Controlling PeoplePicker Content

You have two choices, you can use either of the following stsadm cmds: searchadcustomfilter or setsiteuseraccountdirectorypath.

setsiteuseraccountdirectorypath: 

When people picker resolves the user, it will check whether the user exists in the site collection or not. If it exists, return the user. Otherwise, search the AD or membership provider. For the AD case, if there is “siteuseraccountdirectorypath”, it will only search under that directory path, otherwise, the whole AD is searched.

Suppose the site is empty. After the administrator use

-o setsiteuseraccountdirectorypath

Only users under that path could be added to the site collection and no one else could be added to the site collection. In such case, the user returned will always be under the “siteuseraccountdirectorypath”.

Suppose the site is not empty and there are already some users exists. After the administrator use

-o setsiteuseraccountdiretorypath

To add a new user, the new user must be under the directory path. The people picker will return existing users in the site collection and users under the directory path.

searchadcustomfilter:

This path allows you to control the users shown in the PeoplePicker control by LDAP, BUT a user can still type in a valid alias and click the check name button to be given access.