SharePoint 2010: cannot add user from a trusted domain to a site

Problem: customer could not locate any users from a specific trusted domain when using the people picker. there is 'No exact match was found'


I verified that this command was run successfully:

stsadmo getpropertypn peoplepicker-searchadforestsurl 


still the user could not be found

Asked the customer to create a folder on the desktop of the server and try to add one of these users. The user was was NOT able to be added. This meant that this problem was a networking issue because if the user can't be added to a folder on the server desktop it certainly won't be available in IIS


Ensure the proper ports are opened You must have ports opened between SharePoint and AD in order for both the UPA to function (389 or 636 or custom) and the People Picker to function. ? 



TCP/UDP 135, 137, 138, 139 (RPC)  

TCP/UDP 389 by default, customizable (LDAP)  

TCP 636 by default, customizable (LDAP SSL)  

TCP 3268 (LDAP GC)  

TCP 3269 (LDAP GC SSL)  

TCP/UDP 53 (DNS)  

TCP/UDP 88 (Kerberos)  

TCP/UDP 445 (Directory Services)  

TCP/UDP 749 (Kerberos-Adm) [Opt.]  

TCP port 750 (Kerberos-IV) [Opt.] 


Recommended reading


People Picker Port/Protocol Requirements 

SharePoint 2010-Multi domain and forest trust 

Plan Security Hardening 



Comments (0)

Skip to main content