ADS Active Directory Service (Farsi User Guide)
Resource: Windows 2000 Server Resource kit Distributed Systems Guide

> Part2 > ADS > Part 1 > Active Directory Data Storage > Data Storage > Storage Limits

Storage Limits

نمی توان برای ذخیره سازی اطلاعات محدوده ای را برای ذخیره تعداد Object ها در نظر گرفت

DataBase این سرویس تا چهل میلیون Object را جواب داده و Test شده .برای یک Ldap Client سرعت دسترسی به

10.000 با 100.000 و یا یک میلیون Object یکسان می باشد .سرعت کار ADS زمانی که Database آن رشد کند و بزرگ شود نفاوتی نمی کند .

In a mixed-mode environment in which backup domain controllers are running Windows NT 4.0, the recommended limit for the number of security principal objects per domain is 40,000 (the sum of users, groups, and computers). This limit is based on the Windows NT 4.0 SAM database storage capacity. (For more information about SAM database capacity, see "Determining Domain Migration Strategies" in the Microsoft Windows 2000 Server Resource Kit Deployment Planning Guide.)
 

هر Object در Database یک رکورد می باشد و هر Attribute در این رکورد یک Column  یا ستون می باشد .

 

To enhance performance on domain controllers, install the Windows 2000 operating system on one drive, the Active Directory database file (Ntds.dit) on a second drive, and the log files on a third drive. (For more information about disk management, see "Data Storage and Management" in the Microsoft Windows 2000 Server Resource Kit Server Operations Guide. For more information about database page sizes, see the Microsoft Platform SDK link on the Web Resources page at http://windows.microsoft.com/windows2000/reskit/webresources.)

Garbage Collection

بجای پاک کردن Object از Database سرویس Active Directory  حالت Tombstones را به رکود مربوطه می دهد و آن را بصورت فیزیکی پاک نمی کند

زمانی که علامت Tombstones به آن رکود بخورد تمامی Attribute های آن پاک می شود و در زمان Replication تمامی دیگر DC ها از این موضوع باخبر می شوند

و تغییرات اعمال می شود .و در نهایت آن رکورد منتقل می شود به Deleted Object Container منتقل می شود .

این فعالیت برای شناسایی رکوردهای بی ارزش هر 12 ساعت تکرار می شود .بعد از این 12 ساعت تمامی Tombstone ها پاک می شوند و نیز یکجور

عمل Defragments برای Database رخ می هد .

 
Tombstone Lifetime Attribute

مدت زمانی می باشد که یک رکورد می تواند در این حالت بماند قبل از اینکه پاک شود بصورت فیزیکی از Database.

مدت زمان آن  60 ساعت می باشد و حداقل آن 2  روز می باشد .

Tombstone lifetime determines the number of hours that a deleted object lives as a tombstone in the directory before being collected as garbage, and it is set in the tombstoneLifetime attribute. The default setting is 60 days, and the minimum setting is 2 days.

Garbage collection interval determines how often a domain controller examines its database for expired tombstones that can be collected, and it is set in the garbageCollPeriod attribute. The default setting is 12 hours, and the minimum setting is 1 hour. This period is to ensure proper replication of deleted objects.

این بسیار مهم می باشد که زمان Tombstone Lifetime بیشتر زمان از Replication موجود در کل Forest باشد .

برای اینکه زمانی که یک رکورد یا Object به حالت Tombstone رفت دیگر DC ها در زمان Replication از این موضوع باخبر بشوند .

تذکر اگر Tombstone Record به  DC های دیگر انتقال پیدا نکند آن رکورد یا Object در دیگر DC ها هرگز پاک نمی شود و این خطرناک می باشد .

 

شما می توانید این دو Attribute را توسط  برنامه ADSI Edit تغییر دهید و یا پیکربندی کنید .

برای این کار مراحل زیر را انجام دهید .در مرحله اول دستور ADSIEDIT.MSC را بعد از نصب Support Tools در Run اجرا کنید .

 

ADSIEDIT.MSC

You can use ADSI Edit to view or change the default settings for these attributes. To change the values, use the procedure that follows.
To use ADSI Edit, install the Support Tools that are located in the Support\Tools folder on the Windows 2000 Server operating system CD. To install the tools, double-click the Setup icon in that folder. For more information about using ADSI Edit, see Microsoft Windows 2000 Support Tools Help. For information about installing and using the Windows 2000 Support Tools and Support Tools Help, see the file Sreadme.doc in the Support\Tools folder of the Windows 2000 operating system CD.

To view or change attribute values by using ADSI Edit

  1. On the Start menu, point to Programs, Windows 2000 Support Tools, Tools, and then click ADSI Edit.
  2. If the directory partition whose attributes you want to change or view is not displayed, right-click the ADSI Edit icon, and then click Connect to.
  3. If the current computer is not the domain controller on which you want to change attributes, under Computer, click Select or type a domain controller, and then select or type the computer name.
  4. To select the directory partition, under Connection Point, click Naming Context.
  5. In the Naming Context list, click a directory partition, and then click OK.
     

