If you are considering deploying Active Directory or have deployed it without much planning, you should consider using the Active Directory Sizer. This Microsoft utility will enable you to determine the appropriate hardware for that critical infrastructure service.

What does it do?
Among other things, the Active Directory Sizer can help you estimate the number of domain controllers you will need, the disk space and RAM requirements to house and support Active Directory, server CPU requirements, and bandwidth needs. All of the estimates that the utility provides are based on information you supply, such as the number of concurrent users, desired CPU utilization per domain controller, and the average login rate per second at peak times.

Installing and running the utility
The Active Directory Sizer is available for download from Microsoft. It comes as a single file named Setup.exe and runs on Windows 2000 and Windows XP systems. To install it, simply run the downloaded executable and accept the default choices.

To run the utility, click Start | Programs | Active Directory Sizer | Active Directory Sizer. (If you’re using the Luna interface in XP, you’ll need to click Start | All Programs | Active Directory Sizer | Active Directory Sizer.)

Getting useful information from the utility
Garbage in, garbage out—GIGO—is a phrase IT pros often use when working with databases, but it also holds true for the Active Directory Sizer utility. When entering information into the utility, give your best estimates so you’ll receive useful information from the tool.

After starting the tool, choose File | New to begin the Active Directory Sizer Wizard. There are six steps to follow, all of which I will go over in this example.

The first step is simple: The wizard asks for a domain name. I’ll use slowe.com. The second step gathers information about user accounts and encompasses two screens of the wizard. The first screen appears in Figure A. Table A explains its options.

Figure A
First screen to determine user information
Table A
Option Description
What is the total number of users in this domain? This is pretty self-explanatory. How many users are supported by this domain? For the purposes of this example, I will assume 250,000 users in the slowe.com domain.
What percent of these users would be concurrently active during peak hours? If you have shifts, this number will probably be less than 100 percent, but if you work for a company with typical 9-to-5 hours, 100 percent is a safe estimate.
How many additional attributes will you have per user? Each object in Active Directory has certain attributes associated with it. For example, a user object has first name and last name attributes. Active Directory requirements are partially based on how many attributes you plan to use. This can be a difficult number to determine. I recommend using the default of 25 unless you know you will be using more.

Clicking Next will take you to the second User Accounts screen, which asks for more specific information about organizational policy and information (Figure B). Table B explains the options here.

Figure B
More information about the users in the organization
Table B
Option Description
What is the average number of groups a user will belong to? Using groups is a good way to help manage permissions in Active Directory. On average, how many groups will a particular user belong to? I have assumed 25 for the slowe.com domain.
How frequently do user passwords expire (in days)? The passwords in the slowe.com domain will expire every 90 days.
What is your average logon rate per second during peak hours? This is difficult to determine without actually watching traffic over a period of days. Luckily, the tool includes a way to estimate this information based on previous entries. Select the Estimate Logon Rates check box to perform this estimation. The estimator determined 70 interactive logons and about 1,042 network logons per second during peak hours for 10,000 users.

In the third step, the wizard needs to find out about computers and other objects in your domain. Again, the wizard devotes two pages to collecting this information. The first page is shown in Figure C, and the options are explained in Table C.

Figure C
First screen for information on computers and other objects
Table C
Option Description
How many Windows 2000 computers do you have? This is pretty self-explanatory, except that you should also count Windows XP Professional machines in this number. My domain has 150,000 Windows 2000 and Windows XP machines.
How many other computers do you have? This question is looking for other Windows machines besides 2000 and XP—specifically, Windows NT, 98, and 95 machines. My domain has 150,000 of these.
How many other objects will be published in the Active Directory? Other objects refers to printers, organization units, group lists, and contacts. The slowe.com domain has a total of 250,000 of these objects. There are so many because of the large number of contacts stored in Active Directory for easy retrieval from the Global Address List.

The second screen for this step asks just two simple questions, as shown in Figure D. For my domain, I will let the wizard auto-select the number and type of processors recommended for the domain controllers and will specify that I don’t want more than 50 percent CPU utilization on them.

Figure D
Gathering more information on computers and other objects

The fourth step of the wizard asks you to estimate how many objects you will add, delete, and modify during a given time period. As shown in Figure E, I plan to add 350 accounts, delete 275, and modify 200 each day.

Figure E
Administration estimates for this domain

Running Microsoft Exchange 2000 adds additional overhead requirements to domain controllers due to the tight integration between it and Active Directory. The fifth step of the wizard collects information related to Exchange 2000. All of the questions are self-explanatory.

The wizard needs to know how many messages on average each user will send each day and to how many recipients, as well as how many Exchange 2000 servers and routing groups you have. I estimated message traffic for slowe.com to be 35 messages per day to an average of seven recipients per user. I have 10 Exchange servers and two routing groups, as shown in Figure F.

Figure F
Exchange 2000 information

The final step of the wizard, Services, asks about the Windows 2000 DNS service and whether you will use it with Active Directory integrated zones. For this step, you need to specify how many dial-in users are joined to this domain, how long DHCP leases last, and the DNS aging information. For slowe.com, I have 250 dial-in users, I expire DHCP leases after three days, and I used the default of 7 for the DNS aging information, as shown in Figure G.

Figure G
Windows services information

If you have other applications that use Active Directory, such as other Active Directory Connectors or Directory synchronization software, the second screen of the Services step allows you to estimate the workload produced by them (Figure H). In my example, slowe.com does not have any of these services.

Figure H
Other services using Active Directory

The results
For my example—and I used large numbers of users on purpose—the results show that 36 infrastructure servers are needed to support the day-to-day operations of slowe.com (Figure I).

Figure I
Thirty-six servers are needed for slowe.com.

Clicking on the Domain Controllers options shows the recommended configuration for each of the 13 suggested domain controllers, including RAM, disk space requirements, and the suggested RAID level for maximum performance (Figure J).

Figure J
Recommended configuration for specific systems

For medium to large Active Directory rollouts, the Active Directory Sizer provides a good starting point for determining the number of servers required to support your organization. Again, these numbers are simply estimates determined by values you input and Microsoft formulas. Keep in mind that Microsoft is in the business of selling server licenses, so carefully analyze your figures before purchasing licenses.