Active Directory RAM requirement 2008 R2

Dear, 
I have multiple 2008 R2 Active directory domains (6 DC with respective ADC)  in a forest, User range on each domain is between 500 to 5000. please guide me the RAM requirement with consideration of replication and dns load, I have quad core servers
and all domain controller have integrated DNS
Only Antivirus will be installed  on them.
thanks 
Wajahat

Greetings!
I always measure the amount of RAM needed with this formula:
(RAM for base OS) + (RAM for each individual software) + (1GB internal processes) + (1GB or backup when processes meet dead-end)
In your case a 6GB seems enough if your server is not a Global Catalog. If it is also a Global Catalog you should double the amount of RAM
at minimum. Something like ( n >= 12 ).
Regards.
Mahdi Tehrani   |  
  |  
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?

Similar Messages

  • Install software on multiple client computers in active directory domain win 2008 R2

    We have a Windows Server 2008 R2 Active Directory Domain. We will be getting a few new Windows 7 computers that we will need to install all our proprietary software on, and don't want to have to install all programs, including windows
    updates, individually, on each machine individually.
    Is there a (as simple as possible) way to maybe create an image from a "master client computer" with all software, windows updates etc. and push out to the clients.
    Also to create a boot disc with the image in case a hard drive fails and we have to replace it.
    * It's not Windows we want to install here (unless we replace a hard drive) but for now, the clients already have windows 7, and we want to install antivirus, Adobe reader, windows updates, and our proprietary software.
    Thanks

    Is there a (as simple as possible) way to maybe create an image from a "master client computer" with all software, windows updates etc. and push out to the clients.
    Windows deployment services http://technet.microsoft.com/en-us/windowsserver/dd448616.aspx  for an image
    it's not Windows we want to install here (unless we replace a hard drive) but for now, the clients already have windows 7, and we want to install antivirus, Adobe reader, windows updates, and our proprietary software.
    https://support.microsoft.com/kb/816102?wa=wsignin1.0 msi deployment via gpo - (can be restrictive) if not a script or psexec
    for windows updates use WSUS

  • ACS 4.2.0.124 Appliance with Active Directory with windows 2008

    we have a solutions of 802.1x with Cisco ACS appliance wich is working fine, the soluction include two ACS appliance version 4.2.0.124, 02 remote Agent wich is setting up on windows 2003. The remote agent is integrated with Active Directory windows 2003. The computers have windows XP with service pack 2 and service pack 3, all computers do machine authentication and then user authentication. My customer in thinking in migrate the Active Directory windows 2003 to windows 2008. My question is ¿there wil be some problem with Active Directory 2008 with the current soluctión of ACS and 802.1x solution ? or I will have to do aditional task.     
    Marco

    Hi,
    You can find the suported Windows Server versions on the online documentation:
    ACS 4.2: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/windows/install.html#wp1041376.
    ACS 4.2.1: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Installation_Guide/windows/install.html#wp1041376.
    So, i would suggest you to double-check carefuly the Release and Service Pack of the new 2008 Servers and also the OS bit version to make sure you migrate to Win2008 but continue on a supported scenario.
    HTH,
    Tiago
    If   this helps you and/or answers your question please mark the question  as  "answered" and/or rate it, so other users can easily find it.

  • Restore Active Directory on Server 2008 using NTDS.DIT file

    hello
    I have NTDS.DIT file with me and want to restore it on same hardware with same host name and IP
    Please help

    Hi Rochak,
    You have only the NTDS.DIT file? 
    No its not possible to restore the AD only using NTDS.DIT. You need to have the System state backup.  
    System state backup and restore operations include all system state data: you cannot choose to backup or restore individual components
    due to dependencies among the system state components. However, you can restore system state data to an alternate location in which only the registry files, Sysvol directory files, and system boot files are restored. The Active Directory database, Certificate
    Services database, and Component Services Class Registration database are not restored to the alternate location.
    http://technet.microsoft.com/en-us/library/cc938537.aspx
    Regards,
    Rafic
    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

  • Replica Active Directory server in windows server 2008 R2

    I installed and configured a secondary active directory server in 2008 R2 for fault tolerance as well as backup active directory server
    what i wanted to know is if  my primary AD goes down??? what changes i need to do my users pc since they are  using primary DNS of of primary AD IP.. i am confused i want to know what need to be done if AD goes Down

    > shall i update my DHCP configuration to assign primary DNS as
    > 192.168.1.225 and secondary DNS as 192.168.3.245 and other DNS as
    > 8.8.8.8 etc.
    Yes. and you shall NOT deploy 8.8.8.8 as a DNS server to your clients,
    but you shall configure this as a forwarder on your DNS servers.
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • SBS 2008 to Server 2012 R2 Active Directory Migration

    Is there a tool that i can use to migrate Active Directory from SBS 2008 to Server 2012 R2?

