A common scenario: A client wants to filter the "People Picker" in a SharePoint list to limit which AD Users or Groups are available to choose from. For instance, when selecting what AD User/AD Group can be added to an Alert on a SharePoint List.
A very common answer is to dive deep into code and spend hours and days figuring out the exact LDAP query and how to make it run and get everything to work in SharePoint. BAH! Too much work.
This one can be done out of the box.
First, why the LDAP thingie doesn't easily working:
The default behavior of the People Picker is not to query AD via LDAP. It is to query the SharePoint User Profile database. This is populated via user import. In MOSS, it is through a scheduled (or manual) user import. In WSS, it is done when any AD account or group is added to any site via explicit permissions or when added to a SharePoint group in a site.
The Name property will be the AD account name and so it looks very much like it is pulling from AD.
You can code another solution, but getting the right information into a usable SharePoint format can be tricky. But for this, you don't have to.
So, how to address the issue:
As I said, this can be with OOTB functionality if you're willing to do a few minutes work ahead of time.
1. Make a list (not SP list..just a list) of the AD users or groups you want for this particular people picker to choose from. (I usually limit to either users or groups and don't mix them in the same SP Group for this purpose.)
2. Create a new SharePoint group in the site where this people picker exists.
3. Do not give the SP group any permissions. It is just a holder.
4. Add the AD groups from your list in Step 1 to this SP group. Remove any individual account (such as yours) from the group.
5. In your people picker column settings, change the "Allow selection from" to "People and groups".
6. Then change the "Choose From" to "SharePoint Group" and in the drop-down choose the list you created.
How to use this nifty little thingie?
When you create a new list item, you will see the people field with a "Check Names" and a "Browse".
Since you limited the people picker to only what is in the SP group, anything typed in will only be checked against the groups in your SP group. So, it is likely that this will be unsatisfying.
However - look at that "Browse" button. Click it! Notice that it brings up the list of the AD groups you put into your SP Group.
I think you get the point.
Have fun!