Pular para o conteúdo principal

Postagens

Destaques

How to Update Group Membership of Computers Without Rebooting OS

The Challenge

Today in the job I have faced a challenge in a project of WSUS for the server environment.

We had to add several servers to security groups in Active Directory, for GPO Security Filtering purposes.

The challenge here was how to update the group membership of the servers in order to have the GPO's applied for them, without rebooting the System Operating, or to wait about 9 hours to have the Kerberos tickets expired.

The Solution

By running:

klist -li 0x3e7 purge



and

gpupdate /target:computer /force

With the first command, you will delete all Kerberos tickets cache and force the system to get new ones with updated group membership information.

The second command is to force group policy changes only for computers accounts.

PS: You need to have administrator privileges to perform these commands successfully.

I hope it can help you in your daily system-admin routine.



Últimas postagens

How to Add UPN Suffixes in Active Directory

System Administrator Daily Routine - Useful Commands

Setting up NTP service properly on your PDC Master

Changing Default Computer Container Active Directory

Step by Step Failover Cluster and Hyper-V in SAN Environment

VBScript Password Changing for All Computers