In a previous post I have written about Using the people picker over a one-way trust. In that post I use STSADM commands as there are no other ways to configure this. A downside of the STSADM command is your domain password being visible on the command prompt in plain text for everybody to read.
With SharePoint 2010 Microsoft introduces several cmdlets to replace the “old” STSADM commands. But looking at the STSADM to Windows PowerShell mapping you will see the commands for configuring the people picker are not present.
Creating my own script
PowerShell contains a nice cmdlet called Get-Credential which uses a popup to request credentials from the user and stores the password in a SecureString. This triggered me to write a PowerShell script which will work the same as “STSADM -o setproperty -pn peoplepicker-searchadforests”, but instead of typing the credentials on the command line it will use the credential dialog for every trusted domain.
As written in my previous post the configuration is done in two steps.
SetAppPassword
First you need to create a secure store for the credentials. This is done by executing the SetAppPassword command on every server in your SharePoint Farm with the same password.
STSADM:
stsadm -o setapppassword -password <password>
PowerShell:
SetAppPassword <password>
function SetAppPassword([String]$password) { $type = [Microsoft.SharePoint.Utilities.SPPropertyBag].Assembly .GetType("Microsoft.SharePoint.Utilities.SPSecureString") $method = $type.GetMethod("FromString", "Static, NonPublic", $null, @([String]), $null) $secureString = $method.Invoke($null, @($password)) [Microsoft.SharePoint.SPSecurity]::SetApplicationCredentialKey($secureString) }
PeoplePickerSearchADForests
The second step is to register the (trusted) domains to be visible in the people picker. Remember the setting is per web application and zone.
STSADM:
stsadm -o setproperty -url <url> -pn “peoplepicker-searchadforests” -pv “forest:<source forest>;domain:<trusted domain>,<trusted domain>\<account>,<password>“
PowerShell:
PeoplePickerSearchADForests <url> “forest:<source forest>;domain:<trusted domain>“
function PeoplePickerSearchADForests( [String]$webApplicationUrl, [String]$value) { $webApplication = Get-SPWebApplication $webApplicationUrl $searchActiveDirectoryDomains = $webApplication.PeoplePickerSettings .SearchActiveDirectoryDomains $searchActiveDirectoryDomains.Clear() $currentDomain = (Get-WmiObject -Class Win32_ComputerSystem).Domain if (![String]::IsNullOrEmpty($value)) { $value.Split(@(';'), "RemoveEmptyEntries") | ForEach { $strArray = $_.Split(@(';')) $item = New-Object Microsoft.SharePoint.Administration .SPPeoplePickerSearchActiveDirectoryDomain [String]$value = $strArray[0] $index = $value.IndexOf(':'); if ($index -ge 0) { $item.DomainName = $value.Substring($index + 1); } else { $item.DomainName = $value; } if ([System.Globalization.CultureInfo]::InvariantCulture.CompareInfo .IsPrefix($value, "domain:","IgnoreCase")) { $item.IsForest = $false; } else { $item.IsForest = $true; } if ($item.DomainName -ne $currentDomain) { $credentials = $host.ui.PromptForCredential("Foreign domain trust" + " credentials", "Please enter the trust credentials to connect " + "to the " + $item.DomainName + " domain", "", "") $item.LoginName = $credentials.UserName; $item.SetPassword($credentials.Password); } $searchActiveDirectoryDomains.Add($item); } $webApplication.Update() } }
Using the script
I have attached the script so you can use it in any way you want. You can put the commands in you own .ps1 file, or load the script in your current session using the following syntax:
. .\<path to file>\PeoplePickerSearchADForests.ps1
(yes, that’s a dot, then a space, then the path to the script)
I used your script as a template and added it to my autospinstaller script. Posted it (with a reference to this article) on the autoinstaller discussion board on codeplex as well:
http://autospinstaller.codeplex.com/discussions/250320
Great script!
Thank you, it was exactly my intention to use this in a automated scenario.
Great stuff, very useful. Infuriating that Microsoft left the only path to do this via STSADM out of the box.
Regards,
Harv
Way cool! Some extremely valid points! I appreciate
you writing this write-up plus the rest of
the site is extremely good.
You actually make it appear so easy with your presentation however I in finding this topic to be actually one thing that I believe I would by no means understand.
It sort of feels too complex and very huge for me.
I’m having a look ahead to your next put up, I will attempt to get the grasp of it!
Unfortunately, different people produce this hormone at different rates, which is why some people have trouble generating lean muscle growth.
“We want to carefully research the potential benefits of velvet antler supplements for supporting the immune system, anti-aging, muscle strength and endurance, and sexual vitality. To Sum Up Male Stamina Enhancement – In conclusion guys if you are doing a little bit of analysis then you’ll realize male stamina enhancement that uses proven natural extracts which will facilitate improve your penile and sexual performances.
Taking vitamins will make sure you are getting the needed nutrients.
Lactulose solution is a type of drug known as a colonic
acidifier. An network deprived of all sources of a distinct vitamin will sooner or later stand from diseases peculiar to that vitamin.