By chance, does the 1gb per process limit exist in the 64bit version of the os?
We were discussing the max event log size today and I was curious if it still is an issue in 64bit os versions.
more info here: http://jeftek.spaces.live.com/blog/cns!F2042DC08607EF2!699.entry
Thanks,
Jef
Jef Kazimer
14 Sep 2006 7:48 AM
AC
15 Sep 2006 12:22 AM
Brian,
Nice info. Thanks for sharing.
Can't you still provide the 5000-10K user answer by dividing the # of user / computer accounts or the # of authenticated operations over some unit of time by the # of available DC's?
MSFT authenticates X # of security principals or Y # of authentications with 14 servers
If you look only at user account authentication then that's 3500 users per DC.
If you look @ user and computer account authentication then the ratio is more like 15K user / computer accounts per server where user to computer account ratio is 1:3.2.
I would assume that the majority of desktop computers run 24x7 except for reboots from power outages and security fixes, with laptops generating more volume as reattach each day or wake from hibernate between meetings (the unlocking of a workstation generates a logon authentication)
Very few companies will have 3.2 computer accounts per user.
Focusing on authentcations per hour (especially at peak times), day or week will likely give a better result.
15 Sep 2006 1:16 PM
Hi AC, thanks for reading my blog and posting the comments!
There are numerous reasons why a "5000 - 10000" type answer isn't valid, but the by far the largest one is that it depends on how other things in the domain are configured.
For example, we have IPSec deployed in all our forests for domain isolation. Does this change the load profile on the DC's? ABSOLUTELY!
In fact, I'll even admit here, that our IPSec deployment actually caused some serious auth issues in the domain because we exceeded our capacity. The only solution was to upgrade and add servers (we did both).
So one day, we're cruising along with ~15 x86 "old" DC's...and the next day, we've got 20 DC's, half of which are x64. Numbers of users, computers, even interactive logons, all stayed the same - but our Kerberos authentication's tripled due to the IPSec negotiations.
Every environment is different. How you configure your servers is different. What kind of load you have on your servers will be different, so no, I can't really provide a generic answer for you...
"So Brian - If everything is 'different' like you say, then why give any advice at all?"
Because somebody, somewhere, is sitting at their desk, in front of a blank whiteboard, with the most unusual IT problem of all - They've actually GOT budget, but have ABSOLUTELY NO IDEA WHATSOEVER what to spend it on... My numbers will at least help you determine if you need 2, 10, 20, 100 or 200 DC's...
well...at least that's what I hope.
~Brian
Anonymous
8 Feb 2007 8:43 PM
I see this questions come up quite a bit about the interoperability of x86 and x64 domain controllers.
Max
10 Aug 2007 9:59 PM
Hello,
I am in search of guidelines for my staff on how to load the entire Active data base in RAM. We are dealing with 1.5 Million users and need the faster speed of authentications. Also for wireless devices.
Any asisstance is greatly appreciated.
Rhea
11 Dec 2007 10:21 AM
[...]OH COOL! :) thanks! :), i like the offer, but if u want to see the new projection screen in affordable price then here is the link:
http://www.electronicwhiteboardswarehouse.com/
[ ..]
Anonymous
31 Jan 2008 11:56 AM
PingBack from http://jeftek.wordpress.com/2006/09/13/64bit-domain-controllers-and-event-log-max-sizing/
zxevil135
1 Mar 2008 2:00 AM
Udai5g r u crazzy? I told u! I can't read!
zxevil136
2 Mar 2008 12:31 AM
PYO3G0 r u crazzy? I told u! I can't read!
zxevil134
7 Mar 2008 2:07 AM
TOxHuW r u crazzy? I told u! I can't read, man!
zxevil141
7 Mar 2008 5:12 AM
CtEZd0 r u crazzy? I told u! I can't read!
zxevil150
7 Mar 2008 10:57 PM
MgY4lY r u crazzy? I told u! I can't read!
zxevil151
8 Mar 2008 1:56 AM
EFn4x7 r u crazzy? I told u! I can't read!
zxevil152
8 Mar 2008 5:15 AM
ruz4u0 r u crazzy? I told u! I can't read!
zxevil153
8 Mar 2008 8:20 AM
H9fViN r u crazzy? I told u! I can't read!