At a client recently we needed to add a user from a trusted domain. Each time we tried, however, we received an error stating:
The resource could not be saved due to the following reasons:
- The NT account specified is invalid. Check the spelling of the user name, verify that a valid domain was included…
We knew for a fact the account existed, and we had already successfully added other users from this domain. Another thing was that using the people picker from the top level SharePoint site did reveal this persons account. After some research we found a TechNet article that addressed the issue.
From TechNet:
When a Web application uses Windows authentication, People Picker searches all two-way trusted forests and all two-way trusted domains. However, if you want to search from a one-way trusted forest or a one-way trusted domain, you must run the setapppassword operation, and then run the peoplepicker-searchadforests property.
Syntax
The syntax for the setproperty operation is:
stsadm -o setproperty
-propertyname peoplepicker-searchadforests
-propertyvalue <valid list of forests or domains>
[-url] <URL>
The syntax for the getproperty operation is:
stsadm -o getproperty
propertyname peoplepicker-searchadforests
[-url] <URL>
Command Syntax (once we ran the following command we could successfully add the user)
stsadm –o setproperty –url /pwa">/pwa">http://<serverName>/pwa -pn peoplepicker-searchadforests -pv “domain:mpn.com;domain:TRAIN.com;domain:domain3.com”
TechNet URL: http://technet.microsoft.com/en-us/library/cc263460(office.12).aspx
Examples
Search additional domains or forests
To enumerate a list of users by using People Picker from a second forest or domain, use the following syntax:
stsadm –o setproperty –pn peoplepicker-searchadforests –pv <list of forests or domains> -url <WebApp>
Specify user account and password from a one way trust
To specify the user name and password from a one-way trust, so that People Picker can look up this information, use the following syntax:
stsadm -o setproperty -url http://<server:port> -pn peoplepicker-searchadforests -pv "forest:contoso.corp.com, <LoginName>,<Password>;domain:bar.contoso.corp.com, <LoginName>,<Password>"
Related properties and operations
You can include additional users and groups from multiple forests. For more information about how to select and add users