From: Leiden, The Netherlands
I searched around in the forum and the description in this thread was most similar to the problem that I have. Our ISA 2004 enterprise edition has 3 interfaces and is part of our domain. I use AD user groups for control, so I add the AD user group to an ISA user group and add this to my access rule. When creating the rule, it works (most of the time). But when I add or remove a member to/from the AD group, it is not picked up by the ISA: Added members cannot connect (denied by the default rule), and removed members can still connect (allowed by the access rule where this user group is in). Only when I add the users directly in the ISA user group (not in the AD group) it works. It looks like the ISA is not checking changes in the AD groups when authenticating.