person or group field is not showing all AD data

Sean Beamer 21 Reputation points

We have recently run into an issue using people or group columns. The column is set to use All users for lookups.

The column used to show all AD possibilities when typing in a user or groups name. We only see a subset of users in the dropdown now. For example, If we looked up a user with the last name Smith we might see 10 people and now we may only see 2 people.

We are running AD Import to populate user profiles. I have purged user profiles and ran a full sync and that did not matter. I thought maybe user profiles needed to refreshed but based on having the column set to use All users it should be performing an AD lookup anyway. Correct?

We are currently moving users to O365 and we are running SharePoint 2016 On prem.

Any thoughts as to what could be causing our issue, how to identify the issue or how to fix it?


SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,830 questions
0 comments No comments
{count} votes

Accepted answer
  1. Trevor Seward 11,691 Reputation points

    User Profile doesn't have any connection to the People Picker.

    What I'd recommend is that if you're not seeing all of the results you expect and the users you expect to see are in an enabled state within AD and the Web Application pool account has read access to the OU the users reside in (let us know if this is a multi-domain scenario), take verbose logs and repeat the scenario. In those logs you should find the LDAP call (search for 'LDAP' or 'GC://') and it will tell you the number of returned results. Does that value differ from what you see in the People Picker?

    Also note the People Picker caches values in the browser cache -- using an InPrivate mode to test is always a good idea. It also retrieves results from the sites User Information List, so you may find some objects which have been deleted/disabled from Active Directory.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Sean Beamer 21 Reputation points

    Thanks Trevor.

    Are you talking about turning on verbose logging in SharePoint or other?

    We used wireshark to trace a people picker lookup and wireshark shows that we are seeing multiple domains. I ran a lookup for a common last name and WS shown over 50 names, however I see "no results found" in SharePoint

    I will add that I'm seeing this same behavior in 2 different SP farms in our DMZ. The AD values visible are different between both environments.


    0 comments No comments

  2. Sean Beamer 21 Reputation points

    Resolution: Network team installed anti-virus updates that affected SharePoint's ability to connect consistently the domain controllers. A rollback of the change resolved the issue.

    0 comments No comments