How to make vCenter detect AD group changes faster than 24 hours

This post was originally published on this site

Is there any way to change the time it takes for vCenter to detect changes in AD group membership?

 

Example:

GroupA is assigned permissions to a folder in vCenter. UserA is a member of GroupA

 

UserA logs in and everything is fine.

 

Remove UserA from GroupA

 

UserA is still able to login and it seems to take 24 hours before they lose permission.

 

I tried changing the validation period under advanced settings in vcenter but that didn’t seem to help. Is there something I’m missing?

 

Trying a similar test to grant access worked right away detects the change right away but removing access doesn’t get detected until the next day (I think I’ve seen a similar issue with nested groups and not detecting a change in membership in the past which I assume is related)

 

Thanks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.