Security group membership not updating
And if you want to purge them, just execute “klist –li 0x3e7 purge”.
This will work on any system, client or server, regardless the OS version.
However these new users don't appear in Share Point.
I have tried/checked the following: Some AD groups do update correctly after an hour or so but just not the team groups.
Is it possible to force an update to Group membership without having to log off? After you run the command task kill explorer again, then run explorer normally.
you will have then new security token in your new explorer instance too.
Flushing the Kerberos tickets of a computer can be useful if you want to force the computer having the latest group membership in its token.
I had a similar situation of a website that relied on a user's membership in AD to allow login to the website.
One thing to consider doing is having the web server do the authentication/query to the AD server with their supplied credentials; if the web server has access to AD and just queries the server for whether the user is in group XYZ, they'll get a list right from AD, not from the login token of the user which does require logon/logoff to get a new token with proper privileges.
I know your dev machine right now from the description doesn't have that access but it sounded like you mean when you deploy it you need this functionality. In normal situations I'm more than happy waiting until the user receives updated access control, even if it means they need to log off and log in to their machine again.
If you rely on the token, you'll have to log off and back in. It's only the test scenario where this can be a burden but it's really not that big of a deal.