When modifying a user's group membership in Active Directory, this change is not reflected in MDS.
The initial group memberships were taking in in the MDS security setup, but changes made in AD afterwards are not coming through.
I verified that the user was logged out and in again. This was reflected in the "last login time" in the MDS security screen.
Also the change in group membership was replicated to all domain controllers, so that can be eliminated as a potential cause.
The Identity for the Application Pool has the rights to query the Active Directory (and is the same user which was used initially to populate the security membership in MDS).
IIS was restarted a couple of times as well to potentially trigger a refresh.
Is this a known problem, or what could help me troubleshoot this problem further?