Skip to content
/ Michaël Hompus

When you have a SharePoint farm and you want to use accounts from another domain you need a partial (one-way) or a full (two-way) trust between those domain. A full trust is not always desirable and there your problem begins. After setting up the one-way trust you can authenticate with an account from the trusted domain, but the SharePoint People Picker doesn't show any accounts from this domain. It has been documented by others before, but as I ran into this recently I'll give my summary how I fixed this.

When you have a SharePoint farm and you want to use accounts from another domain you need a partial (one-way) or a full (two-way) trust between those domains.

A full trust is not always desirable and there your problem begins. After setting up the one-way trust you can authenticate with an account from the trusted domain, but the SharePoint People Picker won’t show any accounts from this domain.

It has been documented by others before, but as I ran into this recently, I will give my summary how I fixed this.
This solution is the same for WSS 3.0/SharePoint 2007 as SharePoint 2010.

The problem

When using a one-way trust, you do not see any accounts from the other domain in the people picker.

SharePoint People Picker not showing any accounts.
People picker not showing accounts from the other domain.

The reason

This is an example of how you could use a partial trust.

Architecture with a company and a development domain setup with a partial trust.
Example of a one-way trust architecture.

You want to allow employees to authenticate in a development farm, but you do not want to allow any test or service account from the development domain to authenticate in the company domain.

As the application pool account is based in the development domain it doesn’t have the right to query the company domain.

The solution

Using STSADM we can configure which forests and domains are searched for accounts by setting the peoplepicker-searchadforests property. The best part is that we can supply a username and password for a trusted domain.

SharePoint does not allow you to store this username and password in plain text on the server. So, you will have to configure a secure store. If you skip this step, configuring the search account for trusted domains will always fail with the following message.

“Cannot retrieve the information for application credential key.”

To create a credential key, you will have to use the following command.

Terminal window
stsadm -o setapppassword
-password <password>

This command has to be executed on every server in the farm.

Now you can configure the forests and domains you want to search using the following command.

Terminal window
stsadm -o setproperty
-url <web application url>
-pn peoplepicker-searchadforests
-pv forest:<source forest>;domain:<trusted domain>,<trusted domain>\<account>,<password>

You can combine any number of forests and domains, but you need to specify at least one.
You also need to include all forests and domains in one statement because every time you execute this command it will reset the current settings.

Also note this setting is per web application, and even per zone.

SharePoint People Picker showing an account from the one-way trusted domain.
People picker showing accounts from the other domain.
Filed under SharePoint
Last update:
/ Michaël Hompus

The other day I attended a meeting where the presenter switched from a PowerPoint slide to demonstrate an application. When he made the switch it was quite obvious the beamer was setup to only display the 4:3 slides to the maximum of the white screen. Since his desktop was in a 16:10 resolution the application was falling of the screen on both sides. While I was preparing a presentation myself I wanted to be sure my presentation would be in the same resolution as my desktop as I would be switching between my slides and Visual Studio.

The other day I attended a meeting where the presenter switched from a PowerPoint slide to demonstrate an application. When he made the switch, it was quite obvious the beamer was setup to only display the 4:3 slides to the maximum of the white screen. Since his desktop was in a 16:10 resolution the application was falling off the screen on both sides. Which was quite a distraction.

When I was preparing a presentation myself, I wanted to be sure my presentation would be in the same resolution as my desktop as I would be switching between my slides and Visual Studio.

read more…
Filed under Office
Last update:
/ Michaël Hompus

With the launch of Visual Studio 2010 this week a lot of people will start upgrading to the new version. After the installation was complete I noticed the Surface project and item templates were not available. In this post I explain how to get the entries in Visual Studio 2010.

With the launch of Visual Studio 2010 this week a lot of people will start upgrading to the new version. After the installation was complete, I noticed the Surface project and item templates were not available.

In this article I explain how to get the entries in Visual Studio 2010.

read more…
/ Michaël Hompus

Today the Microsoft Virtualization Team announced the availability of the new beta version of the Linux Integration Services for Hyper-V. In this post I will try the new features.

Today the Microsoft Virtualization Team announced the availability of the new beta version of the Linux Integration Services for Hyper-V. There are three big changes in this version:

  • Virtual machines will be able to use up to 4 virtual CPUs.
  • Virtual machines will be able to synchronize their time with the parent partition.
  • Virtual machines will be able to shutdown gracefully from the Hyper-V manager.

In this post I will try the new features.

Linux Integration Services for Hyper-V 2.0

First, I got a Virtual Machine (VM) installed as described in my previous post “Running CentOS 5.x on Hyper-V”. I used the current released stable version of the Linux Integration Services (LIS): Version 2.0.

