The Environement: I have a notebook in active directory and a domain user. The connection to DC is only available after the login process (when the WLAN-connection is established). This give us some elegant simplifications to fix a notebook
to one user. We prepare the notebooks over LAN, log on the correct user and disconnect LAN. After this it is not possible for another user to login because there is no logon-server available.
The Problem: When I change a group membership of the user on the AD, this change is never committed to the (ad-)user on notebook.
gpupdate didn't work: The GPs are updated after the network change when user is logged in - all settings are taken directly or at next logon, but the group membership is still the same.
some tries with klist didn't work: Tickets are created, purged and recreated, the group membership is still the same.
I read the group membership with an PS-Script around the statement:
[System.Security.Principal.WindowsIdentity]::getCurrent().Groups