Como atualizar a associação ao grupo do Active Directory no Windows.
There are two paths to refresh user group membership in Active Directory and apply new settings or changes without waiting for automatic applies:
- Log off and log in again. This action checks all groups that the user is a member of. (Simplest way)
- Reset Kerberos Tickets cache (Hard way)
Reset Kerberos Tickets cache
OBSERVAÇÃO: This method will work only for network services supporting Kerberos authentication (as for example access to network printers). The services working only with NTLM authentication still require logoff and logon of a user or Windows restart.
You can get the list of groups the current user is a member of in the Windows PowerShell ou Prompt de comando (CMD) using the following command:
whoami /groups
or GPResult
gpresult /r
OBSERVAÇÃO: The list of groups a user is a member of is displayed in the sectionThe user is a part of the following security groups.
Kerberos tickets can be reset without the restart of a computer usingklist.exe. Klist is included in OS Windows since Windows 7.
Computer membership
1. Right mouse button click on Começar botão e execute Windows PowerShell (Administrador)(Also you can use cmd);
2. To reset the whole cache of Kerberos tickets on a computer and update the computer membership in AD groups, execute o seguinte:
klist -lh 0 -li 0x3e7 purge
OBSERVAÇÃO: 0x3e7 is a special identifier showing the session of the local computer (Local System).
After running the command and updating the policies, all policies assigned to the Active Directory group using Security Filtering will be applied to the computer.
User membership
1. Right mouse button click on o começo botão e execute Windows PowerShell (Administrador)(Also you can use cmd);
2. Reset all Kerberos tickets of the user with this command:
klist purge