locked
AD Group permissions RRS feed

  • Question

  • I have a weird problem.  First, some background info:

    We are using MOSS 2007 with Active Directory.  I have a site that everyone in our organization can view.  In this site, I have a list with unique permissions.  A SharePoint group has approver access to this list.  In this SharePoint group I have an AD group.  When I created the list and the AD group at the beginning of the year everything worked as expected.

    Yesterday, I added a new member to that AD group and tested his approver permission but they didn’t work. Meaning, the user was not an approver.  I doubled check that everything was correct and nada.  Finally, I decided to give him direct approval rights to the list and that work without a problem.

    Today, I wanted to spend some time troubleshooting the problem so I removed the direct permissions I set yesterday and now everything works fine.  Note that I did not remove the permissions for the SharePoint group before I added him directly.

    How do I begin to troubleshoot this problem?  Is the AD group information being cached somewhere?  If, so how do I configure the refresh rate?

    Any help would be greatly appreciated.

    Wednesday, October 5, 2011 9:49 PM

Answers

  • At what time intervals do your Profile Synchronization and Quick Profile Synchronization jobs run?These jobs should ideally sync the changes.Take a look at the Timer Job definitions (Central Administration -> Operations -> Timer Job definitions). You can also run stsadm to change the schedule for the Profile Sync job to run every couple of minutes (stsadm -o sync -synctiming m:5). Take a look at this article for reference:

    http://www.21apps.com/sharepoint/user-profiles-why-do-my-changes-not-show-in-other-sites


    Thanks, GeeVed
    Thursday, October 6, 2011 2:45 PM