Users from another domain cannot access SharePoint site

Question

I have a SharePoint 2016 farm installed on DomainA. Users from DomainB are trying to access the site but getting "Sorry, this site hasn't been shared with you" message as expected.

When I open people picker then I don't see users from DomainB.

I have created two level domain trust between these domains (these two are actually forests). Also ran the following PowerShell but same issue i.e. can't see users from other domain in people picker.

stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:DomainA.com;domain:DomainA.com;domain:DomainB.com" -url "https://myportal"  

I have also seen some articles mentioned following command but I don't know what is the login/password in this command? Is this domain admin account from DomainB or some other account?

stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:DomainA.com;forest:DomainB.com,DomainB\login,password" -url "https://myportal"

Answer 1

You could try to use the below script to add the domain to the SharePoint WebApp:

Add-PSSnapin Microsoft.SharePoint.PowerShell #Add the SP snapin
 
$webApp = Get-SPWebApplication http://MyUrl/  # Main SP web app
 
# Optional: clear existing domains
# $webApp.PeoplePickerSettings.SearchActiveDirectoryDomains.Clear() # Optional: clear existing domains
# $webApp.Update()
 
# Set an encryption key to encrypt/decrypt pwd
$key = ConvertTo-SecureString "Password123" -AsPlainText -Force  
[Microsoft.SharePoint.SPSecurity]::SetApplicationCredentialKey($key) 
 
$userpwd = ConvertTo-SecureString "<DomainUserPassword>" -AsPlainText -Force
 
# Define AD search object to add to web app
$ADSearchObj = New-Object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
$ADSearchObj.DomainName = "domain.com"
$ADSearchObj.ShortDomainName = "domain"
$ADSearchObj.IsForest = $false  # True if forest
$ADSearchObj.LoginName = "DomainUser"
$ADSearchObj.SetPassword($userpwd)
# Add AD search object to the main SP web app
$webApp.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($ADSearchObj)
$webApp.Update()

Reference: https://thesharepointfarm.com/2014/01/powershell-for-people-picker-properties/