From LedHed's Wiki
Jump to: navigation, search

Overview

Active Directory computer objects only update their group membership upon reboot (much like user objects update their membership at logon). Sometimes you need a computer to update its membership but can't reboot because the computer is serving some critical function.

KLIST

You can use c:\windows\system32\klist.exe and gpupdate.exe to force a refresh. klist.exe needs to be run with Domain Admin or higher privilege. It may even need to be run as the NT Authority\System account.

klist.exe purge
gpupdate /force


Reference

https://technet.microsoft.com/en-us/library/hh134826(v=ws.11).aspx

https://blogs.msdn.microsoft.com/jamoyer/2008/01/30/update-computer-account-group-membership-without-rebooting/