|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
ReplicationI have seen in a document from Microsoft saying that a single domain will
increase replication vs. multiple domains. However, it then states that there is a point where having too many multiple domains will cause more replication than a single domain. Does anyone know what this limit is? My specific environment has 22 domains, each with an average of 1,500 objects. -- Tim I don't know of this document but 1,500 objects is exteemely small. Having
22 domains is very big for the object count. The amount of replication traffic happening can't be that significant. I would look at finding ways to simplfy the number of domains you have, this sounds like an admin nightmare. Hopefully it is only one forest. -- Show quoteHide quotePaul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Tim Chin" <noemail> wrote in message news:uOsAdMXLGHA.2696@TK2MSFTNGP14.phx.gbl... >I have seen in a document from Microsoft saying that a single domain will >increase replication vs. multiple domains. However, it then states that >there is a point where having too many multiple domains will cause more >replication than a single domain. Does anyone know what this limit is? My >specific environment has 22 domains, each with an average of 1,500 objects. > > -- > Tim > >I don't know of this document but 1,500 objects is exteemely small. Having It is a single forest and it is a nightmare! Below is the text from the >22 domains is very big for the object count. The amount of replication >traffic happening can't be that significant. I would look at finding ways >to simplfy the number of domains you have, this sounds like an admin >nightmare. Hopefully it is only one forest. document titled 'Enterprise Design for Active Directory': The addition of domains increases the amount of information that must be maintained, which adds to the global catalog traffic. If there are enough domains present in the forest, this traffic could be greater than the replication traffic generated by a single domain. I wonder how many 'enough domains' is... -- Tim Tim,
Real quickly on Replication in Active Directory. There are three Naming Contexts, or partitions, that replicate. The Schema NC The Configuration NC The Domain NC The first two will replicate to each and every Domain Controller in the entire Forest. The third one will replicate only to Domain Controllers in that specific Domain. So, in your case, a Domain Controller located in the 'New York' Domain will indeed replicate the Schema NC and the Configuration NC with a Domain Controller in the 'Los Angeles' Domain; but, it will not replicate the Domain NC with that Domain Controller. Also, there is Inter-Site replication and there is Intra-Site replication. The Intra-Site replication takes place between all Domain Controller that are located in that specific Site. Inter-Site replication takes place between one Domain Controller in SiteA (the BHS, or Bridgehead Server, for that Site) and one Domain Controller in SiteB (the BHS for that Site). Sites in this sense would be what you create in Active Directory Sites and Services. The Global Catalog Server is something that can only be run on Domain Controllers and is responsible for holding a Partial Attribute Set of all the 'objects' in the Forest. See if this link helps you: http://technet2.microsoft.com/WindowsServer/en/Library/24311c41-d2a1-4e72-a54f-150483fa885a1033.mspx Make sure, for example, that you do not have user account objects that are direct members of Universal Security or Distribution Groups. Remember, only the attribute for which a value was changed will replicate; not the entire object. And, for this to be a problem with the Global Catalog the attribute has to have the isMemmberofPartialAttributeSet value set to true. There has been a nice modification to this in WIN2003 over how it worked in WIN2000. You do not mention what the NOS is! -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "Tim Chin" <blank> wrote in message news:OAO9TWbLGHA.2064@TK2MSFTNGP09.phx.gbl... > >I don't know of this document but 1,500 objects is exteemely small. > >Having 22 domains is very big for the object count. The amount of > >replication traffic happening can't be that significant. I would look at > >finding ways to simplfy the number of domains you have, this sounds like > >an admin nightmare. Hopefully it is only one forest. > > It is a single forest and it is a nightmare! Below is the text from the > document titled 'Enterprise Design for Active Directory': > > The addition of domains increases the amount of information that must be > maintained, which adds to the global catalog traffic. If there are enough > domains present in the forest, this traffic could be greater than the > replication traffic generated by a single domain. > > I wonder how many 'enough domains' is... > -- > Tim > > See if this link helps