The user does not exist or is not unique

I have seen this not only once so I thought it's worth a couple of lines to (potentially) save some trouble-shooting :) .

among the properties that can be set to restrict peoplepicker behavior we have serviceaccountdirectorypaths https://technet.microsoft.com/en-us/library/cc263012(office.12).aspx and siteuseraccountdirectorypath https://technet.microsoft.com/en-us/library/cc263328(v=office.12).aspx. These properties go hand in hand and allow the abbility to restrict the peoplepicker to a specific Organizational Unit within your Active Directory Structure.

Ocasionally you may notice that after Setting the properties you are not able to resolve the users within that OU.

The most common issue that occurs with the above is inadvertedly adding a space character between the elements of the path.

For example:

instead of OU=Users,DC=CONTOSO,DC=COM you type OU=Users, DC=CONTOSO,DC=COM

Of course, inside the peoplepicker code, we retrieve the AD Path from API without the spaces, then on trying to match the AD Path with the restriction, the comparison WILL fail, and the user will not be found.

Retrieving the property in a command prompt (to check) does not make the issue obvious, so you need a good eye to spot these type of mistakes.

Given this , I've put together the below script to help you identify such common typos.

 

#-----------------------------------------script starts

#

# This script is freeware and is provided on an "as is" basis without warranties of any kind,

# whether express or implied, including without limitation warranties that the code is free of defect,

# fit for a particular purpose or non-infringing. The entire risk as to the quality and performance of

# the code is with the end user.

#

#

add-pssnapinmicrosoft.sharepoint.powershell-erroractionsilentlycontinue

$WebApplication=Read-Host"Web Application URL"

$SPWebApp=get-spwebapplication-identity$Webapplication

$logfile="C:\TEMP\Log.txt"

function has_empty_char ([string]$StrToCheck)

{

if ($StrToCheck-ne$null)

{

#we are checking any space within the string (might return false positive in some cases)

if ($StrToCheck.IndexOfAny(" ") -ge0)

{

foreach ($partin$StrToCheck.Split(" "))

{

$recomp+=$part+"#"

}

write-host-BackGroundColorBlack-ForegroundColorYellow"Found Empty Space String(#) : "$recomp.TrimEnd('#')

return$true

}

else

{

return$false

}

}

}

$ServiceAccountDirectoryPaths=$wa.PeoplePickerSettings.ServiceAccountDirectoryPaths;

if ($ServiceAccountDirectoryPaths-ne$null)

{

Write-host"Checking ServiceAccountDirectoryPaths ..."

foreach ($pathin$ServiceAccountDirectoryPaths.Split(';'))

{

if (has_empty_char($path))

{

write-host"--------"

write-host"The following invalid LDAP path was specified within ServiceAccountDirectoryPaths: "$path

}

else

{

write-host$path" - OK "

}

}

}

foreach ($SPSitein$SPWebApp.Sites)

{

$UserAccountDirectoryPath=$SPSite.UserAccountDirectoryPath

write-host"Site: "$SPSite.Url " UserAccountDirectoryPath: "$UserAccountDirectoryPath

Write-Output"Site: "$SPSite.Url " UserAccountDirectoryPath: "$UserAccountDirectoryPath|out-file$logfile-Append

if( $UserAccountDirectoryPath-ne$null)

{

if (has_empty_char($UserAccountDirectoryPath))

{Write-Output"Site: "$SPSite.Url " UserAccountDirectoryPath: "$UserAccountDirectoryPath" has empty string "|out-file$logfile-Append}

}

}

#-----------------------------------------script ends

 

 hth