An old password or permissions still works after you change it in active directory for 15 minutes
You may notice a 15-minute period during which the user can log on to the Mobile, Mapped Drive or Web clients by using either the old password or the new password or access file permissions that have just been removed.
This latency exists by design for Internet Information Services (IIS) for performance reasons. If it’s urgent to block a user immediately the system administrator can clear cache on the MyWorkDrive server by issuing a “IISreset” command from the server console command line.
This is standard for all Microsoft Windows IIS servers – such as Outlook Web Access. Additional details: https://support.microsoft.com/en-us/help/152526/changing-the-default-interval-for-user-tokens-in-iis