I am working on farm where it was initially configured for Claims Based Auth - Integrated Windows Auth (NTLM). It appeared the farm was later setup for Trusted Identity Provider using ADFS. However, ADFS was not configured properly and users could not get access. I later found out that, Trusted Identity Provider was unchecked but noticed that I could no longer add or remove AD users to any existing or new site. Basically, I couldn't modify permissions as the people picker would not identify the AD users. For example, I went to change site collection administrators and I get the following error:
No exact match was found. Click the item(s) that did not resolve for more options.
I figured I should remove the trusted Identify Provider all together so I did so by running the following commands:
Remove-SPClaimProvider <NAME>
Remove-SPTrustedIdentityTokenIssuer <NAME>
The sites are accessible but I cannot add or remove users to any site - people picker wouldn't detect any AD users. Any ideas would be greatly appreciated.
Thanks,
Rumi