We have AD users Authentication Issue

Seema Kanwal Gurmani 321 Reputation points


Dear Community,

We have created three groups in AD Domain Controller for authentication of our AD Users (i.e. Internet Officers (with restriceted ), Middle Management(partially restricted), Top Management(no restriction)).
These groups are called in Firewall as the restriction level of internet is different and we control users internet access on these groups basis.

The problem occurs when I try to change a user's group. I go to dc , I remove it from let's say internet officer group and make it member of Top managment ,the group doesnot get updated on client's system , I ran whoami /group command on user system as a troubleshooting and ran"gpupdate /force" command, rebooted user system but it still shows the old Internet officer group by running "whoaam /group" command. When checked at firewall's end it was still authenticating from same old group however on domain controllers (ALL) it was showing updated group under user & groups user properties.

I want to ask as to why dc is not updating from previous group?

Kindly guide me .


Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,558 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,091 questions
0 comments No comments
{count} votes

12 answers

Sort by: Most helpful
  1. Osama Mansoor 1 Reputation point

    i am facing same issue.

    0 comments No comments

  2. HG-0019 1 Reputation point


    delete the Kerberos Ticket.
    klist purge

    0 comments No comments

  3. Fan Fan 15,306 Reputation points Microsoft Vendor

    Run the command :klist purge to clear the cached credentials to check if it works.
    If not , sign out the user and sign in again.
    If there are any updates , welcome to share here!
    Best Regards,

    0 comments No comments

  4. Osama Mansoor 86 Reputation points

    Sorry,56967-4.jpg not worked for me.
    Also rebooted multiple times but it looks like groups is stucked

    0 comments No comments

  5. Deepak M 1 Reputation point

    Are you facing the issue even after restarting the machine ? If so there could be a chance of AD replication issue.

    1) Please run below command to see the DC its maintaining secure channel with.

    nltest /dsgetdc:"type your domain name"

    2) Connect Active directory Users and computers and change domain controller to the DC obtained on step 1
    3) Check user membership on that domain controller. If membership is present , there is a problem with AD replication.

    Deepak M

    0 comments No comments