Windows Firewall requires a proper network location detection to work correctly, especially when a machine is on a domain network. Sometimes, not even domain controller (DCs) themselves detect their network location properly, because the responsible service - the Network Location Awareness service (nlasvc) - is starting too soon during the boot process when domain services, DC location or other features are not yet available.
In order to detect Domain network profile correctly, the NLA service must be able to issue LDAP UDP ping against the PDC of the domain and if such a machine is not yet accessible for any reason, it falls back to Public network profile.
To force a manual update to refresh the network list and their associated profiles, just restart the NlaSvc service (note that there is a dependent service called Network List service - netprofm - which needs to be restarted as well, thus the -Force parameter):
Restart-Service NlaSvc -Force
Note 1: on Windows 2008 (not R2) or Windows Vista, you do not have network profiles per individual NICs, but the whole firewall will apply only a single network profile - the one which is the most restrictive. So if you happen to have more than a single network adapter on Windows 6.0, you may not be in the Domain profile just because some other network interaface connects to a Public or Private network simultaneously.
Note 2: on Windows 2008 or Windows 2008 R2 acting as AD DS (Active Directory) domain controller (DC) you may not be able to switch into the Domain profile even after the NlaSvc restart. This may happen if you disable IPv6 on the DC itself using the registry value called DisabledComponents. As a side effect of disabling the IPv6 stack, Windows 2008 and Windows 2008 R2 DCs stop listening to LDAP UDP port 389 on the loopback IP address of 127.0.0.1. Actually, they never listen to the loopback IPv4 address at all even if you have IPv6 enabled, but because they listen to ::1 UDP 389 it fixes itself. Although DCs listen to LDAP TCP 389 on the localhost IPv4 address, for some reason they do not listen to the UDP port locally. In such a case the NLA sevice cannot ping localhost on the LDAP UDP port and will treat the network as Public regardless of anything. Windows 2012 repaired this by listening to the LDAP UDP 389 on 0.0.0.0 regardless of IPv6 stack enabled or not.