Active Directory information is cached at the Endpoint. If a user is disconnected, then we used the cached AD information. The only time there would be a problem is if we are never able to connect to the AD server. If the User Groups are not available because they never connected in the Detection Request when needed, it is treated as if the User belongs to no groups and processing continues as normal. If agent does not ever restart, it would re-ping AD for the current group information every seven days. The default value of seven days is configurable.