A. During a native-mode domain logon, the logon process reads the Universal group membership from the Global Catalog (GC). You can cache these memberships locally on the DC by performing the following steps:

  1. Start the Microsoft Management Console (MMC) Active Directory Sites and Services snap-in (go to Start, Programs, Administrative Tools, and click "Active Directory Sites and Services").
  2. Select the site for which you want to enable caching.
  3. Right-click NTDS Site Settings, then click Properties.
  4. Select the Enable Universal Group Membership Caching check box, as this figure shows, then click OK.

Windows 2003 will populate the cache the first time the user logs on and use that cache for future logons. The system will refresh the cache periodically.