I am currently using SharePoint 2013. I have just added a user to an Active Directory Group with contribute permissions to a Calendar. Unfortunately, the AD group can contribute but the user can't. If I check the permissions, everything seems fine with the user having the right permissions. Still it can't add items to the list.
If I grant the permissions directly, instead of through the Active Directory Group , the user can operate correctly.
What's wrong with it?
This is because of Domain Access Tokens and Security Token Caching.
An access token is not updated until the next logon, which means that if you add a user to a group, the user must log off and log on before the access token is updated.
http://www.sharepointanalysthq.com/2014/05/active-directory-groups-and-sharepoint-security/
This is due to the fact that Sharepoint imports the group membership information from Active Directory on a regular basis. the Frequency depends on configuration of your User Profile Synchronization service in central Admin. Profile synchronization is described nicely here: http://technet.microsoft.com/en-us/library/gg188041.aspx#groups
Why are user permissions set in AD not updated immediately to SharePoint?
