I have two servers. A domain controller running Exchange 2007 on Windows Server 2008. Another server running WSS3 (12.0.0.6545) on Windows Server 2008.
There are several AD security groups that contain AD users. These AD groups are assigned to sharepoint groups to allow AD users to have access to the sharepoint content.
If the domain controller is restarted, some of the users no longer can access sharepoint sites for which they have been assigned access and the user gets an access denied error message.
This happens to about 5% of the users in AD that have access to the sharepoint sites.
If the user is removed from the AD group and immediately added back to the group, the user's access is restored and they can access the site properly.
How do I fix this problem in which the security link between sharepoint and AD users gets broken when the domain controller is restarted?