RE: [ActiveDir] Exchange Latency
Hi Dan. What’s the Exchange versions, Outlook versions and network connectivity between the sites? If you have Exchange 2003 and Outlook 2003 you can do some cool stuff with Exchange cached mode and RPC over HTTPS. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: 06 December 2004 19:06 To: [EMAIL PROTECTED] Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Cross Domain Groups
Title: [ActiveDir] Cross Domain Groups Why not take the group you created that has the domain admins group in it and put that group in the local admin group of the workstation. You can do this with a login script for an admin account on the NT40 machines. net localgroup administrators "your group" /ADD From: Brian Desmond [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Wednesday, December 01, 2004 9:13 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Cross Domain Groups I do this on all my machines with a group from a trusted domain. Check out the restricted groups feature in group policy. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 From: [EMAIL PROTECTED] on behalf of Steve Shaff Sent: Wed 12/1/2004 10:30 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Cross Domain Groups Group, Have you ever added a domain admins group from another forest into the built in administrators groups on your local workstation. We have our forest of nt40 and the parent company has a forest named abc. They both have a two way trust. I started this project by creating a universal group in the nt40 forest and placing the domain admins group from the abc forest into it. I then opened the local permissions on my box and placed the universal group that I created into the local group. It actually worked. Therefore, I know that you can cross global groups as long as you hide them in either a local or universal group (duh). However, I am trying to find a way to automate this process because all workstations in the network need the domain admins group from abc. I have been researching gpo's and haven't found a solution. Have you ran into this problem before? Ideas? Suggestions? Thanks, S List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] LDAP Capacity Planning
Title: [ActiveDir] Black Login Screen I have an interesting question that's come up recently... I have some customers who have recently seen some issues with their application and the default LDAP Query Policy limits. We've worked through that issue, but the customer is now wanting us to explain to them how we're going to monitor LDAP performance and capacity so that we see problems in the future before the customer encounters them. At the same time, the customer is asking us to give them the theoretical limits that we can set our LDAP Query Policies to without harming our Active Directory infrastructure. This will theoretically give them some sense of their boundaries (if they want to extend their application, and they know that there is a theoretical limit to the Query Policy, then they know that's as far as they can go without overloading AD). At this point, I am not finding much data on how I would go about this, so I thought I'd throw the question open and see if any of you have had this experience in the past. Any ideas on where I can go for tools or solutions, or even ideas of things that I need to be monitoring that will give me this sort of data, will be much appreciated. Thanks, Scott Rachui
RE: [ActiveDir] Black Login Screen
Would this machine happen to have an Nvidia video card? From: [EMAIL PROTECTED] on behalf of Steve Shaff Sent: Mon 12/6/2004 5:38 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Black Login Screen Group, Has anyone experienced a problem when using terminal service (remote desktop) into a Windows 2003 Server, where the initial log in screen is black? It makes it real hard when trying to type your password and can not see what you are doing. I have checked the event logs and there does not seem to be anything wrong. Does anyone have any ideas? Thanks S List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ <>
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
/3GB is very popular on servers in enterprise spaces such as large Exchange servers and large SQL Servers and Domain Controllers. It is a combination of a bit flip in the PE info of the image and the app properly using the additional 1GB of space allocated to it. As I alluded to previously there have been apps that have flipped that switch but because they were using certain forms of addressing (various relative addressing formats) they had very odd app blowups. Also as mentioned by ~Eric and myself, you can see issues with kernel space being reduced to 1GB causing issues as well. ~Eric made great points that I forgot that specifically you could suffer around free PTE's and non-paged pool. Free PTE's is a specifically mentioned issue when doing this with Exchange servers and you are generally recommended to look at increasing the number of systempages via registry modification (though this decreases paged pool memory by whatever amount you increase the size of the PTE Pool which can also impact perf). joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul van Geldrop Sent: Monday, December 06, 2004 5:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Unless memory is not serving me well (pardon the bad pun), the switch doesn't actually do that much. In normal operating mode, the virtual address space of, let's say, a 4 GB machine is split up in 2 blocks, both 2 GB large. When using the 3GB switch, the virtual address space that is used for user mode is expanded to 3GB, while the virtual address space for the kernel is sized to 1 GB. That, I believe, is all there is to it. I believe Linux does the same by default. However! I believe that the applications using this space must have some little funky bit set to properly use the space allocated.. that might explain the apprehension from the MS side to support this.. after all, that'd make them dependant on 3rd party software parties to incorporate this feature. I might be wrong, it's been a while since I actually looked into any interesting programming stuff, let alone stuff that'd use this kind of address space. :) Of course, running SQL/Exchange/Oracle/etc/etc with a large load might make it interesting to flip this switch. I even recall seeing this setting recommended for an MS product, though I can't recall for the life of me which app that was.. I can see the more recent article making more sense in this aspect, especially regarding the kernel space reduction in higher loads. Regards, Paul. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Monday, December 06, 2004 10:14 PM To: 'Renouf, Phil '; '[EMAIL PROTECTED] '; '[EMAIL PROTECTED] ' Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Now this is fun: According to MS-KBQ291988 (http://support.microsoft.com/kb/291988) QUOTE: Caution The /3GB switch in Windows Server 2003, Standard Edition is only for development and testing purposes. Microsoft does not support using the /3GB switch in Windows Server 2003, Standard Edition in a production environment. The /3GB switch can cause some applications to have problems that are related to address dependencies or to a reduction in kernel space. According to MS-KBQ308356 (http://support.microsoft.com/?id=308356) QUOTE: If you plan to use more than 1 GB of physical memory on the domain controller, use Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows Server 2003, Standard Edition, Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition. You can use the /3GB switch in the %SystemDrive%\Boot.ini file on these versions of Windows to provide an additional 1 GB of addressable memory. However, if you use this switch with Windows 2000 Server, this memory space is marked as unavailable. For additional information about memory configuration tuning, click the following article number to view the article in the Microsoft Knowledge Base: 291988 A description of the 4 GB RAM tuning feature and the Physical Address Extension switch According to "W2K3 Deployment Kit - Designing and Deploying Directory and Security Services" Chapter 4 "Planning Domain Controller Capacity" QUOTE: Note The /3GB switch can be added to domain controllers that are running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. Do not add the /3GB switch to the Boot.ini file if you have less than 2 GB of physical memory. Very nice 2 different statements according to the /3GB switch Does any one know which one is true? Personally I think MS-KBQ291988 is correct because of the date of the article -> 15 nov 2004 Regards, Jorge -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 12/6/2004 6:12 PM Subject: RE: [ActiveDir] Stre
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
I recall a KB in the 2k days that had some of the rough information on how this works, but I never saw anything more detailed in that, nor have I seen it updated for 2003. Sorry. :( Perhaps someone can point you to something else which is detailed, I don't know. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul van Geldrop Sent: Monday, December 06, 2004 4:31 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Hmmm, forget brevity.. I'd love to know more about this.. :) Perhaps you can point me to a place where I can find more information on this ? Thanks in advance, Paul. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Monday, December 06, 2004 9:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers There was also discussion around how large the cache is. In essence, like most software which caches stuff, we have algorithms for it. :) Joe eluded to it, but basically we have a series of elements we look at to help decide what movements in cache size should be done. I won't go in to the details of such things for the sake of brevity. Hope that helps. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, December 06, 2004 1:24 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Brett is fun. :o) He isn't so much the type that will fish for you or even teach you to fish, he will throw you a fishing line and let you figure it all out. This can be troublesome though if you lived in a desert and had never even seen water let alone a fish. Understanding Tech involved with the AD code specifically, he is very strong. Understanding Tech as it has to be used in some sites and locations and operational support concerns, not always so strong. He is very much like the rest of the Dev team guys which is mostly working in the Dev this is what you should shoot for world versus the ditches and puddles that many people end up having to work in. Overall a good guy though. Extremely entertaining guy to talk to. On the beefy DC side of things. I don't know, I don't really consider 2GB to be exceptionally beefy or even 4GB. Not when we have workstations now coming from the factory with 1GB and 2GB and options to do 4GB. Exceeding 4GB RAM gets a little unusual and you truly get beefy based on proc Architectures (say multiproc opteron versus athlon or on the intel side the Xeon versus the non-Xeon's, etc) and disk subsystems with heavy duty hardware RAID solutions with oodles of cache and RAID type offerings. We need to go to 64 bit for no better reason than the cost of memory is consistently dropping and we need good easy ways of dealing with more than 4GB of RAM that doesn't depend on goofy paging mechanisms. Finally, I don't recommend /3gb unless you truly need it and all of the software on the machine properly supports it. It has been long while (years) but I have seen some odd /3GB failures with apps that didn't properly implement that functionality due to memory addressing issues. Also obviously you can't use /3GB with 2K standard, that could cause some fun things to happen as well, collectively termed as undefined results. No reason to force the kernel to live in 1GB unless it is required for some other reason which if I recall can impact some video drivers and other kernel apps that may need to grab a chunk of address space for some reason. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, December 06, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers > > Gotcha, then yeah the /3gb switch would help with performance. > > I've learned something new, thanks :) > > Maybe. It depends on the DIT size as well as what else needs memory. > From what I understand based on old conversations, the DIT caching > routines are sensitive to memory pressure and will not page DIT cache, > it will release memory instead. > Again if you have a DIT of 200MB, you can use /3gb and most likely > wouldn't see a benefit. You might not see a benefit with a small DIT size, but then again why go with such a beefed up DC if your DIT size is that small (unless you are planning for it to grow substantially). Adding the /3GB switch shouldn't cause any issues even if the DIT is small enough to not get much benefit from it, unless the OS is effected by being reduced to 1GB of virtual address space. > Hopefully ~Eric will pop along shortly with some info as I know he > loves this stuff. In the meanwhile, you can be pretty sure BrettSh > generally knows what he is talking about with AD. Not saying he can't > be wrong, but a
RE: [ActiveDir] Black Login Screen
