Some
Points on User Profiles and People Picker
People Picker and UPS are not related. People Picker
is used to select users for authentication and to assign permissions to
them. Profiles are used to store information to enrich the user
experience.
A user profile consists of a set of user properties.
User Profiles stores users’ information and are used to My Sites, Profile
pages, People searching, Organizational charts, Expertise search, Social
tagging and Audiences.
The People Picker gets its info directly from
AD. It will get users from the domain that the SharePoint server accounts
are in. If Sync is configure then User Profiles are populated from AD, but
that's not a requirement
The AD import option does not perform bidirectional
synchronization. Changes made to SharePoint user profiles will not be
synchronized back to the domain controller
To add additional AD domains they must be in Trust
relationship with the domain that SharePoint is using. Then you can configure it with
PowerShell. This article has the
information. Its for SP2013, but the
settings are the same in 2016.
Script to
give people picker Search Domain users
There are two ways can give access . through sts adm and PowerShell way.
Please make sure you are have an application credential key
need to generated in each web front end and
that should be unique across each web front end.
Below is the command to generate application credential key
through PowerShell
$key =
ConvertTo-SecureString "Password1" -AsPlainText -Force
[Microsoft.SharePoint.SPSecurity]::SetApplicationCredentialKey($key)
Stsadm command
To see the existing settings. Here assume http://teamsites.domain1.com as the
web application name.
To set the search domain
STSADM.EXE -o SetProperty -pn PeoplePicker-SearchADForests
-pv "Forest:argous,domain1\svc-sp-admin,PWD;Forest:domain2.local,domain2\svc-sp-admin,PWD"
-URL http://teamsites.domain1.com
PowerShell script
$wa= Get-SPWebApplication http://teamsites.domain1.com
$wa.PeoplePickerSettings.SearchActiveDirectoryDomains.clear()
$adsearchobj1 = New-Object
Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
$userpassword1 = ConvertTo-SecureString "PWD"
-AsPlainText -Force
$adsearchobj1.DomainName = "ARGOUS"
$adsearchobj1.LoginName ="domain1\svc-sp-admin"
$adsearchobj1.IsForest = $true
$adsearchobj1.SetPassword($userpassword1)
$wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($adsearchobj1)
$wa.Update()
$adsearchobj = New-Object
Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
$userpassword = ConvertTo-SecureString "PWD"
-AsPlainText -Force
$adsearchobj.DomainName = "domain2.local"
$adsearchobj.ShortDomainName ="domain2"
$adsearchobj.IsForest = $true
$adsearchobj.LoginName ="domain2\svc-sp-admin"
$adsearchobj.SetPassword($userpassword)
$wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($adsearchobj)
$wa.Update()
