Dimensioning a Samba Active Directory server
Dimensioning the memory
For testing purposes, a machine with about 1GB of RAM is sufficient.
For a production setup, Tranquil IT recommends a minimum of 4GB of RAM, then 2GB per additional 1000 users.
Note
The parameter that has the most influence on memory requirements is the number of simultaneous session openings.
Indeed, for each login Samba will initiate a smbd process to serve the SYSVOL directory for each user to download GPOs. Opening a large number of smbd processes in parallel can lead to memory saturation.
Normally logging on and applying GPOs is fast and the user’s smbd process is quickly closed.
However, if a GPO takes a long time to complete, the accumulation of smbd processes can saturate the RAM.
Dimensioning the storage
As far as disk space is concerned, 10GB is sufficient for domains with a few hundred users.
Then, you will adapt your storage strategy according to your needs:
Log levels and log retention policy;
Use of images or avatars to identify users;
Number of users, machines and groups;
Dimensioning CPUs
As far as CPUs are concerned, for a few hundred users 4vcpus are sufficient, beyond that increase to 6vcpus.
Hint
Some Samba processes are not multi-threaded, so increasing the number of CPUs will not increase performance.
To balance the load, it is then necessary to create a second domain controller in replication with the first one and apply a load balancing policy at the client level.
A Samba 4.11 Domain Controller can easily handle a load of 10,000+ users. The number of domain controllers required will therefore vary depending on several parameters:
802.1x authentication in MSCHAPv2.
Number of third-party LDAP applications connected to the AD.
Quality of code of third-party LDAP applications connected to the AD.
Number of requests to fileservers.
Etc.