Thought of that.. Already updated, same result. * Steve Shaff Active Directory / Exchange Administrator Corillian Corporation (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perdue David J Contr InDyne/Enterprise IT Sent: Monday, December 06, 2004 2:59 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Black Login Screen Are there updated video drivers available for your system? Dave David J. Perdue Network Security Engineer, InDyne Inc Comm: (805) 606-4597DSN: 276-4597 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Monday, December 06, 2004 14:52 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Black Login Screen Nope.. No screensaver is active. Sorry.. Any other ideas? S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 2:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Black Login Screen I've run into similar problems with termserv if the screensaver is enabled on the host machine. -gil Gil Kirkpatrick CTO, NetPro "To fly, flip away backhanded. Flat flip flies straight. Tilted flip curves. Experiment!" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Monday, December 06, 2004 3:39 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Black Login Screen Group, Has anyone experienced a problem when using terminal service (remote desktop) into a Windows 2003 Server, where the initial log in screen is black? It makes it real hard when trying to type your password and can not see what you are doing. I have checked the event logs and there does not seem to be anything wrong. Does anyone have any ideas? Thanks S List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Black Login Screen
Are there updated video drivers available for your system? Dave David J. Perdue Network Security Engineer, InDyne Inc Comm: (805) 606-4597DSN: 276-4597 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Monday, December 06, 2004 14:52 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Black Login Screen Nope.. No screensaver is active. Sorry.. Any other ideas? S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 2:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Black Login Screen I've run into similar problems with termserv if the screensaver is enabled on the host machine. -gil Gil Kirkpatrick CTO, NetPro "To fly, flip away backhanded. Flat flip flies straight. Tilted flip curves. Experiment!" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Monday, December 06, 2004 3:39 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Black Login Screen Group, Has anyone experienced a problem when using terminal service (remote desktop) into a Windows 2003 Server, where the initial log in screen is black? It makes it real hard when trying to type your password and can not see what you are doing. I have checked the event logs and there does not seem to be anything wrong. Does anyone have any ideas? Thanks S List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Black Login Screen
Nope.. No screensaver is active. Sorry.. Any other ideas? S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 2:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Black Login Screen I've run into similar problems with termserv if the screensaver is enabled on the host machine. -gil Gil Kirkpatrick CTO, NetPro "To fly, flip away backhanded. Flat flip flies straight. Tilted flip curves. Experiment!" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Monday, December 06, 2004 3:39 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Black Login Screen Group, Has anyone experienced a problem when using terminal service (remote desktop) into a Windows 2003 Server, where the initial log in screen is black? It makes it real hard when trying to type your password and can not see what you are doing. I have checked the event logs and there does not seem to be anything wrong. Does anyone have any ideas? Thanks S List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Black Login Screen
I've run into similar problems with termserv if the screensaver is enabled on the host machine. -gil Gil Kirkpatrick CTO, NetPro "To fly, flip away backhanded. Flat flip flies straight. Tilted flip curves. Experiment!" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Monday, December 06, 2004 3:39 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Black Login Screen Group, Has anyone experienced a problem when using terminal service (remote desktop) into a Windows 2003 Server, where the initial log in screen is black? It makes it real hard when trying to type your password and can not see what you are doing. I have checked the event logs and there does not seem to be anything wrong. Does anyone have any ideas? Thanks S List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Black Login Screen
Group, Has anyone experienced a problem when using terminal service (remote desktop) into a Windows 2003 Server, where the initial log in screen is black? It makes it real hard when trying to type your password and can not see what you are doing. I have checked the event logs and there does not seem to be anything wrong. Does anyone have any ideas? Thanks S List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Hmmm, forget brevity.. I'd love to know more about this.. :) Perhaps you can point me to a place where I can find more information on this ? Thanks in advance, Paul. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Monday, December 06, 2004 9:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers There was also discussion around how large the cache is. In essence, like most software which caches stuff, we have algorithms for it. :) Joe eluded to it, but basically we have a series of elements we look at to help decide what movements in cache size should be done. I won't go in to the details of such things for the sake of brevity. Hope that helps. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, December 06, 2004 1:24 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Brett is fun. :o) He isn't so much the type that will fish for you or even teach you to fish, he will throw you a fishing line and let you figure it all out. This can be troublesome though if you lived in a desert and had never even seen water let alone a fish. Understanding Tech involved with the AD code specifically, he is very strong. Understanding Tech as it has to be used in some sites and locations and operational support concerns, not always so strong. He is very much like the rest of the Dev team guys which is mostly working in the Dev this is what you should shoot for world versus the ditches and puddles that many people end up having to work in. Overall a good guy though. Extremely entertaining guy to talk to. On the beefy DC side of things. I don't know, I don't really consider 2GB to be exceptionally beefy or even 4GB. Not when we have workstations now coming from the factory with 1GB and 2GB and options to do 4GB. Exceeding 4GB RAM gets a little unusual and you truly get beefy based on proc Architectures (say multiproc opteron versus athlon or on the intel side the Xeon versus the non-Xeon's, etc) and disk subsystems with heavy duty hardware RAID solutions with oodles of cache and RAID type offerings. We need to go to 64 bit for no better reason than the cost of memory is consistently dropping and we need good easy ways of dealing with more than 4GB of RAM that doesn't depend on goofy paging mechanisms. Finally, I don't recommend /3gb unless you truly need it and all of the software on the machine properly supports it. It has been long while (years) but I have seen some odd /3GB failures with apps that didn't properly implement that functionality due to memory addressing issues. Also obviously you can't use /3GB with 2K standard, that could cause some fun things to happen as well, collectively termed as undefined results. No reason to force the kernel to live in 1GB unless it is required for some other reason which if I recall can impact some video drivers and other kernel apps that may need to grab a chunk of address space for some reason. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, December 06, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers > > Gotcha, then yeah the /3gb switch would help with performance. > > I've learned something new, thanks :) > > Maybe. It depends on the DIT size as well as what else needs memory. > From what I understand based on old conversations, the DIT caching > routines are sensitive to memory pressure and will not page DIT cache, > it will release memory instead. > Again if you have a DIT of 200MB, you can use /3gb and most likely > wouldn't see a benefit. You might not see a benefit with a small DIT size, but then again why go with such a beefed up DC if your DIT size is that small (unless you are planning for it to grow substantially). Adding the /3GB switch shouldn't cause any issues even if the DIT is small enough to not get much benefit from it, unless the OS is effected by being reduced to 1GB of virtual address space. > Hopefully ~Eric will pop along shortly with some info as I know he > loves this stuff. In the meanwhile, you can be pretty sure BrettSh > generally knows what he is talking about with AD. Not saying he can't > be wrong, but all things being equal concerning a bet on AD internals, > I would bet with Brett. > Unless he was betting against Will, Dmitri, ~Eric, Dean or some of > those guys and then I would simply put my wallet away, pull out some > popcorn, and watch the show. I'm definitely interested to see what they have to say :) I certainly wasn't implying Brett didn't know what he was talking about, but showing me the size of a DIT really didn't tell me much without the information that LSASS is large address aware. Now it makes sense ;) A
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Unless memory is not serving me well (pardon the bad pun), the switch doesn't actually do that much. In normal operating mode, the virtual address space of, let's say, a 4 GB machine is split up in 2 blocks, both 2 GB large. When using the 3GB switch, the virtual address space that is used for user mode is expanded to 3GB, while the virtual address space for the kernel is sized to 1 GB. That, I believe, is all there is to it. I believe Linux does the same by default. However! I believe that the applications using this space must have some little funky bit set to properly use the space allocated.. that might explain the apprehension from the MS side to support this.. after all, that'd make them dependant on 3rd party software parties to incorporate this feature. I might be wrong, it's been a while since I actually looked into any interesting programming stuff, let alone stuff that'd use this kind of address space. :) Of course, running SQL/Exchange/Oracle/etc/etc with a large load might make it interesting to flip this switch. I even recall seeing this setting recommended for an MS product, though I can't recall for the life of me which app that was.. I can see the more recent article making more sense in this aspect, especially regarding the kernel space reduction in higher loads. Regards, Paul. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Monday, December 06, 2004 10:14 PM To: 'Renouf, Phil '; '[EMAIL PROTECTED] '; '[EMAIL PROTECTED] ' Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Now this is fun: According to MS-KBQ291988 (http://support.microsoft.com/kb/291988) QUOTE: Caution The /3GB switch in Windows Server 2003, Standard Edition is only for development and testing purposes. Microsoft does not support using the /3GB switch in Windows Server 2003, Standard Edition in a production environment. The /3GB switch can cause some applications to have problems that are related to address dependencies or to a reduction in kernel space. According to MS-KBQ308356 (http://support.microsoft.com/?id=308356) QUOTE: If you plan to use more than 1 GB of physical memory on the domain controller, use Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows Server 2003, Standard Edition, Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition. You can use the /3GB switch in the %SystemDrive%\Boot.ini file on these versions of Windows to provide an additional 1 GB of addressable memory. However, if you use this switch with Windows 2000 Server, this memory space is marked as unavailable. For additional information about memory configuration tuning, click the following article number to view the article in the Microsoft Knowledge Base: 291988 A description of the 4 GB RAM tuning feature and the Physical Address Extension switch According to "W2K3 Deployment Kit - Designing and Deploying Directory and Security Services" Chapter 4 "Planning Domain Controller Capacity" QUOTE: Note The /3GB switch can be added to domain controllers that are running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. Do not add the /3GB switch to the Boot.ini file if you have less than 2 GB of physical memory. Very nice 2 different statements according to the /3GB switch Does any one know which one is true? Personally I think MS-KBQ291988 is correct because of the date of the article -> 15 nov 2004 Regards, Jorge -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 12/6/2004 6:12 PM Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers You don't need the /3GB switch for a DC. Just having more than 2GB of ram does not require using the /3GB switch, systems like Exchange require it, but a DC shouldn't need it. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Monday, December 06, 2004 11:57 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Stress testing and performance analysis of domain controllers As part of a more general AD design refresh, I am re-visiting the DC hardware and OS configuration. I am proposing several changes to the DC spec, including the adoption of the following: * Use 4Gb RAM * Use /3gb switch * Place AD logs and database on separate disk spindles In order to 'sell' this idea, I would like to demonstrate the effective increase in 'horse power' that the above offers. I am therefore looking for a tool which can help me to show that a DC with config A can handle load x whilst DC spec B can handle load y. Ideally, this tool will act much like loadsim and simulate a load on the DC so as to identify the maximum load that each config is capable of handling. Is there such a tool available on the market? Thanks in advance, Neil Neil
