Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 420
  • Last Modified:

Slow replication between Domain Controllers and Client PCs - Windows 2003 Active Directory.

I have a two part question regarding expected performance on a Windows 2003 Active Directory domain.  I'll first provide some background info:  We have a large domain; about 5000 users (Win XP, 2000, some Mac OS X).  Two domain controllers set to the default replication interval (15 mins, I think) between each other. Both DC's are Win2003 R2.  Our entire site spans across multiple buildings in the same city connected by gigabit Ethernet.

My first question is pretty simple: Do we have enough DCs (2) for the current size of our user objects (5000)?  What is the "industry standard" ratio for DCs to users?

My second question is a little more complex:  For some reason we are experiencing latency during replication between client PCs and the DC.  That is, when we update a new Group Policy (for instance, elevating a local User account to a local Admin account via GPO), that change can take a good 5 to 10 minutes to go into affect.  Most of the times, we need the user to log off and back on multiple times before they receive the new policy.  We've even tried to have the user manually force a GPUPDATE and do a DNS flush, but it still takes a good while for the new policy to take hold.  This also occurs during Drive Mappings using a GPO login script.  

I'm not sure how many DCs I should have on a network of this size.  And I'm also unsure if Admins out there are "tweaking" the replication settings so that GPOs are applied almost instantaneously between DCs and client computers.

Thanks for your tips and help on this!!
0
esckeyrwm
Asked:
esckeyrwm
2 Solutions
 
KCTSCommented:
Client Group policy is refreshed every 90mins by default GPUPDATE /force can be used to force a refresh of group policy but you need to consider that even when this occurs some policy settings, like those relating to a logon, cannot be applied until the next logon. In the same way a few policies, because of their nature cannot take effect until the next startup.
0
 
esckeyrwmAuthor Commented:
Hmm, interesting.... is there a way to change the refresh interval from 90mins to something shorter, like 15mins?  If so, what would be the ramifications in doing so?  Do you think 2 DCs are enogh to handle the load of 5000 users?
0
 
gabrielazCommented:
yes yo ucan set the policy refresh rate via group policy iis located under  computer settings ---windows setting-administrative tiemplates---system--group policy-group policy refresh
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now