I knew ~Eric would be all over this thread... The thing I would add would be is the DC also a DNS and/or WINS Server. If so, take those things into account for WAN traffic.
What you may want to do is force coverage of the site from the site you think will pick up the requests once this DC goes away and then do a one or two day test to see how it goes. Basically you will set up the coverage (multiple ways to do this, both via modifying registries and making your own DNS entries) and then shut down the DC so the other DC(s) take the coverage. You can't just shut off the DC as the site coverage won't automatically switch to the proper set of DCs, what will happen is any DC in the domain will be used. And with Murphy running around, it will always be the least wanted DC that does it. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, May 27, 2004 2:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] NTDS perf counters Great question! And your approach is solid. I'd probably encourage you to take a slightly different direction in terms of coming to the answer. The answer isn't as much "how busy is this DC" so much as it probably is "what is the user impact if we remove this dc." That is, we want to know user impact vs. cost of removing DC, not so much what is the DC doing (although you do want to have some understanding of the latter for sure). That said, I usually take a two-pronged approach to such tasks: 1) Measure what this DC is doing a) How busy is it and what is it doing (understand what it does today) b) Do my DCs elsewhere have the excess capacity to service the requests they will see if this DC is removed 2) Measure user impact on removing DC a) If user requires DC/GC connectivity over the wan, is latency acceptable? b) Are centralized DCs performant enough to service additional requests while keeping user SLA under control? With that you can start to make some really solid conclusions. The largest complaint I've heard from end users in sites without a DC is from network performance. That is, I perform an action, and the response is slow as the network has an RTT of X ms and that is unacceptably slow. That's something I would personally get a handle on before I yank DCs out of the remote site. That could be ldap performance, authentication, name resolution, etc. In terms of specific counters, I think you have some solid metrics below. I would also encourage you to measure perf on the DCs that would pick up the load should the remove DCs in question (in AD speak, you'd say "the DCs that would cover this DC-less site"). That is equally important really. In terms of DC consolidation, 2003 is your friend. We generally made AD substantially faster and more scalable and you can truly do more with less. I hope you don't take this as a sales pitch, I really don't mean it as such. Rather, I'd just point out that if you have some DCs that are very busy and you want to get a bit more bang for your buck out of those same # of servers, the 2k03 upgrade might be helpful there. QP is faster, can service requests faster, caches better, etc. Feel free to come back with more questions, this is a discussion I'd really like to continue should you see value in doing so. I hope this has added some value in your thinking so far, so let's see where else I might be able to add some thoughts. :) ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A Sent: Thursday, May 27, 2004 12:23 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] NTDS perf counters We have some DCs in locations that probably no longer justify a local DC. I'm trying to do some quantitative analysis to see just how busy the DC is in those locations. I'd like to dcpromo some of them down if possible so the boxes can be used as member servers. The business want to install IIS on some of them for some training application, and I don't want IIS on my DCs. I figured I'd track some perfmon stats over time on each DC. Problem is, I don't fully understand what I should be looking for. These sites should be all Win2K workstations, but there may still be some NT4 workstations. The DC is the only server in these sites. I thought I'd look at the following: DS Directory Reads/sec DS Directory Searches/sec DS Directory Writes/sec KDC AS Requests KDC TGS Requests NTLM Authentications I purposely left out the DSA counters regarding replication, etc., as my purpose is basically to find out how heavily the DC is being used in that site. Any others I should consider ? Any pointers to good resources on this topic ? Most of what I find just gives a one-line description of the counters, without telling me what to look for. Dave Fugleberg List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
