Sharepoint Active Directory Problem

Question

I'm currently testing some things in SharePoint (Trial/Developer mode).

Current setup: SharePoint 2013 Server Domain Controller with 2008 R2 (Active Directory).

I've configured the SharePoint option "Active Directory Import" with the idea that i could add users or groups to my sites. So for example my SharePoint Editors security group can edit things at one specific site. Unfortunately i cant find any active directory users at all.

When i'm at: Application Management > Manage service applications > User Profile Service Application > Manage User Profiles | I CAN find the active directory users here. I also can find the Security Groups at if i want to add a SharePoint Audience

but i can't add them when i'm at:

Site Settings > Site Permissions or People Groups.

I really want to add my security group to a specific SharePoint group or just a security group directly added to SharePoint so i can give specific policies to the groups.

Answer 1

You need to add users to the group via the People Picker to individual Site Collections. You can do this by navigating to a SharePoint Group and selecting New from the menu, or add them directly to items by using the Share interface.

---

Trevor Seward

        

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Answer 2

That's the point, i can't find them when im trying to add them into a group. I can only find them when im at

Application Management > Manage service applications > User Profile Service Application > Manage User Profiles

When im searching at my domain name i can find all the users, but when im at a site collection > people and groups > New group, i cant find them anymore. 

UPDATE: Found the same problem over here : http://sharepoint.stackexchange.com/questions/63214/sharepoint-2013-ad-users-not-found-on-people-user-picker-but-they-shows-up-onl

Issue isn't resolved yet!

Answer 3

As noted in that post, it isn't related to UPA at all. Is this SharePoint server also a Domain Controller (I can't tell from your original post)? That would complicate things.

What you can try is set the verbosity of the ULS log to VerboseEx:

Set-SPLogLevel -TraceSeverity VerboseEx

Once you do that, attempt to look for a valid user via the People Picker on one of your Site Collections. Immediately after it does not return a result, run:

Clear-SPLogLevel

Then what you'll need to do is find the entries for the People Picker search within the ULS logs (a hint would be to look for entries with URLs of your Site Collection). This may help identify the issue you're experiencing.

---

Trevor Seward

        

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Answer 4

What level of permission does the account you are using on the site collection have? 

Answer 5

What level of permission does the account you are using on the site collection have? 

If you can get to the People Picker, it won't matter.

---

Trevor Seward

        

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Answer 6

To work correctly, people picker need the following ports open between the SharePoint servers and the Domain Controllers:

TCP/UDP 135, 137, 138, 139 (RPC)   
TCP/UDP 389 by default, customizable (LDAP)    
TCP 636 by default, customizable (LDAP SSL)    
TCP 3268 (LDAP GC)    
TCP 3269 (LDAP GC SSL)
TCP/UDP 53 (DNS)    
TCP/UDP 88 (Kerberos)    
TCP/UDP 445 (Directory Services)    

---

Regards,
Marco Alves
SharePoint Infrastructure Consultant

LinkedIn:

Note: This post is offered "as is" and reflects my opinion on this specific thread. It confers no rights. It does not necessarily represent my employer's opinion.

Answer 7

No, i've got one server that runs Sharepoint and one server that runs the domain controller. 

I've set the installer up to Standalone. Then i've used the Configuration Wizard (no errors showed up). After that I started the Central Administration console, i've logged in with the Domain Administrator. I've set up a User Profile Connection with Active Directory Import. After that i've started "Start Profile Syncronisation". I can actually see that the 3 profiles are imported. And i can find them when im at "Manage User Profiles". 

Do i miss something? Still cant find the people in my site permissions. (Share site with other people). 

Answer 8

For your interest, im using the Domain Administrator, this account does have  Replicating Directory Permissions.

Answer 9

Didn't resolve my issue!

Answer 10

Standalone installs don't support the UPS. You will have to do a re-build using the full installer to get UPS to work.

Answer 11

I think we're deviating from the issue. People picker doesn't need UPS set up to work.

---

Regards,
Marco Alves
SharePoint Infrastructure Consultant

LinkedIn:

Please "Mark As Answer" if my post solves your problem or "Vote As Helpful" if the post has been helpful to you. - This will encourage me and others to keep helping you :)

Note: This post is offered "as is" and reflects my opinion on this specific thread. It confers no rights. It does not necessarily represent my employer's opinion.

Answer 12

If you run the following command from sharepoint powershell:

get-spwebapplication | select -expandproperty peoplepickersettings

Find the setting:

Peopleeditoronlyresolvewithinsitecollection

What is it set to for the site collection having the issue?

If it is true, that is the issue.

If it is false, then can you provide the properties. It might give an indication of the isse.