peoplepicker nor showing security groups after sharepoint 2010 Migration

Question

I have migrated a SharePoint 2010 farm from one domain to another domain. After migrating the content database from one domain to another all the old users appear in the peoplepicker results.

New security groups created in the old domain are not shown in the peoplepicker of the content web application

however the people picker in the central admin shows the newly created security groups.

Steps taken

stsadm -o setproperty –url http://<server> –pn peoplepicker-onlysearchwithinsitecollection –pv no

i also deleted SharePoint cache

What puzzles me is that when I created one security group in the new domain it appeared in the people picker of the web content application but all security groups thereafter stopped appearing after that in the peoplepicker results.

Is there a way to reset the peoplepicker results and make it point to the AD. Or Is there any Power shell commands to add security groups into the peoplepicker results.

In the user profile synchronization service i have selected the security group and it appears in the miisclient.exe tool but does not appear in the user profile section.

Answer 1

UPS has multiple stages with FIM. First it imports data from AD to it's databases, it then will sync those with the UPS database. There is an additional job that keeps the data in UPS in sync with the userinfo tables for site collections.

If you are seeing your groups in the metaverse - then they are in the FIM database. You need to change an attribute of the group and re-sync. If you are watching FIM, it will report if there are errors, and you will need to resolve those before your data will import.

Also try running a full sync - first with users only, and then again with users and groups. Make sure there are no errors in FIM console. You may want to increase your logging to verbose as well - and check the ULS logs to make sure there is no problems connecting with the UPS.

I assume that these old groups will be accessible thru a domain trust. If you can't validate those groups thru AD, they won't work in SharePoint.