"Steven L Chan" <StevenLC***@gmail.com> wrote in message
news:D269A42B-35FA-48F5-B703-056FBCB8444E@microsoft.com...
> Event ID 1669
> Source NTDS General
> Type Warning
> Description The group membership cache refresh task has reached the
> maximum number of users for the local domain controller.
>
> Maximum number of users: 500
>
> User Action
> Consider increasing the maximum limit by changing the following registry
> value:
>
> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ <Cached Membership
> Refresh Limit>.
>
>
>
> Hello All,
>
> Am I suppose to create this key, because I do not see this key under
> Parameters.
>
> Steven

> Event ID 1669
> Source NTDS General
> Type Warning
> Description The group membership cache refresh task has reached the
> maximum
> number of users for the local domain controller.
> Maximum number of users: 500
>
> User Action
> Consider increasing the maximum limit by changing the following
> registry
> value:
> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ <Cached
> Membership Refresh Limit>.
>
> Hello All,
>
> Am I suppose to create this key, because I do not see this key under
> Parameters.
>
> Steven
>

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb661d1c08cb7504c20274d4@msnews.microsoft.com...
> Hello Steven,
>
> I agree with Jorge about an additional Global catalog server in the site.
> You have to create the key yourself if it does not exist.
>
> DO NOT FORGET to backup the registry BEFORE in case something goes wrong.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Event ID 1669
>> Source NTDS General
>> Type Warning
>> Description The group membership cache refresh task has reached the
>> maximum
>> number of users for the local domain controller.
>> Maximum number of users: 500
>>
>> User Action
>> Consider increasing the maximum limit by changing the following
>> registry
>> value:
>> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ <Cached
>> Membership Refresh Limit>.
>>
>> Hello All,
>>
>> Am I suppose to create this key, because I do not see this key under
>> Parameters.
>>
>> Steven
>>
>
>

> I have 3 Domain Controller on site.
>
> This particular DC was a GC at one point, but I've read an article
> that the Primary should not have the GC role because it hinders
> performance.
>
> Quote
>
> Microsoft issues a word of caution regarding potential conflicts
> between the infrastructure master and the Global Catalog. In
> environments where more than one domain controller exists, the Global
> Catalog should not be hosted on a controller that also hosts the
> infrastructure master. Because the infrastructure master compares its
> data with the Global Catalog, there may be significant replication
> impacts, and full replication may fail. In particular, outdated
> information will not be seen. The exception to this rule about
> separating the Global Catalog and the infrastructure master is an
> environment where every domain controller retains a copy of the GC.
>
> UnQuote
>
> Hence, I've removed the GC from this DC.
>
> If this is untrue, I can re-enable the GC role.
>
> Steven
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb661d1c08cb7504c20274d4@msnews.microsoft.com...
>
>> Hello Steven,
>>
>> I agree with Jorge about an additional Global catalog server in the
>> site. You have to create the key yourself if it does not exist.
>>
>> DO NOT FORGET to backup the registry BEFORE in case something goes
>> wrong.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Event ID 1669
>>> Source NTDS General
>>> Type Warning
>>> Description The group membership cache refresh task has reached the
>>> maximum
>>> number of users for the local domain controller.
>>> Maximum number of users: 500
>>> User Action
>>> Consider increasing the maximum limit by changing the following
>>> registry
>>> value:
>>> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ <Cached
>>> Membership Refresh Limit>.
>>> Hello All,
>>>
>>> Am I suppose to create this key, because I do not see this key under
>>> Parameters.
>>>
>>> Steven
>>>

