- On the domain member computer, an application calls the LsaLookupSids function to translate a security identifier (SID) to a user name.
- The user name has been changed on a domain controller.
The cache entries do time out, however chances are that recurring queries by applications keep the existing cache entry alive for the maximum lifetime of the cache entry.
- Open Registry Editor.
To do this in Windows XP or in Windows Server 2003, click Start, click Run, type regedit, and then click OK.
To do this in Windows Vista and newer, Click Start, type regedit in the Start Search box, and then press ENTER.
- Locate and then right-click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Point to New, and then click DWORD Value.
- Type LsaLookupCacheMaxSize, and then press ENTER.
- Right-click LsaLookupCacheMaxSize, and then click Modify.
- In the Value data box, type 0, and then click OK.
- Exit Registry Editor.
The local SID cache helps reduce domain controller workload and network traffic. However, inconsistency may occur between the local cache and the domain controllers.
For more information about the LsaLookupSidsfunction, visit the following Microsoft Web site:
Article ID: 946358 - Last Review: Nov 15, 2011 - Revision: 1