If the Endpoint Agent is not able to reach the AD Server at the seven day mark, it will try again every day.  This attempt to query the AD Server is done at the same time as the last successful connection.  So, if the last successful attempt was at 9 AM Monday, the next 9 AM Monday the Endpoint Agent will attempt again.  If that attempt is unsuccessful, the Endpoint Agent will attempt at 9 AM Tuesday, then 9 AM Thursday until it is successful. 

If at startup, the Endpoint Agent is unable to reach the AD Server, then the Endpoint Agent will read the settings in the grp.ead file, located in the (by default) C:\Program Files\Manufacturer\Endpoint Agent directory. 

If the Endpoint user is connecting via VPN, the agent may not be able to connect to the AD Server at startup, because the startup of the edpa process occurs before the machine is able to connect to the AD Server.  In this case, the agent will attempt to use the grp.ead file at startup, and will attempt again at the seven day mark and beyond.

If there is no grp.ead file, and the Endpoint Agent cannot connect to the AD Server, the Endpoint Agent will treat the user as if they are in no group.