1

I have created an AD group with 320 users, and added the AD group to a SharePoint group so users can have access, however there are around 20 users that cant access SharePoint site and receive access denied. Any idea why only 20 users have login issue?

Regards

Hellofiona_MSFT
  • 3,968
  • 1
  • 7
  • 8
Harris
  • 593
  • 1
  • 8
  • 33
  • 2
    In Central Admin, check on the WebApp user policies, to see if that WebApp has any Deny policies. https://docs.microsoft.com/en-us/sharepoint/administration/manage-permission-policies-for-a-web-application – willman Feb 17 '20 at 01:56
  • 1
    In central administration, user profile application, check whether the users are synced in the SharePoint and you able to find their account. – Coder Feb 17 '20 at 03:36
  • Hi Coder, I have checked and I am able to find them under user profile service. – Harris Feb 17 '20 at 04:02

2 Answers2

0

Go to site settings->site permissions->check permissions,check if these 20 users have permissions in this site.

Check if the issue still exists when you directly add users to the SharePoint Group or site.

Hellofiona_MSFT
  • 3,968
  • 1
  • 7
  • 8
0

Did you add these 20 users after adding the AD group to SharePoint? If yes then perform an IISRESET to clear the Token Cache. This will force SharePoint to reload and resolve the AD group. See the answer below for more details on the Token Cache.

Why are user permissions set in AD not updated immediately to SharePoint?

Lars Fastrup
  • 3,150
  • 2
  • 22
  • 29
  • Hi Lars, after your suggestion, I have done the IISRESET and those users still have the same issue. – Harris Feb 19 '20 at 01:27