If you have a user who can't log in, there are a couple of possible reasons for this.
Username Conflict with Previous User
There may be a username conflict with a previous user in the intranet. To check on this:
- Go to Admin > Security > Find Logins
- Enter the username
- Check show Disabled Logins
- Click Search
If a user is found, you can correct it as follows:
- Disable AD Synchronization in Admin > Security > AD Synchronization
- Find the user with the same username as above
- Change the username and email address (you may need to enable the user temporarily to complete this)
- After that’s been saved, ensure the user is disabled and re-enable AD Synchronization
- Click Sync Now
You should now be able to find the correct user.
User Name Change
There are a couple of name change scenarios which could create issues.
Name Not Synched
If the user has had a name change recently, this may not be reflected in the intranet. To check on this:
- Go to Admin > Security > Find Logins
- Enter the username as it should be seen
- Click Search
If the user is not found, search for the original username. If the user is found, go to Admin > Security > AD Synchronization and click Sync Now. That should pick up the username change.
Name Cached
If the user has had a name change recently, and the change is reflected in the intranet but the user is unable to log in and you notice the login is pulling the old credentials, it’s possible Windows has cached the credentials on the machine.
To resolve this:
- Go to the Control Panel
- Select User Accounts
- Click Manage Your Credentials
- Clear the Windows Credentials that have been cached.
If that still doesn’t allow the new credentials to populate the login screen for the intranet, review the Microsoft article on LsaLookupSids function.