you: Nice article - I guess that I'm confused though. You said that only the > http://technet2.microsoft.com/WindowsServer/en/Library/24311c41-d2a1-4e72-a54f-150483fa885a1033.mspx > > Make sure, for example, that you do not have user account objects that are > direct members of Universal Security or Distribution Groups. Remember, > only the attribute for which a value was changed will replicate; not the > entire object. And, for this to be a problem with the Global Catalog the > attribute has to have the isMemmberofPartialAttributeSet value set to > true. There has been a nice modification to this in WIN2003 over how it > worked in WIN2000. You do not mention what the NOS is! Schema and Configuration were replicated each and every other domain controller out there. What about the Domain piece? Isn't that replicated to the other GC's in the forest? See the statement from the article below: Because a domain controller that acts as a global catalog server stores objects for all domains in the forest, users and applications can use the global catalog to locate objects in any domain within a multidomain Active Directory forest without a referral to a different server. This was my understanding when I started this post. If I have 22 domains and each domain has (typically) 2 DC's at the site, one of which is a GC, and 1 DC at a central site. 22 Domains = 22 a minimum of 22 GC's, I guess I'm trying to ask - wouldn't this traffic be more than a single domain's replication traffic? All the domains are telling each other their information and that it would probably equal, or less, than the replication traffic we'd have on one large, single domain - Correct? -- Tim Tim,
This stuff is very confusing. It can take a good while before it sinks in (it sure isn't with me yet!). There are two things at play here: the Naming Contexts and the attributes of objects. As far as the Naming Contexts, or Partitions, are concerned this is not an attribute of an object that changes (like the givenName attribute of a user account object). These are big things that contain a lot of stuff. In order to help you please take a look at either ADSIEdit or ldp (both are part of the Support Tools) and look around. ADSIEdit might be a bit easier and help things click easier. You clearly see the three naming contexts: the Schema NC, or CN=Schema, CN=Configuration, DC=yourdomain, DC=com the Configuration NC, or CN=Configuration, DC=yourdomain, DC=com the Domain NC, or DC=yourdomain, DC=com Now, hold on to that for a second. Put it in the back of your head. The Global Catalog Server holds a partial set of attributes and their values. Please take a look at the following MSKB Articles: http://support.microsoft.com/kb/232517/EN-US/ http://support.microsoft.com/kb/230663/EN-US/ http://support.microsoft.com/kb/248717/EN-US/ I think that the first one (232517) should really clarify things for you. If not, you know where to reach us. And, do not be afraid to ask. Noone in here will think that you are stupid for asking. I would contend that you are stupid for not asking! ;-) If you have a question then the chances are really high that a whole lot of other people have the same question. -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "Tim Chin" <noemail> wrote in message news:O6XEidkLGHA.3732@TK2MSFTNGP10.phx.gbl... >> See if this link helps you: >> http://technet2.microsoft.com/WindowsServer/en/Library/24311c41-d2a1-4e72-a54f-150483fa885a1033.mspx >> >> Make sure, for example, that you do not have user account objects that >> are direct members of Universal Security or Distribution Groups. >> Remember, only the attribute for which a value was changed will >> replicate; not the entire object. And, for this to be a problem with the >> Global Catalog the attribute has to have the >> isMemmberofPartialAttributeSet value set to true. There has been a nice >> modification to this in WIN2003 over how it worked in WIN2000. You do not >> mention what the NOS is! > > Nice article - I guess that I'm confused though. You said that only the > Schema and Configuration were replicated each and every other domain > controller out there. What about the Domain piece? Isn't that replicated > to the other GC's in the forest? See the statement from the article > below: > > Because a domain controller that acts as a global catalog server stores > objects for all domains in the forest, users and applications can use the > global catalog to locate objects in any domain within a multidomain Active > Directory forest without a referral to a different server. > > This was my understanding when I started this post. If I have 22 domains > and each domain has (typically) 2 DC's at the site, one of which is a GC, > and 1 DC at a central site. 22 Domains = 22 a minimum of 22 GC's, I guess > I'm trying to ask - wouldn't this traffic be more than a single domain's > replication traffic? All the domains