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
I'll take care of cleaning up this content issue with the content team. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Monday, December 06, 2004 3:14 PM To: 'Renouf, Phil '; '[EMAIL PROTECTED] '; '[EMAIL PROTECTED] ' Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Now this is fun: According to MS-KBQ291988 (http://support.microsoft.com/kb/291988) QUOTE: Caution The /3GB switch in Windows Server 2003, Standard Edition is only for development and testing purposes. Microsoft does not support using the /3GB switch in Windows Server 2003, Standard Edition in a production environment. The /3GB switch can cause some applications to have problems that are related to address dependencies or to a reduction in kernel space. According to MS-KBQ308356 (http://support.microsoft.com/?id=308356) QUOTE: If you plan to use more than 1 GB of physical memory on the domain controller, use Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows Server 2003, Standard Edition, Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition. You can use the /3GB switch in the %SystemDrive%\Boot.ini file on these versions of Windows to provide an additional 1 GB of addressable memory. However, if you use this switch with Windows 2000 Server, this memory space is marked as unavailable. For additional information about memory configuration tuning, click the following article number to view the article in the Microsoft Knowledge Base: 291988 A description of the 4 GB RAM tuning feature and the Physical Address Extension switch According to "W2K3 Deployment Kit - Designing and Deploying Directory and Security Services" Chapter 4 "Planning Domain Controller Capacity" QUOTE: Note The /3GB switch can be added to domain controllers that are running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. Do not add the /3GB switch to the Boot.ini file if you have less than 2 GB of physical memory. Very nice 2 different statements according to the /3GB switch Does any one know which one is true? Personally I think MS-KBQ291988 is correct because of the date of the article -> 15 nov 2004 Regards, Jorge -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 12/6/2004 6:12 PM Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers You don't need the /3GB switch for a DC. Just having more than 2GB of ram does not require using the /3GB switch, systems like Exchange require it, but a DC shouldn't need it. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Monday, December 06, 2004 11:57 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Stress testing and performance analysis of domain controllers As part of a more general AD design refresh, I am re-visiting the DC hardware and OS configuration. I am proposing several changes to the DC spec, including the adoption of the following: * Use 4Gb RAM * Use /3gb switch * Place AD logs and database on separate disk spindles In order to 'sell' this idea, I would like to demonstrate the effective increase in 'horse power' that the above offers. I am therefore looking for a tool which can help me to show that a DC with config A can handle load x whilst DC spec B can handle load y. Ideally, this tool will act much like loadsim and simulate a load on the DC so as to identify the maximum load that each config is capable of handling. Is there such a tool available on the market? Thanks in advance, Neil Neil Ruston - MVP Directory Services == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info :
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Now this is fun: According to MS-KBQ291988 (http://support.microsoft.com/kb/291988) QUOTE: Caution The /3GB switch in Windows Server 2003, Standard Edition is only for development and testing purposes. Microsoft does not support using the /3GB switch in Windows Server 2003, Standard Edition in a production environment. The /3GB switch can cause some applications to have problems that are related to address dependencies or to a reduction in kernel space. According to MS-KBQ308356 (http://support.microsoft.com/?id=308356) QUOTE: If you plan to use more than 1 GB of physical memory on the domain controller, use Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows Server 2003, Standard Edition, Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition. You can use the /3GB switch in the %SystemDrive%\Boot.ini file on these versions of Windows to provide an additional 1 GB of addressable memory. However, if you use this switch with Windows 2000 Server, this memory space is marked as unavailable. For additional information about memory configuration tuning, click the following article number to view the article in the Microsoft Knowledge Base: 291988 A description of the 4 GB RAM tuning feature and the Physical Address Extension switch According to "W2K3 Deployment Kit - Designing and Deploying Directory and Security Services" Chapter 4 "Planning Domain Controller Capacity" QUOTE: Note The /3GB switch can be added to domain controllers that are running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. Do not add the /3GB switch to the Boot.ini file if you have less than 2 GB of physical memory. Very nice 2 different statements according to the /3GB switch Does any one know which one is true? Personally I think MS-KBQ291988 is correct because of the date of the article -> 15 nov 2004 Regards, Jorge -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 12/6/2004 6:12 PM Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers You don't need the /3GB switch for a DC. Just having more than 2GB of ram does not require using the /3GB switch, systems like Exchange require it, but a DC shouldn't need it. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Monday, December 06, 2004 11:57 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Stress testing and performance analysis of domain controllers As part of a more general AD design refresh, I am re-visiting the DC hardware and OS configuration. I am proposing several changes to the DC spec, including the adoption of the following: * Use 4Gb RAM * Use /3gb switch * Place AD logs and database on separate disk spindles In order to 'sell' this idea, I would like to demonstrate the effective increase in 'horse power' that the above offers. I am therefore looking for a tool which can help me to show that a DC with config A can handle load x whilst DC spec B can handle load y. Ideally, this tool will act much like loadsim and simulate a load on the DC so as to identify the maximum load that each config is capable of handling. Is there such a tool available on the market? Thanks in advance, Neil Neil Ruston - MVP Directory Services == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO question
Hi Thanks for the information. I had tried the 323593 fix but no go ;) now hopefully this one will work > -Message d'origine- > De : [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] De la part de Tomasz Onyszko > Envoyé : Monday, December 06, 2004 3:16 PM > À : [EMAIL PROTECTED] > Objet : Re: [ActiveDir] GPO question > > On Mon, 6 Dec 2004 14:46:38 -0500, Bruyere, Michel wrote > > Hi, > > I would like to know if its possible for a Win2k Sp4 to push > > GPOs of WinXP sp2. I've found a list of all XPsp2 gpos on the MS site > > and I want to push some of them. I did take the .adm from a XPsp2 > > and I added them to the Win 2k server. The problem is that I get a > > whole lot of messages: The following entry in the [string] section > > is too long and has been truncated. And, just below this message, I > > have what looks like explanations of some policies. I can see/use > > the GPOs after I clicked OK 2 trilions times. > > > > Is there a way to get around t > > Read this KB: > http://support.microsoft.com/kb/842933 > > -- > Tomasz Onyszko - [EMAIL PROTECTED] > http://www.w2k.pl > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Tremendous amt of churn on this thread. Let me see if I can pull it all together. One of the things we do internally on the ESE level is caching of pages of the DIT from disk. The perf benefit is clear, and measurable. In 2003 on 32bit hardware, the /3gb switch begins to make sense when your dit is in the neighborhood of 2gb and you have >2GB of physical memory. At that point we might hit the max cache size, and to grow beyond that /3gb will help. Max cache size is in the neighborhood of 2.6 or 2.7gb when /3gb is used. On 64bit, our max cache size is 2^48bytes if memory serves me correctly. If you have that much ram on a 64bit box, call me. I want to see your box. :) I should note that /3gb does not come w/o a cost. I would be careful in using this setting this value on machines which are not just DCs, as it does have a perf impact on your system more generally. Without going too far off topic, I'll say it will yield a scenario where you have fewer resources for kernel data structures, like non-paged pool and system PTEs. If you are interested in the details, this is a question best fielded by a book like Inside Windows 2000 I'd think. There was discussion around the amt of benefit (I think someone tossed out a phrase like "a factor of 5"). The reality is that the benefit depends greatly upon your workload. If you have a workload which can be optimized through server-side indexes, to accurately measure the benefit of 64bit you probably want to compare a 32bit box with heavy indexes, custom tailored to your environment, vs. 64bit with either comparable or no indexes (your choice) and a _warm_ cache. I say it in this way as really, you want to compare max perf you can get on 32bit with max you can get on 64bit. That might mean enabling some indexes, as that can help with perf even w/o loading everything in memory (probably intuitive, but wanted to draw special attention to it). Note my usage of the word "warm" to describe the cache. I say warm cache as out of the box, we won't preload your DIT in to memory, even if you have the physical memory for it (32bit or 64bit). Rather, we cache things as they are fetched. So if you issue a query which need traverse a series of pages not yet cached, we still take the same I/O hit. It is when they are in memory and you try to use them a second time that you get the benefit, as we don't need to fetch them again. This yields the fact that some customers that run 64bit write a little script to "walk" their database. They do this to warm the cache and get most everything preloaded in to memory. There was also discussion around how large the cache is. In essence, like most software which caches stuff, we have algorithms for it. :) Joe eluded to it, but basically we have a series of elements we look at to help decide what movements in cache size should be done. I won't go in to the details of such things for the sake of brevity. Hope that helps. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, December 06, 2004 1:24 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Brett is fun. :o) He isn't so much the type that will fish for you or even teach you to fish, he will throw you a fishing line and let you figure it all out. This can be troublesome though if you lived in a desert and had never even seen water let alone a fish. Understanding Tech involved with the AD code specifically, he is very strong. Understanding Tech as it has to be used in some sites and locations and operational support concerns, not always so strong. He is very much like the rest of the Dev team guys which is mostly working in the Dev this is what you should shoot for world versus the ditches and puddles that many people end up having to work in. Overall a good guy though. Extremely entertaining guy to talk to. On the beefy DC side of things. I don't know, I don't really consider 2GB to be exceptionally beefy or even 4GB. Not when we have workstations now coming from the factory with 1GB and 2GB and options to do 4GB. Exceeding 4GB RAM gets a little unusual and you truly get beefy based on proc Architectures (say multiproc opteron versus athlon or on the intel side the Xeon versus the non-Xeon's, etc) and disk subsystems with heavy duty hardware RAID solutions with oodles of cache and RAID type offerings. We need to go to 64 bit for no better reason than the cost of memory is consistently dropping and we need good easy ways of dealing with more than 4GB of RAM that doesn't depend on goofy paging mechanisms. Finally, I don't recommend /3gb unless you truly need it and all of the software on the machine properly supports it. It has been long while (years) but I have seen some odd /3GB failures with apps that didn't properly implement that functionality due to memory addressing issues. Also obviously you can't use /3GB with 2K standard, that could cause some fun th
RE: [ActiveDir] GPO question
Yep! You need this QFE which is available for all >2k OS' on download.microsoft.com: http://support.microsoft.com/kb/842933. Thanks. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 > -Original Message- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Bruyere, Michel > Sent: Monday, December 06, 2004 1:47 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] GPO question > > Hi, > I would like to know if its possible for a Win2k Sp4 to push > GPOs of WinXP sp2. I've found a list of all XPsp2 gpos on the MS site > and I want to push some of them. I did take the .adm from a XPsp2 and I > added them to the Win 2k server. The problem is that I get a whole lot > of messages: > The following entry in the [string] section is too long and has been > truncated. > And, just below this message, I have what looks like explanations of > some policies. I can see/use the GPOs after I clicked OK 2 trilions > times. > > > Is there a way to get around this?? > Thanks > > > M.Bruyere > Network/systems administrator > CompTIA A+, Network+ > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Slightly Off Topic NT4 Domain Question
