Startseite > Active Directory, GPO, Server 2008, Server 2012 R2, Win XP Professional, Windows 7 > Refresh Active Directory Group Membership of PC without reboot

Refresh Active Directory Group Membership of PC without reboot

 

If you ever tested stuff that is based on AD-Groups for Computers – like GPO Software deployment – you have experienced that the PC “knows” its new group membership only after a reboot or after seven days of waiting….

After searching a while I found a way to get membership changes without reboot:

Open a command promt in the system user context and purge the kerberos tickets to get new ones, e.g. with the great tool psexec :

a) Download psexec

b) open an elevated command promt, navigate to the folder you downloaded psexec to and start psexec with the paramter “-s” to start the session on the local PC in system user context:

psexec –s cmd

image

c) run “klist –li 0x3e7 purge

image

d) the Keberos tickets get renewed and the new group membership is also populated Smiley

 

On Windows 7 and beyond/Server 2008 and beyond klist is coming with the OS, on Windows XP/Vista/Server 2003 you have to get klist form the Windows Server 2003 Resource Kit Tools.

 

Thanks to Darren for sharing this great tipp!

About these ads

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ photo

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s

Folgen

Erhalte jeden neuen Beitrag in deinen Posteingang.

Schließe dich 119 Followern an

%d Bloggern gefällt das: