A. While 64-bit platforms generally perform better than 32-bit platforms, the difference of going from 32-bit to 64-bit alone would be negligible when it comes to DCs. The real differentiator is the amount of memory that's available to services in 64-bit Windows, in particular the Local Security Authority Subsystem Service, which uses memory to cache Active Directory. With a 32-bit DC, the amount of memory available to cache AD maxes out at around 2.75 GB, which means if you have an AD larger than 2.75 GB, it's not possible to have the entire AD database cached into memory. With a 64-bit DC, there's no realistic limit to the amount of memory available to cache AD other than the amount of memory you physically place in the box. This means when you have AD databases larger than 2.75 GB, you'll start to see much better performance and response time improvements with a 64-bit DC than a 32-bit DC, assuming you put enough memory in the DC so it can cache the entire AD database.
Microsoft offers a white paper that compares 32-bit and 64-bit performance for an AD with 100,000 users and one with 3 million users. Because the 100,000-user AD database was smaller than 2.75 GB, the performance difference wasn't major between the two. But the 3 million-user AD showed vast differences, with its 24 GB database that only the 64-bit DC could cache.
As your AD gets larger, you need to switch to 64-bit Windows with sufficient memory so AD can be cached in memory. As AD continues to grow, you need to install more memory into the DCs so the database continues to be cacheable. You need to scale up (vertical scalability) with DCs, not scale out (horizontal scalability, which would be adding more DCs). Obviously, there are times when you need more DCs, such as if you have multiple locations, but when it comes to larger AD database sizes, scaling up is the way to go.
There are other advantages to 64-bit DCs that are inherent to the 64-bit platform. For example, the 64-bit platform is more stable, because all drivers must be signed (though this can also be a pain). As long as you stick to DCs being just DCs, the drop in performance running 32-bit applications due to some emulation being performed and the lack of support for 16-bit applications shouldn't be a problem.
Related Reading:- Q. Can I force my domain controller to cache my entire Active Directory (AD) database at boot-up?
- Q. How can I check how much of my Active Directory (AD) database is cached in memory?
- Q. What permissions do accounts used by failover clusters in Windows Server 2008 need?
- Q. How do you remove a read-only domain controller (RODC) from an environment that's been compromised?
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