If your clients are also BT4 you can log on the workstation and collect the logs. Set Auditing and audit failures and sucesses as you have for the DC. You can eithere script or batch to collect the logs and then do as you pleae with them or just look at them via server manager. hope this helps. -Original Message- From: [EMAIL PROTECTED] on behalf of Pohlschneider, Chris Sent: Tue 12/7/2004 2:36 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Slightly Off Topic NT4 Domain Question I was wanting to know if there is a way to track all logins whether they are successful or unsuccessful logins to the domain? I have security auditing turned on my domain controller to do failure audits, but is there a way to track all logins? Thanks in advance Chris Pohlschneider Network Administrator Cenveo-Sidney 937-497-2136 [EMAIL PROTECTED] Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education & Training. <>
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Title: Stress testing and performance analysis of domain controllers I read an article about using an Itanium server with 12 GB of memory, enough to hold the DIT entirely in memory. The LDAP performance went up by a factor of five compared to a similarly sized 32 bit machine, if I remember correctly. If performance really is an issue then this may help you out. Perhaps Guido or another HP guy cares to comment on this, since they build those boxes? -- Regards, Willem From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Monday, December 06, 2004 5:57 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Stress testing and performance analysis of domain controllers As part of a more general AD design refresh, I am re-visiting the DC hardware and OS configuration. I am proposing several changes to the DC spec, including the adoption of the following: Use 4Gb RAM Use /3gb switch Place AD logs and database on separate disk spindles In order to 'sell' this idea, I would like to demonstrate the effective increase in 'horse power' that the above offers. I am therefore looking for a tool which can help me to show that a DC with config A can handle load x whilst DC spec B can handle load y. Ideally, this tool will act much like loadsim and simulate a load on the DC so as to identify the maximum load that each config is capable of handling. Is there such a tool available on the market? Thanks in advance, Neil Neil Ruston - MVP Directory Services == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ==
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
> The list goes on and is why there are consultants out there, right Joe ;) Absolutely. Heck most of the questions on this list all get stamped with the initial response of "it depends". AD is a very variable type of thing. :o) As a general rule, when someone is building something though, I tell them to build as big as they can get away with. It is the rare case that you don't use all of it and more as companies tend to want whatever they have doing more and more and more. Much easier to get money up front than beg for it later when you didn't ask for enough. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, December 06, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Depends on your environment. Since he's trying to "beef them up" already, then I don't think it's overkill to separate disk I/O streams. In less change prone environments, I might settle for moving the log files only, and then add enough memory to make it interesting, but there're a lot of factors to consider. For example, since this is expected to be a highly-available piece of infrastructure (remember that identity, authentication, and authorization all rely on it being there when you need and speed is affected by it) I would have to say that I should design for the high-water mark. I DO NOT want to be caught with a machine that cannot handle the load if I have a lot of DC's and a slow network. The idea being that I put that DC there for a purpose. Often it's cheap to build it in a decent manner. HDD's are relatively cheap as are server class machines that can handle the extra disks. As an example, a DL380 from HPQ makes a nice DC in many environments. If I have a multiple domain architecture however, I may have to rethink this for the servers hosting GC functionality. If I have anti-virus and HID services running, I may have to take those into account as well. Management overhead, etc. also plays a role in the sizing decision. The list goes on and is why there are consultants out there, right Joe ;) -Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane Sent: Monday, December 06, 2004 2:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Wouldn't this be dependent on the volume of changes that you see in your environment? With Exchange and its accompanying volume of changes, moving the log files to separate spindles is as you say, a no no-brainer. However in our AD environment, we see very low volume of changes. We get maybe 50 MB of log files a day at most.. Our server design for our Win2K AD deployment was to design a DC like an Exchange server with oddles of disks and separate spindle sets for the OS, DB and logs but we found that this layout was a major overkill. For our Win2K3 upgrades to our domain controllers, we are using less dsiks and combining the OS and log spindles. We are still beefing up the memory and processors which in our environment seem to be the most critical components. Our DIT is ~1 GB. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Definitely, putting DIT and logs on separate spindles is a no-brainer and guaranteed to improve things. Gil "I agree with everything Al has ever said" Kirkpatrick CTO, NetPro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, December 06, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers I think you can get what you want using the below tool in conjunction with http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4 871- b8a4-99f98b3f4338&DisplayLang=en Using the /3gb switch is often recommended, but your biggest benefit will likely come from the disk layout. If you can get both, that's great, but the disk would be the one to really fight for if something has to give. That said, it's rumored that 64bit Windows does a nice job as well. I couldn't speak that however. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Monday, December 06, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Stress testing and performance analysis of domain controllers maybe the Server Performance Advisor? : http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-4 7b9- 901b-cf85da075a73&displaylang=en or http://tinyurl.com/46wd3 hth, john Ruston, Neil wrote: > > > As part of a more general AD design refresh, I am re-visiting the DC > hardware
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
The list goes on and is why there are consultants out there, right Joe ;) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, December 06, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Depends on your environment. Since he's trying to "beef them up" already, then I don't think it's overkill to separate disk I/O streams. In less change prone environments, I might settle for moving the log files only, and then add enough memory to make it interesting, but there're a lot of factors to consider. For example, since this is expected to be a highly-available piece of infrastructure (remember that identity, authentication, and authorization all rely on it being there when you need and speed is affected by it) I would have to say that I should design for the high-water mark. I DO NOT want to be caught with a machine that cannot handle the load if I have a lot of DC's and a slow network. The idea being that I put that DC there for a purpose. Often it's cheap to build it in a decent manner. HDD's are relatively cheap as are server class machines that can handle the extra disks. As an example, a DL380 from HPQ makes a nice DC in many environments. If I have a multiple domain architecture however, I may have to rethink this for the servers hosting GC functionality. If I have anti-virus and HID services running, I may have to take those into account as well. Management overhead, etc. also plays a role in the sizing decision. The list goes on and is why there are consultants out there, right Joe ;) -Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane Sent: Monday, December 06, 2004 2:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Wouldn't this be dependent on the volume of changes that you see in your environment? With Exchange and its accompanying volume of changes, moving the log files to separate spindles is as you say, a no no-brainer. However in our AD environment, we see very low volume of changes. We get maybe 50 MB of log files a day at most.. Our server design for our Win2K AD deployment was to design a DC like an Exchange server with oddles of disks and separate spindle sets for the OS, DB and logs but we found that this layout was a major overkill. For our Win2K3 upgrades to our domain controllers, we are using less dsiks and combining the OS and log spindles. We are still beefing up the memory and processors which in our environment seem to be the most critical components. Our DIT is ~1 GB. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Definitely, putting DIT and logs on separate spindles is a no-brainer and guaranteed to improve things. Gil "I agree with everything Al has ever said" Kirkpatrick CTO, NetPro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, December 06, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers I think you can get what you want using the below tool in conjunction with http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4 871- b8a4-99f98b3f4338&DisplayLang=en Using the /3gb switch is often recommended, but your biggest benefit will likely come from the disk layout. If you can get both, that's great, but the disk would be the one to really fight for if something has to give. That said, it's rumored that 64bit Windows does a nice job as well. I couldn't speak that however. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Monday, December 06, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Stress testing and performance analysis of domain controllers maybe the Server Performance Advisor? : http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-4 7b9- 901b-cf85da075a73&displaylang=en or http://tinyurl.com/46wd3 hth, john Ruston, Neil wrote: > > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Id
Re: [ActiveDir] GPO question
On Mon, 6 Dec 2004 14:46:38 -0500, Bruyere, Michel wrote > Hi, > I would like to know if its possible for a Win2k Sp4 to push > GPOs of WinXP sp2. I've found a list of all XPsp2 gpos on the MS site > and I want to push some of them. I did take the .adm from a XPsp2 > and I added them to the Win 2k server. The problem is that I get a > whole lot of messages: The following entry in the [string] section > is too long and has been truncated. And, just below this message, I > have what looks like explanations of some policies. I can see/use > the GPOs after I clicked OK 2 trilions times. > > Is there a way to get around t Read this KB: http://support.microsoft.com/kb/842933 -- Tomasz Onyszko - [EMAIL PROTECTED] http://www.w2k.pl List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Custom Password Filter DLL
Thanks for the reply. Is it possible to lower the password complexity using custom password DLL? Following is our password requirement. Total 6 characters long (through GPO Minimum 4 characters Minimum 2 numbers The reason is, I cannot use either Capital letter or Special character at my environment. If I enable default password complexity, I have to use either 1 Capital letter or 1 Special character. If I disable default password complexity, the custom DLL is not going to work. Is it possible to lower the password complexity using a password complexity DLL? Thanks in advance! -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn CorbettSent: Sunday, December 05, 2004 1:59 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Custom Password Filter DLL Eric, This was more in reference to the resource hacker link that was posted. I was presuming that rather than create a custom gina, people would simply hack the resources on the standard one, in which case my points were valid. You are correct of course, if the standard gina is replaced with a new one (and the associated reg changes) then you should be ok (not withstanding having a rollback plan). Password filter dll's are a different kettle of fish, I've implemented them on a number of occasions without strife. Glenn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Sunday, 5 December 2004 1:02 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Custom Password Filter DLL I can't speak for the entire company, but I have debugged many custom passfilt and gina issues before. Have you had problems? If so please let m eknow, I'd be curious to hear what they were. You can ping me offline on that if you would like. I would point out that despite the fact that msgina.dll is upgraded during hotfix/sp install at times, your ginadll reg value probably would not. Therefore our upgrade of the gina would not be of great concern to you so long as you don't depend upon something that changes in the internals of our gina. I can't recall seeing a hotfix or sp that overwrites the reg value if you specify a custom gina, but if there was a time on that I'm sure someone will step in and point it out. I just don't recall seeing it. :) ~Eric From: [EMAIL PROTECTED] on behalf of Glenn Corbett Sent: Sat 12/4/2004 5:31 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Custom Password Filter DLL *shudder* Don't forget however that if you go down this path, make sure you A) Don't call Microsoft - they will laugh at you, charge your credit card, then hang up B) have a rollback plan to the standard GINA C) remember that the gina will most likely be replaced during a service pack (and sometimes) during hotfixes, so you may have to rehack and re-roll your changes again D) other vendors may replace / extend the gina (like smartcard / biometric addons) which may not like you hacking the GINA (or put their own one in which may negate your changes) Apart from that, have fun G. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blair, James Sent: Friday, 3 December 2004 12:29 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Custom Password Filter DLL http://www.users.on.net/johnson/resourcehacker/ From: [EMAIL PROTECTED] on behalf of Santhosh Sivarajan Sent: Fri 3/12/2004 11:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Custom Password Filter DLL Rhacker?? Where do I find that tool? Matt Brown <[EMAIL PROTECTED]> wrote: You can use a program called Rhacker to modify the Gina, then rename it, change the reg key and reboot. All there is too it. We use it for our computer labs on campus to replace the Microsoft logos with our own and to add an appropriate use alert. Thanks, -- Matt Brown [EMAIL PROTECTED] Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Santhosh Sivarajan Sent: Thursday, December 02, 2004 3:01 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Custom Password Filter DLL Hi all, I am in a process of writing a custom password filter DLL. I modified the DLL and implemented it. Password filter is working according our requirements but my problem is, it is still displaying the default password complexity message (7 char, 24 history..etc etc). Is there anyway I can modify the display messa