Screenshot displaying the VMBUS information on booting the virtual machine. Build Date=Jun 29 2009 and Build Description=Version 2.0.
On boot time, VMBUS displays 'Version 2.0'

My Hyper-V host only has a dual-core CPU. So, it is impossible for me to test the 4 CPU support. I could not find any differences with 2 CPUs.

Shutdown from Hyper-V Console

With the current version of the LIS when I press the shutdown button, I get the following error:

Screenshot displaying the Hyper-V console showing the error text: "The application encountered an error while attempting to change the state of 'BlogDemo'. Failed to shut down the virtual machine.".
Hyper-V Console shows the error 'Failed to shut down the virtual machine'.

Time synchronization

With the current version of the LIS I had a lot of trouble with the clock of the VM getting out of sync very fast. I did a post to fix this: “Correcting time drift with CentOS on Hyper-V”.

I did not implement the mentioned fix on the VM I created for this post, to demonstrate the problem:

Screenshot displaying the Hyper-V console showing the VM gets a time difference of multiple=
The VM gets an offset of multiple seconds within minutes.

Linux Integration Services for Hyper-V 2.1 Beta

To get the beta drivers you need to download them from the Microsoft Connect website.

I installed the new drivers in exact the same way as the 2.0.

Screenshot displaying the VMBUS information on booting the virtual machine. Build Date=Mar 23 2010 and Build Description=Version 2.1.2.
On boot time, VMBUS displays Version 2.1.2

Not only the new version number is displayed, also the new Shutdown and Timesync channels are mentioned!

Shutdown from Hyper-V Console

Pressing the shutdown button now gives a more expected result:

Screenshot displaying the virtual machine has received the shutdown command and starts the power-off sequence.
The VM receives the signal to shut down and calls `/sbin/poweroff`
Screenshot displaying the Hyper-V console with the message: "The virtual machine is turned off".
The VM is gracefully turned off.

Time synchronization

With the new LIS the time is pretty much stable, nothing the NTP service cannot handle. There is no need to change the boot command in grub anymore.

Screenshot displaying the Hyper-V console showing the VM shows minimal time difference over the course of minutes.
The VM only shows a minimal time difference over the course of minutes.
Filed under Hyper-V
Last update:
/ Michaël Hompus

I wanted to use the new REST services in SharePoint 2010. But when I navigated to the ListData.svc service. I got the following error: “Could not load type 'System.Data.Services.Providers.IDataServiceUpdateProvider' from assembly 'System.Data.Services, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.”

I wanted to use the new REST services in SharePoint 2010. But when I navigated to the ListData.svc service. I got the following error:

Screenshot displaying SharePoint 2010 showing the following error: "Could not load type 'System.Data.Services.Providers.IDataServiceUpdateProvider' from assembly 'System.Data.Services, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'."

First, I checked if there was a System.Data.Services entry in the GAC (Global Assembly Cache). There was one with version 3.5.30729.1. So, it was not a missing file.

Searching the web on the error…

Could not load type ‘System.­Data.­Services.­Providers.­IDataServiceUpdateProvider’ from assembly ‘System.­Data.­Services, Version=3.5.0.0, Culture=­neutral, PublicKeyToken=­b77a5c561934e089’

…does not provide many hints to what is causing this error.
Most sites suggest to install ADO.NET Data Services v1.5 CTP2, but I already had.

I finally found the page REST and SharePoint 2010 Quick Start Guide by Scott Currier. He suggests to install the ADO.NET Data Services Update for .NET 3.5 SP1. As it turns out, this is the final release of the ADO.NET Services v1.5!

The update comes in two flavors.

For Windows 7 AND Windows Server 2008 R2

Download the ADO.NET Data Services Update for .NET Framework 3.5 SP1 for Windows 7 and Windows Server 2008 R2.

After installing the version of the System.Data.Services.dll file is 3.5.30729.5004.

For Windows 2000, Windows XP, Windows Vista, Windows Server 2003 AND Windows Server 2008

Download the ADO.NET Data Services Update for .NET Framework 3.5 SP1 for Windows 2000, Windows Server 2003, Windows XP, Windows Vista and Windows Server 2008.

After installing the version of the System.Data.Services.dll file is 3.5.30729.4466.

Testing

After I installed the update, I browsed to the ListData.svc service.

Screenshot displaying the service description of a SharePoint 2010 Team Site as an atom feed.
The service description of a SharePoint 2010 Team Site as an atom feed.
Filed under SharePoint
Last update: