Our sharepoint farm was in Domain A and we wanted to grant rights to a group in Domain B.
It worked fine from the GUI but powershell add-spuser or new-spuser failed – both stating the user ID we were adding was no good.
Specifically this was for Mysites – we had thousands of them so doing it by hand wasn’t an option.
$app = Get-SPWebApplication -Identity https://www.siteInDomainA.com
foreach($site in $app.Sites)
write-host "Updating $site"
$web = $site.RootWeb
$web.AllUsers.Add("DomainBDomain Users", [System.String]::Empty, "Domain Users", [System.String]::Empty)
Set-SPUser -Identity 'DomainBDomain Users' -Web $web.Url -AddPermissionLevel 'Read'
I had this problem enough times that I wanted to capture the solution.
First of all, credit goes to Craig Lussier on the Technet forms, his post has the full solution and background.
I used the above solution and it worked great.
I also found a script that I did not try. The script is described as being able to change this setting system wide by looping through each document library in each subsite of a given site – it could come in handy. (the script is by the same poster – Craig Lussier – Thanks Craig!
The code below is from the first link above, I’ve copied it here in case MS ever changes the link structure and the original post can’t be found.
$gc = Start-SPAssignment
$web = $gc | Get-SPWeb "http://yourspweburl"
#Get Document Library
$docLib = $web.lists["Your Document Library Title"]
#View all properties/methods of the Document Library and you'll see that BrowserFileHandling is a property
$docLib | Get-Member
#See the current BrowserFileHandling setting for the Document Library
#If you need to change it from Strict to Permissive
$docLib.BrowserFileHandling = "Permissive"
# End SPAssgment
$gc | Stop-SPAssignment