Active Directory, Errors, PowerShell, SharePoint 2013

Access Denied for AD Group Users in SharePoint 2013

While trying control the site security using Active directory security groups I found this issue where users inside those groups were having an Access Denied Error. I realize that the next day they were able to get into the site but newly added users wont.

I assume this was some kind of synchronization problem, but it turns out is a default behavior, SharePoint will cache this group membership info for about 24 hours.

The time out can be configure to a lower value:

$sptokensvc= Get-SPSecurityTokenServiceConfig
$sptokensvc.FormsTokenLifetime = (New-TimeSpan -minutes 2)
$sptokensvc.WindowsTokenLifetime = (New-TimeSpan -minutes 2)
$sptokensvc.LogonTokenCacheExpirationWindow = (New-TimeSpan -minutes 1)

This script will tell the token service that the claims will be valid for 1 minute and after that it will get the latest membership information from the Active Directory.

IMPORTANT: DO NOT SET THE LIFETIME VALUES LOWER THAN THE CHACHE EXPIRATION. If you do that the users will experience a ‘The context has expired and can no longer be used’ Error.

Migration, PowerShell, SharePoint 2010, Workflows

SharePoint Designer Workflow fired twice in a migrated list

Recenlty i migrate a SharePoint 2007 list and imported that list into a SharePoint 2010 site using some stsadm extensions.

The list used to have an SPD Workflow, since SPD 2007 cant be migrared i recreate the workflow using SPD 2010. But I realize that every time the workflow was trigger it was fired twice.

After some test i review the list schema and found out that the list had reference to the Workflow event receivers  for both SharePoint 2007 and SharePoint 2010.

To get rid of those extra refence i created an small powershell script:

$spWeb = Get-SPWeb -Identity http://mySP2010site/mySP2010SubSite/
$spList = $spWeb.Lists[“MyList”]
$eventsCount = $spList.EventReceivers.Count
$assembly = “Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c”
for ($i = 0; $i -lt $eventsCount; $i+=1)
      write-host $spList.EventReceivers[$i].Assembly
   if ($spList.EventReceivers[$i].Assembly -eq $assembly)
      write-host  “About to delete the reference”

 That solves my issue.

Content Management, PowerShell, SharePoint 2010

How to delete a document library that doesn’t have a delete option

Sometimes you might run into a document library or a list that doesn’t have a delete option under the list settings, this is common for default lists like Documents.

Those library’s cannot be deleted because they have a  property called AllowDeletion set to false.

In order to delete those library’s you can use the following power shell script which set the AllowDeletion property to true.

$web = Get-SPWeb(“http://YourSite”)

$list = $web.Lists[“Documents”]

$list.AllowDeletion = $true