If SharePoint is installed on a domain that has a one-way trust with other domains and you want the People Picker on SharePoint 2013 to show users and groups from those other domains, you have to use the STSADM command to configure the People Picker. Basically, the People Picker needs an identity that it can use to authenticate against the remote trusted domains to query them.
Step 1First, you have to set an encryption key on all web servers in your farm so that the stored credentials can be encrypted:
Just to be clear, you have to run this on all web servers in your farm and the "AnyKey" value has to be set to the same value on all of those servers.
STSADM.exe -o setapppassword -password AnyKey
where "AnyKey" is any value. For example,
STSADM.exe -o setapppassword -password B1gL0ngPassw0rd
Step 2Next, you have to give SharePoint the credentials to authenticate against the remote domain and tell it which domain you would like to authenticate against. You only have to run this on one of your SharePoint web servers
STSADM.exe -o setproperty -propertyname peoplepicker-searchadforests -propertyvalue <Valid list of domains> -url <URL of the Web application>
where <Valid list of domains> is in the following format:
For example, a sample command might look like this:
STSADM.exe -o setproperty -propertyname peoplepicker-searchadforests -propertyvalue "domain:microsoft.com,microsoft\UserX,Ne@tP@ssw0rd" -url https://intranet.doughemminger.net
You can add more than one domain. Just delimit them with a semicolon and a space. For example:
STSADM.exe -o setproperty -propertyname peoplepicker-searchadforests -propertyvalue "domain:microsoft.com,microsoft\UserX,Ne@tP@ssw0rd; domain:bing.com,bing\UserY,L@meP@ssw0rd" -url https://intranet.doughemminger.net
Other NotesThere are lots of other things you can do with the People Picker control. For example:
- You can run a custom query to search active directory and only display those users or groups.
- You can also tell the people picker control to restrict to users in the site collection.
- You are not restricted to remote domains. You can run the same commands I showed above for forests.
ReferencesThere is actually good documentation on this here: