When the People Picker control is used, a user’s name is resolved when the Check Name icon is clicked or a list of users is displayed when the Browse icon is clicked.
If the Web application is using Windows authentication and the site user directory path is not set, the People Picker control searches the entire Active Directory to resolve users’ names or find users, instead of searching only users within a particular organizational unit (OU). The setsiteuseraccountdirectorypath operation allows the user’s directory path to be set to a specific OU in the same domain. After the directory path is set to a site collection, the People Picker control will only search under that particular OU.
If a site collection is new and an administrator uses the setsiteuseraccountdirectorypath operation to specify a target OU, only users under the specified path can be added to the site collection and no one else can be added to the site collection.
If users have already been added to a site collection and the setsiteuseraccountdirectorypath operation is run, only users under the specified path will be able to be added going forward.
To set a list of users to a specific OU (for example, Sales) in the Contoso Corp domain, use the following syntax:
stsadm -o setsiteuseraccountdirectorypath -path “CN=Sales,DC=ContosoCorp,DC=local” –url http://server_name