SharePoint People Picker – The user does not exist or is not unique – Trailing Space
This one is likely to be somewhat rare, but when it happens, the logging doesn’t give you many clues outside of the original “user does not exist or is not unique” error, which is pretty generic. I have two other posts about the same error with different root causes:
Symptoms:
When using People Picker to add permissions, the user is found, but when clicking the “Share” button to add the user to a SharePoint group, it fails with error:
“The user does not exist or is not unique”.
And if you try to add the user directly to a site permission level, for example “Contribute”, no error is thrown on-screen, but the user is not added.
And you cannot add these users to a “People Picker” (Person or Group) list column. The same error occurs:
Also, if you try to add the user to a SharePoint group using PowerShell, it fails with error: “The specified user <userName> could not be found”.
For example:
#Add user to SP Group via PowerShell. Just specify the group name:
$web = get-spweb http://teams.contoso.com/sites/team
$user = New-SPUser -UserAlias “i:0#.w|contoso\trailingspace1” -Web $web
Set-SPUser -Identity $user -Web $web -Group “Team Members”
New-SPUser : The specified user i:0#.w|contoso\trailingspace1 could not be found.
Note: In SharePoint 2013 and 2016, you should see the “user does not exist or is not unique” error on-screen when you try to add the user to the group:
But in my testing of SharePoint 2019, the ‘adding to group’ behavior is the same as the ‘adding direct permissions’ behavior: no error is thrown in the UI, but when the page refreshes, the user has not been added.
Cause:
The problem user has a trailing space in their account name (User Logon name (pre-Windows 2000)), for example: “Contoso\TrailingSpace1 ”
Here’s a screenshot of what that looks like. The vertical bar is my cursor.
Note: I found that a leading space in an account name does not create the same problem.
Resolution:
Remove the trailing space from the account name. Using the Active Directory dialog shown above, you can simply delete the space and click Apply.
More Information:
Active Directory Users and Computers (ADUC) will not allow you to create account names with a trailing space. It looks like it will let you, but when you click OK to create the new account, it trims the trailing space off the end of the account name. However, PowerShell and other APIs will allow you to create account names with trailing spaces. For example:
New-ADUser -name “TrailingSpace 1 ” -SamAccountName “TrailingSpace1 ” -AccountPassword (Read-Host -AsSecureString “Enter PW”) -Enabled $true
ULS Logging:
The logs only provides a few clues about this problem. The main one is this error:
SharePoint Foundation Resolve ax7ni Verbose Found multiple matches from single provider for resolution. Web: ‘3f74f3e8-3ac4-40de-9786-3f5df35fb973’, WebApp: ‘null’, Input: ‘i:0#.w|contoso\trailingspace1’, PrincipalType: ‘User’, PrincipalSource: ‘MembershipProvider’. 34705a9f-3d67-205b-92da-995311252b53
It should log this event instead:
SharePoint Foundation Resolve ax7nj Verbose Found unique match for resolution. Web: ‘3f74f3e8-3ac4-40de-9786-3f5df35fb973’, WebApp: ‘null’, Input: ‘i:0#.w|contoso\normaluser1’, PrincipalType: ‘User’, PrincipalSource: ‘MembershipProvider’. a2715a9f-fd64-205b-92da-9f4ac278693d
What’s odd about that, is right before it throws that “multiple matches” error, you can see it call SearchFromGC, and GetAccountNameFromSid, and those only returns one result. I believe the “multiple matches” error occurs because the trailing space is treated as a second entry, so we resolve the account name, and the space. From there, the failing logging sequence goes on like this:
SharePoint Foundation Authentication Authorization arez4 Verbose ResolvePrincipal did NOT find a match. LoginName: ‘i:0#.w|contoso\trailingspace1 ‘, bIsRole: ‘False’ Scope: ‘site’, ScopeID: ‘5a6183ad-4196-4583-a67a-7a1ebba3052e’. 34705a9f-3d67-205b-92da-995311252b53
SharePoint Foundation Authentication Authorization a7wir Unexpected GetUserInfoFromMembershipProvider: Request is in a web context and we can’t find the user so we are failing. LoginName: ‘i:0#.w|contoso\trailingspace1 ‘, bIsRole: ‘False’. 34705a9f-3d67-205b-92da-995311252b53
SharePoint Foundation Claims Authentication ax8ng Medium ensureUserExistsInternal2: managedCodeInterop.getUserInfoFromMembershipProvider return values. bSuccess: ‘False’ wzLogin: ‘i:0#.w|contoso\trailingspace1 ‘ wstrUserKey: ” 34705a9f-3d67-205b-92da-995311252b53
SharePoint Foundation General 8kh7 High The user does not exist or is not unique.<nativehr>0x81020054</nativehr><nativestack>stswel.dll: (unresolved symbol, module offset=0000000000190345) at 0x00007FFE35D40345 stswel.dll: (unresolved symbol, module offset=000000000018F991) at 0x00007FFE35D3F991 stswel.dll: (unresolved symbol, module offset=000000000019BAFF) at 0x00007FFE35D4BAFF owssvr.dll: (unresolved symbol, module offset=000000000013BFB9) at 0x00007FFE2DB7BFB9 Microsoft.SharePoint.Library.ni.dll: (unresolved symbol, module offset=00000000000A6A2E) at 0x00007FFE2E0F6A2E </nativestack> 34705a9f-3d67-205b-92da-995311252b53
SharePoint Foundation General ai1wu Medium System.Runtime.InteropServices.COMException: The user does not exist or is not unique.<nativehr>0x81020054</nativehr><nativestack>stswel.dll: (unresolved symbol, module offset=0000000000190345) at 0x00007FFE35D40345 stswel.dll: (unresolved symbol, module offset=000000000018F991) at 0x00007FFE35D3F991 stswel.dll: (unresolved symbol, module offset=000000000019BAFF) at 0x00007FFE35D4BAFF owssvr.dll: (unresolved symbol, module offset=000000000013BFB9) at 0x00007FFE2DB7BFB9 Microsoft.SharePoint.Library.ni.dll: (unresolved symbol, module offset=00000000000A6A2E) at 0x00007FFE2E0F6A2E </nativestack>, StackTrace: at Microsoft.SharePoint.SPUserCollection.UpdateMembers(Object objUpdateInfo, Object objAddIds, Object objRemoveLogins, Object objRemoveIds, Boolean fSendEmail) at Microsoft.SharePoint.SPUserCollection.AddCollection(SPUserInfo[] addUsersInfo, IEnumerable`1 addUsers) at Microsoft.SharePoint.SPSharingPermissionsHelper.AddUsersToGroup(SPGroup group, List`1 userDetails, SPUserCollection resolvedUsers) at Microsoft.SharePoint.SPSharingHelper.<>c__DisplayClass1.<PrepareStrategyForGroupSharing>b__0() at Microsoft.SharePoint.SharingStrategy.Share() at Microsoft.SharePoint.SPMembersCanShareUtility.ExecuteCodeWithAdditionalPermissionsIfNeeded(Boolean MembersCanShareMode, Action doAction) at Microsoft.SharePoint.ApplicationPages.AclInv.HandleInternalUsersOrGroups(SharingStrategy strategy, List`1 userInfoList, List`1 userList, List`1 groupList, SPUserCollection resolvedUsers, Boolean sendWelcomeEmailChecked, Boolean includeAnonymousLink) at Microsoft.SharePoint.ApplicationPages.AclInv.BtnOK_Click(Object sender, EventArgs e) at <truncated>