We have SharePoint 2010 in domain A and a 2-way trust between domains A and B. The two domains are in two different forests. When we try to assign a site collection administrator in CA, people picker will display results from BOTH domains (so it seemingly recognizes and searches users from domain A and domain B), but it won't allow us to apply the selected user and save. The same thing happens in WFE sites themselves, not just in CA. More specifically, here's what happens:
- In People Picker, searching for John Smith (who is in domain B) returns search results including users from domains A and B.
- Selecting the user and closing the search results pop-up window correctly places the identified user into the Primary or Secondary Site Collection admin field.
- Mousing-over the recognized user in the field displays a tooltip such as "DomainB\jsmith". Everything seems peachy so far.
- But, clicking on OK/SAVE button results in an error that the user cannot be found. This is not an issue with users from domain A (same domain where sharepoint is located).
- Here's the weirdest part... If I go to any file system folder on the server and on the security tab I give some permission to ANY user from DOMAIN B, apply/save, and go back to SharePoint CA, I can then repeat steps 1-4 above WITHOUT getting any errors in step 4. The Site collection admin is assigned without any problems. Why??????
At this point, I can assign site collection admins without any problems, repeatedly, even if I remove the file-system ACL from before. It lasts for some period of time ( a day or less) and the problem returns again eventually. Somehow, "priming" of ACLs through File System makes SharePoint "open up" the communication channels to the trusted domain B.
Why is this?
I found a bunch of posts talking about SP 2007 and peoplepicker-searchadforests property in one-way trusts, and even sometimes in 2-way trusts, but not much in 2010, and nothing that describes the intermittent sort of a problem that we have.
Any thoughts?
