I was working with some folks that wanted to limit the SharePoint 2010 People Picker to only pull users from a single group. There is an stsadm command to achieve this, though the TechNet example is not very realistic. (Title=David?? Really?!?!)
Creating the expression took me back to an old blog post from my friend Wayne: http://mindsharpblogs.com/wayne/archive/2005/06/15/497.html He goes into great detail about how to use LDIFDE to test your expressions.
In our case we had an AD Group “Humane Resources” that was in an OU called “SharePoint Users” in the domain “doghousetoys.com”. This translates to:
stsadm -o setproperty -url http://site -pn peoplepicker-searchadcustomfilter -pv "(|(memberOf=CN=Humane Resources,OU=SharePoint Users,DC=doghousetoys,DC=com))"
You can get the distinguishedName of the container from the Attributes tab in ADUC.
One important note if you are testing this. SharePoint will always validate users from BOTH AD and the local site. So if I have members of the local site that are not in “Humane Resources” they will still show up in the people picker.
Ready to start your next project with us? That’s great! Give us a call or send us an email and we will get back to you as soon as possible!