Home
  •  

Group Cache Refresh has reached the user limit for this domain controller

Group_Cache_Refresh_has_reached_the_user_limit_for_this_domain_controller_5_Rule (Rule)

Knowledge Base article:

Summary

By default, No GC Logon limits the number of updates it can process in any single attempt to 500 objects. This helps to prevent excessive traffic in environments that have configuration problems with replication.

Sample Event:

The group membership cache refresh task has reached the maximum number of users for the local domain controller. Maximum number of users: %1

Resolutions

Consider increasing the maximum limit by changing the following registry value: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\

If you are receiving this message and you expect more than 500 users to be cached on this domain controller, use the registry key that is located in the alert message to increase this limit.

If you do not expect more than 500 users, manually identify which site the unexpected users belong to. With that information, you can determine why the Active Directory® directory service is associating those users with this site. Then, you can correct the configuration problem.

External

For more information, see:

Element properties:

TargetMicrosoft.Windows.Server.2008.AD.DomainControllerRole
CategoryEventCollection
EnabledTrue
Event_ID1669
Event SourceNTDS General
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Group Cache Refresh has reached the user limit for this domain controller
{0}
Event LogDirectory Service
CommentMom2005ID='{059962C9-FBDC-4D2D-BC80-32F91661BE34}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Group_Cache_Refresh_has_reached_the_user_limit_for_this_domain_controller_5_Rule" Comment="Mom2005ID='{059962C9-FBDC-4D2D-BC80-32F91661BE34}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2008Core!Microsoft.Windows.Server.2008.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Directory Service</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>1669</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>NTDS General</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="Group_Cache_Refresh_has_reached_the_user_limit_for_this_domain_controller_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>