Why don't Windows domain machines periodically query security group membership, like other things? [closed]
Solution 1:
The need to log out is due to AD group memberships only updating when a Kerberos ticket is created, which occurs during login.
You can refresh a computer's Kerberos ticket by running klist -li 0:0x3e7 purge
on an elevated command line, followed by gpupdate /force
if you need to update the group policy.
Referece: http://woshub.com/how-to-refresh-ad-groups-membership-without-user-logoff/