(This article was previously published on Matt Milsark’s UnderstandSharePoint blog)
Search Sometimes Works …
Okay, so has this ever happened to you? You install and configure a beautiful, fresh, and pristine SharePoint environment. Of course, you test search by performing a full crawl. Results are returned. All’s good. Right? Well you log in as a different user and run the same exact search. Instead of results, however, you get that aggravating and dreaded no search results screen! Ugh…
What’s going on?!
This scenario occurs if you have a one-way trust established and are performing a search with a user from the trusted domain.
In order to rectify this situation, you’ll have to configure your Search Service Application to store ACLs in Claims format. To do this, you’ll have to use PowerShell (credit goes to Sladecross for this).
$SearchApp = Get-SPServiceApplication %searchGUID%
Replace %searchGUID% with the GUID of the Search Service Application.
Run this if you know the GUID:
I’ve also witnessed situations where the search crawling account was a domain account from the trusted domain. This does allow users from the trusted domain to perform search. However, the problem with this is twofold because configuring a managed account with an account from the trusted domain causes all sorts of wacky things:
1.) The inability to access the Configure Managed Accounts screen from the UI.
2.) When logged-in from the other domain (the non-trusted one) you won’t see search results. It becomes an either/or situation.
Using the PowerShell script allows any user, regardless of domain, to see the search results.
Oh, and you don’t have to force your web application to Claims based authentication.
So go ahead: run the script, run a full crawl, and allow both domain accounts the ability to accurately perform searches in SharePoint 2010. Hope that helps!