Users in AD group have no access to site

Greetz!

I have a web app that users aren't able to access unless added directly to a SharePoint Group.

My users belong to multiple groups. I have a SharePoint group that has the same name as the AD group.

My QA farm is setup identically to my production farm. Access is not an issue on the QA farm.

Any ideas on how to troubleshoot this or what may be causing this to happen?

T

March 27th, 2015 7:14pm

Are the users member of Security Group(If you have Distributed list in AD, change it's type as security group)? If so, ensure that security group have access in SharePoint Site.
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2015 6:37am

It appears that the default token lifetimes may have been contributing to this. I had not configured changes to these (LogonTokenCacheExpirationWindow and WindowsTokenLifetime) which by default are rather long. But I also don't want my users having to login multiple times in a session. Is there a token lifetime that won't compromise a users work day? I don't recall having this issue with 2007 or 2010.
March 28th, 2015 10:44am

Hi ,

According to your description, my understanding is that users in AD group had no access to a site.

For solving this issue, please run the following commands:

$sptokensvc= Get-SPSecurityTokenServiceConfig

$sptokensvc.FormsTokenLifetime = (New-TimeSpan -minutes 2)

$sptokensvc.WindowsTokenLifetime = (New-TimeSpan -minutes 2)

$sptokensvc.LogonTokenCacheExpirationWindow = (New-TimeSpan -minutes 1)

$sptokensvc.Update()

iisreset

More information:

https://sharelockpoint.wordpress.com/tag/logontokencacheexpirationwindow/

Best Regards,

Wendy
Free Windows Admin Tool Kit Click here and download it now
March 30th, 2015 11:16pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics