Comments on: Filtering Active Directory Accounts from People Picker http://vspug.com/teameli/2007/11/21/filtering-active-directory-accounts-from-people-picker/ Just another VSPUG - Virtual SharePoint User Group weblog Mon, 08 Mar 2010 19:45:52 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: William Langenhuizen http://vspug.com/teameli/2007/11/21/filtering-active-directory-accounts-from-people-picker/#comment-119 William Langenhuizen Thu, 11 Feb 2010 09:15:31 +0000 #comment-119 Hi Pankaj, Which CU package did you installed? I am running SP2 with nu CU's after that. Hopefully updating to the last CU will fix my problem. Thanks! Hi Pankaj,

Which CU package did you installed?

I am running SP2 with nu CU’s after that. Hopefully updating to the last CU will fix my problem.

Thanks!

]]> By: Pankaj http://vspug.com/teameli/2007/11/21/filtering-active-directory-accounts-from-people-picker/#comment-91 Pankaj Wed, 02 Dec 2009 03:31:48 +0000 #comment-91 Hi again, my suggestion is, start with a simple query and then go on adding other criteria.. e.g. start with (memberOf=cn=groupname,ou=OUName,ou=Groups,ou=OUName,dc=abc,dc=xyz,dc=grp) first. and before you try this on command prompt using STSADM, try this in "Active directory users and computers" tool which comes with the "Windows Server 2003 Administration Tools Pack". It's a free download from Microsoft. If your query works in that tool then you try it on STSADM because STSADM will ALWAYS take whatever you give to it, only PeoplePicker will fail while searching users and you will never know if the query is wrong or something else... (now say "thanks to Microsoft", quickly ). Hi again,
my suggestion is, start with a simple query and then go on adding other criteria..
e.g. start with (memberOf=cn=groupname,ou=OUName,ou=Groups,ou=OUName,dc=abc,dc=xyz,dc=grp) first.
and before you try this on command prompt using STSADM, try this in “Active directory users and computers” tool which comes with the “Windows Server 2003 Administration Tools Pack”. It’s a free download from Microsoft. If your query works in that tool then you try it on STSADM because STSADM will ALWAYS take whatever you give to it, only PeoplePicker will fail while searching users and you will never know if the query is wrong or something else…
(now say “thanks to Microsoft”, quickly ).

]]> By: Pankaj http://vspug.com/teameli/2007/11/21/filtering-active-directory-accounts-from-people-picker/#comment-90 Pankaj Wed, 02 Dec 2009 03:23:31 +0000 #comment-90 Hi Singh, I think this has something to do with the hotfixes and service packs. Even I tried it a lot till y'day and this query never worked (just like yours). Today I installed all cumulative hotfixes from MSFT and the query started working, a magic isn't it...??? Now the only issue is what about the nested users i.e. users inside an AD group which is inside this main AD group. SharePoint doesn't seem to understand the nested users so it doesn't find those users. But it will find the direct users inside the current AD group. Even I am interested in knowing how to make SharePoint People-picker understand the nested users. BTW, my query looks like this:- (memberOf=CN=MyAdGroup,OU=Application Support Groups,OU=Group Directory,DC=Americas,DC=Microsoft,DC=Com) I also found here http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx that there is something called LDAP_MATCHING_RULE_IN_CHAIN and I tried this as below but so far no go... :( (memberOf:1.2.840.113556.1.4.1941:=(CN=MyAdGroup,OU=Application Support Groups,OU=Group Directory,DC=Americas,DC=Microsoft,DC=Com)) Note: Replace Microsoft with your companies domain name. Hi Singh,
I think this has something to do with the hotfixes and service packs.
Even I tried it a lot till y’day and this query never worked (just like yours).
Today I installed all cumulative hotfixes from MSFT and the query started working, a magic isn’t it…???

Now the only issue is what about the nested users i.e. users inside an AD group which is inside this main AD group. SharePoint doesn’t seem to understand the nested users so it doesn’t find those users. But it will find the direct users inside the current AD group.
Even I am interested in knowing how to make SharePoint People-picker understand the nested users.

BTW, my query looks like this:-
(memberOf=CN=MyAdGroup,OU=Application Support Groups,OU=Group Directory,DC=Americas,DC=Microsoft,DC=Com)

I also found here http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx that there is something called LDAP_MATCHING_RULE_IN_CHAIN and I tried this as below but so far no go… :(

(memberOf:1.2.840.113556.1.4.1941:=(CN=MyAdGroup,OU=Application Support Groups,OU=Group Directory,DC=Americas,DC=Microsoft,DC=Com))

Note: Replace Microsoft with your companies domain name.

]]> By: Singh http://vspug.com/teameli/2007/11/21/filtering-active-directory-accounts-from-people-picker/#comment-12 Singh Tue, 15 Sep 2009 20:46:58 +0000 #comment-12 I checked again using stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter and it says that Property Exists="Yes" value="<&(objectCategory=person)(objectClass=user)(memberOf=cn=groupname,ou=OUName,ou=Groups,ou=OUName,dc=abc,dc=xyz,dc=grp))" but its not returning any user from that group. I checked again using stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter
and it says that Property Exists=”Yes” value=”<&(objectCategory=person)(objectClass=user)(memberOf=cn=groupname,ou=OUName,ou=Groups,ou=OUName,dc=abc,dc=xyz,dc=grp))"

but its not returning any user from that group.

]]> By: Singh http://vspug.com/teameli/2007/11/21/filtering-active-directory-accounts-from-people-picker/#comment-11 Singh Tue, 15 Sep 2009 20:32:01 +0000 #comment-11 I got the operation completed message but that filter is not working. Actually the whole people picker is not working, it is not allowing any user even i am using a filter to allow users from a particular group. Is there anything else i was supposed to do. i checked with stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter and it says What else do i need to do or how do remove this filter? Thanks. I got the operation completed message but that filter is not working. Actually the whole people picker is not working, it is not allowing any user even i am using a filter to allow users from a particular group. Is there anything else i was supposed to do. i checked with stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter and it says
What else do i need to do or how do remove this filter?
Thanks.

]]> By: south http://vspug.com/teameli/2007/11/21/filtering-active-directory-accounts-from-people-picker/#comment-6 south Thu, 10 Sep 2009 16:22:01 +0000 #comment-6 Thank you lol I've been searching for this everywhere >_< Thank you lol I’ve been searching for this everywhere >_<

]]> By: ka-fu http://vspug.com/teameli/2007/11/21/filtering-active-directory-accounts-from-people-picker/#comment-3 ka-fu Wed, 09 Sep 2009 16:22:22 +0000 #comment-3 Thanks Thanks

]]>