ActiveDirectory : update of information stored in global-security-groups on the client-host

Oct 18, 2011 at 2:59 PM

How to trigger the client-host for update of information stored in global-security-groups in the ActiveDirectory ?
I have to change some information dynamically in the central ActiveDirectory-DB
i.e. I create or delete global-security-groups in the ActiveDirectory and add or remove user-accounts as needed.
This part of task works fine.

During the test of the feature I had to realize that the client-hosts in the network do unfortunately need a large time-delay for the update of information.
We could observe a delay-time of up to 95 minutes (sic !) and appreciate an acceleration for that.

Does anybody know a way to force the client-hosts for update of so called Kerberos-Tickets in a Windows-Network ?
As I know this is not affected by the update conc. the so called GroupPolicies.

The following solutions are already known, but not preferred :
* perform a logout-procedure and subsequently the corresponding relogin --> computer has to ask for current information
and harder :
* reboot of the client-host including a relogin as mentioned above

.. could we use something else instead, which is more comfortable for the users ?
e.g. a skript,
e.g. a command line, executed on the client-host
e.g. a program, written in C# for .NET
e.g. a Flag


Thanks in advance,