| Author | Messages | |
rmscheck
Posts:53
 | | 04/26/2008 9:44 AM |
| Hey folks,
I have a customer that is moving from 2000 to 2003 and they want to completely rebuild their domain controller config. They are approximately 5000 users, with somewhere from 7-10K devices on the domain. I am debating whether to build their domain controllers different from my typical setup . The typical build in my past 1-2K user orgs were a Dual proc server, 2GB RAM, with RAID1 system drive (C that houses also the SYSVOL and DIT (feel free to bash me if that is wrong). Select DCs would also run ADI DNS. With this particular size organization, should I be considering a different DC build? If so, what are some scenarios should I consider?
This is the largest build I have dealt with thus far and need some advice.
Thank you for your expertise!
R
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
| | | |
| bdesmond
Posts:347
| | 04/26/2008 5:43 PM |
| There's a few pretty lengthy threads on this in the archives, but, given the
limited information I'd be inclined to tell you to make it x64, with enough
memory to cache their entire DIT, and you'll be fine.
--brian
On Sat, Apr 26, 2008 at 9:40 AM, Rand Salazar <rmscheck@yahoo.com> wrote:
> Hey folks,
>
> I have a customer that is moving from 2000 to 2003 and they want to
> completely rebuild their domain controller config. They are approximately
> 5000 users, with somewhere from 7-10K devices on the domain. I am debating
> whether to build their domain controllers different from my typical setup .
> The typical build in my past 1-2K user orgs were a Dual proc server, 2GB
> RAM, with RAID1 system drive (C that houses also the SYSVOL and DIT (feel
> free to bash me if that is wrong). Select DCs would also run ADI DNS. With
> this particular size organization, should I be considering a different DC
> build? If so, what are some scenarios should I consider?
>
> This is the largest build I have dealt with thus far and need some
> advice.
>
> Thank you for your expertise!
> R
>
> ------------------------------
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
> now.<http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ>
>
>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| guyt1799190425
Posts:36
| | 04/26/2008 9:24 PM |
| I highly doubt that their DIT size will actually require 64bit OS to be
able to cache the DIT in RAM. I'd expect the DIT not exceed several
hundred megs, while x86 can load up to 1.5GB (or is it 1.7?) of DIT into
RAM.
I would still build the DCs with x64 OS, but the DIT size in this case
would probably not be the decision making factor.
Interestingly, MS suggest 0.4GB of free space for every 1K user
accounts, which looks like a huge overkill even if you have Exchange
deployed and are publishing certs in AD
(http://technet.microsoft.com/en-us/library/cc268214.aspx)
Guy
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Sunday, April 27, 2008 12:39 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller Build/Sizing
There's a few pretty lengthy threads on this in the archives, but, given
the limited information I'd be inclined to tell you to make it x64, with
enough memory to cache their entire DIT, and you'll be fine.
--brian
On Sat, Apr 26, 2008 at 9:40 AM, Rand Salazar <rmscheck@yahoo.com>
wrote:
Hey folks,
I have a customer that is moving from 2000 to 2003 and they want to
completely rebuild their domain controller config. They are
approximately 5000 users, with somewhere from 7-10K devices on the
domain. I am debating whether to build their domain controllers
different from my typical setup . The typical build in my past 1-2K
user orgs were a Dual proc server, 2GB RAM, with RAID1 system drive (C
that houses also the SYSVOL and DIT (feel free to bash me if th at is
wrong). Select DCs would also run ADI DNS. With this particular size
organization, should I be considering a different DC build? If so, what
are some scenarios should I consider?
This is the largest build I have dealt with thus far and need some
advice.
Thank you for your expertise!
R
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
it now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62
sR8HDtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| bdesmond
Posts:347
| | 04/26/2008 10:05 PM |
| Probably won't require x64 but the you're better off with it anyway.
--brian
On Sat, Apr 26, 2008 at 9:21 PM, Guy Teverovsky <guyt@smartx.co.il> wrote:
> I highly doubt that their DIT size will actually require 64bit OS to be
> able to cache the DIT in RAM. I'd expect the DIT not exceed several hundred
> megs, while x86 can load up to 1.5GB (or is it 1.7?) of DIT into RAM.
>
> I would still build the DCs with x64 OS, but the DIT size in this case
> would probably not be the decision making factor.
