SharePoint: SAML Authentication – Nested Groups and Role Claims

I came across this topic troubleshooting a support case where users were getting Access Denied to a site using Trusted Provider (SAML) authentication. The Issue: Users were given permission to the site using a group that had other groups nested in it. The users were not direct members of the group being used for permission….

0

SharePoint: Windows user not equal to ADFS user

I’ve been over this concept with customers and support engineers so many times, that I’m not sure why I haven’t posted about it before. My colleague Adam posted on this topic a while back, but I wanted to expand on that a bit. The Setup: Let’s say you have a SharePoint (2010, 2013, 2016, 2019,…

0

SharePoint 2016: FBA authentication changes

Disclaimer: The below is a summary of observations made as the result of some reverse-engineering and Source Code review. It’s not necessarily to be taken as “official,” but does check out according to my testing. This is post is not about configuring Forms-based Authentication (FBA). There’s plenty of other posts out there about that. The…

1

SharePoint: Troubleshooting the Security Token Service (STS)

STS Background: In SharePoint 2010, 2013, 2016, etc, the Security Token Service (STS) is a web service hosted under the “SharePoint Web Services” IIS site on HTTP port 32843 and HTTPS port 32844, in a virtual directory called SecurityTokenServiceApplication. In SharePoint 2010, it contains 2 web services:Securitytoken.svcWindowstokencache.svc   In SharePoint 2013 and 2016, it contains…

0

SharePoint: User Profile web service failures and the dreaded 8313 error

This post is about how a simple web service failure, caused by a networking or Active Directory issue can take your site down. I’ve come across this a few different ways. The behavior is almost always intermittent, making it hard to track down.   Possible Symptoms: Users intermittently receive a “Something Went Wrong” message when…

0

SharePoint: Profile Sync and the Domain Users group – the Primary Group problem

  This problem manifests itself in a few different ways: You create an Audience based on “Member Of” the “Domain Users” group. You notice there are only a couple (or maybe even zero) members shown, whereas you may have hundreds or thousands of users in that group.   You have a SharePoint Add-In (previously known…

0

SharePoint: People Picker error: “user does not exist or is not unique” – similar account names

    Consider the following scenario: SharePoint 2013 or 2016 servers are in the contoso.com domain contoso.com has a trust relationship with the corp.fabrikam.com domain. The peoplepicker-searchadforests property is configured like this: “forest:contoso.com;forest:corp.fabrikam.com,corp\SPadmin,*****” You use People Picker to find a user. If the users account name (samAccountName) is unique, you have no issues adding it…

0

SharePoint 2016: AD Import Profile Property Mappings aka: my profiles are missing email address

The issue that prompted this post: I was troubleshooting an issue where when using Active Directory Import (aka AD Import, aka: ADI) to import user profiles in SharePoint 2016, users from one domain were imported without issue. Users from another domain were imported, but missing email addresses (the “Work Email” profile property). We found that…

0

SharePoint: The complete guide to user profile cleanup – Part 4 – 2016

  This is part 4 in a series. You can find other parts here: SharePoint: The complete guide to user profile cleanup – Part1 SharePoint: The complete guide to user profile cleanup – Part 2 – 2010 SharePoint: The complete guide to user profile cleanup – Part 3 – 2013   Sync Options: In SharePoint…

0

SharePoint: The complete guide to user profile cleanup – Part 3 – 2013

This is part 3 in a series. You can find other parts here: SharePoint: The complete guide to user profile cleanup – Part1 SharePoint: The complete guide to user profile cleanup – Part 2 – 2010 SharePoint: The complete guide to user profile cleanup – Part 4 – 2016   Sync Options: In SharePoint 2013,…

0