Ignition AD / Database Hybrid User Source – New AD User Cannot Login Immediately (Login Works After ~2 Hours)

senthoormani.m · January 21, 2026, 1:16pm

Hello All,

We are using an Active Directory / Database Hybrid User Source in Ignition.

Issue Description:

When we manually add a new user in Active Directory:

The user cannot log in to Ignition immediately
Login starts working only after 1–2 hours

From our observation, it took delay for new user login.

Are there any Ignition or AD settings to reduce this delay?
Is there any way to force refresh the user/group cache?
Has anyone else faced this issue and found a solution?

Expected Behavior: New AD users should be able to log in immediately after added in AD.

Any guidance or best practices would be appreciated.

Thanks in advance.

Jesse_Van_Hill · February 20, 2026, 5:28pm

The AD/DB hybrid user source does not involve any caching in the authentication path and it reaches out directly to the LDAP server to authenticate.

If using AD, I would use the OpenLDAP ldapwhoami utility to try to authenticate with the same user. You could also try using ldapsearch if you are using an LDAP server that does NOT support the “Who AM I?” extended operation.

If you are using a distributed LDAP server, it is possible that replication is taking that long. For instance, while creating an AD user the user on the local domain controller is available immediately, it can take over an hour for the user to propagate to other servers.

I hope that helps.

michael.flagler · February 20, 2026, 6:51pm

I'd bet it's this. If you need a user to log in quickly, it's best to make the change on the DC server that Ignition points to, otherwise you're at the mercy of AD replication. Your IT group can speed up how frequently AD replicates, but this sounds to me like the most likely reason for the delay.