Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, April 22, 2013 1:40 PM
Hi everyone,
I’m seeing this odd behavior with a number of SharePoint farms where users can permission someone fine but if those same persons were to be added to a “Person” field SharePoint errors out “The user does not exist or is not unique”. Apparently if the same user is permissioned to the site first – s/he can be found on the Person or Group field just fine.
Anyone seen this behavior?
WireShark traces aren’t revealing any apparently firewall issue. Seems to me SharePoint does a lookup without the Domain name and get multiple names returned and hence the error ‘user not unique…’. Here is what I’m doing to reproduce this –
- Create a custom list and add a column type ‘person or group’
- Peoplepicker configured through STSADM to point to couple of AD forests and these are SPS 2010 farms with SP1 and Dec 2012 CU applied. Also these are Kerberos authenticated sites.
- Search a name from a subdomain from another forest (where 2 way trust present)
- People picker finds the name ok…select the correct name – when hit the ‘save’ – I get the following error messages and user not added
- If I try to permission the same user first directly to the site (from site permissions page) – I can (no error message)
- Once step 5 completes, I can add this person to the ‘people’ field.
- Here is what I saw on WireShark capture – I query a person say xxx\asmith….I see SharePoint gets results xxx\asmith along with yyy\asmith and zzz\asmith. I believe this is the reason why SharePoint errors out with ‘user not unique...’message. Can anyone explain why this is happening?
- Please note though the trace log message (below) seems it might be a DNS issue – I can permission the same user to the Windows folder (on SharePoint server) just fine. So it seems to be a SharePoint related issue and not Active directory.
Error on UI: ‘The user does not exist or is not unique.<nativehr>0x81020054</nativehr><nativestack>stswel.dll’ . ….[COMException (0x81020054): The user does not exist or is not unique.<nativehr>0x81020054</nativehr><nativestack>stswel.dll: (unresolved symbol, module offset=000000000013EFBA) at 0x000007FEF494EFBA
Trace log: Unable to get domain DNS or forest DNS for domain XXXXX error code=1355…. Error in resolving user 'xxx\ssmith' : System.ArgumentException: Specified value is not supported for the {0} parameter.
Similar unanswered thread: http://social.technet.microsoft.com/Forums/en-US/sharepointadminprevious/thread/cc86e4a2-ffd4-44cb-baa1-2b1d23ef3a02
Many thanks in advanced!
BlueSky2010
Please help and appreciate others by using forum features: "Propose As Answer", "Vote As Helpful" and "Mark As Answer"
All replies (8)
Monday, April 29, 2013 11:11 AM ✅Answered | 2 votes
This is to confirm that yes, you must have the user added to the site before you use the user's domain identity elsewhere in the site. This is by design on all releases of the product thus far.
Monday, April 22, 2013 6:05 PM
Have you set the multiple Domains as a master and two Resource? If not then SharePoint won't know how to resolve any user name collisions and will throw that error. I'll bet it works fine if you were to type in a user as xxx\asmith.
By creating the user first you automatically resolve the conundrum for it. Only one account is tied to the SharePoint identity and that is used.
These might be of use:
http://technet.microsoft.com/en-us/library/cc263247(v=office.12).aspx
PS. The formatting sucks. You get used to it.
Monday, April 22, 2013 7:17 PM
Thanks Alex for your feedback. I'm going to read the articles you included. See a quick feedback below to your question.
Actually it does not matter whether I use check name/ Browser peoplepicker option. It ends up returning the same error message. My understanding is the initial GC lookup (3268) succeeds but when it does a 389 lookup to the hosting domain that's the time it fails.
As per your usggestion I tried
- 'check name' in this format xxx\asmith and
- it comes back with 'no exact match was found. click the item(s) that did not resolve for more options' and name underlined.
- If I hove mouse over I see 'multiple entires matched, please click to resolve'.
- When I click, I only see one match 'xxx\asmith'.
- I choose that name - the underline goes away
- hit save ...
- 'The user does not exist or is not unique' message comes back.
BlueSky2010
Please help and appreciate others by using forum features: "Propose As Answer", "Vote As Helpful" and "Mark As Answer"
Monday, April 22, 2013 7:36 PM
These might be of use:
http://technet.microsoft.com/en-us/library/cc263247(v=office.12).aspx
Alex - I just checked your links. Well the first one does not seems to be related to my issue. As it's talking about creating connection to import user profiles (UPS). And I do have the peoplepicker configured to lookup forests in correct format (as per the 2nd article).
Also just tested Person field in a farm with April CU applied and seeing the same behavior. :-(
Any other thoughts, anyone??
BlueSky2010
Please help and appreciate others by using forum features: "Propose As Answer", "Vote As Helpful" and "Mark As Answer"
Wednesday, April 24, 2013 3:15 PM
Apparently friend of mine from another organisation tested Task list (with the steps provided in the OP) and it's showing same behavior. That is - unless a user is already added to the site you can't add the person to a 'Person' field. It throws error “The user does not exist or is not unique”.
Is that by design - can Microsoft please confirm?
thank you!
BlueSky2010
Please help and appreciate others by using forum features: "Propose As Answer", "Vote As Helpful" and "Mark As Answer"
Thursday, April 25, 2013 10:18 AM
Hi,
Thank you for your post.
I'm trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thanks ,
Entan Ming
Entan Ming
TechNet Community Support
Monday, April 29, 2013 1:56 PM
Thanks VJWilliam for confirming this - though I don't like this behavior (which means more work for the users) :-). Especially when there are multiple site collections these users will have to be added to each site, right? I'm also presuming user accounts will have to be added NOT the AD group (where the users belong), correct?
Do you have any Technet article you can share which explains how adding user to a task list differs from permissioning to a site? I'd like to know how it really works as we're trying to improve peplepicker performance in a global SharePoint deployment.
Thank you again!
BlueSky2010
Please help and appreciate others by using forum features: "Propose As Answer", "Vote As Helpful" and "Mark As Answer"
Tuesday, April 30, 2013 1:27 PM
There is no TechNet article that I'm aware. If the user User1 belongs to a security group Group1 in Active Directory and Group1 is added with permissions to a site in SharePoint - in that case, User1 must have accessed the site at least once before a task can be assigned to him. This action is required because the flow of work within SharePoint is as follows:
1. When Group1 is added to a SharePoint site, the SID of the group is written as an ACE to the ACL of that site. This SID does not translate or equate to adding User1 directly to the site - as it would have been the case otherwise.
2. After Group1 is added, it is imperative that User1 must access the site so that his SID is recorded in the userInfo table of the content database where the site resides. This is required because all information about the user including e-mail, SID, etc. are written.
3. A task can now be assigned to User1. If you attempt to assign a task without the user correspondingly to an entry in userInfo, the action would result in ‘The user does not exist or is not unique.' scenario.
Should any information about the Group1 change or if Group1 is renamed to Group2, you may have to go through this -> http://support.microsoft.com/kb/2809787.
The 'performance' of peoplepicker is not in anyway related with the ‘The user does not exist or is not unique.' issue.