>Restricting the People Picker to searching one domain

>At one of my clients they currently have three domains. A domain for development, staging and live. The domains are linked via trusts which is kinda great but this presents a problem with the SharePoint People Picker.

This is more apparent when using SharePoint on the staging domain as the live users are copied over to the staging domain so that the domains are like for like.

Therefore it is hard to pick the right user when assigning permissions or setting up workflows. When a username is entered in a user control and you click the tick button to try and resolve the user, a drop-down list displays the possible options. Until you select one there is no way to work out which domain the user is in. To get around this you use the slower picker and have to click on the search button against a user field, type in the name and then using the full DOMAIN\login name column pick the appropriate user, this is a pain in the arse!

I have been thinking about this for a while and reading this great post from Joel , none of the common people picker properties allow you to only restrict to a domain. Looking through this post I picked out the stsadm -o setproperty -pn peoplepicker-searchadcustomquery option.

After a bit of investigation using ADSIEdit I had found a user/group property, canonicalName that could be used to restrict the search to a particular domain.

This property has the following format
canonicalName UnicodeString = Domain/Container/Container…….

So here it is:-
To restrict the people picker to a particular domain do the following:-

stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv “(canonicalName=[YOURDOMAIN]*)” -url http://[yoursharepointsitecollection]

e.g stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv “(canonicalName=DEV*)” -url http://vmsd-sharepoint

If you want to switch this off then run the same command but change the -pv parameter to “”
e.g stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv “” -url http://vmsd-sharepoint

That’s it!

The people picker will still resolve SharePoint groups and works in the same way through SharePoint in the workflow assignment and InfoPath forms.



  1. >One way would be to create trusts between the domains though thats a pretty major change!I have seen the people picker control updated so that it would pull details from a custom SQL database which provided a custom lookup. I’ll have a look tomorrow and see if I can find out a bit more. I would look to override the people picker control, I am not sure if its deployed as a delegate control, because if it is then that will allow you to override all instances of the people picker easily.


Thoughts? Comments about this post? Please leave them here..

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.