I was working with some folks that wanted to limit the SharePoint 2010 People Picker to only pull users from a single group. There is an stsadm command to achieve this, though the TechNet example is not very realistic. (Title=David?? Really?!?!)
Creating the expression took me back to an old blog post from my friend Wayne: http://mindsharpblogs.com/wayne/archive/2005/06/15/497.html He goes into great detail about how to use LDIFDE to test your expressions.
In our case we had an AD Group "Humane Resources" that was in an OU called "SharePoint Users" in the domain "doghousetoys.com". This translates to:
stsadm -o setproperty -url http://site -pn peoplepicker-searchadcustomfilter -pv "(|(memberOf=CN=Humane Resources,OU=SharePoint Users,DC=doghousetoys,DC=com))"
You can get the distinguishedName of the container from the Attributes tab in ADUC.
One important note if you are testing this. SharePoint will always validate users from BOTH AD and the local site. So if I have members of the local site that are not in "Humane Resources" they will still show up in the people picker.
Hi Matthew,
thx for your blog. Is there a possebility to include the OU of the current user in the query?
This my aim/ goal:
I want to use one sharepoint site for e.g. tasks for different external people. I want to monitor these tasks in one list (eg. for syncing with outlook). This why I’m not using different sites.
I have a workflow on creating list items which sets the appropiate right on the item that the external partner sses only “his” tasks. that works fine for me.
But if I give him the possibility to create tasks himself. He can qery my whole Active Directory. So I want to restrict the query to objects only in his own OU…
Thanks in advance
Bernhard, You would have to create the filter for the user, and the string is not dynamic, so I think the answer is no.