Friday, March 21, 2008

Best practices for installing domain controller and deciding the disk configurations

What are the best practices for installing domain controller and deciding the disk configurations? This is one of the most asked questions. I recently participated, deciding the base line recommendations for an enterprise network, and prepare some documentation. I am sharing my findings here with you, and hoping you can find some useful information for your environment out of this article.

Let's see what Microsoft is recommending for sizing disk for domain controllers,


Operations Performed

RAID System

Operating system files

Read and write operations


Active Directory log files

Mostly write operations


Active Directory database and SYSVOL shared folder

Mostly read operations

RAID 1 or RAID 0+1


  • If cost is a factor in planning for disk space, you can place the operating system and Active Directory database on one RAID array (such as RAID 0+1) and the Active Directory log files on another RAID array (such as RAID 1). However, it is recommended that you store the Active Directory database and the SYSVOL shared folder on the same drive.
  • To prevent single disk failures, many organizations use a redundant array of independent disks (RAID). For domain controllers that are accessed by fewer than 1,000 users, all four components generally can be located on a single RAID 1 array. For domain controllers that are accessed by more than 1,000 users, place the log files on one RAID array and keep the SYSVOL shared folder and the database together on a separate RAID array

Realistically this would be the best configuration. However many of the companies will consider budged and the most many administrators will get out from hardware configuration will be (4 Disks)







Disk Configuration



Win 03

Win 08

Read and write


2 DISK ( 36GIG SCSCI) 10.000 or 15.000 RPM


AD Logs

Mostly write


2 DISK ( 36GIG SCSCI) 10.000 or 15.000 RPM

Drive L (logs) 18 GIG

Drive D (Database .DIT and Sysvol)

.DIT database and SYSVOL

Mostly read

RAID 1 or RAID 0+1

If you have given one disk, I recommend at least, creating a partition and installing OS by itself and still separating .DIT and sysvol together and logs by itself to simulate the best practices. I hate to see .DIT database installed on C drive, this is just wrong for me by default , because I religiously believe, leave the OS by itself, by itself at least creating a partition ( if you have 1 DISK) or two (RAID 1), still make it look clean and organized, rather than having flat structure. Based on knowing OS generates Read and write operations on the I/O, and Logs as always write operations, and .DIT and sysvol will generate mostly read operations should make you to implement fastest write and read configurations with some hardware redundancy.

Opening a door for 64Bit architecture and taking advantage from fastest CPU, Motherboard and optimal memory will be the winning factor in my eyes. Of course after implementation the best configuration maintain and monitor AD heath is the secret to have healthy environment. I have been witnessing spending million $$$$$ for the infrastructure and not even thinking to bother to monitor the AD .DIT database is the most common mistake in large and medium businesses. I always been so sock and get used to see it within last 10 years. Pollution AD database and replication will eventually degrade the entire IT infrastructure and manager will always be looking for mistakes somewhere else rather than themselves.

What can we do, life isn't just perfect. I will continue to write some more about best practices soon


Oz ozugurlu,
Systems Engineer
Security Project+ Server+

1 comment:

Anonymous said...


of course the microsoft recomandations are always the more expensive, i remmember the configuration for exchange about at least 10 hard drives