I have Win2k8R2 with RDS Gateway. I am using AD groups in a RAP to define which network resources can be accessed by users. For the most part, it's working as expected, but I am finding that changes to the AD group (e.g. remove a server) are not taking effect immediately. Users are still able to establish a new connection to a server that has been removed from the AD group. If I reboot the RDS GW, the change seems to take effect, and the users can no longer access the removed server.
While I haven't tested it extensively yet, the change may also take effect after a period of time, without requiring a reboot ... but this doesn't help me either. I need to have such changes take immediate effect.
I've searched the web without luck, this is an awkward topic to get meaningful results on. Can someone tell me definitively when changes to AD groups take effect in the RAP ... and how I can force it to take immediate effect (without a reboot)?
Thanks,
Rob