The following STSADM command will allow the People Picker to search for users in a situation where you have a one-way trust between domains. This is especially useful if you're load testing your QA domain.
This command is all in one string. Run this after you create a credential key. Do that by entering this:
stsadm -o setapppassword -password <password>
STSADM.exe -o
setproperty -pn
peoplepicker-searchadforests -pv "forest:QAFOREST.somecompany.com,AD\service-somesvcacct,thataccountpw;
domain:ADFOREST.somecompany.com,AD\service-somesvcacct,thataccountpw" -url http://qa.somecompany.com
Explanations:
The service account used is the service account from the primary domain. So in a one-way scenario, QA will trust it.
Once you run it, you can run the following to verify the setting was applied:
stsadm.exe -o getproperty -pn peoplepicker-searchadforests -url http://qa.somecompany.com
If you need to clear the property, you can run this:
stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv "" -url http://qa.somecompany.com
Hope this helps someone.
No comments:
Post a Comment