SharePoint: Troubleshooting “User cannot be found” and other mysterious user behavior
Update 11/16/20: Added PowerShell script near the end of the post that can be used to check all of your site collections for a specific User Information List problem.
Some potential symptoms:
- You try to add a user to a SharePoint group. The account is added without error, but it doesn’t show up in the group.
- You try to add a user to a “person or group” column in a list. The account is added successfully, but it doesn’t show up in the list.
- You browse to the User Information List for the site collection (_layouts/15/people.aspx?MembershipGroupId=0), but the user does not show up there.
- You try to create a SharePoint group. You get a “User cannot be found” error.
- You try to add a user as a site collection administrator. You get a generic “Unexpected Error” in the UI. ULS logs show this:
System.ArgumentException: User cannot be found.
at Microsoft.SharePoint.SPList.GetItemById(String strId, Int32 id, String strRootFolder, Boolean cacheRowsetAndId, String strViewFields, Boolean bDatesInUtc)
at Microsoft.SharePoint.SPContext.get_Item() - A user tries to sign up for an alert. You get a generic “Unexpected Error” in the UI. ULS logs show “User cannot be found“.
- You try to browse to the user display page in a site collection. For example: _layouts/15/userdisp.aspx?Force=True&ID=4030 (where “4030” is the user id). You get a generic “Unexpected Error” in the UI. ULS logs show “User cannot be found“.
Note: The above behaviors can occur for all users within the site, or just for specific users.
Why does this happen?
All these behaviors can occur if there’s something wrong with the users record within the User Information List (UIL) for the site collection, or with the UIL itself.
Try these same things in other site collections, they may work just fine.
So what to do?
First, check the item-level permissions for the UIL.
As site collection admin, go to Site Settings | People and Groups.
Then click Settings in the tool bar and List Settings. Then click Advanced Settings. The Item-level Permissions should be on that page. Verify that they are set to “Read all items” and “Create and edit all items“.
Any other setting for the User Information List will cause a number of problems with site permissions and operations involving the UIL, including WSSSync and ‘Person or Group’ columns.
Then try deleting the problem user from the site collection:
$web = "https://teams.contoso.com/sites/theProblemSite"
$user = Get-SPUser -web $web | where {$_.UserLogin -like "*domain\UserName*"}
Remove-SPUser $user -web $web
Then try to add the user as a Site Collection Administrator (Site Settings | Site collection Administrators).
Note: This is a temporary troubleshooting step, not a final solution. Adding to site collection administrators takes a different code path and can bypass some of the problems you can run into when adding users to other SharePoint groups.
If the user is successfully added to Site Collection Administrators, then their user record should be fixed up. You can then remove the user from site collection admins and add them to the intended SharePoint groups / site permissions.
Ok, that didn’t work. Now what?
Another thing you could do is export, and then import the entire site collection. This basically pulls out all data from the site into some files and then puts it back. It’s not a full fidelity backup and restore.
See this: https://technet.microsoft.com/en-us/library/ee428301.aspx
If you’re unable or unwilling to do the export / import, unfortunately, you’re probably in a state where the only fix is via direct database update, which is not supported without the proper diagnosis and approvals from the SharePoint Product Group. If you open a support case with Microsoft, we can help get you fixed up in a supported manner.
How can I verify the User Information List is broken?
Run this PowerShell. It will output the ID for the User Information List.
$site = get-spsite "https://teams.contoso.com/sites/theProblemSite"
$web = get-spweb $site.rootweb.url
$list = $web.lists['User Information List']
$list.id
Now take that ID and use it in this SQL query against the content database that stores that site collection:
SELECT * FROM AllUserData (nolock) WHERE tp_ListId = 'the User Info List ID' and tp_UIVersionString > 1.0 order by tp_id
If that query returns rows for your problem users (or really any rows at all), it means that versioning or moderation was enabled on your User Information List and now you have multiple versions of your user objects (not good). Unlike other types of list items, SharePoint does not expect more than one version of a user object. This is a complex problem involving multiple SQL tables. You can try the export / import, but you’ll probably need Microsoft support to fix up your SQL tables. Trust me, this is not a situation for a DIY fix. Again, it’s unsupported to do so.
However, one thing you can do is run the following PowerShell script to find all the site collections where versioning or moderation are still enabled on the User Information List and disable them. This will prevent the issue from occurring further, and will give you a list of sites that Microsoft support can help you fix. Just keep in mind that having versioning or moderation enabled at any point in time will break the list, so your problem site that you’ve identified and run the above SQL query for may or may not show up in the results. In other words, the output of this script is not necessarily a definitive list of broken sites, but it could highlight additional broken sites you were unaware of.
#PowerShell Script to disable Content Approval and Versioning on all User Information lists for a Web App:
Add-PSSnapin microsoft.sharepoint.powershell -ea silentlycontinue
$webApp = Get-SPWebApplication "https://teams.contoso.com/sites/theProblemSite"
$logfile = "c:\temp\UserInfoLog.txt"
$sites = $webapp | Get-SPSite -limit all
foreach($site in $sites)
{$web = get-spweb $site.rootweb.url
$list = $web.lists['User Information List']
$mod = $list.EnableModeration
$ver = $list.EnableVersioning
Write-host "Checking site: " $site.url
If($mod -eq $true)
{Write-host -ForegroundColor Red "Error condition detected - moderation"
$list.EnableModeration = $False
$list.Update()
Write-host "Disabled Content Approval for UserInfo list in site " $site.url -ForegroundColor Green
"Error condition detected - Moderation for site: " + $site.url + "; Site ID: " + $site.ID | out-file $logfile -Append }
If($ver -eq $true)
{Write-host -ForegroundColor Red "Error condition detected - versioning"
$list.EnableVersioning = $False
$list.Update()
Write-host "Disabled Versioning for UserInfo list in site " $site.url -ForegroundColor Green
"Error condition detected - Versioning for site: " + $site.url + "; Site ID: " + $site.ID | out-file $logfile -Append }
}