RE: [ActiveDir] Exchange Latency
If you have software assurance on your CALs, it will cover at least Outlook 2003. That would get you what you need. From: Dan DeStefano [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange Latency We have been trying to get upgraded to Office 2k3, but it has not been funded yet. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Ayers, Diane Sent: Monday, December 06, 2004 12:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange Latency One option is to have the users switch to Outlook 2003 and run it in "local cached mode" Diane From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Monday, December 06, 2004 9:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Depends on your environment. Since he's trying to "beef them up" already, then I don't think it's overkill to separate disk I/O streams. In less change prone environments, I might settle for moving the log files only, and then add enough memory to make it interesting, but there're a lot of factors to consider. For example, since this is expected to be a highly-available piece of infrastructure (remember that identity, authentication, and authorization all rely on it being there when you need and speed is affected by it) I would have to say that I should design for the high-water mark. I DO NOT want to be caught with a machine that cannot handle the load if I have a lot of DC's and a slow network. The idea being that I put that DC there for a purpose. Often it's cheap to build it in a decent manner. HDD's are relatively cheap as are server class machines that can handle the extra disks. As an example, a DL380 from HPQ makes a nice DC in many environments. If I have a multiple domain architecture however, I may have to rethink this for the servers hosting GC functionality. If I have anti-virus and HID services running, I may have to take those into account as well. Management overhead, etc. also plays a role in the sizing decision. The list goes on and is why there are consultants out there, right Joe ;) -Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane Sent: Monday, December 06, 2004 2:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Wouldn't this be dependent on the volume of changes that you see in your environment? With Exchange and its accompanying volume of changes, moving the log files to separate spindles is as you say, a no no-brainer. However in our AD environment, we see very low volume of changes. We get maybe 50 MB of log files a day at most.. Our server design for our Win2K AD deployment was to design a DC like an Exchange server with oddles of disks and separate spindle sets for the OS, DB and logs but we found that this layout was a major overkill. For our Win2K3 upgrades to our domain controllers, we are using less dsiks and combining the OS and log spindles. We are still beefing up the memory and processors which in our environment seem to be the most critical components. Our DIT is ~1 GB. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Definitely, putting DIT and logs on separate spindles is a no-brainer and guaranteed to improve things. Gil "I agree with everything Al has ever said" Kirkpatrick CTO, NetPro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, December 06, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers I think you can get what you want using the below tool in conjunction with http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4 871- b8a4-99f98b3f4338&DisplayLang=en Using the /3gb switch is often recommended, but your biggest benefit will likely come from the disk layout. If you can get both, that's great, but the disk would be the one to really fight for if something has to give. That said, it's rumored that 64bit Windows does a nice job as well. I couldn't speak that however. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Monday, December 06, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Stress testing and performance analysis of domain controllers maybe the Server Performance Advisor? : http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-4 7b9- 901b-cf85da075a73&displaylang=en or http://tinyurl.com/46wd3 hth, john Ruston, Neil wrote: > > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on > the DC so as to identify the maximum load that each config is capable > of handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.or
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Fair comment, although in the two largeish environments I'm familiar with where the customers moved to separate spindles, the observed throughput was improved substantially. Perhaps they had more update traffic than you do? -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane Sent: Monday, December 06, 2004 12:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Wouldn't this be dependent on the volume of changes that you see in your environment? With Exchange and its accompanying volume of changes, moving the log files to separate spindles is as you say, a no no-brainer. However in our AD environment, we see very low volume of changes. We get maybe 50 MB of log files a day at most.. Our server design for our Win2K AD deployment was to design a DC like an Exchange server with oddles of disks and separate spindle sets for the OS, DB and logs but we found that this layout was a major overkill. For our Win2K3 upgrades to our domain controllers, we are using less dsiks and combining the OS and log spindles. We are still beefing up the memory and processors which in our environment seem to be the most critical components. Our DIT is ~1 GB. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Definitely, putting DIT and logs on separate spindles is a no-brainer and guaranteed to improve things. Gil "I agree with everything Al has ever said" Kirkpatrick CTO, NetPro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, December 06, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers I think you can get what you want using the below tool in conjunction with http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4 871- b8a4-99f98b3f4338&DisplayLang=en Using the /3gb switch is often recommended, but your biggest benefit will likely come from the disk layout. If you can get both, that's great, but the disk would be the one to really fight for if something has to give. That said, it's rumored that 64bit Windows does a nice job as well. I couldn't speak that however. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Monday, December 06, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Stress testing and performance analysis of domain controllers maybe the Server Performance Advisor? : http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-4 7b9- 901b-cf85da075a73&displaylang=en or http://tinyurl.com/46wd3 hth, john Ruston, Neil wrote: > > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on > the DC so as to identify the maximum load that each config is capable > of handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Wouldn't this be dependent on the volume of changes that you see in your environment? With Exchange and its accompanying volume of changes, moving the log files to separate spindles is as you say, a no no-brainer. However in our AD environment, we see very low volume of changes. We get maybe 50 MB of log files a day at most.. Our server design for our Win2K AD deployment was to design a DC like an Exchange server with oddles of disks and separate spindle sets for the OS, DB and logs but we found that this layout was a major overkill. For our Win2K3 upgrades to our domain controllers, we are using less dsiks and combining the OS and log spindles. We are still beefing up the memory and processors which in our environment seem to be the most critical components. Our DIT is ~1 GB. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Definitely, putting DIT and logs on separate spindles is a no-brainer and guaranteed to improve things. Gil "I agree with everything Al has ever said" Kirkpatrick CTO, NetPro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, December 06, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers I think you can get what you want using the below tool in conjunction with http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4 871- b8a4-99f98b3f4338&DisplayLang=en Using the /3gb switch is often recommended, but your biggest benefit will likely come from the disk layout. If you can get both, that's great, but the disk would be the one to really fight for if something has to give. That said, it's rumored that 64bit Windows does a nice job as well. I couldn't speak that however. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Monday, December 06, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Stress testing and performance analysis of domain controllers maybe the Server Performance Advisor? : http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-4 7b9- 901b-cf85da075a73&displaylang=en or http://tinyurl.com/46wd3 hth, john Ruston, Neil wrote: > > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on > the DC so as to identify the maximum load that each config is capable > of handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] GPO question
Hi, I would like to know if its possible for a Win2k Sp4 to push GPOs of WinXP sp2. I've found a list of all XPsp2 gpos on the MS site and I want to push some of them. I did take the .adm from a XPsp2 and I added them to the Win 2k server. The problem is that I get a whole lot of messages: The following entry in the [string] section is too long and has been truncated. And, just below this message, I have what looks like explanations of some policies. I can see/use the GPOs after I clicked OK 2 trilions times. Is there a way to get around this?? Thanks M.Bruyere Network/systems administrator CompTIA A+, Network+ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Brett is fun. :o) He isn't so much the type that will fish for you or even teach you to fish, he will throw you a fishing line and let you figure it all out. This can be troublesome though if you lived in a desert and had never even seen water let alone a fish. Understanding Tech involved with the AD code specifically, he is very strong. Understanding Tech as it has to be used in some sites and locations and operational support concerns, not always so strong. He is very much like the rest of the Dev team guys which is mostly working in the Dev this is what you should shoot for world versus the ditches and puddles that many people end up having to work in. Overall a good guy though. Extremely entertaining guy to talk to. On the beefy DC side of things. I don't know, I don't really consider 2GB to be exceptionally beefy or even 4GB. Not when we have workstations now coming from the factory with 1GB and 2GB and options to do 4GB. Exceeding 4GB RAM gets a little unusual and you truly get beefy based on proc Architectures (say multiproc opteron versus athlon or on the intel side the Xeon versus the non-Xeon's, etc) and disk subsystems with heavy duty hardware RAID solutions with oodles of cache and RAID type offerings. We need to go to 64 bit for no better reason than the cost of memory is consistently dropping and we need good easy ways of dealing with more than 4GB of RAM that doesn't depend on goofy paging mechanisms. Finally, I don't recommend /3gb unless you truly need it and all of the software on the machine properly supports it. It has been long while (years) but I have seen some odd /3GB failures with apps that didn't properly implement that functionality due to memory addressing issues. Also obviously you can't use /3GB with 2K standard, that could cause some fun things to happen as well, collectively termed as undefined results. No reason to force the kernel to live in 1GB unless it is required for some other reason which if I recall can impact some video drivers and other kernel apps that may need to grab a chunk of address space for some reason. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, December 06, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers > > Gotcha, then yeah the /3gb switch would help with performance. > > I've learned something new, thanks :) > > Maybe. It depends on the DIT size as well as what else needs memory. > From what I understand based on old conversations, the DIT caching > routines are sensitive to memory pressure and will not page DIT cache, > it will release memory instead. > Again if you have a DIT of 200MB, you can use /3gb and most likely > wouldn't see a benefit. You might not see a benefit with a small DIT size, but then again why go with such a beefed up DC if your DIT size is that small (unless you are planning for it to grow substantially). Adding the /3GB switch shouldn't cause any issues even if the DIT is small enough to not get much benefit from it, unless the OS is effected by being reduced to 1GB of virtual address space. > Hopefully ~Eric will pop along shortly with some info as I know he > loves this stuff. In the meanwhile, you can be pretty sure BrettSh > generally knows what he is talking about with AD. Not saying he can't > be wrong, but all things being equal concerning a bet on AD internals, > I would bet with Brett. > Unless he was betting against Will, Dmitri, ~Eric, Dean or some of > those guys and then I would simply put my wallet away, pull out some > popcorn, and watch the show. I'm definitely interested to see what they have to say :) I certainly wasn't implying Brett didn't know what he was talking about, but showing me the size of a DIT really didn't tell me much without the information that LSASS is large address aware. Now it makes sense ;) Anyway, looking forward to some more information on this and its effect on performance. Phil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
