Friday, January 25, 2013

No Search results in a two way trust SharePoint 2010 environment


Although there was a two way trust defined between all related forests (and domains), we were facing the issue that users from 1 domain did not get any search result (while users from all other domains did get)

We checked the trusts again, made sure DNS was working, checked the permissions within the Search application, created new “test” content sources, did full crawls, checked the application pool accounts but ended up nowhere until….

We changed the diagnostic level to verbose and checked the logs..

In the logs we saw the below error:


See also:

The solution for this was to:


So the reason it was not working for users from that one domain was because that domain was on a Windows 2003 level and the Search Service account we were using was not added to the groups mentioned above.



Wednesday, January 16, 2013

SharePoint – AD Update Issue

When you are using Active Directory groups and add those groups into SharePoint groups, you will face the issue that modifying the members of the Active Directory group will take 24 hours (by default) to propagate. This means that when you add or remove somebody to this AD group, the real action takes you 1 day!

If you want to minimize this token time out value (time it takes to refresh the token), follow the below instructions.

Run these commands:

To check the actual value of the token timeout setting

· Stsadm –o getproperty –pn token-timeout

To set a new value for the token timeout

· stsadm -o setproperty -propertyname token-timeout -propertyvalue 1
//sets the AD group sync timeout to one minute


The AD membership changes should be now correctly reflected in SharePoint and group permissions correctly assigned to member user.

TechNet Reference: