Universal Group Membership Caching eliminates the dependency on the availability of a global catalog server during logons. When you enable this feature on a domain operating in Windows Server 2003 or higher functional level, any domain controller can resolve logon requests locally without having to go through the global catalog server.
When a Universal group membership is enabled, the Domain Controller will cache the users universal group membership data, the first time user logs on and use it to crate user's token for subsequent logons.
Universal group membership for any users who have logged onto the DC is refreshed every eight hours. The DC can hold universal group membership cached data for as many as 500 users.
The primary reason why you wouldn't want to make a DC a GC in a remote site is that the replication of the global catalog will consume too much bandwidth. For Example, if the bandwidth utilization is already at 80 percent, making the DC a GC could cause utilization peak at 100 percent.
To enable or disable Universal Group Membership Caching follow the steps below:
1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services.
2. In the console tree, expand Sites, and then click the site in which you want to enable Universal Group Membership Caching.
3. In the details pane, right-click the NTDS Site Settings object, and then click Properties.
4. Under Universal Group Membership Caching, select Enable Universal Group Membership Caching.
When a Universal group membership is enabled, the Domain Controller will cache the users universal group membership data, the first time user logs on and use it to crate user's token for subsequent logons.
Universal group membership for any users who have logged onto the DC is refreshed every eight hours. The DC can hold universal group membership cached data for as many as 500 users.
The primary reason why you wouldn't want to make a DC a GC in a remote site is that the replication of the global catalog will consume too much bandwidth. For Example, if the bandwidth utilization is already at 80 percent, making the DC a GC could cause utilization peak at 100 percent.
To enable or disable Universal Group Membership Caching follow the steps below:
1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services.
2. In the console tree, expand Sites, and then click the site in which you want to enable Universal Group Membership Caching.
3. In the details pane, right-click the NTDS Site Settings object, and then click Properties.
4. Under Universal Group Membership Caching, select Enable Universal Group Membership Caching.
5. In the Refresh cache from list, click the site that you want the domain controller to contact when the Universal Group membership cache must be updated, and then click OK.
No comments:
Post a Comment