>
>
>
> Interestingly, MS suggest 0.4GB of free space for every 1K user accounts,
> which looks like a huge overkill even if you have Exchange deployed and are
> publishing certs in AD (
> http://technet.microsoft.com/en-us/library/cc268214.aspx)
>
>
>
> Guy
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> *Sent:* Sunday, April 27, 2008 12:39 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] Domain Controller Build/Sizing
>
>
>
> There's a few pretty lengthy threads on this in the archives, but, given
> the limited information I'd be inclined to tell you to make it x64, with
> enough memory to cache their entire DIT, and you'll be fine.
>
>
>
> --brian
>
> On Sat, Apr 26, 2008 at 9:40 AM, Rand Salazar <rmscheck@yahoo.com> wrote:
>
> Hey folks,
>
>
>
> I have a customer that is moving from 2000 to 2003 and they want to
> completely rebuild their domain controller config. They are approximately
> 5000 users, with somewhere from 7-10K devices on the domain. I am debating
> whether to build their domain controllers different from my typical setup .
> The typical build in my past 1-2K user orgs were a Dual proc server, 2GB
> RAM, with RAID1 system drive (C that houses also the SYSVOL and DIT (feel
> free to bash me if th at is wrong). Select DCs would also run ADI DNS.
> With this particular size organization, should I be considering a different
> DC build? If so, what are some scenarios should I consider?
>
>
>
> This is the largest build I have dealt with thus far and need some
> advice.
>
>
>
> Thank you for your expertise!
>
> R
> ------------------------------
>
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
> now.<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ>
>
>
>
>
> --
> Thanks,
> Brian Desmond
> brian@briandesmond.com
>
> c - 312.731.3132
>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| rmscheck
Posts:53
| | 04/26/2008 11:30 PM |
| Thanks! I appreciate the input!
We are definitely going x64. My problem is with the drive configuration. I will try to scour the archives, but welcome any newfound theories.
Yes, we do have Exchange, and host a fair bit of certs. Our DIT is about 670MB. What other sorts of info can I provide that will help garner some advice?
Brian Desmond <brian@briandesmond.com> wrote:
Probably won't require x64 but the you're better off with it anyway.
--brian
On Sat, Apr 26, 2008 at 9:21 PM, Guy Teverovsky <guyt@smartx.co.il> wrote:
I highly doubt that their DIT size will actually require 64bit OS to be able to cache the DIT in RAM. I'd expect the DIT not exceed several hundred megs, while x86 can load up to 1.5GB (or is it 1.7?) of DIT into RAM.
I would still build the DCs with x64 OS, but the DIT size in this case would probably not be the decision making factor.
Interestingly, MS suggest 0.4GB of free space for every 1K user accounts, which looks like a huge overkill even if you have Exchange deployed and are publishing certs in AD (http://technet.microsoft.com/en-us/library/cc268214.aspx)
Guy
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Sunday, April 27, 2008 12:39 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller Build/Sizing
There's a few pretty lengthy threads on this in the archives, but, given the limited information I'd be inclined to tell you to make it x64, with enough memory to cache their entire DIT, and you'll be fine.
--brian
On Sat, Apr 26, 2008 at 9:40 AM, Rand Salazar <rmscheck@yahoo.com> wrote:
Hey folks,
I have a customer that is moving from 2000 to 2003 and they want to completely rebuild their domain controller config. They are approximately 5000 users, with somewhere from 7-10K devices on the domain. I am debating whether to build their domain controllers different from my typical setup . The typical build in my past 1-2K user orgs were a Dual proc server, 2GB RAM, with RAID1 system drive (C that houses also the SYSVOL and DIT (feel free to bash me if th at is wrong). Select DCs would also run ADI DNS. With this particular size organization, should I be considering a different DC build? If so, what are some scenarios should I consider?
This is the largest build I have dealt with thus far and need some advice.
Thank you for your expertise!
R
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
| | | |
| bdesmond
Posts:347
| | 04/27/2008 12:06 AM |
| So up it to to 4GB, make sure you're running a 1 AD CPU per 8 Exchange CPU
ratio minimum plus capacity for logon/other app traffic.
--brian
On Sat, Apr 26, 2008 at 11:29 PM, Rand Salazar <rmscheck@yahoo.com> wrote:
> Thanks! I appreciate the input!
