Matthias Güntert

Asked: 2015-02-21 02:10:20 +0800 CST2015-02-21 02:10:20 +0800 CST 2015-02-21 02:10:20 +0800 CST

At which point becomes a changed computer group membership active?

When adding a computer object to an AD group, at which point in time does the group membership become active? Is there some kind of kerberos refresh interval (similar to group policy refresh)?

I know it becomes active for sure when the computer reboots, also I am aware of the klist -lh 0 -li 0x3e7 purge trick.

1 Answers

Voted

Best Answer

Ryan Ries
2015-02-21T10:12:14+08:002015-02-21T10:12:14+08:00
When and only when a new access token is created. This does not occur when a TGT is refreshed at 10 hours. It also does not occur automatically when the ticket expires after 7 days. You have to actually get a brand new one. This is why you must either reboot or do the klist trick.
5

At which point becomes a changed computer group membership active?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?