> > Gotcha, then yeah the /3gb switch would help with performance. > > I've learned something new, thanks :) > > Maybe. It depends on the DIT size as well as what else needs > memory. From what I understand based on old conversations, > the DIT caching routines are sensitive to memory pressure and > will not page DIT cache, it will release memory instead. > Again if you have a DIT of 200MB, you can use /3gb and most > likely wouldn't see a benefit. You might not see a benefit with a small DIT size, but then again why go with such a beefed up DC if your DIT size is that small (unless you are planning for it to grow substantially). Adding the /3GB switch shouldn't cause any issues even if the DIT is small enough to not get much benefit from it, unless the OS is effected by being reduced to 1GB of virtual address space. > Hopefully ~Eric will pop along shortly with some info as I > know he loves this stuff. In the meanwhile, you can be pretty > sure BrettSh generally knows what he is talking about with > AD. Not saying he can't be wrong, but all things being equal > concerning a bet on AD internals, I would bet with Brett. > Unless he was betting against Will, Dmitri, ~Eric, Dean or > some of those guys and then I would simply put my wallet > away, pull out some popcorn, and watch the show. I'm definitely interested to see what they have to say :) I certainly wasn't implying Brett didn't know what he was talking about, but showing me the size of a DIT really didn't tell me much without the information that LSASS is large address aware. Now it makes sense ;) Anyway, looking forward to some more information on this and its effect on performance. Phil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
> Gotcha, then yeah the /3gb switch would help with performance. > I've learned something new, thanks :) Maybe. It depends on the DIT size as well as what else needs memory. From what I understand based on old conversations, the DIT caching routines are sensitive to memory pressure and will not page DIT cache, it will release memory instead. Again if you have a DIT of 200MB, you can use /3gb and most likely wouldn't see a benefit. Hopefully ~Eric will pop along shortly with some info as I know he loves this stuff. In the meanwhile, you can be pretty sure BrettSh generally knows what he is talking about with AD. Not saying he can't be wrong, but all things being equal concerning a bet on AD internals, I would bet with Brett. Unless he was betting against Will, Dmitri, ~Eric, Dean or some of those guys and then I would simply put my wallet away, pull out some popcorn, and watch the show. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, December 06, 2004 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Gotcha, then yeah the /3gb switch would help with performance. I've learned something new, thanks :) The extra memory that it gets from the /3gb switch is still just virtual memory though, it doesn't have any effect on the amount of physical memory that LSASS would have access to. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers LSASS.EXE is built with the /LARGEADDRESSAWARE switch, and is capable of using the additional memory to cache the DIT. Application can handle large (>2GB) addresses 32 bit word machine -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, December 06, 2004 11:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers The /3GB switch isn't about the size of the database, it is used when an application uses the /LARGEADDRESSAWARE switch. I don't believe that anything running on a DC (not taking into account any 3rd party apps) is using that switch, therefore the /3GB switch shouldn't be needed. You can set the /3GB switch on any server, but the only applications that recognize (and use) that switch are ones marked with /LARGEADDRESSAWARE. Any other applications running on that server will be unaffected and will still only address 2GB of virtual address space. Note that the /3GB switch is referencing virtual address space only. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Monday, December 06, 2004 12:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Really? Z:\ntds\db>dir ... 05/20/2004 07:47 AM 7,899,987,968 ntds.dit ... Cheers, -BrettSh On Mon, 6 Dec 2004, Renouf, Phil wrote: > You don't need the /3GB switch for a DC. Just having more than 2GB of > ram does not require using the /3GB switch, systems like Exchange > require it, but a DC shouldn't need it. > > Phil > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil > Sent: Monday, December 06, 2004 11:57 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Stress testing and performance analysis of domain > controllers > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on > the DC so as to identify the maximum load that each config is capable > of handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil > > Neil Ruston - MVP Directory Services > > == > == > == > This message is for the sole use of the intended recipient. If you > received this message in error please delete it and notify us. If this > message was misdirected, CSFB does not waive any confidentiality or > privilege. CSFB retains and monitors electronic communications sent > through its network. Instructions transmitted over this syste
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Gotcha, then yeah the /3gb switch would help with performance. I've learned something new, thanks :) The extra memory that it gets from the /3gb switch is still just virtual memory though, it doesn't have any effect on the amount of physical memory that LSASS would have access to. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, December 06, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers LSASS.EXE is built with the /LARGEADDRESSAWARE switch, and is capable of using the additional memory to cache the DIT. Application can handle large (>2GB) addresses 32 bit word machine -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, December 06, 2004 11:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers The /3GB switch isn't about the size of the database, it is used when an application uses the /LARGEADDRESSAWARE switch. I don't believe that anything running on a DC (not taking into account any 3rd party apps) is using that switch, therefore the /3GB switch shouldn't be needed. You can set the /3GB switch on any server, but the only applications that recognize (and use) that switch are ones marked with /LARGEADDRESSAWARE. Any other applications running on that server will be unaffected and will still only address 2GB of virtual address space. Note that the /3GB switch is referencing virtual address space only. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Monday, December 06, 2004 12:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Really? Z:\ntds\db>dir ... 05/20/2004 07:47 AM 7,899,987,968 ntds.dit ... Cheers, -BrettSh On Mon, 6 Dec 2004, Renouf, Phil wrote: > You don't need the /3GB switch for a DC. Just having more than 2GB of > ram does not require using the /3GB switch, systems like Exchange > require it, but a DC shouldn't need it. > > Phil > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil > Sent: Monday, December 06, 2004 11:57 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Stress testing and performance analysis of domain > controllers > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on > the DC so as to identify the maximum load that each config is capable > of handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil > > Neil Ruston - MVP Directory Services > > == > == > == > This message is for the sole use of the intended recipient. If you > received this message in error please delete it and notify us. If this > message was misdirected, CSFB does not waive any confidentiality or > privilege. CSFB retains and monitors electronic communications sent > through its network. Instructions transmitted over this system are not > binding on CSFB until they are confirmed by us. Message transmission > is not guaranteed to be secure. > == > == > == > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Latency
Have they (or you) recently installed SP2? If the NIC Firewall is engaged – I have seen this hinder delivery on a LAN tto boxes using XP SP2 and Outlook XP and 2000 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Monday, December 06, 2004 1:00 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange Latency 1. I don't think so 2. They are all running XP Pro 3. All running Outlook 2000 _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Craig Cerino Sent: Monday, December 06, 2004 12:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange Latency Daniel a few questions: Iis this something (the latency) recent? What OS are they running on What version of Office/Outlook? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Monday, December 06, 2004 12:06 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Definitely, putting DIT and logs on separate spindles is a no-brainer and guaranteed to improve things. Gil "I agree with everything Al has ever said" Kirkpatrick CTO, NetPro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, December 06, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers I think you can get what you want using the below tool in conjunction with http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4 871- b8a4-99f98b3f4338&DisplayLang=en Using the /3gb switch is often recommended, but your biggest benefit will likely come from the disk layout. If you can get both, that's great, but the disk would be the one to really fight for if something has to give. That said, it's rumored that 64bit Windows does a nice job as well. I couldn't speak that however. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Monday, December 06, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Stress testing and performance analysis of domain controllers maybe the Server Performance Advisor? : http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-4 7b9- 901b-cf85da075a73&displaylang=en or http://tinyurl.com/46wd3 hth, john Ruston, Neil wrote: > > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on > the DC so as to identify the maximum load that each config is capable > of handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
LSASS.EXE is built with the /LARGEADDRESSAWARE switch, and is capable of using the additional memory to cache the DIT. Application can handle large (>2GB) addresses 32 bit word machine -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, December 06, 2004 11:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers The /3GB switch isn't about the size of the database, it is used when an application uses the /LARGEADDRESSAWARE switch. I don't believe that anything running on a DC (not taking into account any 3rd party apps) is using that switch, therefore the /3GB switch shouldn't be needed. You can set the /3GB switch on any server, but the only applications that recognize (and use) that switch are ones marked with /LARGEADDRESSAWARE. Any other applications running on that server will be unaffected and will still only address 2GB of virtual address space. Note that the /3GB switch is referencing virtual address space only. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Monday, December 06, 2004 12:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Really? Z:\ntds\db>dir ... 05/20/2004 07:47 AM 7,899,987,968 ntds.dit ... Cheers, -BrettSh On Mon, 6 Dec 2004, Renouf, Phil wrote: > You don't need the /3GB switch for a DC. Just having more than 2GB of > ram does not require using the /3GB switch, systems like Exchange > require it, but a DC shouldn't need it. > > Phil > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil > Sent: Monday, December 06, 2004 11:57 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Stress testing and performance analysis of domain > controllers > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on > the DC so as to identify the maximum load that each config is capable > of handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil > > Neil Ruston - MVP Directory Services > > == > == > == > This message is for the sole use of the intended recipient. If you > received this message in error please delete it and notify us. If this > message was misdirected, CSFB does not waive any confidentiality or > privilege. CSFB retains and monitors electronic communications sent > through its network. Instructions transmitted over this system are not > binding on CSFB until they are confirmed by us. Message transmission > is not guaranteed to be secure. > == > == > == > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Latency
