How can I override the default SPActiveDirectoryClaimsProvider?
-
01-01-2021 - |
Question
I've got an issue where my servers are seeing two domains instead of just one. As far as I can tell there is nothing I can do about that since I'm not a domain administrator.
I need to be able to filter out the 'extra' domain.
e.g. GoodDomain\John.Doe vs BadDomain\John.Doe
We have a custom claims provider and I've tried checking that Search Hierarchy. No Go at that station. So I'm looking at overriding the SPActiveDirectoryClaimsProvider FillSearch method to eliminate "BadDomain\" prefixed entities.
It doesn't seem to want to let me inherit from that class, or I'm missing something.
Any ideas? Either on making the servers not see the additional domain in the first place, or how to appropriately override the SPActiveDirectoryClaimsProvider.
Solution
So apparently this will do the trick. http://blogbaris.blogspot.com/2011/10/limiting-sharepoint-people-picker-with.html
Get-SPWebApplication | Where {$_.Url -eq "http://youwebapp/"} | Get-SPSite -Limit ALL | ForEach-Object {
# Choose the sites with empty setting
Get-SPSite $_.Url | Where {$_.UserAccountDirectoryPath -eq ""} | ForEach-Object {
Write-Host "Creating People Picker Setting for '"$_.Url"'"
Set-SPSite $_.Url -UserAccountDirectoryPath "DC=xxx,DC=xxx,DC=com"
Write-Host "done..."
Write-Host ""
}
}
I don't like that it has to be set per site collection, but it effectively limited the site collection tested to just a single domain, by root OU.