We have enabled forms authentication on MOSS. This forms
authentication(FBA) is based on Active directory itself.
We are using the userprincipalname(UPN) as the user logon. The forms
authentication setup with the AD provider works well.

Here are the problems we face due to the FBA setup:

1. In our application, we add users to the MOSS site using active
directory groups.The problem is, the people picker in the Add users
screen, does not return results when we search for AD groups. But when
we search for a user it does return results. How can get it to search
for groups too? Can someone help?

Here is snapshot of our web.config

<connectionStrings>
<add connectionString="LDAP://adserver/DC=test,DC=com
<ldap://adserver/DC=test,DC=com> " name="ADConnString" />
</connectionStrings>

<membership defaultProvider="ADProvider">
<providers>
<add name="ADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnString"
attributeMapUsername="userPrincipalName" enableSearchMethods="true" />
</providers>
</membership>

<roleManager defaultProvider="ADRoleProvider" enabled="true" >
<providers>
<add name="ADRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>

<PeoplePickerWildcards>
<add key="ADProvider" value="*" />
<add key="ADRoleProvider" value="*" />
</PeoplePickerWildcards>


2. We had problem with search crawl with forms authentication, we solved
that by creating a new zone for the application with windows
authentication. Is this the best way of enabling search with FBA?