|
David
- yes, your conclusion two messages down is correct.
Cheers,
-
Stuart
[This posting is provided "AS IS"
with no warranties, and confers no rights.]
Partial Attribute
Set
-----Original
Message-----
From: Roger
Seielstad [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 2:50
PM
To:
'[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] AD
synchronization
--------------------------------------------------------------
Roger D. Seielstad -
MCSE
Sr. Systems
Administrator
Inovis
Inc.
-----Original
Message-----
From:
Fugleberg, David A [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 1:48
PM
To:
[EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD
synchronization
I like
Roger's description of the GC in a single domain as 'single-instance
storage'. That's a good way to think of it. One question that
hasn't been completely addressed (although maybe implied) is what happens to
replication if an attribute is added to the PAS in a single-domain
environment. My guess would be that since all DCs contain the entire
directory already, the only additional replication would be the fact
that the attribute should be part of the PAS and therefore available via a
GC query. I would hope it would not cause a full replication of the
PAS, since all the attributes are already there. True
?
-----Original
Message-----
From: Marc
Zukerman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 12:14
PM
To:
[EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD
synchronization
Got it, thanks.
Hey Don, has this discussion helped at all???
Greenwich
Technology Partners
----- Original
Message -----
Sent:
Wednesday, March 26, 2003 12:31 PM
Subject: RE:
[ActiveDir] AD synchronization
Because the
Global Catalog data is already present in the .DIT file for the domain
for which the server is a DC. Its in effect single instance storage -
its not going to duplicate the data that's already
there.
--------------------------------------------------------------
Roger D.
Seielstad - MCSE
Sr. Systems
Administrator
Inovis
Inc.
-----Original
Message-----
From:
Marc Zukerman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003
11:36 AM
To:
[EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD
synchronization
OK, that
makes sense and is consistent with everything else. That actually goes
back to another conversation a few weeks ago when someone was asking
about the true advantages/disadvantages of a dedicated forest root vs.
single domain. The single domain would have a smaller GC (only one to
manage).
One thing it
doesn't answer is why the size of the dit file doesn't change if a
system is not a GC. In one case, a system was temporarily made a GC
and then "demoted" again to just a DC. However there are other DCs
that were never GCs at any time. Every one of them is approximately
250MB (within 2 MB in either direction depending on the
DC).
Greenwich
Technology Partners
-----
Original Message -----
Sent:
Wednesday, March 26, 2003 10:17 AM
Subject:
RE: [ActiveDir] AD synchronization
Since you
are one domain the sizes should be the same. The GC contains the
partial attribute set from all domains in the forest. Since you only
have one domain you don't have anything additional added. Also, yes
the GC is a subset of all attributes for the domains which the DC is
not a member. So again, since you are a single domain nothing is
added. Also the NTDS.dit contains all naming contexts, Domain,
Configuration, Schema... so within the dit for the DC there will be
domain naming contexts for all domains in the forest. Other than the
domain which the DC is representing the DC only have partial
information for all objects in the other domains.
Even though
only some of the users are on Exchange 2000, the definition of the
user objects come from the schema which define exchange attributes.
There are no values for the attributes but the user objects have
those attributes present (Speaking of mail enabled users).
In a
multiple domain forest the GCs will be larger because they have all
of their own info as well as some info from all other
domains...
Hth,
Kevin
Sullivan
Sales
Engineer
Aelita
Software
-----Original
Message-----
From:
Marc Zukerman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003
9:58 AM
To:
[EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD
synchronization
Now that's
interesting Roger. I never thought to check it, but at my current
client, the ntds.dit file does NOT change between GCs and DCs. For a
directory of roughly 8500 objects we are at 250MB for all domain
controllers, whether or not they are a DC. This environment is a
single domain with Exchange 2000 (although only a very small subset
of the users have Exchange - that's the project we're
doing).
Also, I've
always assumed that the GC was smaller than the DC because it is
merely a subset. A large one, but a subset
nonetheless.
Greenwich
Technology Partners
-----
Original Message -----
Sent: Wednesday, March 26,
2003 7:30 AM
Subject: RE: [ActiveDir] AD
synchronization
That's a
tough one. Its going to depend on the number of domains and the
number of objects in each domain.
We're
using an empty root with a single 'production' domain below it,
probably 2500 objects in the production
domain.
Looking
at two root DCs, one which is and one which isn't a GC, the sizes
of NTDS.DIT are significantly different:
So,
roughly speaking, that's about 50MB for a GC replication of around
2500 objects. Of course, your mileage will vary quite a bit.
So, in my case, a full GC replication is going to be about 50MB to
12 servers, which my WAN can handle without issue - most WAN's
could probably handle that.
--------------------------------------------------------------
Roger D.
Seielstad - MCSE
Sr.
Systems Administrator
Inovis
Inc.
-----Original
Message-----
From: Don Murawski (Lenox)
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26,
2003 7:02 AM
To:
'[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] AD
synchronization
How
"big" is the GC synch compared to the full AD
synch?
-----Original
Message-----
From: Marc Zukerman
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 25,
2003 2:29 PM
To:
[EMAIL PROTECTED]
Subject: Re: [ActiveDir]
AD synchronization
Yes.
Any schema modification requires a full directory
synchronization. Since the schema is forest-wide, this means
it affects all whether there is a dedicated forest root or
not. In addition, the first Exchange 2000 system forces a
global catalog full synchronization. When I questioned the
Microsoft developer at MEC '99 why it was necessary to
replicate the GC completely, I didn't get a satisfactory
answer as to why. If anyone out there can tell me, I'd love to
know why. We all determined it would be best to handle the
forestprep and initial server installation off hours and from
the Schema FSMO for any environment that was
sizeable.
Greenwich
Technology Partners
----- Original
Message -----
Sent: Tuesday, March
25, 2003 2:09 PM
Subject: RE: [ActiveDir]
AD synchronization
Does
Forest prep cause a full
synchronization?
We
have an empty root domain that contains the schema
master.
-----Original
Message-----
From: Marc Zukerman
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March
25, 2003 12:22 PM
To: [EMAIL PROTECTED]
Subject: Re:
[ActiveDir] AD synchronization
Even so, I
wouldn't chance it. If you have any corruptions to the
schema when it gets updated, it is much more difficult to
deal with that at 2:00pm on a Wednesday. I'd shoot for
Friday night to be safe.
Greenwich
Technology Partners
-----
Original Message -----
Sent: Tuesday,
March 25, 2003 11:57 AM
Subject: RE:
[ActiveDir] AD synchronization
How
big is the AD implementation and how big are the pipes?
I ran forest prep here in the middle of that day with 30
DC's and 10,000 AD objects not a problem at all. 768 CIR
lines between servers.
--
Kevinm WLKMMAS, Exchange MVP
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marc
Zukerman
Sent: Tuesday,
March 25, 2003 8:42 AM
To:
[EMAIL PROTECTED]
If you have
not run forestprep yet, it will update the schema. This
will force a full synchronication of the directory and
global catalog. This may be a
concern.
Greenwich
Technology Partners
-----
Original Message -----
Sent: Tuesday,
March 25, 2003 10:42 AM
Subject:
[ActiveDir] AD synchronization
We are
bring up one E2k server this weekend, the
exchange group is concerned the AD synchronization
will impact Active Directory to a point that service
is crippled.
What are
the major impacts?
Don
L. Murawski
Sr.
Network Administrator
![]()
WorldTravel
BTI
Phone:
(404) 923-9468
Fax:
(404) 949-6710
Cell:
(678) 549-1264
� |
