[Samba] Active Directory Capacity?

[Andreas Heinlein]

Am 21.12.2017 um 18:35 schrieb Luke Barone via samba:
> Hi list,
>
> I am wondering if there is a theoretical maximum for an Active Directory
> forest, according to Samba or MS? My concern comes from this.
>
> We are piloting AD with Samba 4 at a couple of our schools. My thought was
> to eventually get the top-level forest hosted at our central office, then
> setup each school as a "site" with its own AD DC at the site, configured to
> use each school's subnet as the AD server to authenticate with.
>
> I ran this by our working group, and they are concerned that with 2000+
> staff and 40,000 students (just an estimate), that the AD database would
> grow too large, and take forever for the users to log in. I believe it
> won't make a large difference, as users would just authenticate against the
> server in their subnet. We have 50 sites that are able to talk to each
> other through a 10.x.x.x network, each with their own subnet.
>
> Is there a concern with capacity in this case? Currently, we have 2 AD
> servers in each of the pilot sites running as VMs, using 2GB of RAM. Our
> plan moving forward is to likely keep two AD DCs at each site, but I want
> to know if we can just setup one large forest, or if each site should
> remain its own forest.
>
> Thanks
I have no personal experience with such installations, but google
quickly turns up this:

https://technet.microsoft.com/de-de/library/active-directory-maximum-limits-scalability(v=ws.10).aspx

Maybe it answers some of your questions.

Speed of user lookups and logins should depend on the backend of the
LDAP database. I can't tell you anything about the samba implementation,
but from other experiences with LDAP and databases I would say that
nowadays looking up something in 40.000 entries should be a piece of
cake for any modern database. Append two zeroes and you might get in a
range where speed is a concern...

Andreas