Universal Group Membership Caching

            Universal Group Membership Caching eliminates the dependency on the availability of a global catalog server during logons. When you enable this feature on a domain operating in Windows Server 2003 or higher functional level, any domain controller can resolve logon requests locally without having to go through the global catalog server.      

           When a Universal group membership is enabled, the Domain Controller will cache the users universal group membership data, the first time user logs on and use it to crate user's token for subsequent logons.
          Universal group membership for any users who have logged onto the DC is refreshed every eight hours. The DC can hold universal group membership cached data for as many as 500 users. 

          The primary reason why you wouldn't want to make a DC a GC in a remote site is that the replication of the global catalog will consume too much bandwidth. For Example, if the bandwidth utilization is already at 80 percent, making the DC a GC could cause utilization peak at 100 percent. 


To enable or disable Universal Group Membership Caching follow the steps below:

1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services.

2. In the console tree, expand Sites, and then click the site in which you want to enable Universal Group Membership Caching.

3. In the details pane, right-click the NTDS Site Settings object, and then click Properties.

4. Under Universal Group Membership Caching, select Enable Universal Group Membership Caching.

5. In the Refresh cache from list, click the site that you want the domain controller to contact when the Universal Group membership cache must be updated, and then click OK.

How Saved Queries works in Server 2008

      

Windows Server 2003 introduced the Saved Queries node of the Active Directory Users and Computers snap-in. This powerful function enables you to create rule-driven views of your domain, displaying objects across one or more OUs. 

To create a saved query: 

• Open the Active Directory Users And Computers snap-in. 

• Right-click Saved Queries, choose New, and then select Query.

•  Type a name for the query. Optionally, enter a description

• Click Browse to locate the root for the query. The search will be limited to the domain or OU you select. It is recommended to narrow your search as much as possible to improve search performance.  

• Click Define Query to define your query.

   

• In the Find Common Queries dialog box, select the type of object you want to query.                                                                        
• The tabs in the dialog box and the input controls on each tab change to provide options that are appropriate for the selected query.

•  Click OK.

After your query is created, it is saved within the instance of the Active Directory Users And Computers snap-in, so if you open the Active Directory Users And Computers console (dsa.msc), your query will be available the next time you open the console. If you created the saved query in a custom console, it will be available in that custom console. To transfer saved queries to other consoles or users, you can export the saved query as an XML file and then import it to the target snap-in. 

Saved queries are a powerful way to virtualize the view of your directory and monitor for issues such as disabled or locked accounts. Learning to create and manage saved queries is a worthwhile use of your time.