which country user step here?

Tag Cloud

MOSS (47) SharePoint 2007 (37) SharePoint 2013 (31) SharePoint 2010 (23) MOSS admin (17) PowerShell (17) admin (17) developer (16) List (15) WSS (14) sql query (14) MOSS SP2 (13) end user (11) scripting (11) wss V3 (11) permission (10) sql (9) Moss issue (8) search (8) database (7) RBS (6) Service Pack (6) reportadmin (6) workflow (6) CU (5) Excel (5) Patch (5) client object model (5) Client Code (4) Command (4) Cumulative Updates (4) IIS (4) SharePoint 2019 (4) SharePoint designer (4) office 365 (4) stsadm (4) user porfile (4) ASP.NET (3) Content Database (3) Groove (3) Host Named Site Collections (HNSC) (3) SharePoint 2016 (3) Tutorial (3) alert (3) authentication (3) batch file (3) codeplex (3) domain (3) error (3) incomming email (3) issue (3) restore (3) upload (3) Caching (2) DocAve 6 (2) Folder (2) Index (2) Internet (2) My Site Cleanup Job (2) My Sites (2) News (2) People Picker (2) Share Document (2) SharePoint admin (2) View (2) Web Development with ASP.NET (2) add user (2) audit (2) coding (2) column (2) deploy solution (2) download (2) enumsites (2) exam (2) export (2) june CU (2) load balance (2) mySites (2) network (2) orphan site (2) performance (2) profile (2) project server (2) query (2) security (2) server admin (2) theme (2) timer job (2) training (2) web master (2) web.config (2) wsp (2) 70-346 (1) 70-630 (1) AAM (1) Anonymous (1) Approval (1) AvePoint (1) Cerificate (1) Consultants (1) Content Deployment (1) Content Type (1) DOS (1) Document Library (1) Drive Sapce (1) Excel Services (1) Export to Excel (1) Feature (1) GAC (1) Get-SPContentDatabase (1) Get-WmiObject (1) HTML calculated column (1) ISA2006 (1) IT Knowledge (1) ITIL (1) Install (1) Link (1) MCTS (1) Macro (1) Masking (1) Migration (1) NLBS (1) Nintex (1) Office (1) Open with Explorer (1) ROIScan.vbs (1) Reporting Services (1) SPDisposeCheck.exe (1) SQL Instance name (1) SSRS (1) Sandbox (1) SharePoint Online (1) SharePoint farm (1) Shared Services Administration (1) Site Collection Owner (1) Site template (1) Skype for business (1) Steelhead (1) Teams (1) URLSCAN (1) VLOOKUP (1) WSS SP2 (1) XCOPY (1) abnormal incident (1) admi (1) app (1) application pool (1) aspx (1) availabilty (1) backup (1) binding (1) blob (1) branding sharepoint (1) cache (1) calendar (1) change password (1) connection (1) copy file (1) counter (1) crawl (1) custom list (1) domain security group (1) event (1) excel 2013 (1) facebook (1) filter (1) fun (1) group (1) iis log (1) import (1) import list (1) improment (1) interview (1) keberos (1) licensing (1) log in (1) metada (1) migrate (1) mossrap (1) notepad++ (1) onedrive for business (1) operation (1) owa (1) process (1) publishing feature (1) resource (1) send email (1) size (1) sps2003 (1) sql201 (1) sql2012 (1) sub sites (1) system (1) table (1) task list (1) today date (1) trial (1) vbs (1) video (1) web part (1) web server (1) widget (1) windows 2008 (1) windows 2012 R2 (1) windows Azura (1) windows account (1) windows2012 (1) wmi (1)

Sunday, August 5, 2018

How to: SharePoint 2013 permissions controlled by AD Security Group will not update

Incident :
User added to Domain security group in few hours time still cannot log in the SharePoint site which is have permission

Root cause :
User before add in to domain security group already have the SharePoint authentication token ,this will cause SharePoint will not update for at least 10 hours.


Resolution \ work around:

  • change the WindowsTokenLifetime from default 10 hours to N hours
  • second method which is wait for 10 hours and at the same time grant individual permission first.

more information from : 


https://community.spiceworks.com/how_to/86169-sharepoint-2013-permissions-controlled-by-ad-security-group-will-not-update

You have a site, list, or library with permissions assigned to an Active Directory security group instead of a SharePoint group or individual. When you add a user to or remove a user from the security group within Active Directory, their permissions on the SharePoint site are not updated right away.

3 Steps total





Get-SPSecurityTokenServiceConfig


$mysts=Get-SPSecurityTokenServiceConfig

$mysts.WindowsTokenLifetime=(New-TimeSpan -Minutes 60)

$mysts.Update()


WARNING: We've experienced some issues with this new setting. If you set the WindowsTokenLifetime to 60 minutes, please be aware that users who are editing a page must save and close that page within the 60 minute timeframe. We've had users making changes to wiki pages who spent hours working on a draft, then clicking on save and seeing all of their work lost. It turns out that when a user submits their changes by clicking the "Save" button, the request is sent back to SharePoint which sees that the user's credentials have expired. SharePoint then throws out any changes and directs the request back to the authentication page to re-authenticate. If the user is being logged in automatically (i.e. a corporate intranet), SharePoint redirects them back to the page they were editing, but without any of the changes.

This has been a HUGE problem for us. In the end, we changed the WindowsTokenLifetime back to 10 hours. Better for us to wait until the next day before the occasional Active Directory change takes effect than to risk losing hours worth of work.

No comments: