Enable to assign access via AD group RRS feed

  • Question

  • Hi,

    I try to give access to a user to a folder in a document library using an AD group which he is member of.
    When he try to log on the site and check the his access he can't see that folder. He can see other folders which I gave him direkt access to the folders.

    When I check his permission on that folder the result says "None" even though I can see the AD group which he is member of has access to the folder.

    If I try to give him direkt access without using any group then he get access with no problem.
    Any idea or tip should be very appreciated.

    Thansk in advance

    Wednesday, February 21, 2018 2:21 PM

All replies

  • Did you add this user to the AD group recently? It might be possible that AD and Sharepoint are not synchronized yet and therefore "Check Permissions" display none for this user (in my environment it takes 1 day to complete it).
    • Proposed as answer by croute1 Wednesday, February 21, 2018 3:41 PM
    • Unproposed as answer by Ashraf El-Maadidi Tuesday, February 27, 2018 1:58 PM
    Wednesday, February 21, 2018 3:21 PM
  • Hi,

    Has the user logged in and then out of his account since the AD group changes?

    If he/she has, then you may need to change the timeout configuration of your SharePoint farm.

    The following PowerShell command is to modify logon token lifetime:

    $sts = Get-SPSecurityTokenServiceConfig
    $sts.FormsTokenLifetime = (New-TimeSpan -minutes 2)
    $sts.WindowsTokenLifetime = (New-TimeSpan -minutes 2)
    $sts.LogonTokenCacheExpirationWindow = (New-TimeSpan
    -minutes 1)

    After that, you need run the IISreset. Check if it works fine.

    Best Regards,

    Carl Zhou

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by Dean_Wang Tuesday, February 27, 2018 9:25 AM
    • Unproposed as answer by Dean_Wang Tuesday, February 27, 2018 9:26 AM
    Thursday, February 22, 2018 8:24 AM
  • Hi
    Thank you for your input. I put the users 3 days ago in the AD group and I ran full synchronisation manually many times without any.

    The problem is when I give the users direct access to folder then it's fine and when I check the permission I can see they have access. And when I use the AD group I get "None" when I check there permission.



    Thursday, February 22, 2018 9:10 AM