PROBLEM: AD Console user 'losing' computers

(imported topic written by Tim.Rice)

I’ve now experienced this twice with the same Console user.

The Account suddenly starts to ‘lose’ management rights over Endpoints.

The rights are configured via Roles, and use AD Groups to authenticate.

There are ~20 other Console Operators in the same group, and they are not experiencing the same issue. Only this one account. They manage 20k+ endpoints, but this account only shows ~5k.

Right now, I have removed the account from the AD Group and am waiting for the rest of the endpoints to decided that they “don’t” trust this operator before I put them back into the AD Group.

I have two questions :

  1. Is there a better way to ‘refresh’ this information so that the endpoints will trust the wayward Console Operator again short of removing the account from the AD Group, waiting for the Endpoints to refresh their AD Content (I assume that’s what it will take), then putting the account back into the AD Group.
  2. Is there a way to tell the BES Client to ‘refresh AD content NOW’ short of stopping and restarting the client?

It should go without saying that I’d also like to know WHY this might be happening. This is the second time it has happened with THIS Console Operator. What is it that would cause a large percentage of the clients to suddenly decide that they don’t trust THIS Console Operator? We have over 100 Console Operators, the VAST majority of which authenticate through AD, why this Console Operator?