SYMPTOM

If a user’s group membership is changed across domains and the refresh application list link is clicked, the application list does not display the correct application list according to the changed membership.

CAUSE

This is due to the AD Replication latency across domains. Universal Groups are updated first in Global Catalog (GC) and then the changes replicated to each domain. The time to replicate depends on the topology as well as the replication schedule set by the system administrator. Typically, the time taken is about 15 minutes.

RESOLUTION

Due to the AD architecture, the updated application list is displayed after replication takes place as per the replication schedule set by the system administrator and the topology. The system administrator can also do manual synchronization. The change in group membership is then reflected immediately.