>
> We are definitely going x64. My problem is with the drive configuration.
> I will try to scour the archives, but welcome any newfound theories.
>
> Yes, we do have Exchange, and host a fair bit of certs. Our DIT is about
> 670MB. What other sorts of info can I provide that will help garner some
> advice?
>
>
>
> *Brian Desmond <brian@briandesmond.com>* wrote:
>
> Probably won't require x64 but the you're better off with it anyway.
>
> --brian
>
> On Sat, Apr 26, 2008 at 9:21 PM, Guy Teverovsky <guyt@smartx.co.il> wrote:
>
> > I highly doubt that their DIT size will actually require 64bit OS to be
> > able to cache the DIT in RAM. I'd expect the DIT not exceed several hundred
> > megs, while x86 can load up to 1.5GB (or is it 1.7?) of DIT into RAM.
> > I would still build the DCs with x64 OS, but the DIT size in this case
> > would probably not be the decision making factor.
> >
> > Interestingly, MS suggest 0.4GB of free space for every 1K user
> > accounts, which looks like a huge overkill even if you have Exchange
> > deployed and are publishing certs in AD (
> > http://technet.microsoft.com/en-us/library/cc268214.aspx)
> >
> > Guy
> >
> > *From:* ActiveDir-owner@mail.activedir.org [mailto:
> > ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> > *Sent:* Sunday, April 27, 2008 12:39 AM
> > *To:* ActiveDir@mail.activedir.org
> > *Subject:* Re: [ActiveDir] Domain Controller Build/Sizing
> >
> > There's a few pretty lengthy threads on this in the archives, but,
> > given the limited information I'd be inclined to tell you to make it x64,
> > with enough memory to cache their entire DIT, and you'll be fine.
> >
> > --brian
> > On Sat, Apr 26, 2008 at 9:40 AM, Rand Salazar <rmscheck@yahoo.com>
> > wrote:
> > Hey folks,
> >
> > I have a customer that is moving from 2000 to 2003 and they want to
> > completely rebuild their domain controller config. They are approximately
> > 5000 users, with somewhere from 7-10K devices on the domain. I am debating
> > whether to build their domain controllers different from my typical setup .
> > The typical build in my past 1-2K user orgs were a Dual proc server, 2GB
> > RAM, with RAID1 system drive (C that houses also the SYSVOL and DIT (feel
> > free to bash me if th at is wrong). Select DCs would also run ADI DNS.
> > With this particular size organization, should I be considering a different
> > DC build? If so, what are some scenarios should I consider?
> >
> > This is the largest build I have dealt with thus far and need some
> > advice.
> >
> > Thank you for your expertise!
> > R
> > ------------------------------
> > Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
> > it now.<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ>
> >
> >
> >
> > --
> > Thanks,
> > Brian Desmond
> > brian@briandesmond.com
> >
> > c - 312.731.3132
> >
>
>
>
> --
> Thanks,
> Brian Desmond
> brian@briandesmond.com
>
> c - 312.731.3132
>
>
> ------------------------------
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
> now.<http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ>
>
>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| listmail
Posts:428
| | 04/27/2008 12:31 PM |
| Windows Server 2003 should do 1.7-1.8GB normal and then up to 2-7-2.8GB with
/3GB. This assumes nothing else is on the machine causing memory pressure to
cause it to reduce the cache.
Don't build just with Windows Server 2003 in mind though, consider 2008 on
the horizon and more and more app usage stuffing data in there. Also
consider your current object recovery and disaster recovery mechanisms. If
you don't have say a good story for object recovery consider upping TSL and
marking more attributes to be maintained through the tombstone process.
For something so small RAID-1 is likely fine especially once the cache gets
populated. If you have large or many GPOs or doing any other file activity
on the machine in some regular busy way or are seeing high write queuing
from AD churn and it is slowing you down you may want to lok at RAID-0+1/10
which has better write perf for you. Bigger environments I say just go with
it anyway.
I'd bump RAM to 4GB.
Obviously one of the best measures is to look what is in place now and track
the perf and save all that info and look for what may be pinch points and
keep that in mind in the new design. Then after you build the new DCs look
at the perf again and compare and see what has changed.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Guy Teverovsky
Sent: Saturday, April 26, 2008 9:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller Build/Sizing
I highly doubt that their DIT size will actually require 64bit OS to be able
to cache the DIT in RAM. I'd expect the DIT not exceed several hundred megs,
while x86 can load up to 1.5GB (or is it 1.7?) of DIT into RAM.