    There is no special tool for your situation. While there is a tool called ADMT that you may see mentioned if you search enough, it isn't really well suited for what you want.
    With that said, there is also no *need* for a tool as I've already said. Nor do you need to recreate the users and have mismatched SIDs. You will add the 2012 machine to your existing domain and make it a domain controller. Yes, that means you will have
    two DCs (for a time.)  This is how larger organizations handle multiple DCs all the time, and they obviously don't go and create the same user on each DC. That is where the domain replication comes in.  Your new server will be a DC and will replicate
    all of the users *and* SIDs from the existing SBS server. 
    Then, when you are ready, you decommission the SBS 2008 server gracefully and the new 2012 server becomes your sole DC, but has AD completely intact. It is a tried and true practice, both within and outside of the SBS world, and has been done many many times.

  • Problems with lion 10.7.3 and active directory ( windows 2008 )

    Hi all,
    Since LION 10.7.3 , i can't loggin my mac pro into a active directory ( windows server 2008 ).
    The lion walk round and round but impossible to connect the AD ? !
    In LION 10.7.2 , it was possible ......
    What can i do ?
    Thank in advance for help
    BHT

    Whats up guys! Thanks for the response and sorry for the delay!
    I tried that, Strontium90, no good! I was able to disable mobileconfirm using your command line, but we're still prompted with the same message when a new user logs in. See screenshots:
    Thoughts?

  • Upgrading from Mavericks to Yosemite breaks Active Directory. Is there a fix / work-around?

    I work for an organization that uses Active Directory  (Windows Server 2008, I believe) for user account management and also for managing printer shares. Until Yosemite, OS X worked brilliantly with AD and our user accounts and machines were bound easily and reliably. When any user upgrades to Yosemite, the process occurs without a hitch except that AD connectivity breaks.
    The color indicator for Network Account Server in Users & Groups is green, indicating that believes the connection to the directory server is OK. If you select "Edit" for the directory configuration - everything looks as it did before. However, if one attempts to access the Active Directory tree using Directory Utility it displays the error "Connection failed to node '/Active Directory/COMPANY/All Domains'. If one uses the command line utility 'dscl' to attempt to list AD entries, you also get errors:
    > ls Active\ Directory/COMPANY
    All Domains
    > ls Active\ Directory/COMPANY/All\ Domains
    ls: Invalid Path
    <dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
    If I go to add a printer, I can no longer retrieve the printer list from the domain.
    I have checked, and there DNS search domains are correctly configured and fully configured properly on all the computers involved. They can all ping the AD servers, and if I used dig to check for SRV records for LDAP (_ldap._tcp.directory.company.com), they are correct.
    Does anyone have an idea what's going on? What's changed and how to fix it?

    We spent over a month trying to find a fix for this issue, and even your fix didn't work.
    Same as you we have forest AD.LOCAL and domain as domain.com.
    We are sure the DNS settings are fine, the green light is on and it even authenticate as it said my password will expire in X days. But it never pass the loading login screen.
    Can anyone assist please?
    Thanks.

  • Issues logging in with 10.8 (Mountain Lion) Active Directory

    Having an issue when when "some" users try to login to ML the desktop never comes up. There is just a spnning wheel next to the password and the only way to cancel it is to do a hard reboot. These same user have no issues loggin to 10.7 (Lion) or 10.6 (Snow Leopard). When I login as the local admin I can see the home folder for the user that tried to login.

    Active Directory - WIndows Server 2008 R2
    Orginzation is just one of the 7 domains in a forest. The users that are able to login are generic ones that are created in our domain. The ones that can not login are ones with that have information in 2 domains. 1 in our domain (AD) and 1 in another domain (Exhange) not sure if that is the reason or not. Tired putting only our domain in authentication search policy and unchecking "Allow authentiation from any domain in the forest". Also tried "perfer this domain server" with no luck.

