locked
People Picker Multiple Entries Matched RRS feed

  • Question

  • Hi All ,

    This is the scenario:

    1) We have a 2 WFE Sharepoint environment on our domain i.e. domain1 and a 1-way domain trust to a domain2.

    2) After setting the trust relation I was able to run a full profile import and I have all of the profiles from domain2 in the SSP showing as domain2.nt\usernames .

    3) I setup people picker by running on each WFE:

        stsadm -o setapppassword -password appkey

         stsadm -o setproperty -pn peoplepicker-searchadforests -url http://webapp url-pv domain:"domain2.com", domain2\account,pwd

    4) After seting up people picker I was able to resolve domain2 user names but when tryng to add a user to a group it added the user name with a red line below and below it says "No Exact Match was found" if I move the mous over the name I see a message saying: "Multiple entries matched, please click here to resolve"If I click under the name it does resolve the name but as soon as I hit ok it returns the same message again.

    5) I was investigating and on domain 2 side they use domain2.com\username but they have some BIOS names ie. domain2.nt\username and domain2\username so I made a test and I tried to put each of these:

    domain2.com\username

    domain2.nt\username

    domain2\username

    username (plain)

    in the people picker GUI and all of these resolve for the same person so I believe this is why People picker says that multiple entries matched ?

    6) I tried using a custom filter:

    stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "(userPrincipalName=*domain2.nt)" -url <web-application-URL or Site collection URL>

    tryng to force to only choose domain2.t\usernames but it gives the same error.

    7) I tried adding  a user with stsadm:

    stsadm -o adduser -url http://webapp -use
    rlogin domain2.nt\username6 -useremail user@domain2.com -group "owners" -username "test user"

    and this command works, after that I see the user added in the owners group and if I try to add this user on a different group it doesnt give me a error message no more.

    I was wondering of any of you have any idea on what could be wrong? my guess is that something is wrong  on AD but not 100% sure... there are around 11,000 profiles and I dont want to run or built a scritpt a stsadm to add every single user to a group to avoid this issue. 

    if any of you have any suggestions please let me know

    thanks & regards

    Monday, October 22, 2012 5:18 PM

Answers

  • Hi Pratik Vyas,

    I resolved this issue already, the problem was the the doman2 was a forest and not a domain so instead of using:

    stsadm -o setproperty -pn peoplepicker-searchadforests -url http://webapp url-pv "domain:domain2.com, domain2\account,pwd"

     

    stsadm -o setproperty -pn PeoplePicker-SearchADForests -pv "forest:domain2.com,domain2.com\account,pwd" -url http://web app

    Thanks for your response :)


    Luis Herrera

    • Marked as answer by Luis Herrera Tuesday, October 23, 2012 2:34 PM
    Tuesday, October 23, 2012 2:34 PM

All replies

  • Hey Luis,

    Please check the property again using stsadm getproperty command

    Run following commands and let us know results

    stsadm -o getproperty -pn peoplepicker-distributionlistsearchdomains
    stsadm -o getproperty -pn peoplepicker-activedirectorysearchtimeout
    stsadm -o getproperty -pn peoplepicker-onlysearchwithinsitecollection
    stsadm -o getproperty -pn peoplepicker-searchadcustomquery
    stsadm -o getproperty -pn peoplepicker-searchadforests
    stsadm -o getproperty -pn peoplepicker-serviceaccountdirectorypaths
    stsadm -o getproperty -pn peoplepicker-searchadcustomfilter


    I suspect in domain 2 BIOS name? Why it resolves name if you enter 

    domain2.com\username
    domain2.nt\username
    domain2\username
    username (plain)

    It should resolves the name for one instance, can you check this with AD team?



    Warm Regards, Pratik Vyas | SharePoint Consultant | http://sharepointpratik.blogspot.com/ | Posting is provided "AS IS" with no warranties, and confers no rights

    Tuesday, October 23, 2012 3:39 AM
  • Hi Pratik Vyas,

    I resolved this issue already, the problem was the the doman2 was a forest and not a domain so instead of using:

    stsadm -o setproperty -pn peoplepicker-searchadforests -url http://webapp url-pv "domain:domain2.com, domain2\account,pwd"

     

    stsadm -o setproperty -pn PeoplePicker-SearchADForests -pv "forest:domain2.com,domain2.com\account,pwd" -url http://web app

    Thanks for your response :)


    Luis Herrera

    • Marked as answer by Luis Herrera Tuesday, October 23, 2012 2:34 PM
    Tuesday, October 23, 2012 2:34 PM