People Picker in MOSS 2007 can't find people in non-default domains

Customer is seeing the following behavior:


"We went to SSP and clicked on User Profiles and Properties under the “User Profiles and My Sites” section and then clicked on View Import Connections and then added to the Import Connections list and I started a full import.

It completed in about an hour and imported users from the domain1 domain.


The problem we run into is that when I go to add them to a site to give them access, we are unable to find the usersby using People Picker. We only find users from the domain0 domainwhich the moss server is on. "



I found out that by default People Picker can only find people in the resource domain - the domain that MOSS servers are in. For other domains/forests, you'll need to run the following command:


Stsadm.exe –o setproperty –pn peoplepicker-searchadforests –pv <list of forests or domains> -url <webapp>

The format of <list of forests or domains> is a list of




separated by semicolon.

If they are trusted domains/forests, then it is not necessary to pass in the LoginName or Password, just in the format of




If the Password is specified in the forest:DnsName,LoginName,Password or domain:DnsName,LoginName,Password, please run

stsadm.exe -o setapppassword -password <somekey> first. <somekey> could be any string. We will use <somekey> to encrypt the Password in domain:DnsName,LoginName,Password or forest:DnsName,LoginName,Password and stored the encrypted Password in the database. Also, please use the same <somekey> to run stsadm.exe -o setapppassword -password <somekey> on all machines where SharePoint is installed. For different web farm, please use different <somekey>.

*Note: My customer's problem still remains after running the command due to some "invalid binder credentials" issue in their Global Directory. I'll post an update later.