  • Require list of all events for Windows Server 2008 Active Directory

    Hi all,
    I require list of all events for Windows Server 2008 Active Directory. Event Log name for Active Directory log is "Directory Service".
    Regards,
    SR

    Hi,
    Thanks for your posting.
    Do you mean you want to list all Active Directory logs into one file named “Directory Services”?
    If that, it’s hard to achieve. There are kinds of Active Directory logs stored in different locations and they have different file formats. It’s hard
    to collect them into one file.
    Active directory records events in the directory services log in Event Viewer. By default, Active Directory records only critical error events. To instruct Active
    Directory to record other events in the directory services log, we need to modify registry.
    For more information please refer to following MS articles:
    Active Directory Diagnostic Logging
    http://technet.microsoft.com/en-us/library/cc961809.aspx
    How to configure Active Directory diagnostic event log
    http://support.microsoft.com/kb/314980
    Lawrence
    TechNet Community Support

  • 10g Express Edition on Windows 2008 Enterprise R2 x64 with Active Directory

    I have successfully installed the 10g Express Edition on Windows 2008 Ent. r2 x64 with Microsoft Active Directory Domain Controller but i could not be able to run http://127.0.0.1:8080/apex
    Although i have run the http://127.0.0.1:8080/apex on my another Windows 2008 R2 x64 ant WITHOUT Active Directory Domain Controller Role.
    i think its related with AD Domain server role of my server, because i run that on same config and operation without Active Directory Domain Controller role.
    Can anyone help about this issue?
    thanks in advance

    I have experienced the same problem - running 10g Express on a Win 2008 (32-bit). When not being a Domain controller, the install was fine. When installing after the server had been given the Domain Controller role (+the required DNS), it failed. NO FIREWALLS are involved on the server. Seems like Oracle Express has problems being installed in this kind of environment - independent of x32 or x64 bit OS.
    Edited by: 811504 on Nov 17, 2010 11:44 PM

  • OracleApps HRMS-R12.1.3 Integration with MS Active Directory (win 2008 R2)

    Dear Friends,
    we are using Oracle Apps R12.1.3 and the Microsoft Active Directory : Windows 2008 R2
    we have the following requirement:
    (1)From Oracle Apps to Active Directory.
    -Employee master information needs to be interfaced to Active Directory on a regular interval which should be updated in the active directory.
    (2)From Active Directory to Oracle system.
    -Whenever new email address for an employee is created in Active directory, the information needs to flow to Oracle HRMS.
    Please let us know the method to achieve with minimal latest oracle softwares?
    can it be done over coding from oracle apps without new softwares?
    Is Oracle Apps R12.1.3 certified with Windows 2008 R2 Active Directory?
    Regards,
    DB

    user564706 wrote:
    Dear Friends,
    we are using Oracle Apps R12.1.3 and the Microsoft Active Directory : Windows 2008 R2
    we have the following requirement:
    (1)From Oracle Apps to Active Directory.
    -Employee master information needs to be interfaced to Active Directory on a regular interval which should be updated in the active directory.
    (2)From Active Directory to Oracle system.
    -Whenever new email address for an employee is created in Active directory, the information needs to flow to Oracle HRMS.
    Please let us know the method to achieve with minimal latest oracle softwares?
    can it be done over coding from oracle apps without new softwares?
    Is Oracle Apps R12.1.3 certified with Windows 2008 R2 Active Directory?
    Regards,
    DBPlease update your original thread(s) instead of creating new one(s) -- Integrate Oracle Apps R12 with Microsoft Active Directory
    Thanks,
    Hussein

  • SCVMM 2008 R2 - "The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS)."

    I know this question has been asked before, but never for R2, that I can tell, and the posted fixes aren't working. I have just installed SCVMM 2008 R2 on a Windows Server 2008 R2 server, using a remote SQL 2008 SP1 database. When I attempt to connect to SCVMM, I get the following error:
    "The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS).
    Ensure that the SQL Server service is running under a domain account or a computer account that has permission to access AD DS. For more information, see "Some applications and APIs require access to authorization information on account objects" in the Microsoft Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=121054.
    ID: 2607"
    What I've seen online is that this is usually becuase the domain account SCVMM is running as does not have the proper permissions on the SQL database. Here's what I've confirmed:
    1) My SCVMM service account is a local admin on the SCVMM server
    2) My SCVMM service account is a dbowner on the SCVMM database in SQL
    3) My SQL service account is a dbowner on the SCVMM database in SQL
    4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still "doesn't have access to AD DS," which is obviously untrue)
    5) Neither service account is locked out
    Has anyone run in to this? It says in Technet that remote SQL 2008 is supported, as long as the SQL management studio is installed to the SCVMM server, and I installed and patched before I began the SCVMM installation. I just don't know what else to try - I have no errors in event logs, no issues during the installation itself...
    Andrew Topp

