Hello all
All of our domain controllers are running windows 2012, and all clients are running either Windows 7 sp1 or windows 8.1. clients use Cisco anyconnect version 3.1.1065.
From my understanding one of the things NLA is able to do is its able to reconcile the token with the domain controller if the network status (reachability of the DC) changes. The cached token will be replaced by a "real" token when the VPN
is started. We are noticing that when users VPN into the network, they are picking up group membership changes right away. This would mean that my above understanding of what NLA can do is correct, however i cannot find anything on my searches
that would backup my understanding.
Please let me know if my understanding is correct, and if so please provide me a document that describes this behavior
Thank you