Checking the Size of a Name Context in AD

Q: Is there a tool to check the size of a name context in Active Directory (AD)?

A. A Microsoft AD expert provided the following answer to this question: "The data is spread over the ESENT database, so it is difficult to tell with any reasonable accuracy. The data is in the tables, indexes, long-value tables, etc. It's all intermixed. There are two options I can suggest:

1. Do an ldifde dump of the whole Naming Context (NC) and that should be proportional to the NC size. Don't forget operational attributes, such as replMetadata and ntSecurityDescriptor. Well, SDs (Security Descriptors) are another reason why it is difficult to estimate the size, since they are single-instanced in the DIT. So, it depends on how many different SD you happen to have.

2a. If the NC in question is an NDNC (Non-Domain Naming Context), then take a fresh DC that does not host this NC offline, defrag it, measure the DIT size, then get the NDNC hosted (wait for replication), offline defrag and measure the DIT size again. That would probably be the closest to the "true" size of the data.

2b. If the NC in question is a domain NC, then create an empty child domain and measure the defragged DIT size -- this will give you the approx size of config + schema. Then compare with the defragged DIT size of the DC hosting the domain in question. The difference is the size of your domain NC."

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish