This project has moved. For the latest updates, please go here.

People picker showing users outside ADFS

Oct 23, 2013 at 1:48 PM
Hi,

I have an issue with people pickers displaying users whom are not in ADFS. We have added additional trusted provider within the same web application default zone.

Example:

henry.jones@technology.com belongs to local Active Directory (Not in ADFS)
peter.wright@esystems.com is located in ADFS

Our people picker when searching for henry jones returns the following:
  1. jones, henry (this is correct, hovering over user shows domain\h.jones)
  2. henry.jones@technology.com (hovering over user shows the following:
henry.jones@technology.com adfs trusted provider name
mail=henry.jones@technology.com please note, in this scenario our local AD users are not synchronized into ADFS. Also when searching for ADFS users, we see double entries i.e. when searching for peter.wright
  1. saml provider (email address) - peter.wright@esystems.com
  2. adfs provider name (email address) - peter.wright@esystems.com
How can we get the people picker to display one result per user, also resolve both these issues.

Thank you
Coordinator
Oct 30, 2013 at 1:14 PM
hello,
sorry but the issue is not very clear to me.
It is expected that LDAPCP shows multiple matches if the input matches several claim types (for example a mail and a UPN).
You can easily confirm this because the claim type is displayed in parenthesis for each result (except if result corresponds to the identity claim type).
You should also check SharePoint logs and filter on category "LDAPCP", you will see the LDAP request issued, the number of match found, and the permission created for each.
Please keep me posted if you find an inconsistency.
cheers,
Yvan
Oct 30, 2013 at 2:39 PM

Thank you for your reply,

I have managed to resolve this by setting the claim to DisplayName from the LDAPCP administration UI via central admin. The exact setting is LDAP attribute to use for the display text.

Regards

Ahjaz