Universal Groups in Windows Server can be useful. However, they also have a couple of drawbacks. One downside is that the Universal Group membership is kept in the Global Catalog servers. In a multiple domain environment, when a user try to logon to the domain the Global Catalog server has to be available to enumerate the Universal Group membership. This can be an issue when users are logging on in a remote site with slow or unreliable connection. Without the Global Catalog server they cannot logon. By caching the Universal Group membership on a Domain Controller in a remote site you can allow users to logon even when the network connection to the main office is down.
By default, the cached membership is update every 8 hours. Each refresh cycle can refresh hundreds of accounts at a time (500 accounts to be exact). You can modify the cached Universal Group information in the registry. Here’s the procedure.
1. Go to Start, Run, and type regedit.exe to start the registry editor.
2. Locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
3. On the menu click Edit, New, DWORD Value and enter one of the values that Microsoft has posted in a table in a TechNet article How the Global Catalog Works. It’s a lengthy article so I have posted the table here for your convenience. Press Enter after typing the entry.
4. Double-click the value you just entered and type a number from the Notes column in the table mentioned above in step 3.
5. Press OK and close the registry editor.
Copyright © 2013 Zubair Alexander. All rights reserved.
|« Sep||Nov »|
24 queries. 0.370 seconds