Question

I am looking at two user accounts: userdisp.aspx?ID=10 and userdisp.aspx?ID=11.

User Id = 10 has an account name i:0#.w|MyDomain\Bob.Smith.

User Id = 11 has an account name MyDomain\Bob.Smith.

I understand that User Id = 10 has a claims prefix in front of it, but what exactly does that mean? Are these two separate users all together and do they both exist in Active Directory?

Was it helpful?

Solution

There's only one account in AD but they end up being treated like two different user profiles within SharePoint.

You're on the right track when you mention the claims prefix. Most likely, this site at one point used Classic authentication and was later changed to Claims authentication (or vice versa but moving a site 'backwards' from Claims to Classic isn't a supported operation). The two different user logins are seen as being different by SharePoint because they arrived through different pathways and by the time they reach SharePoint the login name was different.

So SharePoint tracks them as two different users within the content database's UserInfo table. (Something similar could happen when using Forms Based Auth in SharePoint v3, back when Classic auth was the only option.)

You might be able to merge them using PowerShell Move-SPUser (the replacement for the old stsadm -o migrateuser). Because both accounts already exist: that operation should first delete the new name from the UserInfo table, migrate the old identity into the (now empty) new name, and then delete the old identity. Verify results in a test environment and snap off a content db backup before running so you can revert if you don't like what happens.

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top