At a client recently we needed to add a user from a trusted domain.  Each time we tried, however, we received an error stating:

The resource could not be saved due to the following reasons:

  • The NT account specified is invalid.  Check the spelling of the user name, verify that a valid domain was included…

image

 

We knew for a fact the account existed, and we had already successfully added other users from this domain.  Another thing was that using the people picker from the top level SharePoint site did reveal this persons account.  After some research we found a TechNet article that addressed the issue. 

From TechNet:

When a Web application uses Windows authentication, People Picker searches all two-way trusted forests and all two-way trusted domains. However, if you want to search from a one-way trusted forest or a one-way trusted domain, you must run the setapppassword operation, and then run the peoplepicker-searchadforests property.

Syntax

The syntax for the setproperty operation is:

stsadm -o setproperty

   -propertyname peoplepicker-searchadforests

   -propertyvalue <valid list of forests or domains>

   [-url] <URL>

The syntax for the getproperty operation is:

stsadm -o getproperty

   propertyname peoplepicker-searchadforests

   [-url] <URL>

Command Syntax (once we ran the following command we could successfully add the user)

stsadm –o setproperty –url /pwa">/pwa">http://<serverName>/pwa -pn peoplepicker-searchadforests -pv “domain:mpn.com;domain:TRAIN.com;domain:domain3.com”

 

TechNet URL: http://technet.microsoft.com/en-us/library/cc263460(office.12).aspx

 

 

Examples

Search additional domains or forests

To enumerate a list of users by using People Picker from a second forest or domain, use the following syntax:

stsadm –o setproperty –pn peoplepicker-searchadforests –pv <list of forests or domains> -url <WebApp>

Specify user account and password from a one way trust

To specify the user name and password from a one-way trust, so that People Picker can look up this information, use the following syntax:

stsadm -o setproperty -url http://<server:port> -pn peoplepicker-searchadforests -pv "forest:contoso.corp.com, <LoginName>,<Password>;domain:bar.contoso.corp.com, <LoginName>,<Password>"

Related properties and operations

You can include additional users and groups from multiple forests. For more information about how to select and add users, see Select users from multiple forest domains and Add users from multiple forest domains.