Thanks for the comments. You're absolutely correct that we're looking for the user impact - knowing the "busyness" of the DC is just part of the equation. I'm also looking at the number/type of workstations, usage patterns, etc.
I intend to track the metrics I mentioned on all DCs (not just the remote DCs) using BMC Patrol. That will give me a basis of comparison and a better feel for how busy the central site DCs are. If I have to add capacity at the central site, so be it. As far as site coverage goes, we have a hub/spoke topology, and 'spoke' DCs are configured to NOT register domain-wide SRV records, so clients will only find DCs at the hub site. Each spoke site has one site link (to the hub site), and site link transitivity is turned off. Shouldn't that ensure that my DC-less sites are properly covered ? Finally, we're already on the upgrade path to W2K03 - we've added a few 2K03 DCs to our 2K native-mode domain. The remaining DCs will be upgraded over the next several months. One thing I will need to address (thanks for the catch, Joe) is the fact that the DCs are also AD-integrated DNS servers, and the clients in those sites are pointed at them for DNS. I could always leave DNS out there sans the AD-integrated zones, or make it a secondary for those zones, but I don't think DNS over the WAN will be a big deal from these sites. I guess I could track how many requests those DNS servers are takling from clients while I'm at it... Thanks for the feedback guys ! Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eric Fleischman Sent: Thursday, May 27, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] NTDS perf counters Great question! And your approach is solid. I'd probably encourage you to take a slightly different direction in terms of coming to the answer. The answer isn't as much "how busy is this DC" so much as it probably is "what is the user impact if we remove this dc." That is, we want to know user impact vs. cost of removing DC, not so much what is the DC doing (although you do want to have some understanding of the latter for sure). That said, I usually take a two-pronged approach to such tasks: 1) Measure what this DC is doing a) How busy is it and what is it doing (understand what it does today) b) Do my DCs elsewhere have the excess capacity to service the requests they will see if this DC is removed 2) Measure user impact on removing DC a) If user requires DC/GC connectivity over the wan, is latency acceptable? b) Are centralized DCs performant enough to service additional requests while keeping user SLA under control? With that you can start to make some really solid conclusions. The largest complaint I've heard from end users in sites without a DC is from network performance. That is, I perform an action, and the response is slow as the network has an RTT of X ms and that is unacceptably slow. That's something I would personally get a handle on before I yank DCs out of the remote site. That could be ldap performance, authentication, name resolution, etc. In terms of specific counters, I think you have some solid metrics below. I would also encourage you to measure perf on the DCs that would pick up the load should the remove DCs in question (in AD speak, you'd say "the DCs that would cover this DC-less site"). That is equally important really. In terms of DC consolidation, 2003 is your friend. We generally made AD substantially faster and more scalable and you can truly do more with less. I hope you don't take this as a sales pitch, I really don't mean it as such. Rather, I'd just point out that if you have some DCs that are very busy and you want to get a bit more bang for your buck out of those same # of servers, the 2k03 upgrade might be helpful there. QP is faster, can service requests faster, caches better, etc. Feel free to come back with more questions, this is a discussion I'd really like to continue should you see value in doing so. I hope this has added some value in your thinking so far, so let's see where else I might be able to add some thoughts. :) ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A Sent: Thursday, May 27, 2004 12:23 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] NTDS perf counters We have some DCs in locations that probably no longer justify a local DC. I'm trying to do some quantitative analysis to see just how busy the DC is in those locations. I'd like to dcpromo some of them down if possible so the boxes can be used as member servers. The business want to install IIS on some of them for some training application, and I don't want IIS on my DCs. I figured I'd track some perfmon stats over time on each DC. Problem is, I don't fully understand what I should be looking for. These sites should be all Win2K workstations, but there may still be some NT4 workstations. The DC is the only server in these sites. I thought I'd look at the following: DS Directory Reads/sec DS Directory Searches/sec DS Directory Writes/sec KDC AS Requests KDC TGS Requests NTLM Authentications I purposely left out the DSA counters regarding replication, etc., as my purpose is basically to find out how heavily the DC is being used in that site. Any others I should consider ? Any pointers to good resources on this topic ? Most of what I find just gives a one-line description of the counters, without telling me what to look for. Dave Fugleberg List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
