Peoplepicker-searchadforests: Stsadm property (Office SharePoint Server)

Applies To: Office SharePoint Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.


Topic Last Modified: 2015-12-09

Permits a user to search from a second one-way trusted forest or domain.

All servers in a farm need to be within one domain. Users in the forest that the server is in (that is, a resource forest) are displayed automatically. Forests that have at least a one-way trust to that forest can be searched for users to add.

When a Web application uses Windows authentication, People Picker searches all two-way trusted forests and all two-way trusted domains. However, if you want to search from a one-way trusted forest or a one-way trusted domain, you must run the setapppassword operation, and then run the peoplepicker-searchadforests property.

The peoplepicker-searchadforests property allows you to search multiple values when users are selected. You also can add multiple forests, domains, accounts, and even specific property searches.


By default, Microsoft Office SharePoint Server 2007 talks to the domain controller for the domain in which Office SharePoint Server 2007 was installed and all trusted domains for two-way trusted domains.


When using this property, there might be a performance latency in the People Picker, and this latency will be in proportion to the latency in the one-way relationship to the Active Directory forest.


The syntax for the setproperty operation is:

stsadm -o setproperty

-propertyname peoplepicker-searchadforests

-propertyvalue <valid list of forests or domains>

[-url] <URL>

The syntax for the getproperty operation is:

stsadm -o getproperty

propertyname peoplepicker-searchadforests

[-url] <URL>


You can substitute -pn for -propertyname and -pv for -propertyvalue.


The following table shows possible values.

Name Value


Gets or sets the name of the property.


A valid list of forests or domains. The format of the list of forests or domains value includes the following:

  • forest:DnsName,LoginName,Password

  • domain:DnsName,LoginName,Password


    If Password is used, you need to run stsadm –o setapppassword -password <SomeKey> on every front-end Web server first. The <SomeKey> could be any string, and is used as the key to encrypt the password in the domain:DnsName,LoginName,Password or forest:DnsName,LoginName,Password and store the encrypted password in the database.
    However, if the domains or forests are trusted, it is not necessary to pass in the login name or password. The following format is used: forest:DnsName or domain:DnsName.


Typically, a path to the URL of the Web application, in the form http://server_name.


Search additional domains or forests

To enumerate a list of users by using People Picker from a second forest or domain, use the following syntax:

stsadm –o setproperty –pn peoplepicker-searchadforests –pv <list of forests or domains> -url <WebApp>

Specify user account and password from a one way trust

To specify the user name and password from a one-way trust, so that People Picker can look up this information, use the following syntax:

stsadm -o setproperty -url http://<server:port> -pn peoplepicker-searchadforests -pv ",<LoginName>,<Password>;,<LoginName>,<Password>"

You can include additional users and groups from multiple forests. For more information about how to select and add users, see Select users from multiple forest domains and Add users from multiple forest domains.