This works all version of windows starting with Windows 2008 and Windows 7 and above from a Windows 2012 or Windows 8 host with the latest Remote Administration Tools.
As you can see below this will show you all the security group memberships that were used when the Group Policy was last processed on that computer.
But, the only sure fire way to be sure that the new group membership straight away is to either log off as the user or reboot the computer to refresh the Kerberos token.
You do have the option to reduce or increase this refresh value you can do this by modifying the “Maximum lifetime for user ticket Properties” setting under Computer Configuration Kerberos Policy.
As you can see there are many ways to achieve this but the simplest I have found using command line using Invoke-GPUpdate.
Before we are able to use it we first need to make sure we open the correct ports.