I would still build the DCs with x64 OS, but the DIT size in this case would
probably not be the decision making factor.
Interestingly, MS suggest 0.4GB of free space for every 1K user accounts,
which looks like a huge overkill even if you have Exchange deployed and are
publishing certs in AD
(http://technet.microsoft.com/en-us/library/cc268214.aspx)
Guy
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Sunday, April 27, 2008 12:39 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller Build/Sizing
There's a few pretty lengthy threads on this in the archives, but, given the
limited information I'd be inclined to tell you to make it x64, with enough
memory to cache their entire DIT, and you'll be fine.
--brian
On Sat, Apr 26, 2008 at 9:40 AM, Rand Salazar <rmscheck@yahoo.com> wrote:
Hey folks,
I have a customer that is moving from 2000 to 2003 and they want to
completely rebuild their domain controller config. They are approximately
5000 users, with somewhere from 7-10K devices on the domain. I am debating
whether to build their domain controllers different from my typical setup .
The typical build in my past 1-2K user orgs were a Dual proc server, 2GB
RAM, with RAID1 system drive (C that houses also the SYSVOL and DIT (feel
free to bash me if th at is wrong). Select DCs would also run ADI DNS.
With this particular size organization, should I be considering a different
DC build? If so, what are some scenarios should I consider?
This is the largest build I have dealt with thus far and need some advice.
Thank you for your expertise!
R
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8H
DtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| rmscheck
Posts:53
| | 04/27/2008 4:08 PM |
| Awesome.. definitely great tips and advice. Thanks!
As far as DIT caching goes, just for pure knowledge, is this something you control via a registry tweak or setting or is it automagical?
joe <listmail@joeware.net> wrote: v\:* { BEHAVIOR: url(#default#VML) } o\:* { BEHAVIOR: url(#default#VML) } w\:* { BEHAVIOR: url(#default#VML) } .shape { BEHAVIOR: url(#default#VML) } @font-face { font-family: Calibri; } @font-face { font-family: Tahoma; } @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif" } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif" } A:link { COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99 } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99 } A:visited { COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99 } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99 } P { FONT-SIZE:
12pt; MARGIN-LEFT: 0in; MARGIN-RIGHT: 0in; FONT-FAMILY: "Times New Roman","serif"; mso-style-priority: 99; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto } SPAN.EmailStyle18 { COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-reply } .MsoChpDefault { mso-style-type: export-only } DIV.Section1 { page: Section1 } Windows Server 2003 should do 1.7-1.8GB normal and then up to 2-7-2.8GB with /3GB. This assumes nothing else is on the machine causing memory pressure to cause it to reduce the cache.
Don't build just with Windows Server 2003 in mind though, consider 2008 on the horizon and more and more app usage stuffing data in there. Also consider your current object recovery and disaster recovery mechanisms. If you don't have say a good story for object recovery consider upping TSL and marking more attributes to be maintained through the tombstone process.
For something so small RAID-1 is likely fine especially once the cache gets populated. If you have large or many GPOs or doing any other file activity on the machine in some regular busy way or are seeing high write queuing from AD churn and it is slowing you down you may want to lok at RAID-0+1/10 which has better write perf for you. Bigger environments I say just go with it anyway.
I'd bump RAM to 4GB.
Obviously one of the best measures is to look what is in place now and track the perf and save all that info and look for what may be pinch points and keep that in mind in the new design. Then after you build the new DCs look at the perf again and compare and see what has changed.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
---------------------------------
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Guy Teverovsky
Sent: Saturday, April 26, 2008 9:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller Build/Sizing
I highly doubt that their DIT size will actually require 64bit OS to be able to cache the DIT in RAM. Id expect the DIT not exceed several hundred megs, while x86 can load up to 1.5GB (or is it 1.7?) of DIT into RAM.
I would still build the DCs with x64 OS, but the DIT size in this case would probably not be the decision making factor.
