You are trying to create a new managed account and what you get is either:
- New-SPManagedAccount : Some or all identity references could not be translated error when you try to do it with New-SPManagedAccount PowerShell cmdlet
- The specified user <AccountName> could not be found. Some or all identity references could not be translated when you try to do it in Central Administration GUI
What to check to pinpoint the issue
- If the account name you are adding as managed is longer than 20 symbols
The reason why it doesn’t work
In this post I describe the case when an account has a name longer than 20 symbols (however, there might be other reasons for that error, such as deleted AD account). This easily can happen if you use descriptive account names, ruled by naming conventions or common sense.
Keep reading if you want to know what’s going on here or skip description right to the solutions part.
So what do I have to help me explain the problem:
- My environment consists of SharePoint Server 2013, deployed on Windows Server 2012 joined to an Active Directory domain called mypony.local (don’t ask!). Domain and forest are both on 2012 functional level. Actually, I have reproduced the issue in AD environments with two other functional levels: 2003 and 2008 R2.
- I’ve created a new user account which I would like to add as a managed account into my SharePoint to run some service application. I gave this account very nice name sp-too-long-accountname (sometime I’ll post about naming conventions I use)Please note the user logon name (pre-Windows 2000, they say) was trimmed to 20 symbols. For this account it is sp-too-long-accountn
Hitting the issue
Now the preparation is done and I will try to add this account to Managed Account list in Central Administration UI (Home->Security->Configure managed accounts->Press “Register Managed Account” link). Here I need to enter service account credentials, which are User name and Password, according to UI. So I enter sp-too-long-accountname and its password, press OK and get this (the User name field is not long enough to display my gorgeous account name): Error text says: The specified user sp-too-long-accountname could not be found. Some or all identity references could not be translated
The same error SharePoint throws at you for account name with domain name in front of it. I even tried the UPN form firstname.lastname@example.org with the same negative result.
If UI doesn’t allow you to do something, maybe PowerShell will do the job? The cmdlet to use in my demo case is New-SPManagedAccount -Credential (Get-Credential “mypony\sp-too-long-accountname”) So what can I achieve with it? Actually, all I get is the same error with slightly different wordingNew-SPManagedAccount : Some or all identity references could not be translated.
The way to overcome the error is to use SAM account name when you are adding managed account. Yes, that so-called pre-Windows 2000 logon name attribute of the user account. Do you think of “pre-Windows 2000” logon name when you are being asked for a user name these days? I don’t! But MS SharePoint team thinks differently and as you can see on the following screenshot the SAM account name works like a charmThe same approach works in UI – account is successfully added with SAM account name
And the last sweet thing I’ve found which surprised me a lot. Remember how I tried to put a UPN name into User name field with no success? The PowerShell allows it! Here, see by yourself, no errors with New-SPManagedAccount -Credential (Get-Credential “email@example.com”) command
I hope this will help to someone! Thanks for the reading and feel free to share the knowledge!