Collector Agent LDAP Group Refresh

If your scenario is like this ..  1. user logs in workstation (WKS)

2. user is not seen in FSSO

3. user was not member but now he was added as member of AD group which is in Group Filter

4. user is still not in FSSO user list

Then it is expected as at user's logon he was not part of any monitored AD group. Simply by adding user to the group you will not get user re-evaluated. Because his logon event was already processed. And so user will not be seen in FSSO by design until he makes any authenticated action like logoff-login or accessing network folder somewhere on domain which also is authenticated action.

In case the user group membership changes, like he was part of monitored group A and was moved to group B but he haven't made any authenticated action and his membership from FSSO and so FGT standpoint is still group A. If he will make authenticated action, then his membership will be re-evaluated if there is no group cache set. If he will not make any authenticated action, then his group membership will not be re-evaluated unless you set  "grouplookupinterval" config key in registry where Collector Agent runs.