•  08-02-2021
  •  | 
  •  

Question

We have our Intranet running on SharePoint 2013. By the end of last year we had to limit the users being shown in the People Picker fields to just one specific OU in our AD. For this we used the following script:

$SPWebApp = Get-SPWebApplication http://intranet.company.com
foreach ($SPSite in $SPWebApp.Sites)
{
   # if ($SPSite -ne $null)
    #{
        Write-Host "Site:" $spsite.Url -foregroundcolor red
        Set-SPSite -Identity $SPSite.url -UserAccountDirectoryPath "OU=UsersOU,DC=company,DC=com"
        $SPSite.Dispose()
    #}
}

Now we have the request/need to show users form an additional OU.

How can we achieve that? I read that it might be the best way to manage the permissions on the OU to only let the Web Apps account access the OUs in question.

However I would like to add that second OU to the People Picker but am under the impression that this is not possible. Am I correct in believing this?

Was it helpful?

Solution

This is not possible from a People Picker perspective (I filed a DCR on this and it was declined by the product group years ago).

You'll have to find another way to deal with this, such as use a different identity storage (e.g. AD LDS) for specific users or move the users into the same OU/sub OU structure.

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top