This is a good one, it appears to be both random and intermittent, and is extremely hard to track down. It’s known as the “SID mismatch” problem. Consider the following scenario: Intermittently, when a user browses to a resource (site, list, etc) that they are supposed to have access to, they receive “Access Denied“, or
There are a couple known issues with user profile pictures when your Mysite web application uses Trusted Provider (ADFS / SAML) authentication. Symptoms There are two different known symptoms with the same cause and solution: #1When running User Profile Synchronization, nothing is imported or exported. In the Forefront Identity Manager (FIM) client, we see
Update 11/24/19: This post is specific to Windows Authentication (NLTM or Kerberos) within SharePoint 2013. For SharePoint 2016, see this post: https://joshroark.com/sharepoint-2016-check-permissions-windows-auth/ For Forms-based authentication see this: https://joshroark.com/sharepoint-check-permissions-and-external-tokens-fba/ And for Trusted Provider (SAML) auth, see this: https://joshroark.com/sharepoint-check-permissions-and-external-tokens-adfs-saml-auth/ Why should you care? Having “Check Permissions” fail to give you an accurate representation of user permissions can be
Some potential symptoms: You try to add a user to a SharePoint group. The account is added without error, but it doesn’t show up in the group. You try to add a user to a “person or group” column in a list. The account is added successfully, but it doesn’t show up in the list.