Interestingly, MS suggest 0.4GB of free space for every 1K user accounts, which looks like a huge overkill even if you have Exchange deployed and are publishing certs in AD (http://technet.microsoft.com/en-us/library/cc268214.aspx)
Guy
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Sunday, April 27, 2008 12:39 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller Build/Sizing
There's a few pretty lengthy threads on this in the archives, but, given the limited information I'd be inclined to tell you to make it x64, with enough memory to cache their entire DIT, and you'll be fine.
--brian
On Sat, Apr 26, 2008 at 9:40 AM, Rand Salazar <rmscheck@yahoo.com> wrote:
Hey folks,
I have a customer that is moving from 2000 to 2003 and they want to completely rebuild their domain controller config. They are approximately 5000 users, with somewhere from 7-10K devices on the domain. I am debating whether to build their domain controllers different from my typical setup . The typical build in my past 1-2K user orgs were a Dual proc server, 2GB RAM, with RAID1 system drive (C that houses also the SYSVOL and DIT (feel free to bash me if th at is wrong). Select DCs would also run ADI DNS. With this particular size organization, should I be considering a different DC build? If so, what are some scenarios should I consider?
This is the largest build I have dealt with thus far and need some advice.
Thank you for your expertise!
R
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
| | | |
| listmail
Posts:428
| | 04/27/2008 4:13 PM |
| The caching is completely handled internally, the only control you have over
it is specifying /3GB to take a GB from the OS and give to application stuff
(like AD). This is generally absolutely fine on Domain Controllers but it
can depend on what else you have running on the machines (which really
should be nothing - DCs have enough to do already and the security
implications of other apps is usually too high to ignore). We won't discuss
SBS server. ;o)
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Sunday, April 27, 2008 4:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller Build/Sizing
Awesome.. definitely great tips and advice. Thanks!
As far as DIT caching goes, just for pure knowledge, is this something you
control via a registry tweak or setting or is it automagical?
joe <listmail@joeware.net> wrote:
Windows Server 2003 should do 1.7-1.8GB normal and then up to 2-7-2.8GB with
/3GB. This assumes nothing else is on the machine causing memory pressure to
cause it to reduce the cache.
Don't build just with Windows Server 2003 in mind though, consider 2008 on
the horizon and more and more app usage stuffing data in there. Also
consider your current object recovery and disaster recovery mechanisms. If
you don't have say a good story for object recovery consider upping TSL and
marking more attributes to be maintained through the tombstone process.
For something so small RAID-1 is likely fine especially once the cache gets
populated. If you have large or many GPOs or doing any other file activity
on the machine in some regular busy way or are seeing high write queuing
from AD churn and it is slowing you down you may want to lok at RAID-0+1/10
which has better write perf for you. Bigger environments I say just go with
it anyway.
I'd bump RAM to 4GB.
Obviously one of the best measures is to look what is in place now and track
the perf and save all that info and look for what may be pinch points and
keep that in mind in the new design. Then after you build the new DCs look
at the perf again and compare and see what has changed.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Guy Teverovsky
Sent: Saturday, April 26, 2008 9:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller Build/Sizing
I highly doubt that their DIT size will actually require 64bit OS to be able
to cache the DIT in RAM. I'd expect the DIT not exceed several hundred megs,
while x86 can load up to 1.5GB (or is it 1.7?) of DIT into RAM.
I would still build the DCs with x64 OS, but the DIT size in this case would
probably not be the decision making factor.
Interestingly, MS suggest 0.4GB of free space for every 1K user accounts,
which looks like a huge overkill even if you have Exchange deployed and are
publishing certs in AD
(http://technet.microsoft.com/en-us/library/cc268214.aspx)
Guy
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Sunday, April 27, 2008 12:39 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller Build/Sizing
There's a few pretty lengthy threads on this in the archives, but, given the
limited information I'd be inclined to tell you to make it x64, with enough
memory to cache their entire DIT, and you'll be fine.
--brian
On Sat, Apr 26, 2008 at 9:40 AM, Rand Salazar <rmscheck@yahoo.com> wrote:
Hey folks,
I have a customer that is moving from 2000 to 2003 and they want to
completely rebuild their domain controller config. They are approximately
5000 users, with somewhere from 7-10K devices on the domain. I am debating
whether to build their domain controllers different from my typical setup .
