{"id":1220,"date":"2012-10-14T10:34:24","date_gmt":"2012-10-14T10:34:24","guid":{"rendered":"https:\/\/poiseddevelopers.com\/reality-tech\/?p=1220"},"modified":"2024-05-13T10:54:58","modified_gmt":"2024-05-13T10:54:58","slug":"refining-people-picker","status":"publish","type":"post","link":"https:\/\/poiseddevelopers.com\/reality-tech\/refining-people-picker\/","title":{"rendered":"Refining People-Picker"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/poiseddevelopers.com\/reality-tech\/refining-people-picker\/#Refining_The_SharePoint_People-Picker\" title=\"Refining The SharePoint People-Picker\">Refining The SharePoint People-Picker<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/poiseddevelopers.com\/reality-tech\/refining-people-picker\/#AD_Filtering\" title=\"AD Filtering\">AD Filtering<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Refining_The_SharePoint_People-Picker\"><\/span>Refining The SharePoint People-Picker<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In SharePoint there are several locations where a set of users is presented in what is known as the \u201cPeople-Picker\u201d. Examples include a \u201cpeople\u201d field in lists, and in assigning security.<\/p>\n<p>One can manage the set of users and groups presented, however THe underlying mechanism is not well known in the SharePoint community.<\/p>\n<p>In short, it is the set of all users returned from AD (ActiveDirectory) plus the set of local users in the Site Collection being used.<\/p>\n<p>In this article, I\u2019ll provide guidance on how to adjust both the users returned from AD, as well as the users in the site collection.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"AD_Filtering\"><\/span>AD Filtering<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>To return a subset of AD results, the following stsadm command is used:<\/p>\n<pre lang=\"php\"> stsadm -o setproperty -url http :\/\/SharePoint\/  -pn peoplepicker-searchadcustomfilter -pv \"\"\r\n<\/pre>\n<p>In this example, http :\/\/SharePoint is your web application, and the \u201c\u201d is the LDAP query. This clears the AD filter, as the LDAP query is empty. Note there is no PowerShell equivalent in SP2010, and this applies to a Web Application and not individual site collections. To test the change, try editing the set of Site Collection Administrators or User Policy for the Web Application in Central Administration.<\/p>\n<p>In the example below, an LDAP query is specified to select AD entries where users have a manager (which filters out all kinds of non-standard user accounts), and groups starting with \u201cSharePoint\u201d.<\/p>\n<pre lang=\"php\">   stsadm -o setproperty -url http :\/\/SharePoint  -pn peoplepicker-searchadcustomfilter -pv \"(|(&amp;(objectcategory=group)( sAMAccountName=domainSharePoint_*))(&amp;(&amp;(objectcategory=person)(objectclass=user))(manager=*)))\"<\/pre>\n<p>Let\u2019s check out the LDAP Query string above, with this bit of PowerShell:<\/p>\n<div><\/div>\n<pre lang=\"php\">$strFilter = \"(|(&amp;(objectcategory=group)( sAMAccountName=yourdomainSharePoint _*))(&amp;(&amp;(objectcategory=person)(objectclass=user))(manager=*)))\"\r\n$objDomain = New-Object System.DirectoryServices.DirectoryEntry\r\n \r\n$objSearcher = New-Object System.DirectoryServices.DirectorySearcher\r\n$objSearcher.SearchRoot = $objDomain\r\n$objSearcher.PageSize = 1000\r\n$objSearcher.Filter = $strFilter\r\n$objSearcher.SearchScope = \"Subtree\"\r\n \r\n$colProplist = \"name\"\r\nforeach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}\r\n \r\n$colResults = $objSearcher.FindAll()\r\n \r\nforeach ($objResult in $colResults)\r\n    {$objItem = $objResult.Properties; $objItem.name}<\/pre>\n<p>ColResults now has a nice array of results to work with.<\/p>\n<p>While the above is all straightforward, the results in PeoplePicker could be less than perfect. If you test, the users returned may contain additional users, including those not returned by the LDAP Query.<\/p>\n<p>It turns out, People Picker returns the superset of the LDAP Query results AND a local user list that is cached in a site collection. You can see this list by going to the Site Collection URL, plus this: \u201c_catalogs\/users\/\u201d. Note the default view does not allow you to delete items, but if you add a new view, you can add \u201cEdit\u201d as a column, and delete individual users one at a time.<\/p>\n<p>The script below will delete all cached users in a Site Collection (except for Site Collection Administrators); but I don\u2019t think you want to run it, as it will remove all user permissions as well!<\/p>\n<pre lang=\"php\">  $url = \"http:\/\/YourSiteCollection\"\r\n \r\n$web = get-spweb $url\r\n$list = $web.Lists[\"User Information List\"]\r\n$listItems = $list.Items\r\n$listItemsTotal = $listItems.Count\r\nfor ($x=$listItemsTotal-1;$x -ge 0; $x\u2013-)\r\n{\r\n    Write-Host(\u201cDELETED: \u201d + $listItems[$x].name)\r\n    remove-spuser $listItems[$x][\"Account\"] -web $url -confirm:$false\r\n}\r\n$web.dispose()<\/pre>\n<p>To get this right, we need to extract the LDAP query results into a hashtable, and loop through the cached user list and only remove entries that are not in the LDAP query.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Refining The SharePoint People-Picker In SharePoint there are several locations where a set of users is presented in what is known as the \u201cPeople-Picker\u201d. Examples include a \u201cpeople\u201d field in lists, and in assigning security. One can manage the set of users and groups presented, however THe underlying mechanism is not well known in the [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":1222,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[47],"tags":[],"class_list":["post-1220","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/posts\/1220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/comments?post=1220"}],"version-history":[{"count":2,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/posts\/1220\/revisions"}],"predecessor-version":[{"id":3970,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/posts\/1220\/revisions\/3970"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/media\/1222"}],"wp:attachment":[{"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/media?parent=1220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/categories?post=1220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/tags?post=1220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}