September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
7.9. Enabling Universal Group Membership Caching
Tip
This recipe requires the Windows Server 2003 forest functional level.
Problem
You want to enable universal group membership caching so that a global catalog server is not needed during user logins.
Solution
Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
In the left pane, browse to the site you want to enable group caching for and click on it.
In the right pane, double-click on the
NTDS Site Settingsobject.Under Universal Group Membership Caching, check the box beside Enable Universal Group Caching.
If you want to force the cache refresh from a particular site, select a site or else leave the default set to
<Default>.Click OK.
Using a command-line interface
You can use a combination of the dsquery
site and dsget
site commands to find if a site has group caching
enabled.
> dsquery site -name <SiteName> | dsget site -dn -cachegroups -prefGCSiteYou can use ldifde to enable group caching. Create
a file called enable_univ_cache.ldf with the
following contents, but change
<SiteName> to the name of the site
you want to enable, and
<ForestRootDN> with the
distinguished name of the forest root domain:
dn: cn=NTDS Site Settings,cn=<SiteName>,cn=sites,cn=configuration,<ForestRootDN> changetype: modify replace: options options: 32 -
Then use the following command to import the change:
> ldifde -i -f enable_univ_cache.ldf
Using VBScript
' This code enables universal group caching for the specified site. ' ------ ...