I got a call from a client recently where one particular user was unable to log in to SharePoint via their User Principle Name (UPN). This turned out to be a quick and easy fix, so I wanted to share hopefully to help anyone else.
First, for those non-AD SharePoint folks out there, UPN refers to an attribute on the user account object in Active Directory. Anytime a user is created, at a minimum they will have a user logon name and a UPN suffix (domain name). The UPN is composed of the user logon name and the UPN suffix joined by the @ sign.
Normally, a user would login with CONTOSO\tado and his password. A UPN allows the users to use a more casual and friendly name, especially if it matches their email address. This would allow a client named Tad to login with email@example.com. To add a UPN suffix, you can follow this MS KB article to be completed by your domain admin.
Now that you know about UPNs, here's a summary of our scenario (Tad will be the client user):
So this definitely seems to point to something with the user. Luckily I had access to Active Directory, so I started poking around. I searched AD for just the logon name, and got two results. Weird!
What happened was that there were two user accounts for Tad. He had been with a previous company that had been renamed at one point. They were like CONTOSO\tado and CONTOSO\tadorman, but both accounts had firstname.lastname@example.org for the UPN. Only the user account CONTOSO\tado had access in SharePoint. When Tad was logging in with email@example.com, it was grabbing the account CONTOSO\tadorman, which had no access in SharePoint.
The fix is very simple. Since the CONTOSO\tado is the account with access and what we want to use, we need to change the UPN of the CONTOSO\tadorman account. Go make friends with your domain administrator, and have them change the tado to tadorman in the circled box on his account. So his account should be firstname.lastname@example.org, with a UPN CONTOSO\tadorman. The working account should be CONTOSO\tado, with a UPN email@example.com. Clear?
In my scenario, once the duplication was removed, the user was able to login with his friendly UPN just fine. Even though this was a quick fix, there were strange symptoms. Hopefully my post will help others dealing with the same issue.
If you would like more information on C5 Insight or this blog content, fill out our Contact form.
The complementary paper includes over 12 years of research, recent survey results, and CRM turnaround success stories.
This 60-second assessment is designed to evaluate your organization's collaboration readiness.
Learn how you rank compared to organizations typically in years 1 to 5 of implementation - and which areas to focus on to improve.
This is a sandbox solution which can be activated per site collection to allow you to easily collect feedback from users into a custom Feedback list.
Whether you are upgrading to SharePoint Online, 2010, 2013 or the latest 2016, this checklist contains everything you need to know for a successful transition.