Sharepoint - Why are user permissions set in AD not updated immediately to SharePoint?

Configure the Token Cache to a smaller value: http://technet.microsoft.com/en-us/library/cc287917(office.12).aspx. Default is 1440 minutes (24hrs)

Original

This may due to the fact that Sharepoint imports the group membership information from Active Directory on a regular basis. the Frequency depends on configuration of your User Profile Synchronization service in central Admin. Profile synchronization is described nicely here: http://technet.microsoft.com/en-us/library/gg188041.aspx#groups

Updated Looking at comments below and carefully reading the link above, I think that AD Group membership is used for while Sharepoint compiled the target audiences. It is possible that even running profile synchronization does not solve your problem. Try using IISRESET /NOFORCE and see if it immediately detects AD changes (and clears the cache). I came across a long thread related to similar problem and I could not find a proper answer. Please share your experience and findings.

Hope this will help someone because I faced the same issue. The claims based token is refreshed every 10 hours and hence if you make any changes to Active directory group memberships it won't reflect immediately in the token. you need to run the following powershell command to adjust the token life time to a smaller value.

$sts = Get-SPSecurityTokenServiceConfig
$sts.WindowsTokenLifetime = (New-TimeSpan –minutes 60)
$sts.FormsTokenLifetime = (New-TimeSpan -minutes 60)
$sts.Update()
Iisreset

It is explained in detail here http://www.shillier.com/archive/2010/10/25/authorization-failures-with-claims-based-authentication-in-sharepoint-2010.aspx