Only new sessions will have the latest update (i.e changed -lm-compatibility-level). Rest of the sessions which are already logged in using NTLM will continue to stay up. In order to have them negotiate new security update, they need to be closed their session first.
You should be able to filter those users using NTLM via this cmd:
::> vserver cifs session show -vserver <vserver> -fields session-id,auth-mechanism
You should then be able to close those session-id, once this is done, next time when they login they will use the updated security (auth-mechanism)
This article may help in closing sessions for those using NTLM security.