An old password or permissions still works after you change it in active directory for 15 minutes
You may notice a 15-minute period during which the user can log on to the Mobile, Mapped Drive or Web clients by using either the old password or the new password or access file permissions that have just been removed.
This latency exists by design for Internet Information Services (IIS) for performance reasons. If it’s urgent to block a user immediately the system administrator can clear cache on the MyWorkDrive server by issuing a “IISreset” command from the server console command line.
This is standard for all Microsoft Windows IIS servers – such as Outlook Web Access. Additional details: https://support.microsoft.com/en-us/help/152526/changing-the-default-interval-for-user-tokens-in-iis
You can change the default interval for the token cache:
On each MyWorkDrive server, run the registry editor (regedit.exe).
Locate the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters
Within this key add DWORD value UserTokenTTL with decimal value 300 (IIS refresh tokens cache every 300 seconds = 5 minutes).