Share via

Add different AD forest or domain for access SharePoint 2019 sites

Yeung, Patrick CP 66 Reputation points
2023-06-05T08:25:01.6033333+00:00

Hello,
May I ask you for this matter, I have a situation with SharePoint 2019, and i ran this command and it shows "Operation completed successfully.
the command I ran in SharrePoint 2019 Management Shell, which is

stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:resource.com;forest:user.com;domain:resource.com;domain:user.com" -url https://my-sp-site:9445/

It shows "Operation Completed Succesfully, But i try to go to the url and login with resource.com Admin user and in the Site Setting\Site Permission to add user for any users from user.com, when typing, it always shows "Sorry, we're having trouble reaching the server.

I try th article below as well, the command is pretty the same, but with login account for the like the User domain and password, and also it shows "Operation Completed succesffully" but still get the same "Sorry, we're having trouble reaching the server"

https://learn.microsoft.com/en-us/sharepoint/troubleshoot/people-picker/stops-resolving-other-domain-users

Can you further advise, and what i did as well,

  1. should apply the command in Web Server? (we have 3 tier , app, web, and ms sql)
  2. I did restarted the IIS for this URL, but still can't search any users for user, and it shows "Sorry, we're having trouble reaching the server
  3. We have the one-way trust, from user.com (which I understand is the trusting domain) trusting with resource.com (which is trusted domain, all sharepoint web, app, and sql reside in)
  4. how to determine should use forest or domain in the command? and put the login account and password? and should includes < > for the login account and password?

Thank you so much!

Microsoft 365 and Office | SharePoint Server | For business

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ling Zhou_MSFT 23,690 Reputation points Microsoft External Staff
    2023-06-06T05:46:42.05+00:00

    Hi @Yeung, Patrick CP,

    Thank you for posting in the community.

    1, Yes, you need to run the command for every Web Front End server in your farm.

    2, If the AD domain has a 1-way trust, then you need to specify a username and password first, execute the following commands on every server in the farm: 

    stsadm -o setapppassword -password <Password>

    Ensure you use the same password for each server you execute this command on!

    After executing this command, then execute your peoplepicker-searchadforests command.

    3, Whether you use forest or domain in the command depends on whether you want to connect two forests or domains. The value after -pv is a valid list of forests or domains. The format of the list of forests or domains value includes the following:

    • forest:DnsName,LoginName,Password
    • domain:DnsName,LoginName,Password

    Here is the example:

    stsadm -o setproperty -url http://<server:port> -pn peoplepicker-searchadforests -pv "forest:contoso.corp.com,LoginName,Password;domain:bar.contoso.corp.com,LoginName, Password"

    Here are some articles with more detailed information about the commands you use, please check:

    https://learn.microsoft.com/en-us/previous-versions/office/sharepoint-2007-products-and-technologies/cc263460(v=office.12)?redirectedfrom=MSDN#syntax

    https://www.sharepointdiary.com/2011/06/configure-people-picker-for-multidomain-forest.html

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link. 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

    1 person found this answer helpful.
  2. Ling Zhou_MSFT 23,690 Reputation points Microsoft External Staff
    2023-06-13T06:21:26.3666667+00:00

    Hi @Yeung, Patrick CP,

    If you encounter problems again, you can continue to ask a new question you encounter in this community. We will continue to help you solve your problems.

    If you need better help, you can open a ticket for your issues. Here is the link: Global Customer Service phone numbers

    Here are the methods to view ULS logs:

    First, we can use Event Viewer. Open Event Viewer->Windows Logs ->Application. You can find error messages related to SharePoint here.

    This is a detailed description of the use of the Event Viewer: What Is the Windows Event Viewer, and How Can I Use It? (howtogeek.com)

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link. 

    11

    Second, we can use ULS Viewer to check SharePoint ULS Logs. Please download here: Download ULS Viewer from Official Microsoft Download Center

    This tool is suitable for viewing ULS Logs for SharePoint Server 2013, 2016, 2019.

    By default, SharePoint maintains log inside the 14/15/16 hive folder, which is in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14/15/16\LOGS.

    Open Logs with ULS Viewer, then set the conditions to filter the error messages.

    Correlation IDs are unique, and error messages can be easily found by querying the Correlation ID.

    This is a detailed description of the use of the ULS Viewer: How to Use ULS Log Viewer to Analyze SharePoint Errors? - SharePoint Diary

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link. 

    22

    For the question about "No results found":

    1, SharePoint will take a while to configure the people picker, so you can check again after half an hour to see if the problem still exists.

    2, Please try clearing your browser cache or change your browser to use People Picker and see if the problem persists.

    3, There are many reasons that can cause this problem, if the problem persists, please send me the relevant ULS Logs, which can help me to solve the problem better. Please note that your private information will be coded. Thank you for your cooperation!

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

  3. Ling Zhou_MSFT 23,690 Reputation points Microsoft External Staff
    2023-06-08T09:17:55.85+00:00

    Hi @ Yeung, Patrick CP,

    Apologies for the late reply!

    For your case, your User Domain is trusted, and your SP farm is trusting. So, the User does not trust SP farm. This command "stsadm -o setapppassword -password <Password>" is used to configure the web application to use User credentials when executing People Picker operations against the User domain.

    Here is a new article about how to configure People Picker for a one-way trust.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link. 

    It introduces an “SPApplicationCredentialKey” command with the same functionality as the previous command provided.

    Since we can't reproduce your situation, II offer some troubleshooting for "Sorry we're having trouble reaching the server." Please check out these articles:

    Troubleshooting: People Picker error "Sorry, we’re having trouble reaching the server"

    Troubleshooting - 'Sorry, we’re having trouble reaching the server'

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.