Tips for Windows domain controller optimization

There are many different techniques for optimizing servers. To most Windows administrators, optimization means using the Performance Monitor to find out where a system's bottlenecks are, and then working to remove the cause of those bottlenecks. This is such a common optimization technique that Microsoft includes it as a part of many of its Windows certification classes. If you have ever attended any of these classes or read the various certification guidebooks, then you know that there are some very specific counters that Microsoft recommends monitoring.

I don't deny the importance of the more commonly used counters. In fact, they work really well. The problem is that although you can learn a lot about a system by monitoring the most basic counters, not all servers are created equally. Depending on a server's role, it may use some resources more heavily than others. Therefore, unless you know which resources a server is really depending on, you will never be able to fully optimize the system.

Microsoft has created Performance Monitor counters that are specific to some server roles. This is particularly true for Windows domain controllers. Let's take a look at some of those counters that I've found to be the most helpful.

Replication

The majority of Windows networks contain multiple domain controllers, and updates to the Active Directory database must be replicated to each DC. Since the replication process plays such an important role in keeping domain controllers up to date, I tend to think that the replication-related counters are probably the most important ones to monitor. The table below lists some of the more helpful replication-related counters.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Server Monitoring and Administration Perfmon made easy with PAL utility DirectAccess means 'always on' in Windows Server 2008 R2 Top five Server Core management tips for Windows 2008 Top free tools for Windows server administration Windows Server 2008 Learning Guide A quick guide to Server Manager for Windows Server 2008 Moving dynamic disks to a new Windows server A first look at Storage Explorer for Windows Server 2008 Take control of server clusters with Microsoft's ClusDiag tool Analyze server history with new tool in Windows 2008 Microsoft Active Directory Design and Administration Utilizing Active Directory snapshots in Windows Server 2008 Active Directory tops the list of hot Windows Server 2008 R2 features Creating Windows taskpad views for Active Directory management When to add new domains to your Windows environment Forcing the removal of a Windows Server 2008 domain controller Performing a staged installation of an RODC in Windows Server 2008 Using Active Directory to manage Macs in a Windows environment Scripting domain controller installations: A must for Server Core Taming the LSASS.exe process for Active Directory performance and security Top 5 Active Directory tips of 2008 Windows Systems and Network Administration Troubleshooting Windows application crashes or hangs Converting VMware ESX machines to Hyper-V format Using DFSR for SYSVOL replication in Windows Server 2008 Top 25 Windows PowerShell commands for administrators Key DFS improvements in Windows Server 2008 R2 Free Windows security tools every admin must have Group Policy makes strides in Windows Server 2008 R2 Quick tips for troubleshooting NTFS permissions Common causes of Windows server security vulnerabilities Cutting the cost of Windows identity and access management

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Active Directory  (SearchWindowsServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

c Objects Remaining This counter displays the number of items that must be synchronized before the synchronization is considered complete. You can watch how fast this counter decrements to get a feel for how quickly synchronizations are occurring.
Directory Services DRA Remaining Replication Updates This counter lists the number of directory objects that have been received, but have not yet been applied. Consistently high numbers typically indicate poor database performance. Directory Services DRA Pending Replication Synchronizations This counter reflects the number of replication synchronizations that have been queued but not processed. Non-zero values indicate a replication backlog. Occasional backlogs are normal, but the backlog should disappear quickly.

Authentication

One of a domain controller's primary jobs is to authenticate users when they attempt to log into a domain. Unfortunately, Windows does not provide a lot of authentication-specific counters, but the table below gives details for two important ones.

Database performance

It might seem odd to talk about database performance in an article on domain controller optimization, but if you stop and think about it, Active Directory is really just a big database that is available to clients by way of LDAP queries. If the database does not perform well, then you can't expect the domain controller to perform well either. The table below lists some of the more important database-related performance monitor counters.

Unfortunately, it is impossible to thoroughly discuss the topic of domain controller optimization within the confines of one article. However, these Performance Monitor counters will give you a better idea of why your domain controller is performing the way it is.