For anyone wanting to allow users from their Active Directory forest or domain two-way trust to be able to access sites in SharePoint 2013 there is a small gotcha. User’s from the trusted domain won’t just show up in the people picker as you’d expect.
But never fear, it’s a fairly simple process to explicitly tell SharePoint 2013 where too look for users. Omnce you’ve done this the people picker and authentication will work immediately, no need to restart IIS or any other SharePoint 2013 farm processes.
Steps to fix Sharepoint 2013 People Picker in a Two-Way Trust
- Log into any Sharepoint farm server (we chose our web front end) and open a SharePoint 2013 Management Shell.
- List your web applications, run the following command in the shell:
- Then run the following command for each of your web applications, substituting the example URL and domains with your web application URL, local and trusted domain and/or forest.
For a full forest trust:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:MY-DOMAIN.local;forest:TRUSTED-DOMAIN.local;domain:MY-DOMAIN.local;domain:TRUSTED-DOMAIN.local" -url http://my-sp2013-site.com.au/
For a domain trust only:
stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:MY-DOMAIN.local;domain:MY-DOMAIN.local;domain:TRUSTED-DOMAIN.local" -url http://my-sp2013-site.com.au/
You should now be able to add users and groups from both sides of the trust to your Sharepoint 2013 sites permissions.
Let me know below if this worked for you, or if your have found a better way to achieve this!