Professional Documents
Culture Documents
Planning Domain
Controller Capacity
Planning domain controller capacity helps you determine the appropriate number of domain controllers to place
in each domain that is represented in a site. Capacity planning also assists you in estimating the hardware
requirements for each domain controller so that you can minimize cost and maintain an effective service level
for your users.
In This Chapter
Overview of Planning Domain Controller Capacity..............................................186
Collecting Site Topology Design Information.......................................................190
Determining the Number of Domain Controllers.................................................192
Assessing Disk Space and Memory Requirements........................................... ....195
Monitoring Domain Controller Performance....................................................... ..202
Additional Resources.............................................................................. .............204
Related Information
• For more information about planning sites and site topology, see “Designing the Site Topology”
in this book.
• For more information about designing the Active Directory® directory service forest and
domain structure, see “Designing the Active Directory Logical Structure” in this book.
• For more information about Active Directory data storage and directory partitions, see the
Directory Services Guide of the Microsoft® Windows® Server 2003 Resource Kit (or see the
Directory Services Guide at http://www.microsoft.com/reskit).
186 Chapter 4 Planning Domain Controller Capacity
Note
For a list of the job aids that are available to assist you in planning
domain controller capacity, see “Additional Resources” later in this
chapter.
Application directory The impact varies based on the use of data that is
partition hosting contained in the application directory partition.
Global catalog If this domain controller functions as a global
operations catalog server, performance varies according to the
• Universal group type of programs that are used. Programs that use
membership lookups global catalog searches extensively, such as
Exchange 2000, have a high impact on performance.
• Forestwide searches
(continued)
Overview of Planning Domain Controller Capacity 189
Table 4.1 Effect of Operations and Services on Domain Controller Performance (continued)
Operation/Services Variables Affecting Performance
Other operations The impact varies based on the number of users
• File and print who are using the domain controller as a file and
print server.
Network Services The impact varies based on the number of services
• DNS that are performed by the domain controller. For
example, hosting multiple services, such as DNS,
• WINS
WINS, and DHCP, typically has a high impact on
• DHCP performance. Hosting a single service, such as DNS,
• Internet Protocol typically has a low impact on performance. For
security (IPSec) IPSec, the impact on performance varies according
to the number of connections.
Users logging on The impact varies based on the number of users.
• User authentication
• Authorization for
resource access
requests
Look-up operations The impact varies based on the type of searches and
• Lightweight Directory the number of searches that the program performs.
Access Protocol
(LDAP) searches
Infrastructure operations The validation of links to moved objects typically
master has a low impact on performance.
RID pool operations RID pool distribution typically has a low impact on
master performance.
Schema operations Modification to the schema typically has low impact
master on performance.
Domain naming The addition or deletion of domains typically has low
operations master impact on performance.
190 Chapter 4 Planning Domain Controller Capacity
During the site topology design process, the Active Directory design team records site topology design
information in worksheets. Use these worksheets to determine the number of domain controllers that are
required in each domain that is represented in each site, and the hardware that is required for each of these
domain controllers to support client requests and service operations in each domain.
Use the “Associating Subnets with Sites” worksheet to determine the name of each site in the forest, and then
review the “Domain Controller Placement” worksheet to determine the locations that require domain
controllers. To review examples of these worksheets, see “Designing the Site Topology” in this book.
Overview of Planning Domain Controller Capacity 191
Note
Although one domain controller per domain might be sufficient to
handle the workload that is related to Active Directory, you must always
have a minimum of two domain controllers per domain for fault
tolerance and disaster recovery.
To prevent single disk failures, many organizations use a redundant array of independent disks (RAID). For
domain controllers that are accessed by fewer than 1,000 users, all four components generally can be located on
a single RAID 1 array. For domain controllers that are accessed by more than 1,000 users, place the log files on
one RAID array and keep the SYSVOL shared folder and the database together on a separate RAID array, as
specified in Table 4.3.
Table 4.3 RAID System Requirements
Component Operations Performed RAID System
Operating system files Read and write operations RAID 1
Active Directory log files Mostly write operations RAID 1
Active Directory database Mostly read operations RAID 1 or RAID 0+1
and SYSVOL shared folder
Note
If cost is a factor in planning for disk space, you can place the
operating system and Active Directory database on one RAID array
(such as RAID 0+1) and the Active Directory log files on another RAID
array (such as RAID 1). However, it is recommended that you store the
Active Directory database and the SYSVOL shared folder on the same
drive.
