reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
repadmin /replicate dc1.tnt.com dc2.tnt.com dc=tnt,dc=com /async
repadmin /replsingleobj dc1 dc2 cn=1,ou=1,dc=tnt,dc=com
Source DC: DC1
user object name:1
OU name :1
http://technet.microsoft.com/fr-fr/library/cc756101(WS.10).aspx qui s’applique à: Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 SP1, Windows Server 2003 SP2 et Windows Server 2008
Maximum Number of Objects
Each domain controller in an Active Directory forest can create a little bit less than 2.15 billion objects during its lifetime.
Maximum Number of Security Identifiers
There is a limit of approximately 1 billion security identifiers (SIDs) over the life of a domain. This limit is due to the size of the global relative identifier (RID) pool of 30 bits that makes each SID (that is assigned to user, group, and computer accounts) in a domain unique. The actual limit is 230 or 1,073,741,823 RIDs.
Group Memberships for Security Principals
Security principals (that is, user, group, and computer accounts) can be members of a maximum of approximately 1,015 groups.
FQDN Length Limitations
Fully qualified domain names (FQDNs) in Active Directory cannot exceed 64 characters in total length, including hyphens and periods (.).
File Name Length Limitations
The file system that Windows operating systems uses limits file name lengths (including the path to the file name) to 260 characters.
Organizational Unit Name Length
The maximum length for the name of an organizational unit (OU) is 64 characters.
Maximum Number of Group Policy Objects Applied
There is a limit of 999 Group Policy objects (GPOs) that you can apply to a user account or computer account.
Trust limitations arise from the number of trusted domain objects (TDOs), the length of trust paths, and the ability of clients to discover available trusts. Limitations that apply include the following:
Maximum Number of Accounts per LDAP Transaction
When you write scripts or applications that perform Lightweight Directory Access Protocol (LDAP) transactions, the recommended limit is to perform no more than 5,000 operations per LDAP transaction.
Recommended Maximum Number of Users in a Group
For Windows 2000 Active Directory environments, the recommended maximum number of members in a group is 5,000. This recommendation is based on the number of concurrent atomic changes that can be committed in a single database transaction.
So far, testing in this area has yet to reveal any new recommended limits to the number of members in a group or any other linked multi-valued attribute. Production environments have been reported to exceed 4 million members, and Microsoft scalability testing reached 500 million members.
Recommended Maximum Number of Domains in a Forest
For Windows 2000 Server, the recommended maximum number of domains in a forest is 800. For Windows Server 2003, the recommended maximum number of domains when the forest functional level is set to Windows Server 2003 (also known as forest functional level 2) is 1,200.
Recommended Maximum Number of Domain Controllers in a Domain
Because the File Replication Service (FRS) is used to replicate SYSVOL in a Windows Server 2003 domain, we recommend a limit of 1,200 domain controllers per domain to ensure reliable recovery of SYSVOL.
Recommended Maximum Kerberos Settings
The maximum recommended size for a Kerberos ticket is 65,535 bytes.
I know it’s one from the past, but today I just couldn’t found instructions quick enough. So I decided to write instructions by my own and poste them.
There are few ways (links are at the bottom of this page) how to enable strict replication consistency in AD but this one will solve this issue permanently 🙂
How can we do that you’re thinking. By using Group Policy (GPO) of course 🙂
And how do we do that? Well, here you have it.
Step 01: Open Group Policy Management console
Step 02: Create new Group Policy for Domain Controllers OU
Step 03: Give name to new Group Policy (for example EnableStrictReplicationConsistency)
Step 04: Edit new Group policy
Step 05: Browse to Computer Configuration – Preferences – Windows Settings and right click on Registry. Select New – Registry Item
Step 06: Under Key path browse to registry path HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Services\NTDS\Parameters and click Select
Step 08: Stop editing new Group Policy by closing Group Policy Management Editor window
Step 10: Open registry editor and check that new registry key (Strict replication consistency) was created under HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Services\NTDS\Parameters with value 1.
So from now on all of your DC’s will have strict replication consistency setting enabled 🙂
Few links to help you understand and configure this setting:
– Enable Strict Replication Consistency
– AD DS: Strict replication consistency should be enabled on all domain controllers in this forest
– Event ID 1388 or 1988: A lingering object is detected
– Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)