与SharePoint中的PeoplePicker有关的STSADM命令

跨Forest, 跨domain的People Picker查询

===================

peoplepicker-searchadforests

 

在执行跨foreast的people picker用户查询的时候, 可能会要使用下面的命令:

 

举例:

stsadm.exe -o setproperty -url http://server:port -pn "peoplepicker-searchadforests" –pv

"forest:foo.corp.com;domain:bar.foo.corp.com", domainname\LoginName, P@ssword

 

stsadm.exe -o setproperty -url http://server.domain1.com:80 -pn peoplepicker-searchadforests -pv domain:domain1.xxx.com;domain:domain2.yyy.com;domain:domain3.zzz.com

 

如果遇到下面的错误:

Cannot retrieve the information for application credential key.

 

你需要运行这个命令:

stsadm.exe -o setapppassword -password P@ssWord

 

People Picker自定义查询

==================

peoplepicker-searchadcustomquery

 

这个stsadm的属性允许管理员配置自定义的查询.

 

比如, 可以用下面的命令来通过office的名字来搜索

stsadm.exe -o setproperty -pn peoplepicker-searchadcustomquery -pv "(physicalDeliveryOfficeName={0})"

 

注意: 使用这个命令的时候要小心, 如果设置的属性值不是一个正确的AD query的话, people picker会完全崩溃. 另外, 如果被搜索的属性不是一个AD中的index属性的话, 会使得AD非常慢.

 

注意: People Picker只能在搜索AD windows group名字的时候使用它通配符. 搜索SharePoint组的时候是不会有通配符一样的查询结果的.

比如你有一个SharePoint组叫readers, 那么你搜read是搜不到的.

 

peoplepicker-onlysearchwithinsitecollection

This will restrict the picker to only people and groups that are in the site collection.

 

peoplepicker-nowindowsaccountsfornonwindowsauthenticationmode

This could be used to turn off the windows lookup on a non AD web app.  From here you'd be leveraging the customer provider

 

peoplepicker-activedirectorysearchtimeout

Allows you to manage the active directory search timeout for lower bandwidth/ higher latency environments

 

peoplepicker-distributionlistsearchdomains

I'm not sure.  I'll try to find out more.  Note: DLs cannot be used for securing a SharePoint site/list,etc... 

 

2011-06-10 更新

=============

当发现某个site collection里, people picker只能搜到某个OU里的user, 而其他ou或domain里的人都搜不到的时候, 应该运行一下下面的命令来查看一下

stsadm -o getsiteuseraccountdirectorypath -url http://server_name/sites/contoso

如果发现该命令返回的不是null, 那么需要运行下面的命令来重置为默认状态. 在默认状态下, people picker不会对搜索的目标OU进行限制.

stsadm -o setsiteuseraccountdirectorypath -path "" –url http://server_name

 

关于这两个命令的更多信息, 请参考

http://technet.microsoft.com/en-us/library/cc262912%28v=office.12%29.aspx

http://technet.microsoft.com/en-us/library/cc263328%28v=office.12%29.aspx

 

2011-11-30更新

==============

下面这篇文章讲people picker很深入透彻, 推荐看看.

http://blogs.msdn.com/b/rajank/archive/2009/09/20/all-you-want-to-know-about-people-picker-in-sharepoint-functionality-configuration-troubleshooting-part-2.aspx 

 

资料来源:

Multi Forest/Cross Forest People Picker peoplepicker-searchadcustomquery

http://blogs.msdn.com/joelo/archive/2007/01/18/multi-forest-cross-forest-people-picker-peoplepicker-searchadcustomquery.aspx