Minimum permissions for peoplepicker-searchadforests and 1-way trust
-
22-10-2019 - |
سؤال
We have two different domains A.LOCAL and B.LOCAL. There is a one way trust configured and SP2010 is installed on B.LOCAL. I want to be able to pick accounts from both A and B. I am able to get the people picker to work exactly how I want when I use A\ADomainAdmin but if I use A\AUser it doesn't resolve anyone from A.
Works:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:A.LOCAL,A\ADomainAdmin,Pa$$word;domain:B.LOCAL,B\BUser,Pa$$word" -url
Doesn't Work:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:A.LOCAL,A\AUser,Pa$$word;domain:B.LOCAL,B\BUser,Pa$$word" -url
Using a Domain Admin account for A is not a long term solution. What are the minimum rights for peoplepicker-searchadforests to resolve cross domain?
المحلول
The only permission you should require is the "list contents" right. By default the domain user group has this permission.
Did you configure the encryption key?
Technet has a post on PP issues: http://blogs.msdn.com/b/rajank/archive/2009/09/20/all-you-want-to-know-about-people-picker-in-sharepoint-functionality-configuration-troubleshooting-part-2.aspx