Thursday 7 March 2013

Limiting People Picker to a certain OU in Active Directory

If a Web application is using Windows authentication and the site user directory path is not set, the People Picker control searches the entire Active Directory to resolve users' names or find users, instead of searching only users within a particular organizational unit (OU). The Stsadm setsiteuseraccountdirectorypath operation allows the user's directory path to be set to a specific OU in the same domain. After the directory path is set to a site collection, the People Picker control will only search under that particular OU.
To restrict People Picker to a certain OU in Active Directory, type the following command:

stsadm -o setsiteuseraccountdirectorypath -path <Valid OU name> –url <Web application URL>

The following example configures People Picker to only return users and groups in the OU named "Sales":
stsadm -o setsiteuseraccountdirectorypath -path "OU=Sales,DC=ContosoCorp,DC=local" –url http://ServerName

Only a single site user directory path can be set at a time for a site collection. Because this property specifies only one OU at a time, you should run the Stsadm setsiteuseraccountdirectorypath operation only once per site collection.

To retrieve the current user account directory path for the site, use the following syntax:
stsadm -o getsiteuseraccountdirectorypath -url <Web application URL>

No comments:

Post a Comment