Is there a way to force active directory group assignation without logoff/login?

Question

as stated here and there, it looks like there is no way to avoid a user logoff/login in order to activate a new group assignation for this user (my use case was : activate an access to a shared folder by adding a user in a group).

Is there still no way to force the user group mapping assignation (without ending the session) with latest versions of Windows/Active directory ?

Thanks !

You can try `klist purge` then use `runas` the same logged in user to recreate the kerberos session — Drifter104, Jun 03 '20 at 09:40
Lock and unlock does the same thing. You need the session refresh and there's no deterministic way to do it outside of a logon process, which the lock/unlock will do. Edit: though it's an async process, so it takes a beat for the tickets to arrive. — Steve, Jun 09 '20 at 17:53
Does this answer your question? [What is the minimum action required in order to have access to a newly authorized server folder](https://serverfault.com/questions/932623/what-is-the-minimum-action-required-in-order-to-have-access-to-a-newly-authorize) — Rick Jelier, Jun 16 '20 at 09:18

score 1 · Answer 1 · answered Jun 08 '20 at 06:20

1

It seems like your question has already been answered here.

The accepted answer on this question basically tells you all you need.

answered Jun 08 '20 at 06:20

Rick Jelier

71
1
8

Is there a way to force active directory group assignation without logoff/login?

1 Answers1