ADCE: Advanced Kerberos
User's Group Membership
Group membership changes and access token are updated in session.
Computer's Group Membership
Group membership changes are updated without requiring a reboot.
No Replication Delays
Changes to group membership take effect without waiting for AD Replication Cycles to complete.
Kerberos Tickets are refreshed when network connection state is changed.
All statistics related to Time Sync are discarded when computer connects to AD and Windows Time is set.
User session always operates with access level reflected in AD Security Groups and User Rights.
Workflow is built following the principle of least privileges
By default, password is masked, when first retrieved.
Business Users save time logging off and logging in required to update Kerberos Tickets.
Large Enterprise Ready
'Universal LDAP Name for Closest DC' feature facilitates large scale deployment.