Active Directory on separate volumes

I had and have seen numerous discussions with people on the benefits and drawbacks of putting Active Directory files and folders on a separate volume or even on several separate volumes. Time to makes some things clear!

 

Active Directory on separate volumes

I suggest to locate Active Directory files and folders on a separate volume, although you won’t find it in the list of Active Directory Best Practices.

For new Domain Controllers this means that you need to add a dedicated volume or dedicated volumes (on a dynamic disk) or a partition (on a basic disk) and change the default values in the “Database folder:” and the “Log folder:” fields in the “Database and Log folders” screen and of course the default value in the “Shared System Volume” screen within the Active Directory Installation Wizard. The default values point to %windir%\NTDS for the Database and Log files and to %windir\SYSVOL for the Shared System Volume.

For existing Domain Controllers this means you need to relocate the Active Directory Database files, the Active Directory Log files and the Shared System Volume (SYSVOL) folder.

Pros

There are reasons for moving your Active Directory files to a separate volume:

 

  • You should avoid placing dynamic data on your boot partition. The Shared System Volume (SYSVOL) folder is a good example of dynamic data. Besides the harm a huge Shared System Volume (SYSVOL) folder might do to your boot partition, a Domain Controller might not be update one or more Active Directory partitions when the drive that contains the Ntds.dit database and log files runs out of free disk space.
  • Placing Sysvol on its own NTFS partition minimizes disk I/O, thereby reducing the chances of receiving journal wrap errors. FRS uses the NTFS journal to monitor changes in the file system. The journal contains the update sequence number (USN) of the NTFS changes that are stored on each NTFS partition. If FRS can’t keep up with the pace of disk I/O or if FRS is turned off for a period of time, the USN that’s referenced in the FRS log might no longer exist in the NTFS volume journal.
  • From a performance point of view you could use three separate disk arrays. One disk array for your boot partition, one disk array for your Active Directory database and the Shared System Volume (SYSVOL) folder and one disk array for your Active Directory log files.

 

Cons

You might say placing the Active Directory files and folders on a separate volume isn’t obligatory. You’re right if you’re not in an enterprise environment and that’s why Windows Small Business Server doesn’t do it by default.

Moving the Active Directory Database folder, Log folder and Shared System Volume (SYSVOL) folder on existing Domain Controllers isn’t for the faint hearted and incorrectly sizing the volume results in big problems.

 

Active Directory volume requirements

Dedicated volumes where you want to place your Active Directory files and folders must be formatted with NTFS. Compression and encryption should be turned off.

RAID

Microsoft recommends using separate disk arrays because they provide higher performance and fault tolerance. RAID1 seems to be considered the standard, except for large environments. Joe from Joeware has an interesting sidenote on that:

Note to people building DCs for LARGE (read tens of thousands of mailboxes) Exchange deployments, regardless of what the MS planning docs say, RAID-1 is NOT acceptable for the disk with the DIT on it. You need spindles, Exchange generates a ton of queries and unless your whole DIT is cached, your disks will get the crap beat out of them. RAID 10 or 0+1 or even RAID-5 is much better for this, the more spindles the better. The customer in question here had changed from RAID-1 to RAID 0+1 and the difference in the counters was night and day.

 

the Database volume

For new Domain Controllers you can use the Active Directory Sizer Tool to calculate the Active Directory Database Size for your Domain Controllers and Global Catalog servers. The tool was designed for Windows 2000 Server, but you can easily use it to calculate Windows Server 2003 Database sizes. (Windows Server 2003 Database sizes might be smaller than the values calculated by the tool) As a rule of thumb you can estimate your Active Directory Database size at 400 MB per 1000 users. The size of your volume should be the calculated Database size plus 20 percent or 500 MB, whichever is greater.

For existing Domain Controllers the volume for the Database folder should be the size of the current ntds.dit plus 20 percent of the Ntds.dit file or 500 MB, whichever is greater.

Note: When you allow 120% of the size of your Database file to be free space on the Database volume you will have no problem defragmenting the database in an online or offline fashion. Do not assume your Active Directory database will just use the free space to grow.

the Log volume

The volume for the Log files should be the size of the combined log files plus 20 percent of the combined logs or 500 MB, whichever is greater. As a rule of thumb provide at least 500 MB.

In a normally operating environment you will only see some Active Directory Log files 10 MB in size. Don’t think of providing 500 MB as “over the top” in this case. Active Directory uses circular logging for maintaining transactions in the database, so in case of an Active Directory database error your log volume might grow pretty rapidly.

the Shared System Volume (SYSVOL) volume

SYSVOL stores and replicates Group Policy Objects (GPO’s), Distributed File System (DFS) information, and scripts. As the network grows, SYSVOL can begin to require substantial storage space.

FRS replicates files by making a temporary copy of the files in a Staging Area folder and then sending the copies to replication partners. On the drive that will contain the SYSVOL shared folder, provide at least 660 MB of available space, since this is the default size of the Staging Area. If Distributed File System (DFS) is in use in your environment your Staging Area should be considerably larger, since DFS uses the Staging Area as well. Applying reasonable replication schedules and bandwidth will keep your Staging Area in control.

 

Moving your Active Directory files

There are good Technet articles on manually changing the locations of your Active Directory Database folder, Log folder and Shared System Volume (SYSVOL) folder on existing Domain Controllers. These articles show you how to relocate SYSVOL manually,(or just the Staging area) and relocate Active Directory Database Files.

The tools you need for these jobs include net, dir, xcopy, ntdsutil, regedit, dcdiag, adsiedit, linkd, ntbackup and notepad. Restarting your Domain Controller in Directory Services Restore Mode is also required.

Unlike with Microsoft Exchange Server (You can change the Exchange Database and Exchange Transaction Log locations through the Exchange System Manager) there is no Wizard to change the locations of these folders, but if you’re not comfortable using these tools you can use the Active Directory Installation Wizard.

It’s graphical too, so suitable for certain types of people 😉

With this wizard you can easily uninstall Domain Controllers and reinstall them with the new folder locations. Placing two Domain Controllers per domain was another Active Directory Best Practice, so all you need to keep in the back of your head are replication, the FSMO roles and Global Catalog placement…

 

Concluding

Many administrators store their Microsoft Exchange databases and Transaction Logs on separate volumes. Since Active Directory uses ESE too, it isn’t very illogical to treat these databases and log files the same.

Plan your Active Directory storage carefully. Manually relocating your Active Directory files and folders might be cumbersome, but running out of disk space definitely is!

Further reading

Active Directory Best practices
Best Practices for Sysvol Maintenance
How To Use Ntdsutil to Manage Active Directory Files from the Command Line in Windows Server 2003
Problems When Drive That Contains the Ntds.dit Database and Log Files Has Low Amount of Free Disk Space
Why is placing the Sysvol directory on a separate partition a good practice?
How to set the USN Journal Size Back to 128 MB
Relocating Active Directory Database Files
Determining Minimum Disk Space Requirements for Domain Controllers
Backing Up Active Directory
Circular Logging for Active Directory

2 Responses to Active Directory on separate volumes

  1.  

    great info

  2.  

    great! simple explanation! thanks

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.