This project has moved. For the latest updates, please go here.

Problems resolving people in multiple domains single forest

Sep 3, 2015 at 7:31 PM
We were really looking for a solution, but seem to be having a problem where when using this solution, it only seems to resolve names from one of our domains, but not the other. I'm not sure If I am describing the situation properly, but I'll try my best.


We have a single forest, multiple domain structure and we are using the email address as the user's identity for ADFS authentication ... such as:
addomain.com
        |
+-----------------------+
|                       |
a.addomain.com    b.addomain.com
account examples::
user1@a.addomain.com with email user1@domain.com user2@b.addomain.com with email user2@domain.com People will always resolve user1 (as user1@domain.com), but will never resolve user2.

I'm not sure if that this might possibly be a sharepoint setup issue? I'd tried looking at the people picker properties " Peoplepicker-searchadforests", but im having issues with that too.

I'd really like to get this solution to work for us. It makes the people picker much more intuitive rather than just typing anything in and thinking its right.
Coordinator
Sep 8, 2015 at 4:09 PM
Hello,
LDAPCP will only help you if you are using federated authentication with a STS like ADFS for example.
You seem to describe an issue with lookup in WinClaims authentication, this project can't help you in this mode.
Thanks
Yvan
Sep 8, 2015 at 6:32 PM
Thanks for the Reply Yvand,

I do believe we are using ADFS, which is why I posted here, or perhaps I don't completely understand the issue.

In our SharePoint farm, we have setup a Claims Provider using ADFS. ADFS is configured to authenticate accounts in our forest. We have several Web Applications that have been configured with the appropriate realms, claim maps, etc. in place to pass email as the identifier, and additionally Qualified Groups from AD as a role.

Without LDAPCP, I can authenticate, assign permissions to SharePoint sites/lists/administration, but without name resolution. i.e. I can just type in anything. However, with LDPACP, I get resolution only on 1 domain, the domain in which the SharePoint servers are installed and configured.

Am I missing something?
Coordinator
Sep 9, 2015 at 7:44 AM
By default LDAPCP will only connect to the same domain as SharePoint servers.
Did you create the additional LDAP connection in the LDAPCP administration page? It is located in central administration > security