If you want to update an Active Directory computer membership without rebooting the Server, this post shows how to do that in a very easy way.

The Challenge

In the WSUS project, I was in charge of last months in my work, I had to create and apply several policies to Servers and the most of them were critical for business, and a reboot would require manager approval and downtime for the application. So how could I apply the needed changes without rebooting the Operating System or don't need to wait around 9 hours to have the Kerberos tickets expired?

The Resolution

1 - Open the prompt as administrator and execute the following command:

klist -li 0x3e7 purge

2 - Next, execute the command - gpupdate /target:computer /force

The first command will delete all Kerberos tickets cache and force the system to get new ones with an updated group membership information. The second one is to force the group policy changes only for computers accounts.

For any doubts or suggestions, please leave a comment below.