Refresh Group Membership for users immediatly

Normally, when you change a user's group membership in A/D, the change is only reflected once:

  • the user logs off and back on OR
  • the user's token expires - this happens after 8 hours by default
Follow this procedure to force a refresh:
(source: E-how article)

  1. start LDP
  2. connect to each of your DCs
  3. bind with an administrative account
  4. from the browse menu, select Modify
  5. in the Attribute window, paste this: updatecachedmemberships
  6. click add
  7. check the Extend checkbox
  8. click Run
While I tested this today, I thing I got mixed results. can anyone confim this really works ?

Comments

Post a Comment

Popular posts from this blog

Ansible and aws: adding hosts to known_hosts

Background Ansible uses SSH to control hosts. SSH (by default) expects the user to verify the identity of a server upon initially connecting to it. When connecting to a host for the 1st time, you will be prompted: Are you sure you want to continue connecting (yes/no/[fingerprint])? If you type yes in the above dialog, the host's public key and DNS name are added to a file called known_hosts The problem is that in many cloud environments, the DNS name for an instance is modified at each boot. Ansible, being reliant on SSH to connect to hosts, will fail if the host is not already in the known_hosts file, instead prompting the user to add the host to known_hosts. There are a few ways to solve this. You can instruct ansible to not verify the server's identity - but that defeats the ability of this mechanism to protect you fro
Read more
Get the IP of a hostname using WMI (vbscript) Purpose find the current IP of a given hostname approach: use the wmi win32_pingstatus to issue a ping, and get value of the returnaddress property sample code strTargethost = "server1.domain.com" Set objWMIService = GetObject("winmgmts:\\") Set PingResults = objWMIService.execquery("Select StatusCode,Address,ProtocolAddress FROM Win32_PingStatus where address = '" & strtargethost & "'") For Each oTarget In PingResults if oTarget.Statuscode   = 0 then  wscript.Echo "Host:" & strTargethost & ", address:" & oTarget.ProtocolAddress else wscript.echo "Host:" & strTargethost & ",status: " & oTarget.Statuscode end if Next
Read more

Mac OS: Log-foo

TL;DR Display all events since last boot In Terminal: sudo log show --boot --debug | more Display all Kernel events from the last 10 minutes In Terminal: sudo log show --predicate "processID=0" --start "$(date -v-10M "+%Y-%m-%d% %H:%M:%S")" --debug  processid=0 means kernel $date -v-10M means 10 minutes ago
Read more