SharePoint: Certain users not resolved in People Picker
Here I cover how to use Fiddler and IE Developer Tools (F12) to troubleshoot People Picker problems in SharePoint 2013 and 2016 within the context of a problem I recently came across.
Problem:
Certain users are not resolved in People Picker. The client-side people picker control shows no results, but doesn’t throw an error either. The “spinning circle” animation may or may not appear. If it does, it will spin indefinitely without returning any results.
If you get SharePoint ULS logs and a Network Monitor (Netmon) trace, you will notice that the user is successfully found in Active Directory. That’s because in this case, the problem occurs at the last step of the process when the client-side people picker control tries to render the results in the browser.
Note: If you hit control+K to force a resolve of the user, it will allow you to add them to site permissions.
Cause:
One of the users returned in the results has an invalid character (usually a Tab character) within one of the displayed Active Directory attributes, which could be any of the following:
Description
Display Name
Job Title
Mobile
Department
E-mail
You should take a look at what business processes and systems you use update users in Active Directory. Likely this 'bad data' was allowed into AD by some custom system you have.
Note: It only takes one “bad” user within the result set to cause this behavior.
For example, you have 3 users: User1, User2, User3.
Only User2 has an invalid character within their attributes.
If you search for “User”, you expect all three users to be returned, but in this case, none of them are.
Resolution
We need to find the problem user and problem attribute and remove the invalid characters from the user in Active Directory (AD).
Here’s an example using user “joroar\karl”, who has a trailing Tab character at the end of his Title attribute in AD.
You want to get a Fiddler trace of the repro. That way you can see what is being returned to the browser.
Here I’m typing in “Karl” and it’s not showing any results in the browser, yet the server response I see in Fiddler shows that Karls data was definitely returned to the People Picker control:
In this case, I can see that the response to the POST to /_vti_bin/client.svc/ProcessQuery calling the “ClientPeoplePickerSearchUser” method looks like this:
[
{
"SchemaVersion":"15.0.0.0","LibraryVersion":"15.0.4763.1000","ErrorInfo":null,"TraceCorrelationId":"8ddaf39d-f82e-0012-242f-1494d462c8c6"
},0,"[{\"Key\" : \"i:0#.w|joroar\\\\karl\", \"Description\" : \"JOROAR\\\\karl\", \"DisplayText\" : \"Karl\", \"EntityType\" : \"User\", \"ProviderDisplayName\" : \"Active Directory\", \"ProviderName\" : \"AD\", \"IsResolved\" : true, \"EntityData\" : {\"Title\" : \"Software dev\t\ ", \"Email\" : \"\", \"MobilePhone\" : \"\", \"PrincipalType\" : \"User\", \"SIPAddress\" : \"\", \"Department\" : \"\"}, \"MultipleMatches\" : []}]"
]
Notice the \t at the end of the users title. That is the encoded Tab character.
You can also run the Debugger in the IE Developer Tools (F12). When you repro, it should break on an “Invalid Character” error at JSON.parse (var g=JSON.parse(h.m_value)) within clientpeoplepicker.js. You can inspect the value passed to the method to find the offending character.
Here's how you would reproduce this problem if you wanted to:
Type out a user title in Word or some other text editor and add a trailing tab.
Copy the title, including the trailing tab and enter it into PowerShell like this:
$user = get-aduser -Identity "karl"
set-aduser $user -Title "Software Dev "
Run the PowerShell to update the user.
Go to any SharePoint site and try to find the user with People Picker.
Notes:
- The Active Directory UI will trim any trailing tabs when you save the user objects. To get this to repro with a trailing tab, you must update the user with PowerShell.
- However, it doesn’t have to be a trailing tab. If a tab character is anywhere within the attribute value, you will have this problem.