are telling each other their > information and that it would probably equal, or less, than the > replication traffic we'd have on one large, single domain - Correct? > > -- > Tim > > I think that the first one (232517) should really clarify things for you. Cary, thanks for replying - but, still my original question remains > If not, you know where to reach us. And, do not be afraid to ask. Noone > in here will think that you are stupid for asking. I would contend that > you are stupid for not asking! ;-) If you have a question then the > chances are really high that a whole lot of other people have the same > question. unanswered. I imagined it would be a site-specific answer based on number of objects, number of attributes per object, and so on and so forth - but, I was hoping for something ballpark. My organization is battling over the idea of a single domain vs. the many domains we currently have in place. The multiple domain proponents like to argue that there would be more replication in a single domain, however, I can't help but feel that there wouldn't be much more considering that we have so many domain controllers (52 now, 22 in a single domain). Also all of our numerous sites are located with 10 miles of each other over 5Mbps+ WAN links - I don't believe that this (extra?) replication traffic will even be an issue. -- Tim Nice details
-- Show quoteHide quotePaul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Cary Shultz" <cwshu***@mvps.org> wrote in message news:eml5TggLGHA.2416@TK2MSFTNGP15.phx.gbl... > Tim, > > Real quickly on Replication in Active Directory. > > There are three Naming Contexts, or partitions, that replicate. > The Schema NC > The Configuration NC > The Domain NC > > > The first two will replicate to each and every Domain Controller in the > entire Forest. The third one will replicate only to Domain Controllers in > that specific Domain. So, in your case, a Domain Controller located in > the 'New York' Domain will indeed replicate the Schema NC and the > Configuration NC with a Domain Controller in the 'Los Angeles' Domain; > but, it will not replicate the Domain NC with that Domain Controller. > > Also, there is Inter-Site replication and there is Intra-Site replication. > The Intra-Site replication takes place between all Domain Controller that > are located in that specific Site. Inter-Site replication takes place > between one Domain Controller in SiteA (the BHS, or Bridgehead Server, for > that Site) and one Domain Controller in SiteB (the BHS for that Site). > Sites in this sense would be what you create in Active Directory Sites and > Services. > > The Global Catalog Server is something that can only be run on Domain > Controllers and is responsible for holding a Partial Attribute Set of all > the 'objects' in the Forest. > > See if this link helps you: > http://technet2.microsoft.com/WindowsServer/en/Library/24311c41-d2a1-4e72-a54f-150483fa885a1033.mspx > > Make sure, for example, that you do not have user account objects that are > direct members of Universal Security or Distribution Groups. Remember, > only the attribute for which a value was changed will replicate; not the > entire object. And, for this to be a problem with the Global Catalog the > attribute has to have the isMemmberofPartialAttributeSet value set to > true. There has been a nice modification to this in WIN2003 over how it > worked in WIN2000. You do not mention what the NOS is! > > -- > Cary W. Shultz > Roanoke, VA 24012 > > "Tim Chin" <blank> wrote in message > news:OAO9TWbLGHA.2064@TK2MSFTNGP09.phx.gbl... >> >I don't know of this document but 1,500 objects is exteemely small. >> >Having 22 domains is very big for the object count. The amount of >> >replication traffic happening can't be that significant. I would look >> >at finding ways to simplfy the number of domains you have, this sounds >> >like an admin nightmare. Hopefully it is only one forest. >> >> It is a single forest and it is a nightmare! Below is the text from the >> document titled 'Enterprise Design for Active Directory': >> >> The addition of domains increases the amount of information that must be >> maintained, which adds to the global catalog traffic. If there are >> enough domains present in the forest, this traffic could be greater than >> the replication traffic generated by a single domain. >> >> I wonder how many 'enough domains' is... >> -- >> Tim >> > > 
Other interesting topics
ADAM - Domain Service Account V.S. Network Service
User Login Time on windows 2000 profesional on Domain AD Disaster Recovery mapped drives at logon Number of users per container (OU) in ADAM / AD Fresh Install of ADAM SP1 - Can't install without doing an upgrade Problems locating PDC on win2k3 server Push domain account into Local computer user group? Clients get automatically locked How to make sub Domain Admin wit h some restriction |
|||||||||||||||||||||||