    Note

    In the Name box, the name of the directory partition that you selected is displayed. You can replace this name with a name that better identifies the specific connection.

  6. Navigate to the object whose property values you want to view or change.
  7. In the Properties dialog box, in the Select which properties to view box, click one these alternatives: Optional, Mandatory, or Both.
  8. In the Select a property to view box, click the property that you want to view.
  9. To change a property value, type the value in the Edit Attribute box.
  10. Click Set, and then click OK.

When you view properties on cn=Directory Service,cn=Windows NT, cn=Services,cn=Configuration,dc=forestRootDomain, if no value is set (which means that the default is in effect), the value that you type in the Edit Attribute box replaces the default value when you click Set.

Database Defragmentation

چون اطلاعات  ADS مدام در حال Update شدن می باشد شما می توانید برای اینکه اطلاعات بصورت مرتب و پشت سرهم و فشره باشند آنها را Defragment کنید .

برای این کار از دستور NTDSutil.exe  می توان استفاده کرد . این کار در حالت Online or Offline می توان انجام داد .

Defragmentation can take place online (while the computer is running as a domain controller) or offline (while the computer is running as a stand-alone server).

Online Defragmentation

لایه ESE در سرویس ADS پشتیبانی می کند از Defrag بصورت Online .برای اطلاعات بیشتر در مورد این لایه به

قسمت Directory Service Architecture رجوع کنید .

لایه ESE بصورت منظم بعد از هر دوره Garbage Collection بصورت اتوماتیک این Defrag را انجام می دهد .

در این حالت اطلاعات و یا بهتر است بگوییم فضای اضافی Database به فضای دیسک یا Hard ما اضافه نمی شود بلکه فقط اطلاعات مرتب چیده می شوند

در حالت Offline می باشد که اگر فضای اضافه وجود داشته باشد به File System با Hard برگشت داده می شود .

Extensible Storage Engine (ESE)

Offline Defragmentation

این حالت اطلاعات خالی یا بی ارزش و فضاهای خالی به Hard disk برگردانده می شود و اندازه واقعی  ADS Database NTDS.DIT  مشخص می شود .

این روش را در حالت Active Directory Restore Mode می توان انجام داد .در زمان Boot شدن DC باید این حالت را انتخاب کرد سپس این عمل را

انجام داد .

To start a domain controller in Directory Services Restore Mode

  1. During the phase of startup when you would usually select the operating system, press F8 to display advanced startup options.
  2. On the Windows 2000 Advanced Options menu, use the arrow keys to select Directory Services Restore Mode, and then press ENTER.

Follow these recommended defragmentation procedures:

  • Use offline defragmentation only when you know that database contents have decreased considerably (for example, when a Global Catalog server becomes a normal domain controller) and you need to reclaim space for other uses.
  • Retain the original Ntds.dit file until the domain controller has restarted with the defragmented file. When you have no doubt that the directory database is in a consistent state, you can delete the fragmented (original) database file.
 
MCSE Exam 2000
You have recently been hired as the systems administrator for the TelStar company. The company's
network consists of a single Windows 2000 domain with two domain controllers. As you review the resources
on the company's Windows 2000 network, you notice that Active Directory is using more space than you
would have anticipated based on the number of current objects in Active Directory.


How should you reduce the space that is required to store Active Directory? (Select the best choice.)


a. Perform an online defragmentation on both of the domain controllers.
b. Perform an offline defragmentation on both of the domain controllers.
c. Manually remove any infrequently used objects from Active Directory.
d. Restart all domain controllers in normal mode.


Answer: b

Section: 2. Installing, Configuring, Managing, Monitoring, and Troubleshooting DNS for Active Directory
Choice b is correct. When you perform an offline defragmentation, a newly compressed version of the default
database file of Active Directory, Ntds.dit, is created. You must perform an offline defragmentation on each of the domain controllers on your network. The size of Active Directory is not replicated between domain
controllers. only the data that is contained in the Active Directory database is replicated. During an offline
defragmentation, the Active Directory database will be compacted, and unused disk space will be returned to
the file system. If your computer has enough disk space, then there is no limit to the number of objects that
Active Directory can contain, and a large number of objects does not negatively affect directory service
performance.
Online defragmentation is performed automatically at scheduled intervals, every 12 hours by default. Online
defragmentation optimizes database space usage and provides room for more objects to be created, but it
does not relinquish space. Manual removal of objects from the server's files is not recommended because this
could cause unexpected results that may prevent the system from functioning properly. however, objects can
be manually removed from within Active Directory. If objects were removed from Active Directory, then an
online defragmentation would consolidate used space in the database at the next scheduled interval, but an
offline defragmentation would still be necessary to reduce the size of the Active Directory database file. To
perform an offline defragmentation of Active Directory, you must restart each domain controller in Directory
Services Restore Mode. Restarting the domain controllers in normal mode will update the reported Active
Directory database file size on the domain controllers but will not reduce the size of the actual database.

 
ADS Active Directory Service (Farsi User Guide)

LastUpdate:2005/04/05

> Part2 > ADS > Part 1 > Active Directory Data Storage > Data Storage > Storage Limits