Re: Number of groups in AD
From: Rytis (lietryti[nospamdeletethis)
Date: 10/04/04
- Next message: Research Services: "Disable NetBIOS and NTLM on Windows 2003 Domain Controllers and Exchange 2003?"
- Previous message: Danilo Bordini [MVP]: "RE: Reporting Tool for Userrights in a W2K AD"
- In reply to: Tomasz Onyszko: "Re: Number of groups in AD"
- Next in thread: Tomasz Onyszko: "Re: Number of groups in AD"
- Reply: Tomasz Onyszko: "Re: Number of groups in AD"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 4 Oct 2004 17:20:59 +0300
I am planning to use domain local groups mainly.
So, if I understood correctly, if I will have ~2000 domain local groups,
it`s not a big problem? :-)
I heard, that number of groups can affect DC performance, but I can`t find
any articles in MS site about that.
"Tomasz Onyszko" <T.Onyszko@w2k.pl> wrote in message
news:O6SFgohqEHA.3900@TK2MSFTNGP10.phx.gbl...
> Rytis wrote:
>> Hi,
>>
>
> What kind of groups are You planning to create - how many universal groups
> are You planning in Your design.
>
> I don't know Your bussiness needs but 4 groups for each user :) it's a
> lot.
>
> This number of groups can affect Your logon performance. You have to
> remember that each time the users log on the security token is created and
> the security token is combination of user's SID and the SID of every group
> this which this user belongs to. SO the logon process will take longer if
> user will be a member of many groups becous the security token creation
> process will take longer.
>
> This token is also sent via network to every computer which this users
> access so the size of the token can slighlty increase the number of data
> sent through network.
>
> This of course is true for security groups - distribution groups don't
> affect a token size.
>
> Remember that membership in Universal groups need to be replicated to
> every GC server and this will affect Your network traffic, so the number
> of Universal groups and users in universal group is mportant (try to avoid
> adding individual users to universal group - use group nesting). Queries
> to the GC from the domain controllers also can create additional traffic
> in Your network but WIndows 2003 universal group membership caching
> feature will help You minimize impact of this queries to Your network.
>
>
> --
> Tomasz Onyszko [MVP]
> T.Onyszko@w2k.pl
> http://www.w2k.pl
- Next message: Research Services: "Disable NetBIOS and NTLM on Windows 2003 Domain Controllers and Exchange 2003?"
- Previous message: Danilo Bordini [MVP]: "RE: Reporting Tool for Userrights in a W2K AD"
- In reply to: Tomasz Onyszko: "Re: Number of groups in AD"
- Next in thread: Tomasz Onyszko: "Re: Number of groups in AD"
- Reply: Tomasz Onyszko: "Re: Number of groups in AD"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
