An active directory system can generate a lot of user and group
name lookups. To reduce the network cost of these lookups, Winbind
uses a caching scheme based on the SAM sequence number supplied
by NT domain controllers. User or group information returned
by a PDC is cached by Winbind along with a sequence number also
returned by the PDC. This sequence number is incremented by
Windows NT whenever any user or group information is modified. If
a cached entry has expired, the sequence number is requested from
the PDC and compared against the sequence number of the cached entry.
If the sequence numbers do not match, then the cached information
is discarded and up-to-date information is requested directly
from the PDC.