Active DirectoryMicrosoft Technologies

How to enable universal group membership caching (UGMC)?

In one of my previous posts I explain the how to setup a branch network properly. In there I mentioned how we can utilize the bandwidth between corporate office and the branch office. One of the method we can use for that is universal group membership caching. If the branch office AD servers are not acting as global catalog servers, UGMC allows to store data about membership of the universal groups in cache. This cache is set to update in every eight hours by default. As result of UGMC, branch office domain controllers can process the log on or resources requests without going to a GC server via WAN link.

UGMC have to enable per site basis. In order to get this function work, each user must have logged on when GC server available and UGMC feature is enabled.

Let’s see how we can enable this feature.

1)    Log in to the domain controller as member of domain admin group or enterprise admin group.
2)    Then go to server manager > tools > active directory sites and services

UGMC1

3)    Then in mmc, select the Site you need UGMC enabled

UGMC2

4)    In right hand panel right click on “NTDS site settings” and click properties

UGMC3

5)    In properties window click to enable “Enable Universal Group Membership Caching

UGMC4

6)    Under the refresh cache from drop down you can select which site it should use to get the cache.

UGMC5

7)    Once this is done click ok to apply the change

Now it enables UGMC in the given site. If you have any questions about the steps feel free to contact me on rebeladm@live.com

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *