Every time when you want to grant permission for a user or group in a SharePoint application you will use this SharePoint people-picker interface.
![clip_image002[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image00242.jpg "clip_image002[4]")
![clip_image004[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image00442.jpg "clip_image004[4]")
How does people-picker work?
When you type a keyword to find a user or a group, people-piker will first make a query on the content database and if there are no results, it will make the second LDAP query on the DC. More info in this article
Basic troubleshooting steps for people-picker performance issues
I will start with an example of people-picker performance issue:
You have to wait more than 20 seconds when you are checking a name or when you are searching a user in people picker.
A. First we need to identify if it is a SharePoint issue or if it is a general issue in your farm. To do this, create a folder on server desktop and check if you have the same issue when you add new users with security or sharing options.
![clip_image005[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image00542.png "clip_image005[4]")
If you have the same performance problem check your network configuration, firewalls, antivirus, server configuration, DC configuration, domains trusts. If the issue is not preset you should follow the next troubleshooting steps:
B. The second step is to identify if the issue is occurring for:
– all the users in the farm or for a few of them
– all SharePoint web applications
– all the users that are in the content databases
– all the users that are in DC or a specific OU
– a specific server, computer
How to check if the user is in the content database?
1. Using SQL Management Studio connect to your SQL server instance
2. Expand the content database that is used by your web application
3. Expand Tables
![clip_image006[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image00642.png "clip_image006[4]")
4. Search for the dbo.UserInfo table
![clip_image007[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image00742.png "clip_image007[4]")
5. Right click on it and click on New Query Editor Window ![clip_image008[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image00842.png "clip_image008[4]")
6. Create a new query where specify the name of the user
![clip_image009[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image00942.png "clip_image009[4]")
7. Or you can make a Select on the table to display top 1000 entries. If the number of entries is greater than 1000 you will miss some information.
Also, if you have more than 1000 users and you make a query to display all the entries from UserInfo table you can harm your SQL server.
![clip_image010[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image01042.png "clip_image010[4]")
8. If the user is present on query results check if you have duplicate entries, if the entries have the same tp_SystemID for the same tp_SiteID with tp_Deleted =0
Good to know regarding SSP database and content database synchronization
In order to check if the SSP database is synchronized with all the other content databases you can execute this stsadm command:
stsadm -o sync -listolddatabases 1
![clip_image011[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image01142.png "clip_image011[4]"){kind=small}
More info in this article
In order to make the correlation between IDs and the content database names you need to execute the following query on the SharePoint configuration database:
select o.id, o.name,* from objects o
inner join classes c on o.classid = c.id
where c.fullname like ‘%SPContentDatabase%’
![clip_image012[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image01242.png "clip_image012[4]")
If there are databases that haven’t been synchronized in the last days you can execute this command:
stsadm -o sync –deleteolddatabases 1
More info in this article
Now, you have to wait one hour for the synchronization job to start. One hour is the default value.If you want to change the synchronization job execution to every 5 minutes you can run the following command
stsadm -o sync –synctiming m:5
![clip_image013[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image01342.png "clip_image013[4]")
More info in this article
C. Third step: Network trace
You can create Network traces using Network Monitor or Wireshark.
1. Install Network Monitor or Wireshark on SharePoint server and DC
![clip_image015[4]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image01542.jpg "clip_image015[4]")
2. Start the traces
![clip_image017[3]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image017311.jpg "clip_image017[3]")
3. Reproduce the issue
4. Stop and save the traces
In the network trace, filter for LDAP traffic, search for the strings that correspond to your user and identify the frame number that is loading slowly. More info in this article
If you have the issue on one particular computer, different than the SharePoint servers, you need to install Network monitor on it and configure the host file to point to a specific SharePoint Web Front End. The hostfile configuration will help you minimize the number of network traces.
How to access to host file ?
1. Click on Start -> type drivers
2. You will be redirected to this path C:WindowsSystem32drivers
3. Open etc folder
4. Open hosts file with notepad editor
![clip_image018[3]](http://www.sharepointboco.com/wp-content/uploads/2012/01/clip_image01832.png "clip_image018[3]")
5. Add the Web Front End IP address and the SharePoint site name
6. Test the configuration using ping command
D. Forth step: if you have large active directory you can apply one of the following commands to improve people picker performance:
stsadm -o setproperty -propertyname peoplepicker-activedirectorysearchtimeout -propertyvalue 15
Configures the timeout when a query is issued to Active Directory. The default timeout value is 30.
More info in this article
stsadm -o setsiteuseraccountdirectorypath -path “CN=Sales,DC=ContosoCorp,DC=local” –url http://server_name
Sets the site user account directory path to a specific organizational unit (OU) in the same domain when the url and path parameters are specified.
Unlike the Peoplepicker-serviceaccountdirectorypaths property where multiple OUs can be specified, only a single OU can be set at a time when the setsiteuseraccountdirectorypath operation is used. As a result, this operation should only be run once per site collection.
More info in this article
stsadm -o setproperty -url http://contosto -pn “peoplepicker-serviceaccountdirectorypaths” -pv “OU=Farm Admin,DC=ContosoCorp,DC=local; OU=Farm1 Admin1,DC=ContosoCorp,DC=local ”
This enables a farm administrator to manage the site collection that has a specific organizational unit (OU) setting as defined in the Setsiteuseraccountdirectorypath setting. Here we can add more than one OU and can be separated by ;
More info in this article
Thank you for reading this article. I hope it was helpful
Sources of this article:
http://blogs.msdn.com/b/rajank/archive/2009/09/01/all-you-want-to-know-about-people-picker-in-sharepoint-functionality-configuration-troubleshooting-part-1.aspx All you want to know about People Picker in SharePoint ( Functionality | Configuration | Troubleshooting )
http://technet.microsoft.com/en-us/library/cc263012.aspx Peoplepicker-serviceaccountdirectorypaths: Stsadm property (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263328.aspx Setsiteuseraccountdirectorypath: Stsadm operation (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263196(office.12).aspx Sync: Stsadm operation (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263496.aspx Peoplepicker-activedirectorysearchtimeout: Stsadm property (Office SharePoint Server)