PowerShell for People Picker Properties

As many SharePoint Administrators are aware, especially those dealing with one-way trusts or Selective trusts, the peoplepicker-* properties are very familiar to us. Since at least WSSv3, if not earlier, the peoplepicker-* properties have only been available via stsadm with no direct PowerShell replacement (it could be done, but it isn’t as pretty as ‘native’ PowerShell).

For SharePoint 2010 and 2013, however, easier PowerShell-accessible properties were put into place. This allows the SharePoint Administrator to quickly configure these in a much more ‘modern’ way. Let’s say I need to configure the People Picker on a Web Application to filter out Groups. The classic way I would do this is:

This property can be retrieved with stsadm -o getproperty -pn peoplepicker-searchadcustomquery -url http://webAppUrl. While you can still set the People Picker properties this way, the nice PowerShell way of doing it moving forward, taking the previous example, is:

To remove it, we simply nullify it:

This works with all of the properties displayed by  (Get-SPWebApplication http://spwebapp1).PeoplePickerSettings except for SearchActiveDirectoryDomains (previous peoplepicker-searchadforests). For this particular property, we have to take some extra steps. First, use PowerShell to set the application credential key:

This will set the key used to encrypt the credentials of the password we set for the user in the SearchActiveDirectoryDomains connection. Next, setup the connection:

If you need to search multiple domains (or forests), just create more of the SPPeoplePickerSearchActiveDirectoryDomain objects and add them to  $wa.PeoplePickerSettings.SearchActiveDirectoryDomains. To revert the changes, you can either clear all entries via $wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Clear(); $wa.Update(), a specific entry by using the zero-based index, like so  $wa.PeoplePickerSettings.SearchActiveDirectoryDomains.RemoveAt(0) or alternatively, we can retrieve a specific entry by retrieving it, then removing it, like so:

Unfortunately, TechNet, even for SharePoint 2013, still leads us down the way of using stsadm to set these People Picker Properties. But hopefully this gives you insight on how to do it in a more ‘modern’ way, to help you further retire the use of stsadm.

12 Comments

  1. this is awesome, however the line
    $adsearchobj = Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain

    gives the error that the term Microsoft…SPPeoplePickerActiveDirectoryDomain is not recognized… I on 2010. Did I miss a module load or something?

  2. found the issue… your line:
    $adsearchobj = Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain

    needs to be

    $adsearchobj = New-object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain

    it just felt like it was missing something and I could not put my hand on it

  3. i want to set Group name to People Picker COntrol so can u please tell me how can i do it with powershell..???

  4. Nice one! Handy bit of PowerShell!

  5. How would I apply this to all alternate urls? I can see the trusted domain at the root url of the web app (http://servername:port), but when I search in an alternate url, the users do not show. Thanks!

    • Hi John, these settings apply to the Web Applications as a whole and not a specific Alternate Access Mapping. If you’ve extended it, you’ll want to look at the extended Web Application.

      • Hi Trevor, yes, that is the behavior that I expected too, but it is not what I am seeing. I have been doing some research on this, but so far I have come up empty handed. Can you try to reproduce this on your end? If so, please let me know what you find. It may be an issue with my environment, or it might just be a bug. Thanks!

        • BTW – I am on SharePoint 2013, if that helps.

          • Sorry, I’ve never had an issue when this was configured appropriately regardless of version. I’d suggest you open a thread on the TechNet SharePoint forums or SharePoint StackExchange. It’ll be easier to troubleshoot there.

  6. Trevor, have you had any experience getting this to work on SharePoint 2016? When I run this, it basically just disables the people picker entirely, and I have to recreate the web application to fix it.

Leave a Reply