Great question! And your approach is solid.
I'd probably encourage you to take a slightly different direction in
terms of coming to the answer. The answer isn't as much "how busy is
this DC" so much as it probably is "what is the user impact if we remove
this dc." That is, we want to know user impact vs. cost of removing DC,
not so much what is the DC doing (although you do want to have some
understanding of the latter for sure).
That said, I usually take a two-pronged approach to such tasks:
1) Measure what this DC is doing
a) How busy is it and what is it doing (understand what it does
today)
b) Do my DCs elsewhere have the excess capacity to service the
requests they will see if this DC is removed
2) Measure user impact on removing DC
a) If user requires DC/GC connectivity over the wan, is latency
acceptable?
b) Are centralized DCs performant enough to service additional
requests while keeping user SLA under control?
With that you can start to make some really solid conclusions.
The largest complaint I've heard from end users in sites without a DC is
from network performance. That is, I perform an action, and the response
is slow as the network has an RTT of X ms and that is unacceptably slow.
That's something I would personally get a handle on before I yank DCs
out of the remote site. That could be ldap performance, authentication,
name resolution, etc.
In terms of specific counters, I think you have some solid metrics
below. I would also encourage you to measure perf on the DCs that would
pick up the load should the remove DCs in question (in AD speak, you'd
say "the DCs that would cover this DC-less site"). That is equally
important really.
In terms of DC consolidation, 2003 is your friend. We generally made AD
substantially faster and more scalable and you can truly do more with
less. I hope you don't take this as a sales pitch, I really don't mean
it as such. Rather, I'd just point out that if you have some DCs that
are very busy and you want to get a bit more bang for your buck out of
those same # of servers, the 2k03 upgrade might be helpful there. QP is
faster, can service requests faster, caches better, etc.
Feel free to come back with more questions, this is a discussion I'd
really like to continue should you see value in doing so. I hope this
has added some value in your thinking so far, so let's see where else I
might be able to add some thoughts. :)
~Eric
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg,
David A
Sent: Thursday, May 27, 2004 12:23 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] NTDS perf counters
We have some DCs in locations that probably no longer justify a local
DC. I'm trying to do some quantitative analysis to see just how busy
the DC is in those locations. I'd like to dcpromo some of them down if
possible so the boxes can be used as member servers. The business want
to install IIS on some of them for some training application, and I
don't want IIS on my DCs.
I figured I'd track some perfmon stats over time on each DC. Problem
is, I don't fully understand what I should be looking for. These sites
should be all Win2K workstations, but there may still be some NT4
workstations. The DC is the only server in these sites.
I thought I'd look at the following:
DS Directory Reads/sec
DS Directory Searches/sec
DS Directory Writes/sec
KDC AS Requests
KDC TGS Requests
NTLM Authentications
I purposely left out the DSA counters regarding replication, etc., as my
purpose is basically to find out how heavily the DC is being used in
that site.
Any others I should consider ? Any pointers to good resources on this
topic ? Most of what I find just gives a one-line description of the
counters, without telling me what to look for.
Dave Fugleberg
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
