ADCE: Advanced Kerberos

Near real-time and in-session update of Kerberos Tickets and Access Token.

Kerberos tickets are generated when the client authenticates and requests for new tickets. Kerberos tickets have a start time and an expiration time. At any time after the start time but before the expiration time, a client holding a session ticket for a particular service can present the ticket and gain access to the service, no matter how many times the client has used the ticket previously. To reduce the risk of a ticket or its corresponding session key being compromised, administrators can set a maximum lifetime for tickets. This value is one element of Kerberos policy an administrator can set for the domain.
User's Group Membership

Group membership changes and access token are updated in session.

No Replication Delays

Changes to group membership take effect without waiting for AD Replication Cycles to complete.

Time Synchronization

All statistics related to Time Sync are discarded when computer connects to AD and Windows Time is set.

Productivity Gains

Business Users save time logging off and logging in required to update Kerberos Tickets.

Computer's Group Membership

Group membership changes are updated without requiring a reboot.

Kerberos Refresh

Kerberos Tickets are refreshed when network connection state is changed.


User session always operates with access level reflected in AD Security Groups and User Rights.

Large Enterprise Ready

'Universal LDAP Name for Closest DC' feature facilitates large scale deployment.