I'm running into an odd situation: domain group membership as reported by Group Policy differs from that of Active Directory.
DOMAIN\user.name
was already a member of DOMAIN\some_group_1
. I added it to the AD group DOMAIN\some_group_2
. The command gpresult /v
now reports that DOMAIN\user.name
is NOT a member of DOMAIN\some_group_2
, while the Active Directory Users and Computers snap-in clearly shows that it is.
Both groups have Global scope and were created using the WSE 2016 Dashboard.
This situation is preventing Group Policy Preferences from creating a registry entry for this user, an entry that's targeted for all users in DOMAIN\some_group_2
.
Why isn't Group Policy picking up the new membership?
As an aside, Get-ADPrincipalGroupMembership user.name
run at the DC reports that the user is a member of Domain Users
only.
--EDIT--
I should clarify that I'm connecting to the domain using two computers via two methods: 1) LAN; 2) Remote VPN. The symptoms are identical on both connections.