How to Update Group Membership of Computers Without Rebooting OS

The Challenge

Today in the job I have faced a challenge in a project of WSUS for the server environment.

We had to add several servers to security groups in Active Directory, for GPO Security Filtering purposes.

The challenge here was how to update the group membership of the servers in order to have the GPO's applied for them, without rebooting the System Operating, or to wait about 9 hours to have the Kerberos tickets expired.

The Solution

By running:

klist -li 0x3e7 purge


gpupdate /target:computer /force

With the first command, you will delete all Kerberos tickets cache and force the system to get new ones with updated group membership information.

The second command is to force group policy changes only for computers accounts.

PS: You need to have administrator privileges to perform these commands successfully.

I hope it can help you in your daily system-admin routine.