Group membership not updaing

Question

• I have a GPO that deploys printers based on security groups.
• I am a member of 5 of the 9 security groups.
• When I logoff back on, restart, or run GPUPDATE /FORCE, only three of the five printers are installed and then I run GPRESULT /R. It shows me as a member of only a member of three of the five groups.
• I ran whoami /groups and I am only a member of three of the five groups.
• I remove myself from one of the five groups, run another GPUPDATE /FORCE, and then run GPRESULT /R and I am still a member of the same three groups. (I have also run a "klist purge", as recommended in another forum).

Hope that is enough information...

Extra Info.

GPO Deloyes multiple printers based on group. All printers are setup with Item Level Targeting by security group. Delegation is "Authenticaed Users", Domain Admins, Enterprise Admins, Enterprise Domain Controllers, system. Auth Users and system are set to Read.

Answer 1

Hi,

Start by checking the AD replication to be sure that all domain controllers receive the last modification on membership for your user account.

Try to logoff and logon to clean user kerberos tickets in the cache.

Once done check if you can see all groups when you run whoami /groups

Please don't forget to mark helpful answer as accepted

Answer 2

It seems to be computer specific. I logged on to a server and the GPO ran and installed the printers I was expecting. It is my Windows 10 device that is not updating correctly. I have logged off and restarted, still get the same thing.

Answer 3

Yes ,it seems a comunication problem between computer and domain controllers. Start by cheking network connectivity between the computer and closest domain controllers.

Try remove computer from domain and rejoin it again. May be a secure channel is broken between workstation and the domain.

Please don't forget to mark helpful answer as accepted