none
User access changes take a week to be seen by end user after editing AD group RRS feed

  • Question

  • Hi,

    Our SharePoint access is via AD groups.

    If a user has their permissions changed by editing an AD group it takes a week before the user experiences the new permissions configuration!

    A senior colleague just asked me to check the AD synchronisation time using powershell...

    Can anyone comment on which powershell command i need to use to do this please?


    • Edited by xyz2012 Monday, September 23, 2019 11:29 AM
    Friday, August 30, 2019 2:22 PM

All replies

  • Hi xyz2012,

    The claims based token is refreshed every 10 hours and hence if you make any changes to Active directory group memberships it won't reflect immediately in the token. you need to run the following powershell command to adjust the token life time to a smaller value.

    $sts = Get-SPSecurityTokenServiceConfig

    $sts.WindowsTokenLifetime = (New-TimeSpan –minutes 60)

    $sts.FormsTokenLifetime = (New-TimeSpan -minutes 60)

    $sts.Update()

    Iisreset

    More information:

    https://community.spiceworks.com/how_to/86169-sharepoint-2013-permissions-controlled-by-ad-security-group-will-not-update

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Monday, September 2, 2019 2:43 AM
  • Hi ,

    Has the problem been solved?

    If you think the replies are helpful to you, please remember to mark them as answers. It will help others who meet the similar question in this forum.

    Thank you for your understanding.

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, September 5, 2019 8:25 AM