Limitation on number of users.

[Nitin]

Hi All,

Currently i have two DC's on win2k3 server containing nearly 3 lac
users.

I would like to know following:
1. what are the best practices and suggestions how many users should
ideally be in one DC.
2. Since more users will be added in future, In what proportion should
i add Domain Controllers.
3. any reference links that contains the above information.

Regards.
Nitin

 

[Guest]

I hope the Active Directory Sizer help you to "sizer" you AD structure taking
count the number of users, sites in your organization.
See at
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/adsizer.asp

 

[Jorge_de_Almeida_Pinto]

Hi All,

Currently i have two DC's on win2k3 server containing nearly 3
lac
users.

I would like to know following:
1. what are the best practices and suggestions how many users
should
ideally be in one DC.
2. Since more users will be added in future, In what
proportion should
i add Domain Controllers.
3. any reference links that contains the above information.

Regards.
Nitin

you can find more info in the Windows Server 2003 Deployment Kit -
Directory services part. Google for it and you’ll find it

 

[Ace Fekay [MVP]]

In

Hi All,

Currently i have two DC's on win2k3 server containing nearly 3 lac
users.

I would like to know following:
1. what are the best practices and suggestions how many users should
ideally be in one DC.
2. Since more users will be added in future, In what proportion should
i add Domain Controllers.
3. any reference links that contains the above information.

Regards.
Nitin

Besides the resource kit, and the ADSizer tool (which is a great AD
deployment design tool!), just as an FYI, a forest, and no matter how many
domains and/or tress there are in the forest, can contain up to 4.3 Billion
searchable objects (users, groups, computers, published printers, published
shared folders, etc). This doesn't matter if the one domain in the forest,
or if multiple domains and/or tress, has one DC or 800 DCs. The limit
affects the Global Catalog, since that is a service that runs on a DC and is
limited to 4.3 Billion. Once you've created more than that amount, it will
let you, but it won't get replicated to the GC, therefore not searchable.
Since the GC during the logon process, enumerates a user account's Universal
Groups, and refers the logon request to a DC, the user won't be able to
logon, since the universal group enumeration is required, because you never
know, the user can be part of a group that is denied access somewhere,
therefore for security reasonse, if it can't be enumerated, logon will be
denied.

To see the exact number, to get an idea, go into your registry, under
HKLM/System/CurrentControlSet/Services/Lanman Server, and take a look at one
of the shares and look at the max user amount.

Curious, how many users are in your environment?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================