Use the formula in Figure 4.6 to determine the disk space requirements for a global catalog server.
Figure 4.6 Disk Space Requirements for a Global Catalog Server
Table 4.4 shows the storage requirements for a domain controller and a global catalog server for a forest that
contains two domains with 10,000 users (domain A) and 5,000 (domain B) users, respectively.
Table 4.4 Storage Requirements for the Active Directory Database
Active Directory
Number of Users
Domain Controller Database
per Domain
Storage Requirements
10,000 Domain controller (domain A) 4 GB
5,000 Domain controller (domain B) 2 GB
10,000 Global catalog server (domain 4 + 2/2 = 5 GB
A)
5,000 Global catalog server (domain 2 + 4/2 = 4 GB
B)
After you determine the minimum memory requirements for each domain controller, consider using the /3GB
switch to allow the Lsass process (the process in which Active Directory runs) to cache a larger number of
directory objects.
Lsass memory usage on domain controllers has two components:
• Data structures, which are like other processes and consist of threads, heaps, and stacks.
• Database buffer cache, which consists of database pages and index pages for the directory.
In Windows 2000, the memory that can be used by the database buffer cache without adding the /3GB switch to
the Boot.ini file is .5 GB. With the /3GB switch in place, the database buffer cache is still limited to 1 GB.
200 Chapter 4 Planning Domain Controller Capacity
In Windows Server 2003, there is no limit to how large the database buffer cache can grow. However, with the
/3GB switch in place on a 32-bit computer, virtual address space is limited to 4 GB, with 3 GB allocated for user
mode processes and 1 GB for kernel mode processes. Therefore, on a 32-bit computer, the database buffer cache
never grows greater than 3 GB with the /3GB switch in place, and it does not grow that large because of the
memory that is used by other processes. For information about modifying the Boot.ini file, see “Bootcfg” in
Help and Support Center for Windows Server 2003.
Note
The /3GB switch can be added to domain controllers that are running
Windows Server 2003, Standard Edition; Windows Server 2003,
Enterprise Edition; and Windows Server 2003, Datacenter Edition. Do
not add the /3GB switch to the Boot.ini file if you have less than 2 GB
of physical memory.
Use a hardware assessment worksheet to record the required memory allocation for each domain controller. For
an example of a completed hardware assessment worksheet, see “Example: Assessing Disk Space and Memory
Requirements” later in this chapter. For a worksheet to assist you in assessing hardware requirements, see
“Hardware Assessment” (DSSDCC_2.doc) on the Windows Server 2003 Deployment Kit companion CD (or see
“Hardware Assessment” on the Web at http://www.microsoft.com/reskit).
As a distributed service, Active Directory depends on many interdependent services that are
distributed across many devices and in many remote locations. As you increase the size of your
network to take advantage of the scalability of Active Directory, monitoring becomes more
important.
Overview of Planning Domain Controller Capacity 203
Additional Resources
These resources contain additional information and tools related to this chapter.
Related Information
• “Designing the Site Topology” in this book.
• The Directory Services Guide of the Windows Server 2003 Resource Kit (or see the Directory
Services Guide on the Web at http://www.microsoft.com/reskit) for information about Active
Directory replication and data storage.
• The Active Directory Branch Office Planning Guide link on the Web Resources page at
http://www.microsoft.com/windows/reskits/webresources.
Related Job Aids
• “Domain Controller Design Information” (DSSDCC_1.doc) on the Windows Server 2003
Deployment Kit companion CD (or see “Domain Controller Design Information” on the Web at
http://www.microsoft.com/reskit).
• “Hardware Assessment” (DSSDCC_2.doc) on the Windows Server 2003 Deployment Kit
companion CD (or see “Hardware Assessment” on the Web at
http://www.microsoft.com/reskit).
Related Help Topics
For best results in identifying Help topics by title, in Help and Support Center, under the Search box, click Set
search options. Under Help Topics, select the Search in title only checkbox.
• “Bootcfg” in Help and Support Center for Windows Server 2003.
• “Using System Monitor” in Help and Support Center for Windows Server 2003.