Time lag in changes to Active Directory security groups and User Roles

Question

I am using Active Directory to assign the roles for users in my web application. However I am finding that there seems to be a long time lag between changing a user security group allocation in AD, and those changes propagating to users who are using the application. In fact when I retrieve the roles for a user in C# from AD they are up to date, but when I run this code to view the roles for the user, they are not updated until the next day. How do I make the user role updates from AD instant?

var identity = WindowsIdentity.GetCurrent();
var groups = from sid in identity.Groups select sid.Translate(typeof(NTAccount)).Value;
foreach (var group in groups)
{
    groupName = group;
}

Answer 1

This happens because Kerberos authorization info is stored in cache memory of local machine (Your app server), so you may not be able to get NOT up-to-date data.

You have 2 options:

1. Force update ticket-granting ticket (TGT) on your server
2. Use UserPrincipal.GetAuthorizationGroups to get your group not from app server but from AD.