You can use Outlook 2003 against Exchange 2000. The local cached mode is a specific configuration of the Outlook 2003 on the client side, No server config work is required. Diane From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Monday, December 06, 2004 9:57 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange Latency The problem is that we are not upgrading to Ex2k3 and have no plans to do so in the near future. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Michael B. SmithSent: Monday, December 06, 2004 12:13 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange Latency I'm not quite sure what you mean by latency. But cached mode in Outlook 2003 goes a long way to alleviating many of these types of complaints. If you can combine that with Exchange 2003 on the backend, so you get compression and buffer packing, that can help a great deal as well. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Monday, December 06, 2004 12:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Exchange Latency
We have been trying to get upgraded to Office 2k3, but it has not been funded yet. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Ayers, DianeSent: Monday, December 06, 2004 12:17 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange Latency One option is to have the users switch to Outlook 2003 and run it in "local cached mode" Diane From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Monday, December 06, 2004 9:06 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Exchange Latency
1. I don't think so 2. They are all running XP Pro 3. All running Outlook 2000 _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Craig CerinoSent: Monday, December 06, 2004 12:17 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange Latency Daniel a few questions: Iis this something (the latency) recent? What OS are they running on What version of Office/Outlook? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Monday, December 06, 2004 12:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
The /3GB switch isn't about the size of the database, it is used when an application uses the /LARGEADDRESSAWARE switch. I don't believe that anything running on a DC (not taking into account any 3rd party apps) is using that switch, therefore the /3GB switch shouldn't be needed. You can set the /3GB switch on any server, but the only applications that recognize (and use) that switch are ones marked with /LARGEADDRESSAWARE. Any other applications running on that server will be unaffected and will still only address 2GB of virtual address space. Note that the /3GB switch is referencing virtual address space only. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Monday, December 06, 2004 12:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Really? Z:\ntds\db>dir ... 05/20/2004 07:47 AM 7,899,987,968 ntds.dit ... Cheers, -BrettSh On Mon, 6 Dec 2004, Renouf, Phil wrote: > You don't need the /3GB switch for a DC. Just having more than 2GB of > ram does not require using the /3GB switch, systems like Exchange > require it, but a DC shouldn't need it. > > Phil > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil > Sent: Monday, December 06, 2004 11:57 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Stress testing and performance analysis of domain > controllers > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on > the DC so as to identify the maximum load that each config is capable > of handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil > > Neil Ruston - MVP Directory Services > > == > == > == > This message is for the sole use of the intended recipient. If you > received this message in error please delete it and notify us. If this > message was misdirected, CSFB does not waive any confidentiality or > privilege. CSFB retains and monitors electronic communications sent > through its network. Instructions transmitted over this system are not > binding on CSFB until they are confirmed by us. Message transmission > is not guaranteed to be secure. > == > == > == > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Latency
The problem is that we are not upgrading to Ex2k3 and have no plans to do so in the near future. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Michael B. SmithSent: Monday, December 06, 2004 12:13 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange Latency I'm not quite sure what you mean by latency. But cached mode in Outlook 2003 goes a long way to alleviating many of these types of complaints. If you can combine that with Exchange 2003 on the backend, so you get compression and buffer packing, that can help a great deal as well. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Monday, December 06, 2004 12:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
I think you can get what you want using the below tool in conjunction with http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4871- b8a4-99f98b3f4338&DisplayLang=en Using the /3gb switch is often recommended, but your biggest benefit will likely come from the disk layout. If you can get both, that's great, but the disk would be the one to really fight for if something has to give. That said, it's rumored that 64bit Windows does a nice job as well. I couldn't speak that however. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Monday, December 06, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Stress testing and performance analysis of domain controllers maybe the Server Performance Advisor? : http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-47b9- 901b-cf85da075a73&displaylang=en or http://tinyurl.com/46wd3 hth, john Ruston, Neil wrote: > > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption > of the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > In order to 'sell' this idea, I would like to demonstrate the > effective increase in 'horse power' that the above offers. I am > therefore looking for a tool which can help me to show that a DC with > config A can handle load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on > the DC so as to identify the maximum load that each config is capable > of handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
The OP doesn't mention what OS he is running. If it is 2K AS, AD caching can be better with the /3GB once you hit 600MB of physical RAM and I believe it peaks at 1GB of cached DIT in terms of benefits. K3 32bit changed memory management and the improvements for /3GB come after 2GB of RAM if I recall my conversations about it with ~Eric properly. Of course if your DIT is 200MB, allowing cache to grow to 1GB isn't really necessary, the DIT will probably cache fine in the default space available. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, December 06, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers You don't need the /3GB switch for a DC. Just having more than 2GB of ram does not require using the /3GB switch, systems like Exchange require it, but a DC shouldn't need it. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Monday, December 06, 2004 11:57 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Stress testing and performance analysis of domain controllers As part of a more general AD design refresh, I am re-visiting the DC hardware and OS configuration. I am proposing several changes to the DC spec, including the adoption of the following: * Use 4Gb RAM * Use /3gb switch * Place AD logs and database on separate disk spindles In order to 'sell' this idea, I would like to demonstrate the effective increase in 'horse power' that the above offers. I am therefore looking for a tool which can help me to show that a DC with config A can handle load x whilst DC spec B can handle load y. Ideally, this tool will act much like loadsim and simulate a load on the DC so as to identify the maximum load that each config is capable of handling. Is there such a tool available on the market? Thanks in advance, Neil Neil Ruston - MVP Directory Services == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Latency
An additional solution would be to give them RPC/HTTP and let them route via the internet if possible. Couple that with cached mode as suggested, and you can make their 'experience' that much better. Putting the data no different drives or trying to replicate it via the back-end would be difficult at best and catastrophic in some cases. Plus it would be complex in terms of client configuration etc. Using cached mode, you're basically replicating the data to the local laptop/desktop. For faster access, I suggest RPC/HTTP so they aren't encumbered by your WAN link. You might need to play with the WAN/Network configuration to get the benefits of that however. Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, DianeSent: Monday, December 06, 2004 12:17 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange Latency One option is to have the users switch to Outlook 2003 and run it in "local cached mode" Diane From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Monday, December 06, 2004 9:06 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
See http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/de ployguide/en-us/dssbj_dcc_imef.asp for more MSFT-approved information re: /3gb on DCs. Server Performance Advisor http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-4 7b9-901b-cf85da075a73&displaylang=en might provide some insight but it is not predictive. There was a company in the UK named NTSim that had a performance-simulation program for AD, but I think they may have gone under. I've used the ADTEST programs and scripts from Microsoft to generate repeatable loads and it seems to work well, even if it is a bit of a pain to set up. You didn't say anything about the size of your DIT, but generally, providing enough RAM to cache the entire DIT plus indices is a big win. Several large customers have deployed 64-bit DCs with gobs (1 Gob = 8GB :) of memory to do this and have been quite pleased. -gil Gil Kirkpatrick CTO, NetPro "To fly, flip away backhanded. Flat flip flies straight. Tilted flip curves. Experiment!" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Monday, December 06, 2004 10:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Stress testing and performance analysis of domain controllers Really? Z:\ntds\db>dir ... 05/20/2004 07:47 AM 7,899,987,968 ntds.dit ... Cheers, -BrettSh On Mon, 6 Dec 2004, Renouf, Phil wrote: > You don't need the /3GB switch for a DC. Just having more than 2GB of > ram does not require using the /3GB switch, systems like Exchange > require it, but a DC shouldn't need it. > > Phil > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil > Sent: Monday, December 06, 2004 11:57 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Stress testing and performance analysis of domain > controllers > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption of > the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > > In order to 'sell' this idea, I would like to demonstrate the effective > increase in 'horse power' that the above offers. I am therefore looking > for a tool which can help me to show that a DC with config A can handle > load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on the > DC so as to identify the maximum load that each config is capable of > handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil > > Neil Ruston - MVP Directory Services > > > == > This message is for the sole use of the intended recipient. If you > received this message in error please delete it and notify us. If this > message was misdirected, CSFB does not waive any confidentiality or > privilege. CSFB retains and monitors electronic communications sent > through its network. Instructions transmitted over this system are not > binding on CSFB until they are confirmed by us. Message transmission is > not guaranteed to be secure. > > == > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
