The ITAUD_GUIDSCACHE_MAX_COUNT variable is the maximum number of GUIDs to be concurrently stored in the SID/GUID cache on each InTrust agent.
The default value of ITAUD_GUIDSCACHE_MAX_COUNT is 100000. The maximum value is 2147483647.
The ITAUD_GUIDSCACHE_MAX_TTL variable is the time, in seconds, after which a specific cached SID/GUID will be removed from cache.
The default value of ITAUD_GUIDSCACHE_MAX_TTL is 7200 seconds. (120 minutes or 2 hours). The maximum value is 2147483647.
For the parameters ITAUD_GUIDSCACHE_MAX_COUNT and ITAUD_GUIDSCACHE_MAX_TTL, if the values are set too small, the SIDs and GUIDs that have been resolved once will be removed from the cache much earlier, and InTrust will have to query a DC again when it finds those SIDs/GUIDs in a new event record. In theory, this may degrade the performance of gathering/monitoring, but this maybe be noticeable only if you have InTrust configured to process an exceptionally large amount of events with SIDs and GUIDs in them. The degradation in performance of gathering and/or monitoring is most likely to happen with event logs like InTrust for AD, but may also apply to the Security logs on a busy DC with all or many audit options enabled.
If the values are set too high, InTrust will use more memory. But, keep in mind that the cache dynamically takes only as much memory as it currently needs, and releases the memory as the expired resolved SIDs/GUIDs are cleaned up form it.
This solution only applies if the fix fromhttps://support.quest.com/SUPPORT/index?page=solution&id=SOL23993
has been applied.