- One of my customers has multiple domains, lets call them domain1 and domain2
- The SharePoint Server and all the service accounts exist in domain2
- Some users of SharePoint are in domain2
- The majority of users of SharePoint in domain1
Users in domain1 don't see anything in search results on SharePoint despite the fact they can access the content. Users in domain2 can see content they have access to in search results. There was a slight additional complication was that one user in domain1 could see results.
After a bit of investigation it turns out that users that the search crawl account (in domain2) does not have sufficient rights in domain1 to be able to rights trim results for user users. The result is that it returns nothing. Further any user in domain1 who has rights in domain2 does gets results, hence the reason why one person was getting results.
What resolved the issue in this case was adding the search crawl account (from domain2) to the "Pre-Windows 2000 Compatibility Access group" in domain1. However I also saw guidance that they may need to be added to "Windows Authorization Access Group".