In Office 365 SharePoint Online all users of an Office 365 tenant are visible in the people picker. But for end users this often does not make sense…
Use the people picker
So if your type a person´s name in any people picker in SPO the system shows a list of all users known to the system. Pick the desired one and the user object id is used for the field or property.
The only restriction of the people picker in SPO is that only ACTIVE users are shown.
Inactive users have the login status “blocked” and will not show up in the people picker. You can check this in the office 365 portal when filtering the blocked users, like in this sample screenshot here.
So, blocked users are not shown - which is good.
(Sorry for the german screenshot, this was just to illustrate the user properties website.)
Why all users?
Well, that sounds logic – otherwise an Admin could never add new users (of the tenant) to a SPO site (…if he wouldn´t see all users of an Office 365 tenant).
Ok, but imagine there´s a large company which uses many site collections. Each Site shall only be used by users of a location or a department. In such scenarios it absolutely would make sense that not ALL users are visible in the site, but only the ones who have rights in that SPO site.
So, unfortunately this is not possible in SPO right now.
In SharePoint on premises
In SharePoint there´s a workaround for that scenario. At least for restricting the people picker to a special OU… An Admin (with access to the SPO farm) can use Stsadm.exe tool to manage People Picker in SharePoint 2013, see these resources:
- TechNet: Configure People Picker in SharePoint 2013
- Another method could be this way (not tested): Limiting People Picker Scope in SharePoint
According to TechNet (link #1) this command would work to restrict People Picker to a certain OU in Active Directory, :
stsadm -o setsiteuseraccountdirectorypath -path <Valid OU name> –url <Web application URL>
But Office 365 is manageable only via Remote PowerShell (so no stsadm tool) ...
Not possible in SharePoint Online
Our investigation brought some forum entries about that topic (but no official MSFT site in TechNet or MSDN):
- “Presently, we can’t limit the people picker in SharePoint Online to only show a certain group of users.” - August Sun of MSFT Support in SharePoint sharing people picker - hide users.
- “Per my knowledge, the restriction of people picker in SharePoint online is unavaiable, as stsadm command is not supported for SharePoint online.” - Jason Guo, TechNet Community Support in SPO People picker restrict users
- “But configuring People Picker is not available in SharePoint Online.” - Cherry Wang, MSFT Support, O365 SharePoint Online P1 Hide External Users from other External Users.
Test it: If you use the SPO API for reading all users with
<site-url>/_api/web/siteusers you get ALL active users of the tenant – not only the ones that have rights for that specific SPO site. Obviously the people picker uses the same method.
in SPO 2013 we have not found a way to restrict the people picker to a group of users. Sorry!
If someone finds a way in SPO – pls. let us know.
We hope Microsoft will change that in the next releases or deliver a way to accomplish that. #FeatureRequest