none
SharePoint 2013 and user rights cache RRS feed

  • Question

  • Good day.

    I installed SharePoint 2013. There is a Windows 2008R2 domain.

    If the user who already exists and logged in to the portal, move to the new Active Directory group, then the rights on the portal will be updated only after a while. In about half an hour.

    As I understand it is a caching problem.

    Please tell me how to clear this cache of user rights or forcefully re-read user rights (groups).

    Many Thanks.


    Monday, June 18, 2018 11:06 AM

Answers

  • The first PowerShell will indeed change the lifetime of the cache, but that won't invalidate or clear the cache.  It simply makes it age out more frequently.  That's what I was referring to in my answer about decreasing the time period.  It will help, but still won't make the change happen immediately.

    The second should work, but its a bit of a nuclear option since it will delete everyone's logon token which will force all users to log back in.

    As I said, there is no really good answer to this.  The best thing is to manage expectations.


    Paul Stork SharePoint Server MVP
    Owner/Principal Architect: Don't Pa..Panic Consulting
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as 'answered' if this solves your problem.

    Tuesday, June 19, 2018 1:01 PM

All replies

  • I've never seen an easy way to manually clear this cache other than rebooting the entire farm, which obviously is a bit extreme for one user.  There are ways to decrease the time period for the cache, so it will update faster, but if you are getting the new rights to apply in about 30 minutes then I suspect that's already been done in your farm.  My best advice is to manage expectations that this kind of change takes time and wait for the cache to clear normally.

    Paul Stork SharePoint Server MVP
    Owner/Principal Architect: Don't Pa..Panic Consulting
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as 'answered' if this solves your problem.

    Monday, June 18, 2018 12:29 PM
  • Hi Vistas,

    If you think the suggestion provided by Paul Stork is helpful, you could mark it as an answer.

    Best regards,

    Allen Bai


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, June 19, 2018 4:08 AM
  • Thank you for your answer.

    I found this powershell scenario which set cache lifetime:

    PS> $mysts = Get-SPSecurityTokenServiceConfig
    PS> $mysts.WindowsTokenLifetime = (New-TimeSpan -Minutes 15)
    PS> $mysts.LogonTokenCacheExpirationWindow
    PS> $mysts.Update()

    Also this is another powershell command. It clears that auth cache immediately.

    PS> Clear-SPDistributedCacheItem –ContainerType DistributedLogonTokenCache

    Can I use this powershell goodies to solve my problem?



    Tuesday, June 19, 2018 7:58 AM
  • The first PowerShell will indeed change the lifetime of the cache, but that won't invalidate or clear the cache.  It simply makes it age out more frequently.  That's what I was referring to in my answer about decreasing the time period.  It will help, but still won't make the change happen immediately.

    The second should work, but its a bit of a nuclear option since it will delete everyone's logon token which will force all users to log back in.

    As I said, there is no really good answer to this.  The best thing is to manage expectations.


    Paul Stork SharePoint Server MVP
    Owner/Principal Architect: Don't Pa..Panic Consulting
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as 'answered' if this solves your problem.

    Tuesday, June 19, 2018 1:01 PM
  • Hi Vistas,

    How are things going? Have you solved your issue?

    Best regards,

    Allen Bai


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, June 22, 2018 2:40 AM
  • Hi Vistas,

    If you think Paul's suggestion is helpful, you could mark it as an answer.

    Best regards,

    Allen Bai


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, June 28, 2018 3:00 AM