://technet.microsoft.com/en-us/library/gg602068.aspx


Configure People Picker (SharePoint Server 2010)
http://technet.microsoft.com/en-us/library/gg602075(d=lightweight).aspx


Peoplepicker-searchadforests: Stsadm property (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263460.aspx


Application Pool needs read access
MACHINESOFTWAREMicrosoftShared ToolsWeb Server Extensions14.0Secure


Multi Forest/Cross Forest People Picker
http://blogs.msdn.com/b/joelo/archive/2007/01/18/multi-forest-cross-forest-people-picker-peoplepicker-searchadcustomquery.aspx


Process Monitor
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx


Steve Schofield
Microsoft MVP – IIS

One thought on “Sharepoint 2010, People Picker (peoplepicker-searchadforests), 1 way Active Directory trust …. process monitor to the rescue!

  1. As it turns out, the application pool account gets its read-permissions on the given registry key by being a member of the local WSS_WPG group and therefore there’s no need to explicitly give these permissions manually or by group policy.

Comments are closed.