Really? Z:\ntds\db>dir ... 05/20/2004 07:47 AM 7,899,987,968 ntds.dit ... Cheers, -BrettSh On Mon, 6 Dec 2004, Renouf, Phil wrote: > You don't need the /3GB switch for a DC. Just having more than 2GB of > ram does not require using the /3GB switch, systems like Exchange > require it, but a DC shouldn't need it. > > Phil > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil > Sent: Monday, December 06, 2004 11:57 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Stress testing and performance analysis of domain > controllers > > As part of a more general AD design refresh, I am re-visiting the DC > hardware and OS configuration. > > I am proposing several changes to the DC spec, including the adoption of > the following: > > * Use 4Gb RAM > * Use /3gb switch > * Place AD logs and database on separate disk spindles > > > In order to 'sell' this idea, I would like to demonstrate the effective > increase in 'horse power' that the above offers. I am therefore looking > for a tool which can help me to show that a DC with config A can handle > load x whilst DC spec B can handle load y. > > Ideally, this tool will act much like loadsim and simulate a load on the > DC so as to identify the maximum load that each config is capable of > handling. > > Is there such a tool available on the market? > > Thanks in advance, > Neil > > Neil Ruston - MVP Directory Services > > > == > This message is for the sole use of the intended recipient. If you > received this message in error please delete it and notify us. If this > message was misdirected, CSFB does not waive any confidentiality or > privilege. CSFB retains and monitors electronic communications sent > through its network. Instructions transmitted over this system are not > binding on CSFB until they are confirmed by us. Message transmission is > not guaranteed to be secure. > > == > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Latency
Daniel a few questions: Iis this something (the latency) recent? What OS are they running on What version of Office/Outlook? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Monday, December 06, 2004 12:06 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Exchange Latency
One option is to have the users switch to Outlook 2003 and run it in "local cached mode" Diane From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Monday, December 06, 2004 9:06 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Stress testing and performance analysis of domain controllers
You don't need the /3GB switch for a DC. Just having more than 2GB of ram does not require using the /3GB switch, systems like Exchange require it, but a DC shouldn't need it. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Monday, December 06, 2004 11:57 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Stress testing and performance analysis of domain controllers As part of a more general AD design refresh, I am re-visiting the DC hardware and OS configuration. I am proposing several changes to the DC spec, including the adoption of the following: * Use 4Gb RAM * Use /3gb switch * Place AD logs and database on separate disk spindles In order to 'sell' this idea, I would like to demonstrate the effective increase in 'horse power' that the above offers. I am therefore looking for a tool which can help me to show that a DC with config A can handle load x whilst DC spec B can handle load y. Ideally, this tool will act much like loadsim and simulate a load on the DC so as to identify the maximum load that each config is capable of handling. Is there such a tool available on the market? Thanks in advance, Neil Neil Ruston - MVP Directory Services == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Latency
I'm not quite sure what you mean by latency. But cached mode in Outlook 2003 goes a long way to alleviating many of these types of complaints. If you can combine that with Exchange 2003 on the backend, so you get compression and buffer packing, that can help a great deal as well. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Monday, December 06, 2004 12:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange Latency A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
[ActiveDir] Exchange Latency
A couple of our users who split their time between two of our sites (NY, LA). The problem is that no matter where we store these user's mailboxes, when they are at the other site, they experience latency. I am not sure there is much that can be done about this, but I have been asked to see if the problem can be alleviated. One suggestion I got was to have the users' mailboxes replicated between the two sites. Another suggestion was to have the users' mailboxes stored on a network drive on one site that is mapped to the other site. I am not sure the first suggestion is possible and I do not see the point of the second solution. Anyway, does anybody have any suggestions? _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
Re: [ActiveDir] Stress testing and performance analysis of domain controllers
maybe the Server Performance Advisor? : http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-47b9-901b-cf85da075a73&displaylang=en or http://tinyurl.com/46wd3 hth, john Ruston, Neil wrote: As part of a more general AD design refresh, I am re-visiting the DC hardware and OS configuration. I am proposing several changes to the DC spec, including the adoption of the following: * Use 4Gb RAM * Use /3gb switch * Place AD logs and database on separate disk spindles In order to 'sell' this idea, I would like to demonstrate the effective increase in 'horse power' that the above offers. I am therefore looking for a tool which can help me to show that a DC with config A can handle load x whilst DC spec B can handle load y. Ideally, this tool will act much like loadsim and simulate a load on the DC so as to identify the maximum load that each config is capable of handling. Is there such a tool available on the market? Thanks in advance, Neil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Stress testing and performance analysis of domain controllers
Title: Stress testing and performance analysis of domain controllers As part of a more general AD design refresh, I am re-visiting the DC hardware and OS configuration. I am proposing several changes to the DC spec, including the adoption of the following: Use 4Gb RAM Use /3gb switch Place AD logs and database on separate disk spindles In order to 'sell' this idea, I would like to demonstrate the effective increase in 'horse power' that the above offers. I am therefore looking for a tool which can help me to show that a DC with config A can handle load x whilst DC spec B can handle load y. Ideally, this tool will act much like loadsim and simulate a load on the DC so as to identify the maximum load that each config is capable of handling. Is there such a tool available on the market? Thanks in advance, Neil Neil Ruston - MVP Directory Services == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ==
RE: [ActiveDir] Slightly Off Topic NT4 Domain Question
Title: Slightly Off Topic NT4 Domain Question I figured it out to look at audit within user manager. Thanks anyway -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Monday, December 06, 2004 10:36 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Slightly Off Topic NT4 Domain Question I was wanting to know if there is a way to track all logins whether they aresuccessful or unsuccessful logins to the domain? I have security auditingturned on my domain controller to do failure audits, but is there a way totrack all logins? Thanks in advanceChris PohlschneiderNetwork AdministratorCenveo-Sidney937-497-2136[EMAIL PROTECTED]
[ActiveDir] Slightly Off Topic NT4 Domain Question
Title: Slightly Off Topic NT4 Domain Question I was wanting to know if there is a way to track all logins whether they are successful or unsuccessful logins to the domain? I have security auditing turned on my domain controller to do failure audits, but is there a way to track all logins? Thanks in advance Chris Pohlschneider Network Administrator Cenveo-Sidney 937-497-2136 [EMAIL PROTECTED]
RE: [ActiveDir] Restore AD
Thanks Eric. Thinking of AD in a simplified manner is called for here. Replication or not, because this is possible and can be done with a lot of complicated trickery/third-party apps, I think it's worthwhile to have this functionality baked-in. Intuitively, it should be there for the admins. I think it's time for this functionality to be baked in. Sadly, I'm well aware of how tricky it is for various reasons. While it's better than older Exchange concepts, it's harder than it needs to be, at least in smaller shops. In larger shops, some of this wouldn't work well anyway and they'd need to take advantage of custom solutions either through ISV's or through in-house efforts. At the very least, this should be available as an option in single domain forests. Shouldn't be nearly as complicated and they're not nearly as likely to have a decent IDM solution. Oh, and they likely make up a majority (in terms of sheer numbers) of your customer base, yet remain anonymous. Just some thoughts on my part. I haven't received an answer yet on this as a viable way forward from the dev team, but I'm interested to hear why this would be something in future versions or why not. I also realize I could do other architecture related things to prevent this from being a huge issue. For example, I could use a better export/import and practice my restores on a regular basis along with authoritative restores. I could setup a site in each domain that doesn't replicate nearly as often to help me find that information and then use some slight-of hand to get that object to overwrite the "mistakes". I could. I shouldn't have to is my point and for some basic functionality, I shouldn't have to look to a third-party for this. Similar to the backup program mentality - it works, but if you want more of a solution you need to buy it. That works for me. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Saturday, December 04, 2004 7:23 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Restore AD Yes and no. Thinking of AD as just a database with a bunch of records ignores some of the most complicated pieces, namely replication. We are fully multimaster with the understanding that we maintain loose consistency and support some other functionalities that make this even harder than it might have to be (harder than when just considering the notion of replication). This yields a series of nontrivial problems to solve in the restore. We already have a "retention period" of sorts: tombstone lifetime. We could retain more attributes on tombstones and help you with this. In fact, you can do this in your forest now through a minor schema change. This works well, but does not solve some harder problems like link value restore (as mentioned in my previous post). Those are still exercises "left to the reader", or the ISV in most cases. All of this is not to say that it can't be done, I just wanted to ensure you think through why it is tricky. :) I hear that ISVs have done a good job at tackling this problem today. I'd check out what they offer, perhaps there is something there that would do what you need. ~Eric From: [EMAIL PROTECTED] on behalf of Glenn Corbett Sent: Sat 12/4/2004 5:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Restore AD Al, Isn't the underlying technology and the recovery of the data essentially the same ?. All of the entries (both in Exchange and AD) are simply records within tables within a database. Exchange basically flags the mailbox record as deleted and then applies the defined mailbox retention settings to allow for recovery. Theoretically, it should be a similar process for AD to allow records to be deleted (a group, a user, an OU), and then apply a retention period to these object and allow them to be recovered. I for one would like to see this sort of functionality as well, as it would greatly simplify some of our Admin procedures where we have to hang onto a users account who's left for up to 3 months to allow for the instance where they come back. We have to hold these accounts in a separate OU, then have additonal processes to clean the accounts after a period of time. I would love to just delete the account and mailbox on the day they leave, and they have a defined period of time to recover the account before the automatic cleanup process of AD / Exchange finally deletes the objects. Would also help greatly for the finger-fumbles. G. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Saturday, 4 December 2004 7:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Restore AD I have not heard of anything like that directly from Microsoft. Been asking those same questions, but perhaps too quietly. I can tell you that one reason you won't see the same functionality as Exchange is that you're dealin
RE: [ActiveDir] Add Computer to Domain rights
Don't forget to remove the Authenticated Users from the policy "Add workstations to domain" in the DDCP. By default each authenticated user has the ability to add up to 10 workstations to the domain. Those computer accounts will be placed in the Computers containers. When configuring as Brian mentiones below the configured group/users have the ability to add an unlimited number of workstations to the domain (independent of the policy setting I mentioned earlier) Regards, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian DesmondSent: maandag 6 december 2004 6:23To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Add Computer to Domain rights Mike- You need to delegate this right. Create group on your domain called Add Computer To Domain or something of that nature. Put the users you want to grant this right to in the group. Right click the computers CN (or where ever users are going to be creating computer accounts if you’ve used redircomp on 2003, or are using a custom tool), and goto Delegate Control. Add your group to the list, next pane hit custom task. Pick computer objects form the list. Next pane tick Create All Child objects, next, finish. You’ll have to wait a replication cycle across the org for this to work enterprise wide. Thanks. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike CeloneSent: Sunday, December 05, 2004 9:15 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Add Computer to Domain rights Where does the Add Computers to the domain right need to be specified? Do you define it on the Default Domain Controllers Policy or on the Default domain policy? I have to give a group this right and I wasn't sure which policy it needs to be defined on. Mike This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
