SharePoint User Profile Service: Sync Profile显示错误“The user does not exist or is not unique”的解决方案

最近check SharePoint的user profile service时候发现一个问题，相同用户在user profile都出现双份，但是域名却不一样，比如一个user的user profile中有两个分别为"domain\user"和"domainAD\user"。

在Event View中按下面方式Filter User profile sync相关FIMSynchronizationService log。

发现Error：

“System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.AggregateException: One or more errors occurred. —> Microsoft.Office.Server.UserProfiles.UserProfileException: Exception while trying to migrate account ‘domain\tina’ to ‘domainAD\tina’. —> Microsoft.SharePoint.SPException: The user does not exist or is not unique. —> System.Runtime.InteropServices.COMException: The user does not exist or is not unique.<nativehr>0x81020054</nativehr><nativestack></nativestack>

 at……

经过research发现，主要原因是默认的配置是User Profile Service Application不包括NetBIOS导致。

那么要如何check当前属性情况呢？可以通过执行下面PowerShell：

1. 首先需要通过“Get-SPServiceApplication”找到User Profile Service的ID

2. 使用ID执行下面命令查看当前NetBIOSDomainNamesEnabled的属性值

    $UserProfile = Get-SPServiceApplication –Identity "User Profile Service ID"

    $UserProfile.NetBiosDomainNamesEnabled

解决此问题需要enable NetBIOS，同时必须要在User Profile Service中重新创建Synchronization Connection使用。具体步骤如下：

1. 在当前User Profile Service Application中删除已存在的错误的Synchronization Connection

2. 使用Administrator打开SharePoint Management Shell

3. 执行Script enable NetBIOS

    $UserProfile = Get-SPServiceApplication –Identity "User Profile Service ID"

    $UserProfile.NetBiosDomainNamesEnabled = 1

    $UserProfile.Update()

4. 新建Synchronization Connection with Active Directory Domain Services

5. 执行 ”Start Profile Synchronization“ 重新同步user profile

6. 完成后，检查User profile，NetBIOS “domainAD\user”正确显示

感谢阅读。