Hi All ,
This is the scenario:
1) We have a 2 WFE Sharepoint environment on our domain i.e. domain1 and a 1-way domain trust to a domain2.
2) After setting the trust relation I was able to run a full profile import and I have all of the profiles from domain2 in the SSP showing as domain2.nt\usernames .
3) I setup people picker by running on each WFE:
stsadm -o setapppassword -password appkey
stsadm -o setproperty -pn peoplepicker-searchadforests -url http://webapp url-pv domain:"domain2.com", domain2\account,pwd
4) After seting up people picker I was able to resolve domain2 user names but when tryng to add a user to a group it added the user name with a red line below and below it says "No Exact Match was found" if I move the mous over the name I see a message saying: "Multiple entries matched, please click here to resolve"If I click under the name it does resolve the name but as soon as I hit ok it returns the same message again.
5) I was investigating and on domain 2 side they use domain2.com\username but they have some BIOS names ie. domain2.nt\username and domain2\username so I made a test and I tried to put each of these:
domain2.com\username
domain2.nt\username
domain2\username
username (plain)
in the people picker GUI and all of these resolve for the same person so I believe this is why People picker says that multiple entries matched ?
6) I tried using a custom filter:
stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "(userPrincipalName=*domain2.nt)" -url <web-application-URL or Site collection URL>
tryng to force to only choose domain2.t\usernames but it gives the same error.
7) I tried adding a user with stsadm:
stsadm -o adduser -url http://webapp -use
rlogin domain2.nt\username6 -useremail user@domain2.com -group "owners" -username "test user"
and this command works, after that I see the user added in the owners group and if I try to add this user on a different group it doesnt give me a error message no more.
I was wondering of any of you have any idea on what could be wrong? my guess is that something is wrong on AD but not 100% sure... there are around 11,000 profiles and I dont want to run or built a scritpt a stsadm to add every single user to a group to avoid this issue.
if any of you have any suggestions please let me know
thanks & regards