Have you experienced problems with People Picker taking too long to find a user? Almost a minute or may be more. Does your SharePoint Environment functions with multiple domains?
One of the reasons for sluggish behavior of people picker is the People Picker property called “SearchActiveDirectoryDomains” which usually scopes the entire AD with its sub trees and trusted AD’s while searching for the users account.
$webapp = Get-SPWebApplication < Web Application URL >
In order to fix this problem we can configure People Picker to search through particular domains (in 2 way trusted) using below STSADM commands.
Get People Picker SearchADForest values
Stsadm -o getproperty -pn peoplepicker-searchadforests -url “https://SharePoint.com”
Clear People Picker SearchADForest values if exist
Stsadm -o setproperty -pn peoplepicker-searchadforests -pv “” -url “https://SharePoint.com”
Choosing a Global Software Development Partner to Accelerate Your Digital Strategy
To be successful and outpace the competition, you need a software development partner that excels in exactly the type of digital projects you are now faced with accelerating, and in the most cost effective and optimized way possible.
Set People Picker SearchADForest domains. For e.g. “Italy.mydomain.com” & “Hungary.mydomain.com”
stsadm -o setproperty -pn peoplepicker-searchadforests -pv “domain:Hungary.mydomain.com;domain:Italy.mydomain.com” -url “https://SharePoint.com”
The people picker query uses the application pool account to search the target domains. In case they do not have permissions on the target domain, we can also specify other accounts which have permissions using the below command.
stsadm -o setproperty -pn peoplepicker-searchadforests -pv “domain:Hungary.MyDomain.com,domain\user,password;domain:Italy.MyDomain.com,domain\user,password” –url “https://Sharepoint.com”
The above command needs to be run on every WFE for People Picker to start targetting correct AD domains.
However if AD domain has 1-way trust we need to addtionally configure a Secure Store before trying to scope people picker to perticular domains. Inorder to accomplish this we need to run a SetAppPassword command on all the SharePoint WFE’s.
stsadm -o setapppassword -password
When we run SetAppPassword, it creates the following registry value:
HKEY_Local_Machine\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure
AppCredentialKey : REG_BINARY
AppCredentialKey is used to send encrypted and decrypted information to the PeoplePicker-SearchADForests. It should therefore be same across all the sharepoint servers and should be run on every sharepoint WFE using the same password.