Determining the Number of Domains Required
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Every forest starts with a single domain. The maximum number of users that a single domain forest can contain is based on the slowest link that must accommodate replication between domain controllers and the available bandwidth that you want to allocate to Active Directory. Table 2.4 lists the maximum recommended number of users that a domain can contain based on a single domain forest, the speed of the slowest link and the percentage of bandwidth you want to reserve for replication. This information applies to forests that contain a maximum of 100,000 users and that have a connectivity of 28.8 Kilobits per second (Kbps) or higher.
Note
- For recommendations that apply to forests that contain more than 100,000 users or connectivity of less than 28.8 Kbps, consult an experienced Active Directory designer.
Table 2.4 Maximum Number of Users in a Single Domain
| Slowest Link Connecting a Domain Controller (Kbps) | Maximum Number of Users if 1% Bandwidth Available | Maximum Number of Users if 5% Bandwidth Available | Maximum Number of Users if 10% Bandwidth Available |
|---|---|---|---|
28.8 |
10,000 |
25,000 |
40,000 |
32 |
10,000 |
25,000 |
50,000 |
56 |
10,000 |
50,000 |
100,000 |
64 |
10,000 |
50,000 |
100,000 |
128 |
25,000 |
100,000 |
100,000 |
256 |
50,000 |
100,000 |
100,000 |
512 |
80,000 |
100,000 |
100,000 |
1500 |
100,000 |
100,000 |
100,000 |
To use this table:
In the Slowest Link Connecting a Domain Controller column, locate the value that matches the speed of the slowest link across which Active Directory will replicate in your domain.
In the row that corresponds to your slowest link speed, locate the column that represents the percentage bandwidth you want to allocate to Active Directory. The value at that location is the maximum number of users that the domain in a single domain forest can contain.
The values in Table 2.4 are based on the replication traffic generated in an environment that has the following characteristics:
New users join the forest at a rate of 20 percent per year.
Users leave the forest at a rate of 15 percent per year.
Each user is a member of five global groups and five universal groups.
The ratio of users to computers is 1:1.
Active Directory–integrated DNS is used.
DNS scavenging is used.
Note
- The figures listed in Table 2.4 are approximations. The quantity of replication traffic depends largely on the number of changes made to the directory in a given amount of time. Confirm that your network can accommodate your replication traffic by testing the estimated quantity and rate of changes on your design in a lab before deploying your domains.
If you determine that the total number of users in your forest is less than the maximum number of users that your domain can contain, then you can use a single domain. Be sure to accommodate for planned future growth when you make this determination. If you determine that the total number of users in your forest is greater than the maximum number of users that your domain can contain, then you need to reserve a higher percentage of bandwidth for replication, increase your link speed, or divide your organization into regional domains.