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb661d2148cb7527e928a704@msnews.microsoft.com...
> Hello Steven,
>
> In a single forest domain you can make any DC Global catalog, no problem.
> Also see here about FSMO GC placement:
> http://support.microsoft.com/kb/223346/en-us
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I have 3 Domain Controller on site.
>>
>> This particular DC was a GC at one point, but I've read an article
>> that the Primary should not have the GC role because it hinders
>> performance.
>>
>> Quote
>>
>> Microsoft issues a word of caution regarding potential conflicts
>> between the infrastructure master and the Global Catalog. In
>> environments where more than one domain controller exists, the Global
>> Catalog should not be hosted on a controller that also hosts the
>> infrastructure master. Because the infrastructure master compares its
>> data with the Global Catalog, there may be significant replication
>> impacts, and full replication may fail. In particular, outdated
>> information will not be seen. The exception to this rule about
>> separating the Global Catalog and the infrastructure master is an
>> environment where every domain controller retains a copy of the GC.
>>
>> UnQuote
>>
>> Hence, I've removed the GC from this DC.
>>
>> If this is untrue, I can re-enable the GC role.
>>
>> Steven
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb661d1c08cb7504c20274d4@msnews.microsoft.com...
>>
>>> Hello Steven,
>>>
>>> I agree with Jorge about an additional Global catalog server in the
>>> site. You have to create the key yourself if it does not exist.
>>>
>>> DO NOT FORGET to backup the registry BEFORE in case something goes
>>> wrong.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Event ID 1669
>>>> Source NTDS General
>>>> Type Warning
>>>> Description The group membership cache refresh task has reached the
>>>> maximum
>>>> number of users for the local domain controller.
>>>> Maximum number of users: 500
>>>> User Action
>>>> Consider increasing the maximum limit by changing the following
>>>> registry
>>>> value:
>>>> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ <Cached
>>>> Membership Refresh Limit>.
>>>> Hello All,
>>>>
>>>> Am I suppose to create this key, because I do not see this key under
>>>> Parameters.
>>>>
>>>> Steven
>>>>
>
>

"Steven L Chan" <StevenLC***@gmail.com> wrote in message
news:266E6D75-A1AE-4D82-872A-26D1395D181A@microsoft.com...
> Help me understand this, a global group cannot exceed 500 objects, does
> this also apply to local group?
>
> After reading that article, I have re-enabled the GC on the DC.
>
> Steven
>
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb661d2148cb7527e928a704@msnews.microsoft.com...
>> Hello Steven,
>>
>> In a single forest domain you can make any DC Global catalog, no problem.
>> Also see here about FSMO GC placement:
>> http://support.microsoft.com/kb/223346/en-us
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> I have 3 Domain Controller on site.
>>>
>>> This particular DC was a GC at one point, but I've read an article
>>> that the Primary should not have the GC role because it hinders
>>> performance.
>>>
>>> Quote
>>>
>>> Microsoft issues a word of caution regarding potential conflicts
>>> between the infrastructure master and the Global Catalog. In
>>> environments where more than one domain controller exists, the Global
>>> Catalog should not be hosted on a controller that also hosts the
>>> infrastructure master. Because the infrastructure master compares its
>>> data with the Global Catalog, there may be significant replication
>>> impacts, and full replication may fail. In particular, outdated
>>> information will not be seen. The exception to this rule about
>>> separating the Global Catalog and the infrastructure master is an
>>> environment where every domain controller retains a copy of the GC.
>>>
>>> UnQuote
>>>
>>> Hence, I've removed the GC from this DC.
>>>
>>> If this is untrue, I can re-enable the GC role.
>>>
>>> Steven
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news:ff16fb661d1c08cb7504c20274d4@msnews.microsoft.com...
>>>
>>>> Hello Steven,
>>>>
>>>> I agree with Jorge about an additional Global catalog server in the
>>>> site. You have to create the key yourself if it does not exist.
>>>>
>>>> DO NOT FORGET to backup the registry BEFORE in case something goes
>>>> wrong.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Event ID 1669
>>>>> Source NTDS General
>>>>> Type Warning
>>>>> Description The group membership cache refresh task has reached the
>>>>> maximum
>>>>> number of users for the local domain controller.
>>>>> Maximum number of users: 500
>>>>> User Action
>>>>> Consider increasing the maximum limit by changing the following
>>>>> registry
>>>>> value:
>>>>> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ <Cached
>>>>> Membership Refresh Limit>.
>>>>> Hello All,
>>>>>
>>>>> Am I suppose to create this key, because I do not see this key under
>>>>> Parameters.
>>>>>
>>>>> Steven
>>>>>
>>
>>
>

> I have 3 Domain Controller on site.
>
> This particular DC was a GC at one point, but I've read an article
> that the Primary should not have the GC role because it hinders
> performance.
> Quote
>
> Microsoft issues a word of caution regarding potential conflicts
> between the infrastructure master and the Global Catalog. In
> environments where more than one domain controller exists, the Global
> Catalog should not be hosted on a controller that also hosts the
> infrastructure master. Because the infrastructure master compares its
> data with the Global Catalog, there may be significant replication
> impacts, and full replication may fail. In particular, outdated
> information will not be seen. The exception to this rule about
> separating the Global Catalog and the infrastructure master is an
> environment where every domain controller retains a copy of the GC.
> UnQuote
>
> Hence, I've removed the GC from this DC.
>
> If this is untrue, I can re-enable the GC role.
>
> Steven
>

