How can I configure Windows Server 2003 domain controllers (DCs) to cache Universal group memberships?

A. During a native-mode domain logon, the logon process reads the Universal group membership from the Global Catalog (GC). You can cache these memberships locally on the DC by performing the following steps:

  1. Start the Microsoft Management Console (MMC) Active Directory Sites and Services snap-in (go to Start, Programs, Administrative Tools, and click "Active Directory Sites and Services").
  2. Select the site for which you want to enable caching.
  3. Right-click NTDS Site Settings, then click Properties.
  4. Select the Enable Universal Group Membership Caching check box, as this figure shows, then click OK.

Windows 2003 will populate the cache the first time the user logs on and use that cache for future logons. The system will refresh the cache periodically.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.