SharePoint can not find user in its domain

It's quite weird that SharePoint (WSS 3.0) could not find any Active Directory user account from its own domain!

According to its log, WSS complained it could not get trusted domains:

05/08/2008 10:09:18.72  Error when trying to get trusted forests and domains. Exception message: Access is denied.  , callstack:    at System.DirectoryServices.ActiveDirectory.Forest.GetTrustsHelper(String targetForestName)     at System.DirectoryServices.ActiveDirectory.Forest.GetAllTrustRelationships()     at Microsoft.SharePoint.Utilities.SPUserUtility.GetTrustedDomains(List`1 trustedForestNames, List`1 trustedDomainNames)  
05/08/2008 10:09:18.72 Found 1 trusted forests ad.int.com.
05/08/2008 10:09:18.72 Found 0 trusted domains
05/08/2008 10:09:18.87 Error in searching user 'Bob' : System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindAll() at Microsoft.SharePoint.WebControls.PeopleEditor.SearchFromGC(SPActiveDirectoryDomain domain, String strFilter, String[] rgstrProp, Int32 nTimeout, Int32 nSizeLimit, SPUserCollection spUsers, ArrayList& rgResults) at Microsoft.SharePoint.Utilities.SPUserUtility.SearchAgainstAD(String input, SPActiveDirect...
05/08/2008 10:09:18.87* ...oryDomain domainController, SPPrincipalType scopes, SPUserCollection usersContainer, Int32 maxCount, String customQuery, String customFilter, TimeSpan searchTimeout, Boolean& reachMaxCount) at Microsoft.SharePoint.Utilities.SPActiveDirectoryPrincipalResolver.SearchPrincipals(String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Int32 maxCount, Boolean& reachMaxCount) at Microsoft.SharePoint.Utilities.SPUtility.SearchPrincipalFromResolvers(List`1 resolvers, String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Int32 maxCount, Boolean& reachMaxCount, Dictionary`2 usersDict).


But do I need care if the domain is "trusted" or not when only one domain exists? What I wanted was to get users from the same domain. MSDN also said "Users in the forest that the server is in (that is, a resource forest) are displayed automatically." But the reality was the opposite.

Finally, I had a try to add the WSS server's local domain using stsadm:

stsadm -o setproperty -url http://localhost:82
-pn "peoplepicker-searchadforests" -pv "domain:ad.int.com"

Although I had thought that the command should do nothing because I was not supposed to do that, ironically I could see users in the PeoplePicker control! :)

1 comments:

Emma said...

Thanks a lot for posting this problem with its relative solution. I carefully understood the whole post is not very clear about the idea behind it.
electronic signature for sharepoint