Troubleshoot: User Accounts on Windows

When you bind a JumpCloud user to a Windows device, the JumpCloud agent either provisions a new local account or takes over an existing local account if the usernames match. If you encounter issues during this process, review the troubleshooting sections below.

Account Takeover Failures

When a JumpCloud username matches the short username on a Windows device, the JumpCloud agent attempts to take over and manage the existing account. If the takeover fails or is incomplete, verify the following requirements:

• Microsoft Accounts (Formerly Windows Live): JumpCloud can only partially take over an account that is linked to a Microsoft account and will appear to be unmanaged on the device. Disabling and re-enabling a Microsoft account is supported, but modifying or synchronizing the password is not. To allow JumpCloud to fully control the account, you must convert the Microsoft account to a standard local account before takeover.
  See Use Microsoft Accounts with JumpCloud.
• Windows PIN or Picture Passwords: JumpCloud can only partially take over an account that has been configured for PIN or Picture Passwords. To allow JumpCloud to fully control the account, you must remove PIN/Picture Passwords from the local user before takeover.
  See Use Windows Pin and Picture Passwords with JumpCloud.
• Username versus Full Name: As with both macOS and Linux, Windows stores two user names for each local user account: the short name (username) and the Full Name (the cosmetic name shown on the login screen and used for the home directory). JumpCloud links the account via the username only, since it's guaranteed to be unique on the system. You might need to list the usernames of the users on your Windows device to obtain the correct usernames.
  See Naming Conventions for Users.
• Username case-sensitivity: In order for the JumpCloud agent to take over a Windows account, not only must the username in JumpCloud match the username on the Windows host, but it's also case-sensitive. If the username 'Jonathan' exists on the Windows device, the JumpCloud username must also be 'Jonathan.' If the casing does not match exactly, JumpCloud cannot find and control the user account.
• Username contains a space: In some instances, Windows creates a local account username with a space which JumpCloud doesn't support for take over ("john smith" for example). You'll need to change the username on the device to align with JumpCloud's naming convention requirements.
  See Naming Conventions for Users and Change Windows Username.

Account Provisioning Failures

When you bind a JumpCloud user to a Windows device to create a new account, the JumpCloud agent provisions the local user account. If the local account creation process does not complete successfully, the user cannot access the machine.

Symptoms

• After you bind a user to a Windows device in the Admin Portal, the local user account does not appear on the Windows login screen.
• The bound user is not listed among the existing accounts in the Local Users and Groups Manager (lusrmgr.msc).
• The issue persists even after restarting the device or unbinding and rebinding the user.

Resolution

The most common cause of this issue is that the JumpCloud user account does not have an initial password configured. The JumpCloud agent requires a configured password to provision the local account.

To set an initial password for a user:

1. Log in to the JumpCloud Admin Portal.

2. Go to User Management > Users.
3. Select the affected user account.
4. Set an initial password for the user.
5. Wait a few minutes for the JumpCloud agent to sync with the Admin Portal and provision the account. See Bind Users to Devices.
6. Verify that the user now appears in the local user accounts:
   1. Open the Run dialog (Windows Key + R).
   2. Enter lusrmgr.msc and click OK.
   3. Open the Users folder and verify the account is listed.