7.9. Enabling Universal Group Membership Caching

Tip

This recipe requires the Windows Server 2003 forest functional level.

Problem

You want to enable universal group membership caching so that a global catalog server is not needed during user logins.

Solution

Using a graphical user interface

  1. Open the Active Directory Sites and Services snap-in.

  2. In the left pane, browse to the site you want to enable group caching for and click on it.

  3. In the right pane, double-click on the NTDS Site Settings object.

  4. Under Universal Group Membership Caching, check the box beside Enable Universal Group Caching.

  5. If you want to force the cache refresh from a particular site, select a site or else leave the default set to <Default>.

  6. Click OK.

Using a command-line interface

You can use a combination of the dsquery site and dsget site commands to find if a site has group caching enabled.

> dsquery site -name <SiteName> | dsget site -dn -cachegroups -prefGCSite

You can use ldifde to enable group caching. Create a file called enable_univ_cache.ldf with the following contents, but change <SiteName> to the name of the site you want to enable, and <ForestRootDN> with the distinguished name of the forest root domain:

dn: cn=NTDS Site Settings,cn=<SiteName>,cn=sites,cn=configuration,<ForestRootDN>
changetype: modify
replace: options
options: 32
-

Then use the following command to import the change:

> ldifde -i -f enable_univ_cache.ldf

Using VBScript

' This code enables universal group caching for the specified site. ' ------ ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial