SharePoint 2013: Troubleshooting Check Permissions – Windows auth

Update 11/24/19: This post is specific to Windows Authentication (NLTM or Kerberos) within SharePoint 2013. For SharePoint 2016, see this post: https://joshroark.com/sharepoint-2016-check-permissions-windows-auth/ For Forms-based authentication see this: https://joshroark.com/sharepoint-check-permissions-and-external-tokens-fba/ And for Trusted Provider (SAML) auth, see this: https://joshroark.com/sharepoint-check-permissions-and-external-tokens-adfs-saml-auth/ Why should you care? Having “Check Permissions” fail to give you an accurate representation of user permissions can be

SharePoint: User profiles are imported with wrong domain name – NetBiosDomainNamesEnabled

In certain domain configurations, User Profiles can be imported with the incorrect domain name.For example: account names are supposed to shown as CORP\User1, but profiles are imported as contoso\user1 Note: This applies to both SharePoint Profile Synchronization (aka: FIM Sync) and Active Directory Import (aka: AD Import).     What’s the impact? There are a few problems

SharePoint: Importing Manager property with AD Import: A Troubleshooter

Overview: This is a fairly visible problem within SharePoint.  It can cause the organization chart to show old manager info, or not work at all.So what to do if your user profiles show no manager value, or maybe a user has changed managers, and it’s not being updated? This is a complicated topic for a

SharePoint: Profile Synchronization – some users are missing their manager

Important: This little quirk only occurs with the “SharePoint Profile Synchronization” (aka: FIM Sync) option in SharePoint 2010 and 2013.  It does not occur with the “Active Directory Import” (aka: AD Import) option available in SharePoint 2013 and 2016.  If possible, I recommend switching to AD Import.  You can read through switch considerations in my

SharePoint: The problem with changing UserQueryMaxTimeout

Consider the following scenario: You have a fairly large and / or complex Active Directory (AD) infrastructure.When using People Picker in a SharePoint 2013 or 2016 site, you are unable to find users from certain domains, and eventually the People Picker control displays an error: “Sorry, we’re having trouble reaching the server”. You do some