Don’t put an @ in the sAMAccountName

See title. Don’t put an @ in the sAMAccountName of the user. In fact, Active Directory Users and Computers will prevent you from doing so, converting the character to an underscore. But with PowerShell, we can add any symbol we want to. Here’s an example:

What ends up happening in this scenario is while SharePoint can resolve the username in the People Picker itself (the user’s username becomes underlined), when the underlying C# code that translates usernames (which goes down to unmanaged code) does not handle an ‘@’ symbol (and others) in the sAMAccountName. After resolving the username in the People Picker, when you hit the Share button, you’ll get a ‘The user does not exist or is not unique.’ error. Within the ULS log, under the ‘User Key’ category, you’ll see the following:

Moral of the story is to modify the sAMAccountName to exclude the ‘@’ symbol and other special characters disallowed by ADUC.

Leave a Reply