"Ace Fekay [Microsoft Certified Trainer]" <firstnamelastn***@hotmail.com>
wrote in message news:%23FZKUq1pJHA.5980@TK2MSFTNGP06.phx.gbl...
> In news:53ACBEBE-81F1-41B0-8705-4EEEEE97A04D@microsoft.com,
> Steven L Chan <StevenLC***@gmail.com>, posted the following:
>> I have 3 Domain Controller on site.
>>
>> This particular DC was a GC at one point, but I've read an article
>> that the Primary should not have the GC role because it hinders
>> performance.
>> Quote
>>
>> Microsoft issues a word of caution regarding potential conflicts
>> between the infrastructure master and the Global Catalog. In
>> environments where more than one domain controller exists, the Global
>> Catalog should not be hosted on a controller that also hosts the
>> infrastructure master. Because the infrastructure master compares its
>> data with the Global Catalog, there may be significant replication
>> impacts, and full replication may fail. In particular, outdated
>> information will not be seen. The exception to this rule about
>> separating the Global Catalog and the infrastructure master is an
>> environment where every domain controller retains a copy of the GC.
>> UnQuote
>>
>> Hence, I've removed the GC from this DC.
>>
>> If this is untrue, I can re-enable the GC role.
>>
>> Steven
>>
>
> As Meinolf mentioned, this only applies in a multi-domain forest. The
> reason in such as scenario with multi domains, is the IM role will pull
> data outside of it's domain in the forest, however if it is sitting on a
> GC, it will not perform it's function because the GC already has a copy of
> forest data, however it is only a subset of data, not all data, which the
> IM pulls. In your scenario with one domain, it is recommended to make all
> DCs GCs.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> ace***@mvps.RemoveThisPart.org
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>

"Ace Fekay [Microsoft Certified Trainer]" <firstnamelastn***@hotmail.com>
wrote in message news:OKCr$pJqJHA.324@TK2MSFTNGP04.phx.gbl...
> In news:034B5B76-EC5A-44FF-8591-144C825AD36E@microsoft.com,
> Jorge Silva <jorgesilva***@hotmail.com>, posted the following:
>> Apps and Universal groups caching, etc... ANYTHING that needs a GC
>> will query the DC with that role. So it's not ONLY a matter of
>> placing the GC in any available DC including the IM. By default all
>> apps and other mechanisms that need the GC will attempt to use it,
>> and if that GC is outside the local site over a WAN or even over a
>> slow WAN link, those apps and anything else (including the creation
>> of users, exchange, other apps, etc...) will overload that link to
>> try to get that DC/GC. SO MAKE ALL DCs=GCs.
>>
>
> Excellent addition!
>
> Thanks, Jorge!
>
> Ace
>
>

> I've stopped receiving the Event ID 1669 after I've promoted the DC to
> a GC and it also resolved my group membership issue.
>
> Thanks for all the help.
>
> Steven
>
> "Ace Fekay [Microsoft Certified Trainer]"
> <firstnamelastn***@hotmail.com> wrote in message
> news:OKCr$pJqJHA.324@TK2MSFTNGP04.phx.gbl...
>
>> In news:034B5B76-EC5A-44FF-8591-144C825AD36E@microsoft.com, Jorge
>> Silva <jorgesilva***@hotmail.com>, posted the following:
>>
>>> Apps and Universal groups caching, etc... ANYTHING that needs a GC
>>> will query the DC with that role. So it's not ONLY a matter of
>>> placing the GC in any available DC including the IM. By default all
>>> apps and other mechanisms that need the GC will attempt to use it,
>>> and if that GC is outside the local site over a WAN or even over a
>>> slow WAN link, those apps and anything else (including the creation
>>> of users, exchange, other apps, etc...) will overload that link to
>>> try to get that DC/GC. SO MAKE ALL DCs=GCs.
>>>
>> Excellent addition!
>>
>> Thanks, Jorge!
>>
>> Ace
>>