When you have large and complicated AD structure you will probably run into problems with PeoplePicker controls in SharePoint. Either they will be working slowly or not working at all. We faced a problem that they were not possible to use because of the slowness.
According to official MSDN documentation, PeoplePicker is first sending a DNS query to determine the nearest Global Catalog server, then sends several LDAP requests. Sometimes the DNS can affect the performance, and sometimes it is the LDAP itself. Network latency also might be an issue.
In our case the poor performance of People Picker could not be explained by latency/server load. Typing my last name "Inyushin" in the control and clicking the "Check user names" icon in people picker caused a huge delay - about 5 minutes. When using samAccountName or email the people picker was working quickly but searching by last name or first name was too slow. Another interesting symptom was that searching users using the search dialog was working normally.
We started to investigate and ended up with the following solution:
1. Configured the people picker by using the following PowerShell script to avoid querying AD when possible:
$web = get-spweb("http://webapp_root")
$webapp = $web.Site.WebApplication
$ps = $webapp.PeoplePickerSettings
$ps.ActiveDirectoryRestrictIsolatedNameLevel=$true
$webapp.Update()
2. Configured people picker to search accounts in our domains by using the following STSADM commands
stsadm.exe -o setapppassword -password P@SSWORD
stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv "domain:d1.company.com,d1\account_name,P@SSWORD;domain:d2.company.com,d2\account_name,P@SSWORD"
Having done so the people picker started to work quickly and resolve the user names within seconds.
Комментариев нет:
Отправить комментарий