When you are using Active Directory groups and add those groups into SharePoint groups, you will face the issue that modifying the members of the Active Directory group will take 24 hours (by default) to propagate. This means that when you add or remove somebody to this AD group, the real action takes you 1 day!
If you want to minimize this token time out value (time it takes to refresh the token), follow the below instructions.
Run these commands:
To check the actual value of the token timeout setting
· Stsadm –o getproperty –pn token-timeout
To set a new value for the token timeout
· stsadm -o setproperty -propertyname token-timeout -propertyvalue 1
//sets the AD group sync timeout to one minute
· Do a IISREST
The AD membership changes should be now correctly reflected in SharePoint and group permissions correctly assigned to member user.
TechNet Reference: http://msdn.microsoft.com/en-us/library/aa543158(office.14).aspx
No comments:
Post a Comment