Account deleted in AD causes Sharepoint 2010 crash – “The specified user or domain group was not found”

In one of my projects I have recently ran into interesting issue.

We have number of services configured and running without issues. All at once, one day, we cannot access Central Admin > Manage Service Applications page and our Performance Point service stopped working.

We get “The specified user or domain group was not found”.

In logs, I found:

SPAce PrincipalName XXXuser cannot be resolved. This ACE will not be effective. System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()

And yes, this AD user was recently removed from Active Directory,

To resolve the issue I found this post very usefull: http://architectevangelist.wordpress.com/2010/12/07/sharepoint-2010-the-specified-user-or-domain-group-was-not-found/

The only problem was that in my case running Get-SPServiceApplication was erroring, I could not figure which service is causing the problem.

Then I used this query

SELECT  [Name], [Version],CAST([Properties] asxml)as ‘xml2′ From  [sharepoint_configuration][dbo].[Objects] with (nolockwhere Properties like  ‘%user%’ 

This way, I found that this user is administrator of secure store service. But there is no way to remove him from being administrator if I cannot access service properties (because of this error)

So the only way is to bring back deleted account, then delete it from any service Administrators lists.

Leave a Reply