Your network contains an Active Directory forest. The forest contains multiple sites.
You need to enable universal group membership caching for a site.
What should you do?
A.
From Active Directory Sites and Services, modify the NTDS Settings.
B.
From Active Directory Sites and Services, modify the NTDS Site Settings.
C.
From Active Directory Users and Computers, modify the properties of all universal groups
used in the site.
D.
From Active Directory Users and Computers, modify the computer objects for the domain
controllers in the site.
Explanation:
http://technet.microsoft.com/en-us/library/cc816797%28v=ws.10%29.aspx
Enabling Universal Group Membership Caching in a Site
In a multidomain forest, when a user logs on to a domain, a global catalog server must be
contacted to determine the universal group memberships of the user. A universal group cancontain users from other domains, and it can be applied to access control lists (ACLs) on
objects in all domains in the forest. Therefore, universal group memberships must be
ascertained at domain logon so that the user has appropriate access in the domain and in
other domains during the logon session. Only global catalog servers store the memberships
of all universal groups in the forest.
If a global catalog server is not available in the site when a user logs on to a domain, the
domain controller must contact a global catalog server in another site.
In multidomain forests where remote sites do not have a global catalog server, the need to
contact a global catalog server over a potentially slow wide are network (WAN) connection
can be problematic and a user can potentially be unable to log on to the domain if a global
catalog server is not available. You can enable Universal Group Membership Caching on
domain controllers that are running Windows Server 2008 so that when the domain
controller contacts a global catalog server for the user’s initial domain logon, the domain
controller retrieves universal group memberships for the user. On subsequent logon
requests by the same user, the domain controller uses cached universal group memberships
and does not have to contact a global catalog server.
To complete this task, perform the following procedure:
http://technet.microsoft.com/en-us/library/cc816928%28v=ws.10%29.aspx
Enable Universal Group Membership Caching in a Site
1. Open Active Directory Sites and Services: On the Start menu, point to Administrative
Tools, and then click Active Directory Sites and Services.
2. In the console tree, expand Sites, and then click the site in which you want to enable
Universal Group Membership Caching.
3. In the details pane, right-click the NTDS Site Settings object, and then click Properties.
4. Under Universal Group Membership Caching, select Enable Universal Group Membership
Caching.
5. In the Refresh cache from list, click the site that you want the domain controller to contact
when the Universal Group membership cache must be updated, and then click OK.