Group Memberships not validating at login but will with refresh.

On first login I can see in sltrace log that only the local groups are being found, However after login and a policy refresh is forced sltrace log will show ad group memberships are found and all polices apply as expected.

This is only happening on a few user accounts so far but fear it may grow.

This issue appears to be related to delayed Active Directory group resolution during the initial login, where only local groups are recognized until a manual policy refresh triggers the detection of AD group memberships. Since it's only affecting a few users so far, it may point to a caching or replication delay specific to certain accounts or workstations. To prevent broader impact, reviewing network latency, DNS configuration, or Group Policy processing settings may help identify the root cause. Think of it like booking a wedding limo Richmond—you expect all services to be ready upon arrival, not after a second request; similarly, all group memberships should apply right at login, not only after a forced refresh.