Startseite > Active Directory, GPO, Server 2008, Server 2012 R2, Win XP Professional, Windows 7 > Refresh Active Directory Group Membership of PC without reboot

Refresh Active Directory Group Membership of PC without reboot


If you ever tested stuff that is based on AD-Groups for Computers – like GPO Software deployment – you have experienced that the PC “knows” its new group membership only after a reboot or after seven days of waiting….

After searching a while I found a way to get membership changes without reboot:

Open a command promt in the system user context and purge the kerberos tickets to get new ones, e.g. with the great tool psexec :

a) Download psexec

b) open an elevated command promt, navigate to the folder you downloaded psexec to and start psexec with the paramter “-s” to start the session on the local PC in system user context:

psexec –s cmd


c) run “klist –li 0x3e7 purge


d) the Keberos tickets get renewed and the new group membership is also populated Smiley


On Windows 7 and beyond/Server 2008 and beyond klist is coming with the OS, on Windows XP/Vista/Server 2003 you have to get klist form the Windows Server 2003 Resource Kit Tools.


Thanks to Darren for sharing this great tipp!

About these ads

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

Du kommentierst mit Deinem Abmelden / Ändern )


Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )


Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ photo

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s


Erhalte jeden neuen Beitrag in deinen Posteingang.

Schließe dich 141 Followern an

%d Bloggern gefällt das: