In my active directory setup (Windows Server 2012r2 acting as domain control), I have a group called "TestComputers". I have a domain computer called "Computer1" that is a member of this group.
On that computer, when I run GPUpdate and then GPResult, under "The computer is part of the following security groups" it does not show this group. However, it DOES show this group under "The user is part of the following security groups".
Why is it associating the user with the group instead of the computer with the group? The computer recognizes that it is part of other build-in computer groups such as "Domain Computers".
Best Answer
You have to reboot the computer (or issue a
klist purge) in order for it to recognize that it's a member of a new group. (This isn't something that happens if you wait, in other words.)(Here's an msdn blog post on updating computer group membership without a reboot. See also this Server Fault post.)