Since SharePoint 2013 only supports claim based authentication I discovered that updates in SharePoint Active Directory groups do not take effect immediately.
Thanks to Ryan McIntyre there’s a simple fix for that issue.
By adjusting the lifetime of the claims token you can shorten the time it takes to update the Active Directory group changes.
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"} # update SharePoint cache token lifetime $SPContentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService $SPContentService.TokenTimeout = (New-TimeSpan -minutes 5) $SPContentService.Update() # udpate SharePoint claims token lifetime $SPSecurityTokenServiceConfig = Get-SPSecurityTokenServiceConfig $SPSecurityTokenServiceConfig.WindowsTokenLifetime = (New-TimeSpan –minutes 5) $SPSecurityTokenServiceConfig.FormsTokenLifetime = (New-TimeSpan -minutes 5) # if you happen to set a lifetime that is shorter than the expiration window user will be blocked from accessing the site. $SPSecurityTokenServiceConfig.LogonTokenCacheExpirationWindow = (New-TimeSpan -minutes 4) $SPSecurityTokenServiceConfig.Update()
Get the latest version of this code snippet here: https://gist.github.com/9950021