Delay in SharePoint rights updates


  • I am experiencing a severe delay, sometimes days, before SharePoint will recognize changes made in local Active Directory. I manage rights in SharePoint with AD security group(s) nested in SP groups.

    An example: I add a member to a local AD security group. I wait up to 30 minutes for DirSync. I check O365 Admin Center to verify the group shows the additional member; it does. Then I continually check for the the security group change to update in the SP site using the Check Permissions button for the added member. This is where it can take days.


    Thanks, Clinton.


    Friday, February 10, 2017 4:24 PM

All replies

  • I haven't seen it take over a day before, but it is typical that a change to existing group membership can take up to a day before it is in effect due to the caching of security tokens around group membership.  In an on-premises environment there are ways to modify the cache time out setting to decrease the delay (at the cost of a performance drain).  But that setting isn't possible in SharePoint online.  This is pretty normal and the fix is to make sure that all group changes are done at least a day in advance.

    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    Friday, February 10, 2017 7:24 PM