Users from another domain cannot access SharePoint site

Question

Users from another domain cannot access SharePoint site

Frank Martin 501

I have a SharePoint 2016 farm installed on DomainA. Users from DomainB are trying to access the site but getting "Sorry, this site hasn't been shared with you" message as expected.

When I open people picker then I don't see users from DomainB. I can't even share a folder on this server to users in DomainB. When I right click on folder and go to "sharing" screen then I can see the domain DomainB.com is there along with DomainA.com but when I type user's name from DomainB then it is not found.

Two level domain trust between these domains has been created by Infrastructure team or so they say (these two are actually forests). I even ran the following PowerShell but same issue i.e. can't see users from other domain in people picker.

stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:DomainA.com;domain:DomainA.com;domain:DomainB.com" -url "https://myportal"

I have also seen some articles mentioned following command but I don't know what is the login/password in this command? Is this domain admin account from DomainB or some other account?

stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:DomainA.com;forest:DomainB.com,DomainB\login,password" -url "https://myportal"

Echo Du_MSFT 17,316 Reputation points

2020-08-20T10:50:57.173+00:00

@Frank Martin

Would you tell me whether your issue has been resolved or have any update ?
I am looking forward to your reply.
Echo Du_MSFT 17,316 Reputation points

2020-09-08T10:24:51.657+00:00

@Frank Martin

Would you tell me whether your issue has been resolved or have any update ?
I am looking forward to your reply.

Thanks,
Echo Du

==============

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

2 answers

Your answer

Echo Du_MSFT 17,316 Reputation points

2020-08-20T10:50:57.173+00:00

@Frank Martin

Would you tell me whether your issue has been resolved or have any update ?
I am looking forward to your reply.
Echo Du_MSFT 17,316 Reputation points

2020-09-08T10:24:51.657+00:00

@Frank Martin

Would you tell me whether your issue has been resolved or have any update ?
I am looking forward to your reply.

Thanks,
Echo Du

==============

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 1

You do not need to use a username/password in a two-way trust scenario when configuring the People Picker for each Web Application.

I prefer to use PowerShell to set this up as it is easier to read.

https://thesharepointfarm.com/2014/01/powershell-for-people-picker-properties/

If you set this up properly, verify that each SharePoint Server can access all DCs in forest B and it still doesn't work, you can set your ULS to Verbose logging (Set-SPLogLevel -TraceSeverity Verbose), attempt to use the People Picker to resolve a name, then see what the failure is in ULS.

Answer 2

As Trevor said, because the domain/forest is trusted in your environment, there is no need to pass the login name or password.
You can directly use the format: “forest:DnsName” or “ domain:DnsName”.

For example:

stsadm -o setproperty   
-pn peoplepicker-searchadforests   
-pv "forest:DomainA.com;domain:DomainB.com"   
-url "http://sp"

You could refer to the article Peoplepicker-searchadforests: Stsadm property (Office SharePoint Server) that could provide more detailed information.

Share via

Users from another domain cannot access SharePoint site

2 answers

Your answer