Skip to main content


Slow People Picker in SharePoint

Have you experienced problems with People Picker taking too long to find a user? Almost a minute or may be more. Does your SharePoint Environment functions with multiple domains?
One of the reasons for sluggish behavior of people picker is the People Picker property called “SearchActiveDirectoryDomains” which usually scopes the entire AD with its sub trees and trusted AD’s while searching for the users account.
$webapp = Get-SPWebApplication < Web Application URL >


In order to fix this problem we can configure People Picker to search through particular domains (in 2 way trusted) using below STSADM commands.

Get People Picker SearchADForest values
Stsadm -o getproperty -pn peoplepicker-searchadforests -url “”

Clear People Picker SearchADForest values if exist
Stsadm -o setproperty -pn peoplepicker-searchadforests -pv “” -url “”

Set People Picker SearchADForest domains. For e.g. “” & “”
stsadm -o setproperty -pn peoplepicker-searchadforests -pv “;” -url “”

The people picker query uses the application pool account to search the target domains. In case they do not have permissions on the target domain, we can also specify other accounts which have permissions using the below command.

stsadm -o setproperty -pn peoplepicker-searchadforests -pv “,domain\user,password;,domain\user,password” –url “”

The above command needs to be run on every WFE for People Picker to start targetting correct AD domains.

However if AD domain has 1-way trust we need to addtionally configure a Secure Store before trying to scope people picker to perticular domains. Inorder to accomplish this we need to run a SetAppPassword command on all the SharePoint WFE’s.

stsadm -o setapppassword -password

When we run SetAppPassword, it creates the following registry value:
HKEY_Local_Machine\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure
AppCredentialKey : REG_BINARY

AppCredentialKey is used to send encrypted and decrypted information to the PeoplePicker-SearchADForests. It should therefore be same across all the sharepoint servers and should be run on every sharepoint WFE using the same password.

Thoughts on “Slow People Picker in SharePoint”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Manjeet Singh

More from this Author

Follow Us