question

vincentmanzari-9438 avatar image
0 Votes"
vincentmanzari-9438 asked YiLu-MSFT edited

SharePoint 2019 PeoplePicker not showing AD account only Form Auth

Hello all,

we have for a customer 2 Sp2019 farm (Test and Prod) where we are migration applications from a SP2013 farm. The applications use Form Auth (LDAP) for the users authentication. We take care of the infastructure part but we know some basic configurtation to do. We have configured the appliations web.cofig files to use the ldap authentication and all works well as the SP13.

We have an issue with the Peoplepicker. We can't see AD accounts but only Form Auth. We have checked with the following powershell command the status of the Claimprovider

$cpm = Get-SPClaimProviderManager
$ad = get-spclaimprovider -identity "AD"

and the result is that the AD ClaimProvider is visible. Below the result of all ClaimProvider

DisplayName : System
Description : Provides system claim data.
IsEnabled : True
IsUsedByDefault : True
IsVisible : True
AssemblyName : Microsoft.SharePoint, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
TypeName : Microsoft.SharePoint.Administration.Claims.SPSystemClaimProvider
ClaimProvider : Microsoft.SharePoint.Administration.Claims.SPSystemClaimProvider
ClaimProviderType : Microsoft.SharePoint.Administration.Claims.SPSystemClaimProvider
IsValid : True
UpgradedPersistedProperties : {}

DisplayName : Active Directory
Description : Active Directory claim data.
IsEnabled : True
IsUsedByDefault : False
IsVisible : True
AssemblyName : Microsoft.SharePoint, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
TypeName : Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider
ClaimProvider : Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider
ClaimProviderType : Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider
IsValid : True
UpgradedPersistedProperties : {}

DisplayName : All Users
Description : Provides identity provider claim data.
IsEnabled : True
IsUsedByDefault : True
IsVisible : True
AssemblyName : Microsoft.SharePoint, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
TypeName : Microsoft.SharePoint.Administration.Claims.SPAllUserClaimProvider
ClaimProvider : Microsoft.SharePoint.Administration.Claims.SPAllUserClaimProvider
ClaimProviderType : Microsoft.SharePoint.Administration.Claims.SPAllUserClaimProvider
IsValid : True
UpgradedPersistedProperties : {}

DisplayName : Forms Auth
Description : Forms Based Authentication claim data.
IsEnabled : True
IsUsedByDefault : False
IsVisible : True
AssemblyName : Microsoft.SharePoint, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
TypeName : Microsoft.SharePoint.Administration.Claims.SPFormsClaimProvider
ClaimProvider : Microsoft.SharePoint.Administration.Claims.SPFormsClaimProvider
ClaimProviderType : Microsoft.SharePoint.Administration.Claims.SPFormsClaimProvider
IsValid : True
UpgradedPersistedProperties : {}

DisplayName : User Profile Claim Provider
Description : User Profile Claim Provider
IsEnabled : True
IsUsedByDefault : True
IsVisible : True
AssemblyName Microsoft.Office.Server.UserProfiles, Version=16.0.0.0, Culture=neutral,PublicKeyToken=71e9bce111e9429c
TypeName : Microsoft.Office.Server.Security.UserProfileClaimProvider
ClaimProvider : Microsoft.Office.Server.Security.UserProfileClaimProvider
ClaimProviderType : Microsoft.Office.Server.Security.UserProfileClaimProvider
IsValid : True
UpgradedPersistedProperties : {}

From the User Profile all works well (even though we know it has nothing to do with this problem).

From the Central Admin, for example in the Change Site Col Admin, if we put directly the account with the domani DOMAIN\user and click Check Names is resolved, but if we try to search we see only the Form Auth

Can you help us to solve this? we need to use and configure the AD accounts in the webapp

office-sharepoint-server-administration
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am currently looking into this issue and will give you an update as soon as possible.

Thank you for your understanding and support.

0 Votes 0 ·

1 Answer

YiLu-MSFT avatar image
0 Votes"
YiLu-MSFT answered YiLu-MSFT edited

Hi @vincentmanzari-9438
In SharePoint 2013, if you have any web applications that are in windows authentication mode, you should convert them to claims authentication. Claims authentication is the default mode in SharePoint Server 2016 and SharePoint Server 2019. This may be the reason why you can't see AD accounts but only Form Auth.

For more infomation, you could refer to:
https://docs.microsoft.com/en-us/sharepoint/upgrade-and-update/upgrade-from-sharepoint2013-to-sharepointserver-2019
https://www.codecreators.ca/step-by-step-sharepoint-migration-from-2013-to-2019/

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @YiLu-MSFT,

on SharePoint 2013 we have all WebApplication with Claims Based Authentication as Autehntication Provider, so if I well understood, we don't need to convert the authentication mode (as indicate in the Flow Chart in this link https://www.codecreators.ca/step-by-step-sharepoint-migration-from-2013-to-2019/)

0 Votes 0 ·
YiLu-MSFT avatar image YiLu-MSFT vincentmanzari-9438 ·

Hi @vincentmanzari-9438
Now I have not found an official article to explain the cause of this issue. You could check the ULS log when you do some peoplepicker, maybe you could find the cause of this issue there.

0 Votes 0 ·