SharePoint 2016 People Picker Returns No Users

Question

I have a brand new SharePoint 2016 farm using MinRole configuration.

• Web Front End Server
• App Server
• Distributed Cache Host Server
• SQL Server

Under web application Authentication Providers, we have "Trusted Identity Provider" selected as the claims authentication type (PortalGuard is the provider).

SharePoint is working as expected, however the People Picker will not return users.

I have following all instructions here:

https://technet.microsoft.com/en-us/library/gg602075.aspx

here:

https://blog.wbaer.net/2009/01/21/people-picker-portprotocol-requirements/

here:

https://thesharepointfarm.com/2014/01/powershell-for-people-picker-properties/

and here:

https://thesharepointfarm.com/2014/01/people-picker-troubleshooting-tips/

I ran this (which is awesome...thank you Trevor Seward):

https://github.com/Nauplius/PeoplePickerPortTester

and it returned no errors with the specified LDAP:// path, username, and password (meaning all users were found and all ports were successfully listening).

UPDATE

As recommended by Trevor, I downloaded and installed the solution LDAPCP and users now resolve correctly in the people picker.

Hopefully for those using custom claims providers in their 2016 farm, this post and answer will be useful.

Answer 1

The People Picker will only return users when it can query the source of truth. Since you've set up a TIP (SAML?), there is nothing to query and all values would be valid.

In order to perform a true query and get back results from the source of truth, you must build a custom claims provider. LDAPCP is one created for SAML auth, but again this is a scenario where the SharePoint farm has access to the Domain Controllers via LDAP.