Prune Active Directory to maintain network performance

Here are some simple steps for cleaning up Active Directory and ensuring that it functions more efficiently.

Active Directory is the database of all objects within a domain. That means everything -- including sites, organizational units, groups, user accounts and shares. Each object is stored in multiple formats using up to seven different naming conventions. As the size of your network increases, the size of your Active Directory database increases even faster.

We all want high-performance networks. We don't want to wait two minutes or even 15 seconds for access to be granted or a resource to be opened. We want instant gratification. It's a well-known fact that throwing hardware at Windows 2000 is just about the best way to improve its performance. Microsoft left few end-user -- read: administrator accessible -- tuning controls that actually produce a measurable performance improvement. Thus, we have to rely on more draconian measures.

The best way to keep AD performing at top efficiency is to keep the AD database as clean as possible. While this may seem simple and obvious, I'm amazed how often this simple step is overlooked by small and large organizations. What this means is don't keep around old objects, including user accounts, groups or even organizational units. Every object in the AD database takes up space -- some upwards of 30 KB each. Establish a regular routine to review outdated or unused objects and remove as many as you can without negatively affecting your organization. If possible, simplify the hierarchical structures of your OUs and your groups. The fewer levels of complexity, the smaller your AD database will become.

Another way to improve your AD performance is to execute a regular offline defragmentation of the Active Directory database. I discussed this in an earlier tip titled "Keeping AD Neat and Tidy" but you can also find details in the Microsoft Knowledge Base document Q232122, "Performing Offline Defragmentation of the Active Directory Database."


James Michael Stewart is a researcher and writer for Lanwrights, Inc.


 

This was first published in July 2002

Dig deeper on Microsoft Active Directory Design and Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close