Although we do have two-way trusts with other domains the PeoplePicker within SharePoint 2013 was not able to resolve usernames from other domains.
So the only option was to manually configure the PeoplePicker again to be able to retrieve the other domain users.
PowerShell can still not be used to configure the PeoplePicker so it needs to be done via STSADM commands
Before you perform the procedures in this article, you must do the following:
- Verify that the account that you use to run Stsadm is a member of the Administrators group on the server on which SharePoint 2013 is installed.
- Open the Command Prompt window as an administrator to perform the procedures in this article.
- In the command prompt on the drive where SharePoint 2013 is installed, change to the following directory: %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\Bin. %COMMONPROGRAMFILES% is typically set to <drive letter>:\Program Files\Common Files.
1. Set an encryption key
The encryption key must be set on every front-end web server in the farm on which SharePoint 2013 is installed
To set an encryption key, type the following command:
stsadm.exe -o setapppassword -password <Key>
example: stsadm –o setappassword –passowrd “Trial”
2. Run the below command (include both forst and domain(s) and user accounts which have enough permissions and define per Web Application URL)
STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv "forest:Contoso.com,Contoso\User1,Password1; domain:Fabrikam.com,Fabrikam\User2,Password2" -url http://portal.aaa.com
So when you want to be able to add users from different domains, you need to add the domains, the accounts and passwords and you have to do this for every separate web application
Run the above command also on both Web Front End servers
To check whether your peoplepicker is configured correctly
stsadm.exe -o getproperty -pn <Property name> -url <Web application URL>
example: stsadm –o getproperty –pn peoplepicker-searchadforests –url http://portal.aaa.com
Clear a property value from People Picker
You can remove the setting for a People Picker property by specifying the property name that you want to clear, and using empty quotation marks for the property value.
To remove a property setting from People Picker, type the following command:
stsadm.exe -o setproperty -pn <Property name> -pv "" -url <Web application URL>