The typical build in my past 1-2K user orgs were a Dual proc server, 2GB
RAM, with RAID1 system drive (C that houses also the SYSVOL and DIT (feel
free to bash me if th at is wrong). Select DCs would also run ADI DNS.
With this particular size organization, should I be considering a different
DC build? If so, what are some scenarios should I consider?
This is the largest build I have dealt with thus far and need some advice.
Thank you for your expertise!
R
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8H
DtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
_____
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
<http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8
HDtDypao8Wcj9tAcJ> it now.
| | | |
| mbarker
Posts:11
| | 04/27/2008 7:15 PM |
| No action required. Assuming you have enough memory the DC will cache
all the reads, and theoretically you'd have the entire DIT in RAM after
a period of time. The OS would then only go to disk for write operations
(logon events/changes etc). One of the many reasons x64 Windows rocks.
As far as I'm concerned I'm only installing 32 bit Windows for legacy
support only. Unfortunately I still see a lot of stuff "not supported"
on x64.
It's also good to note that on x64 Standard Edition doesn't have the 4GB
hard limit anymore, so no more Enterprise Edition for those machines
needing 6-8 Gig of RAM.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Sunday, April 27, 2008 4:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller Build/Sizing
Awesome.. definitely great tips and advice. Thanks!
As far as DIT caching goes, just for pure knowledge, is this something
you control via a registry tweak or setting or is it automagical?
joe <listmail@joeware.net> wrote:
Windows Server 2003 should do 1.7-1.8GB normal and then up to 2-7-2.8GB
with /3GB. This assumes nothing else is on the machine causing memory
pressure to cause it to reduce the cache.
Don't build just with Windows Server 2003 in mind though, consider 2008
on the horizon and more and more app usage stuffing data in there. Also
consider your current object recovery and disaster recovery mechanisms.
If you don't have say a good story for object recovery consider upping
TSL and marking more attributes to be maintained through the tombstone
process.
For something so small RAID-1 is likely fine especially once the cache
gets populated. If you have large or many GPOs or doing any other file
activity on the machine in some regular busy way or are seeing high
write queuing from AD churn and it is slowing you down you may want to
lok at RAID-0+1/10 which has better write perf for you. Bigger
environments I say just go with it anyway.
I'd bump RAM to 4GB.
Obviously one of the best measures is to look what is in place now and
track the perf and save all that info and look for what may be pinch
points and keep that in mind in the new design. Then after you build the
new DCs look at the perf again and compare and see what has changed.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Guy Teverovsky
Sent: Saturday, April 26, 2008 9:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller Build/Sizing
I highly doubt that their DIT size will actually require 64bit OS to be
able to cache the DIT in RAM. I'd expect the DIT not exceed several
hundred megs, while x86 can load up to 1.5GB (or is it 1.7?) of DIT into
RAM.
I would still build the DCs with x64 OS, but the DIT size in this case
would probably not be the decision making factor.
Interestingly, MS suggest 0.4GB of free space for every 1K user
accounts, which looks like a huge overkill even if you have Exchange
deployed and are publishing certs in AD
(http://technet.microsoft.com/en-us/library/cc268214.aspx)
Guy
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Sunday, April 27, 2008 12:39 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller Build/Sizing
There's a few pretty lengthy threads on this in the archives, but, given
the limited information I'd be inclined to tell you to make it x64, with
enough memory to cache their entire DIT, and you'll be fine.
--brian
On Sat, Apr 26, 2008 at 9:40 AM, Rand Salazar <rmscheck@yahoo.com>
wrote:
Hey folks,
I have a customer that is moving from 2000 to 2003 and they want to
completely rebuild their domain controller config. They are
approximately 5000 users, with somewhere from 7-10K devices on the
domain. I am debating whether to build their domain controllers
different from my typical setup . The typical build in my past 1-2K
user orgs were a Dual proc server, 2GB RAM, with RAID1 system drive (C
that houses also the SYSVOL and DIT (feel free to bash me if th at is
wrong). Select DCs would also run ADI DNS. With this particular size
organization, should I be considering a different DC build? If so, what
are some scenarios should I consider?
This is the largest build I have dealt with thus far and need some
advice.
Thank you for your expertise!
R
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
it now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62
sR8HDtDypao8Wcj9tAcJ>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
it now.
<http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62
sR8HDtDypao8Wcj9tAcJ%20>
| | | |
|
|