Users added to AD group not granted access in SharePoint

Question

Hi All,

I am working on SharePoint migration project (MOSS 2007 to SharePoint 2013). In MOSS 2007 we had AD groups, that is mapped to sharepoint groups.For site access we will add the users to AD groups and it will automatically sync with SharePoint groups within seconds.

Now we have migrated the DB's from MOSS 2007 to SharePoint 2013 and following the same for site access but it is taking too much time to sync with SharePoint groups and i got a clue that this due to Security token service(STS), can anyone guide me how to do changes in STS to get the users instantly in SharePoint 2013.

Thanks & Regards,
Sankar

Answer 1

Hi Sankar,

Looks like you are expecting some thing of this sort  http://blog.trivadis.com/b/collaboration/archive/2014/06/04/ad-group-membership-not-updated-immediately-to-sharepoint.aspx

---

Thanks,
Chanakya
Microsoft Certified Professional
My Blog

Answer 2

Hi Chanakya,

I have used the below script. However it is taking 15-20 mins to get the data from AD group to SharePoint group. How to achieve the AD group sync instantly ?

$sts = Get-SPSecurityTokenServiceConfig 
$sts.WindowsTokenLifetime = (New-Timespan –Minutes 5) 
$sts.LogonTokenCacheExpirationWindow = (New-Timespan –Minutes 2) 
$sts.Update() 

Thanks & Regards,
Sankar

Answer 3

Hi Sankar,

You can try steps mentioned in below article,

https://swapnilkh.wordpress.com/access-denied-for-users-given-permission-through-ad-security-group-sharepoint-2013/

Note: Test it on Dev environment first.

Mark as answered if above is helpful.

Answer 4

You can try setting the $sts.ApplicationTokenCacheExpirationWindow parameter too. But as Sharepoint-Sunny told I hope you are doing this in your test environment.

---

Thanks,
Chanakya
Microsoft Certified Professional
My Blog