How can I override the default SPActiveDirectoryClaimsProvider?

Question

I've got an issue where my servers are seeing two domains instead of just one. As far as I can tell there is nothing I can do about that since I'm not a domain administrator.

I need to be able to filter out the 'extra' domain.

e.g. GoodDomain\John.Doe vs BadDomain\John.Doe

We have a custom claims provider and I've tried checking that Search Hierarchy. No Go at that station. So I'm looking at overriding the SPActiveDirectoryClaimsProvider FillSearch method to eliminate "BadDomain\" prefixed entities.

It doesn't seem to want to let me inherit from that class, or I'm missing something.

Any ideas? Either on making the servers not see the additional domain in the first place, or how to appropriately override the SPActiveDirectoryClaimsProvider.

Answer 1

So apparently this will do the trick. http://blogbaris.blogspot.com/2011/10/limiting-sharepoint-people-picker-with.html

Get-SPWebApplication | Where {$_.Url -eq "http://youwebapp/"} | Get-SPSite -Limit ALL | ForEach-Object {
   # Choose the sites with empty setting
   Get-SPSite $_.Url | Where {$_.UserAccountDirectoryPath -eq ""} | ForEach-Object {  
     Write-Host "Creating People Picker Setting for '"$_.Url"'"  
     Set-SPSite $_.Url -UserAccountDirectoryPath "DC=xxx,DC=xxx,DC=com"  
     Write-Host "done..."  
     Write-Host ""  
   }  
 }

I don't like that it has to be set per site collection, but it effectively limited the site collection tested to just a single domain, by root OU.