I'm curious if I'm using the proper authentication method for my situation.
I've got an AD domain controller & DNS server. I've got a few client computers on the network, and they each allow anyone with an AD account to log into them. So there are various people that log in and out of each station.
Now, I have forwarding rules set up that are based on the group membership of those who log in. For instance, someone in the domain admin group has access to things a domain user doesn't.
I'm using DC Client to sync the AD info. The problem is, it only seems to sync the first person to log in. So if a domain admin logs in and then logs out, a domain user can login and the DC Client (and the firewall) still see the admin logged in. The firewall then lets the domain user use the domain admin authentication forwarding rules because it still thinks a domain admin is logged in, when it's really a domain user.
Should I be using a different method of authentication for my situation? I need something that keeps closer eye on who's actually logged in, so I can perform checks on their AD group membership and know I'm allowing the right person access.