Environment: Three W2K3 DC's and ten WTS (no SP1), all located on the same subnet.
We have GPO's applied based on group membership. A few policies are only intended to be active for some hours, blocking execution of specific applications. After adding the users to the group, the policy is active almost immediately on the terminal servers - but after removing users from the group, the GPO's are still applied on some. GPresult shows that the users are still seen as member of the group, while running MemberOf against every DC says they are not? How can I troubleshoot this further, and where is it possible that the membership is cached? Ole Thomsen List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
