Active Directory is the database of all objects within a domain. That means everything -- including sites, organizational units, groups, user accounts and shares. Each object is stored in multiple formats using up to seven different naming conventions. As the size of your network increases, the size of your Active Directory database increases even faster.
We all want high-performance networks. We don't want to wait two minutes or even 15 seconds for access to be granted or a resource to be opened. We want instant gratification. It's a well-known fact that throwing hardware at Windows 2000 is just about the best way to improve its performance. Microsoft left few end-user -- read: administrator accessible -- tuning controls that actually produce a measurable performance improvement. Thus, we have to rely on more draconian measures.
The best way to keep AD performing at top efficiency is to keep the AD database as clean as possible. While this may seem simple and obvious, I'm amazed how often this simple step is overlooked by small and large organizations. What this means is don't keep around old objects, including user accounts, groups or even organizational units. Every object in the AD database takes up space -- some upwards of 30 KB each. Establish a regular routine to review outdated or unused objects and remove as many as you can without negatively affecting your organization. If possible, simplify the hierarchical structures of your OUs and your groups. The fewer levels of complexity, the smaller your AD database will become.
Another way to improve your AD performance is to execute a regular offline defragmentation of the Active Directory database. I discussed this in an earlier tip titled "Keeping AD Neat and Tidy" but you can also find details in the Microsoft Knowledge Base document Q232122, "Performing Offline Defragmentation of the Active Directory Database."
James Michael Stewart is a researcher and writer for Lanwrights, Inc.