none
SharePoint 2013 - WindowsTokenLifetime/LogonTokenCacheExpirationWindow RRS feed

  • Question

  • Hi All,

    I'm coming across more frequently where removing/adding an ad user to a group doesnt reflect immediately on sharepoint 2013.

    I know by default its

    WindowsTokenLifetime - 10:00:00 (10 hours)

    LogonTokenCacheExpirationWindow - 00:10:00 (10 min)

    I've read several articles to make adjustments to this to a much faster time. Almost instant

    #Get Security Token Service Configuration
    $STSConfig = Get-SPSecurityTokenServiceConfig
     
    #Default value: 10 Hours
    $STSConfig.WindowsTokenLifetime = (New-TimeSpan -minutes 2)
     
    #Default value: 10 Minutes
    $STSConfig.LogonTokenCacheExpirationWindow = (New-TimeSpan -minutes 1)
    $STSConfig.Update()

    My question is, what effect will this have on users working on pages for a long period of time?

    Will this affect ad because of the amount of queries coming from sharepoint?

    Thursday, September 10, 2020 10:44 PM