To resolve this problem, you can use the Ldp.exe utility to manually update the cache. You can also modify the registry so that the cache is updated more frequently. To work around this problem, you can also turn off the universal group membership caching feature.
To resolve this behavior, use one of the following methods:
- Manually update the group membership cache by using the Ldp.exe utility.
- Modify the registry so that the group membership cache is updated more frequently.
Method 1: Manually updating the group membership cacheTo update the cache, follow these steps:
- On the domain controller where the user has logged on, click Start, click Run, type cmd, and then click OK.
- At the command prompt, type ldp, and then press ENTER.
- On the Connections menu, click Connect.
- In the Server box, type the name of your server, and then click OK.
- On the Connections menu, click Bind.
- In the User box, type Administrator.
- In the Password box, type the password, and then click OK.
- On the Browse menu, click Modify.
- In the Attribute box, type updatecachedmemberships.
- In the Value box, type 1, and then click Enter.
- Click to select the Extended check box, and then click Run.
Method 2: Modifying the registryWarning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To configure the group membership cache to update every 60 minutes and to set the number of users whose group membership cache is updated, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Expand the following subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
- In the right pane, right-click Cached Membership Refresh Interval, and then click Modify.
- In the Value data box, type 60, and then click OK.
- Right-click Cached Membership Refresh Limit, and then click Modify.
- In the Value data box, type a new value, and then click OK.
Note By default, the number of users whose cache is updated is 500.
- Start Active Directory Sites and Services.
- In the console tree, double-click Sites, double-click Your_Site_Name.
- In the details pane, right-click NTDS Site Settings, and then click Properties.
- Click to clear the Enable Universal Group Membership Caching check box.
- Click OK.
Article ID: 871159 - Last Review: 29 Mar 2017 - Revision: 3