Is there any way to change the time it takes for vCenter to detect changes in AD group membership?
GroupA is assigned permissions to a folder in vCenter. UserA is a member of GroupA
UserA logs in and everything is fine.
Remove UserA from GroupA
UserA is still able to login and it seems to take 24 hours before they lose permission.
I tried changing the validation period under advanced settings in vcenter but that didn't seem to help. Is there something I'm missing?
Trying a similar test to grant access worked right away detects the change right away but removing access doesn't get detected until the next day (I think I've seen a similar issue with nested groups and not detecting a change in membership in the past which I assume is related)
I assume this is the validation time that you changed: Change User Validation Settings
I am thinking right now that as a workaround you can maybe add that user to the No Access group once to remove it from the AD Group to not have permissions at all.