Partial Attribute Set
-----Original Message-----
From: Roger Seielstad
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003
2:50 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] AD
synchronization
--------------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis Inc.
-----Original
Message-----
From: Fugleberg, David A
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003
1:48 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD
synchronization
I like Roger's
description of the GC in a single domain as 'single-instance storage'.
That's a good way to think of it. One question that hasn't been
completely addressed (although maybe implied) is what happens to replication if
an attribute is added to the PAS in a single-domain environment. My guess
would be that since all DCs contain the entire directory already, the only
additional replication would be the fact that the attribute should be part
of the PAS and therefore available via a GC query. I would hope it would
not cause a full replication of the PAS, since all the attributes are already
there. True ?
-----Original
Message-----
From: Marc Zukerman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003
12:14 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD
synchronization
Got it, thanks. Hey Don, has this
discussion helped at all???
Greenwich Technology Partners
----- Original Message -----
Sent: Wednesday,
March 26, 2003 12:31 PM
Subject: RE:
[ActiveDir] AD synchronization
Because
the Global Catalog data is already present in the .DIT file for the domain for
which the server is a DC. Its in effect single instance storage - its not going
to duplicate the data that's already there.
--------------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis Inc.
-----Original
Message-----
From: Marc Zukerman
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003
11:36 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD
synchronization
OK, that makes sense and is
consistent with everything else. That actually goes back to another conversation
a few weeks ago when someone was asking about the true advantages/disadvantages
of a dedicated forest root vs. single domain. The single domain would have a
smaller GC (only one to manage).
One thing it doesn't answer is why
the size of the dit file doesn't change if a system is not a GC. In one case, a
system was temporarily made a GC and then "demoted" again to just a
DC. However there are other DCs that were never GCs at any time. Every one of
them is approximately 250MB (within 2 MB in either direction depending on the
DC).
Greenwich Technology Partners
----- Original Message -----
Sent: Wednesday,
March 26, 2003 10:17 AM
Subject: RE:
[ActiveDir] AD synchronization
Since you are one domain
the sizes should be the same. The GC contains the partial attribute set from
all domains in the forest. Since you only have one domain you don't have
anything additional added. Also, yes the GC is a subset of all attributes for
the domains which the DC is not a member. So again, since you are a single
domain nothing is added. Also the NTDS.dit contains all naming contexts,
Domain, Configuration, Schema... so within the dit for the DC there will be
domain naming contexts for all domains in the forest. Other than the domain
which the DC is representing the DC only have partial information for all
objects in the other domains.
Even though only some of
the users are on Exchange 2000, the definition of the user objects come from
the schema which define exchange attributes. There are no values for the
attributes but the user objects have those attributes present (Speaking of mail
enabled users).
In a multiple domain
forest the GCs will be larger because they have all of their own info as well
as some info from all other domains...
Hth,
Kevin Sullivan
Sales Engineer
Aelita Software
-----Original Message-----
From: Marc Zukerman
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003
9:58 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD
synchronization
Now that's interesting Roger. I
never thought to check it, but at my current client, the ntds.dit file does NOT
change between GCs and DCs. For a directory of roughly 8500 objects we are at
250MB for all domain controllers, whether or not they are a DC. This
environment is a single domain with Exchange 2000 (although only a very small
subset of the users have Exchange - that's the project we're doing).
Also, I've always assumed that the
GC was smaller than the DC because it is merely a subset. A large one, but a
subset nonetheless.
Greenwich Technology Partners
----- Original Message -----
Sent: Wednesday,
March 26, 2003 7:30 AM
Subject: RE:
[ActiveDir] AD synchronization
That's
a tough one. Its going to depend on the number of domains and the number of
objects in each domain.
We're
using an empty root with a single 'production' domain below it, probably 2500
objects in the production domain.
Looking
at two root DCs, one which is and one which isn't a GC, the sizes of NTDS.DIT
are significantly different:
So,
roughly speaking, that's about 50MB for a GC replication of around 2500
objects. Of course, your mileage will vary quite a bit. So, in my case, a
full GC replication is going to be about 50MB to 12 servers, which my WAN can
handle without issue - most WAN's could probably handle that.
--------------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis Inc.
-----Original
Message-----
From: Don Murawski (Lenox)
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003
7:02 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] AD
synchronization
How
"big" is the GC synch compared to the full AD synch?
-----Original
Message-----
From: Marc Zukerman
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 2:29
PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD
synchronization
Yes. Any schema modification
requires a full directory synchronization. Since the schema is forest-wide,
this means it affects all whether there is a dedicated forest root or not. In addition,
the first Exchange 2000 system forces a global catalog full synchronization.
When I questioned the Microsoft developer at MEC '99 why it was necessary to
replicate the GC completely, I didn't get a satisfactory answer as to why. If
anyone out there can tell me, I'd love to know why. We all determined it would
be best to handle the forestprep and initial server installation off hours and
from the Schema FSMO for any environment that was sizeable.
Greenwich Technology Partners
----- Original Message -----
Sent: Tuesday,
March 25, 2003 2:09 PM
Subject: RE:
[ActiveDir] AD synchronization
Does
Forest prep cause a full synchronization?
We have
an empty root domain that contains the schema master.
-----Original
Message-----
From: Marc Zukerman
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003
12:22 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD
synchronization
Even so, I wouldn't chance it. If
you have any corruptions to the schema when it gets updated, it is much more
difficult to deal with that at 2:00pm on a Wednesday. I'd shoot for Friday
night to be safe.
Greenwich Technology Partners
----- Original Message -----
Sent: Tuesday, March
25, 2003 11:57 AM
Subject: RE:
[ActiveDir] AD synchronization
How big is the AD
implementation and how big are the pipes? I ran forest prep here in the middle
of that day with 30 DC's and 10,000 AD objects not a problem at all. 768 CIR lines
between servers.
-- Kevinm WLKMMAS,
Exchange MVP
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Marc Zukerman
Sent: Tuesday, March 25, 2003 8:42
AM
To: [EMAIL PROTECTED]
If you have not run forestprep yet,
it will update the schema. This will force a full synchronication of the
directory and global catalog. This may be a concern.
Greenwich Technology Partners
----- Original Message -----
Sent: Tuesday,
March 25, 2003 10:42 AM
Subject: [ActiveDir]
AD synchronization
We are bring up one E2k server
this weekend, the exchange group is concerned the AD
synchronization will impact Active Directory to a point that service is
crippled.
What are the
major impacts?
Don L. Murawski
Sr. Network Administrator
![]()
WorldTravel BTI
Phone: (404) 923-9468
Fax: (404) 949-6710
Cell: (678) 549-1264
� |