    That answer was very unhelpful fr33m4n. The individual mentions that they've received the error that points to the KB article. I currently receive the same error -- there seems to be no resolution. I've run the Microsoft VBS script to add TAUG to the WAAG
    as suggested by 331951, and that made absolutely no difference.
    1) My SCVMM service account is a local admin on the SCVMM server
    2) My SCVMM service account is a dbowner on the SCVMM database in SQL
    3) My SQL service account is a dbowner on the SCVMM database in SQL
    4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still
    "doesn't have access to AD DS," which is obviously untrue)
    The user is also a member of WAAG, the machines have delegated authority to each other. Is there any other solution?

  • Solaris 10 authentication on Windows 2008 Active Directory

    Hi,
    Does anyone done it?
    I've do it against a Windows 2003 R2 Active Directory and now in production environment i'm having some issues with the password.
    I'm using only the Active Directory LDAP without Kerberos.
    I'm able to su to the user, getent passwd but everything that as password fails.
    I guess is some configuration issue in active directory, some sync stuff becouse the ldap bind is correctly done, is after the bind that fails.
    Bellow the sshd log with wrong user password.
    sshd[23965]: [ID 293258 auth.error] libsldap: Status: 49 Mesg: openConnection: simple bind failed - Invalid credentials
    sshd[23965]: [ID 800047 auth.info] Keyboard-interactive (PAM) userauth failed[9] while authenticating: Authentication failed
    And with the correct user password.
    sshd[23965]: [ID 800047 auth.info] Keyboard-interactive (PAM) userauth failed[9] while authenticating: Authentication failed
    As you can see the bind is done but windows guys says everything is ok. This is a new implemantation both in Solaris side and Windows side.
    This is how ldapclient is configured.
    NS_LDAP_FILE_VERSION= 2.0
    NS_LDAP_BINDDN= CN=User Funcional Login de maquinas Unix CQ,OU=Utilizadores-Servicos,OU=Servicos-Transversais,OU=DOM,DC=Example,DC=com
    NS_LDAP_BINDPASSWD= {NS1}a1493f3c77c616
    NS_LDAP_SERVERS= 192.168.1.140, 192.168.1.141
    NS_LDAP_SEARCH_BASEDN= ou=dom,dc=example,dc=com
    NS_LDAP_AUTH= simple
    NS_LDAP_SEARCH_SCOPE= sub
    NS_LDAP_CACHETTL= 0
    NS_LDAP_CREDENTIAL_LEVEL= proxy
    NS_LDAP_SERVICE_SEARCH_DESC= group:ou=dom,dc=example,dc=com?sub
    NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=dom,dc=example,dc=com?sub
    NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=dom,dc=example,dc=com?sub
    NS_LDAP_ATTRIBUTEMAP= passwd:gecos=cn
    NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=unixHomeDirectory
    NS_LDAP_OBJECTCLASSMAP= group:posixGroup=group
    NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=user
    NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=user
    NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
    The nsswitch.conf has files ldap on both passwd and groups.
    Best regards and thanks for the help you can give

    The problem was in pam.conf that had the module pam_ldap last in the order and it shouldn't be.
    This is how it should be.
    other password required pam_dhkeys.so.1
    other password requisite pam_authtok_get.so.1
    other password requisite pam_authtok_check.so.1
    other password sufficient pam_ldap.so.1
    other password required pam_authtok_store.so.1
    Authentication against 2008 Active Directory working fine now.

  • Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access

    Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority
    General: 
    Could not connect to the Active Directory.
    Active Directory Certificate Services will retry when processing requires Active Directory access.
    We have a Windows 2008 Server Enterprise with AD . I would like to enable the service  "Certificate Services"  that
    allow me to enable radius to authenticate users wireless with the active directory.

    Hi, 
    Can you please check this forum or someone from Microsoft, as we have post here dating back from October that are not being answered.
    Everything for us is exactly the same as szucsati and Racom
    NMNM, 
    Please give us an answer on this as the link provided is absolutely useless.
    Thank you.

Maybe you are looking for