Directory 服務的元件更新Directory Services component updates

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

作者: Justin Turner 資深支援工程師視窗群組Author: Justin Turner, Senior Support Escalation Engineer with the Windows group

注意

本文由 Microsoft 客戶支援工程師撰寫,以及適用於系統管理員經驗和系統設計師超過參考 TechNet 上的主題通常會提供深入的技術解釋的功能與 Windows Server 2012 R2 方案正在尋找。This content is written by a Microsoft customer support engineer, and is intended for experienced administrators and systems architects who are looking for deeper technical explanations of features and solutions in Windows Server 2012 R2 than topics on TechNet usually provide. 不過,尚未經歷相同編輯行程,以便某些語言的似乎比哪些通常位於 TechNet 較少的外觀。However, it has not undergone the same editing passes, so some of the language may seem less polished than what is typically found on TechNet.

這個課程解釋 Directory 服務的元件更新,在 Windows Server 2012 R2。This lesson explains the Directory Services component updates in Windows Server 2012 R2.

您會了解What You Will Learn

解釋下列新 Directory 服務的元件更新:Explain the following new Directory Services component updates:

網域和森林功能層級Domain and Forest Functional Levels

概觀Overview

區段會提供簡介網域和森林功能層級變更。The section provides a brief introduction to the domain and forest functional level changes.

新 DFL 和 FFLNew DFL and FFL

發行,有新的網域及森林功能等級:With the release, there are new domain and forest functional levels:

  • 森林功能層級:Windows Server 2012 R2Forest Functional Level: Windows Server 2012 R2

  • 網域正常運作的層級:Windows Server 2012 R2Domain Functional Level: Windows Server 2012 R2

Windows Server 2012 R2 網域功能等級可讓支援下列動作:The Windows Server 2012 R2 Domain Functional Level enables support for the following:

  1. 適用於俠端保護受保護的使用者DC-side protections for Protected Users

    保護使用者Windows Server 2012 R2 網域驗證可以:Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:

    • 驗證 NTLM 驗證Authenticate with NTLM authentication

    • 使用 F:kerberos 預先驗證 DES 或 RC4 密碼套件Use DES or RC4 cipher suites in Kerberos pre-authentication

    • 使用未限制或限制委派委派Be delegated with unconstrained or constrained delegation

    • 續約初始 4 小時期間以外的使用者門票 (Tgt)Renew user tickets (TGTs) beyond the initial 4 hour lifetime

  2. 驗證原則Authentication Policies

    新的樹系的 Active Directory 原則可套用到 Windows Server 2012 R2 網域控制的主機中帳號,account 可以登入的及適用於執行 account 與服務存取控制項條件驗證New forest-based Active Directory policies which can be applied to accounts in Windows Server 2012 R2 domains to control which hosts an account can sign-on from and apply access control conditions for authentication to services running as an account

  3. 驗證原則筒倉Authentication Policy Silos

    為基礎新的樹系的 Active Directory 物件,可以建立用來可帳號驗證原則或驗證隔離的使用者,受管理的服務和電腦帳號之間的關係。New forest-based Active Directory object which can create a relationship between user, managed service and computer accounts to be used to classify accounts for authentication policies or for authentication isolation.

查看如何設定保護帳號如需詳細資訊。See How to Configure Protected Accounts for more information.

除了上面的功能,Windows Server 2012 R2 網域功能等級可確保網域中的任何網域控制站執行 Windows Server 2012 R2。In addition to the above features, the Windows Server 2012 R2 domain functional level ensures that any domain controller in the domain runs Windows Server 2012 R2.
Windows Server 2012 R2 網域功能等級不提供任何新功能,但確保任何新的網域建立森林中將會自動運作層級 Windows Server 2012 R2 網域正常運作。The Windows Server 2012 R2 forest functional level does not provide any new features, but it ensures that any new domain created in the forest will automatically operate at the Windows Server 2012 R2 domain functional level.

最小 DFL 執行上建立新的網域Minimum DFL enforced on new domain creation

Windows Server 2008 DFL 是支援網域建立新的小功能層級。Windows Server 2008 DFL is the minimum functional level supported on new domain creation.

注意

做出的 FRS 被透過移除安裝新的網域和 Windows Server 2008 的伺服器管理員中,或透過 Windows PowerShell 低於網域功能層級的能力。The deprecation of FRS is accomplished by removing the ability to install a new domain with a domain functional level lower than Windows Server 2008 with Server Manager or via Windows PowerShell.

降低的樹系和網域正常運作的層級Lowering the forest and domain functional levels

樹系和網域功能層級設定為 Windows Server 2012 R2 網域和新的樹系建立新的預設,但可以使用 Windows PowerShell 調低。The forest and domain functional levels are set to Windows Server 2012 R2 by default on new domain and new forest creation but can be lowered using Windows PowerShell.

提高或降低使用 Windows PowerShell 的樹系功能層級,請使用設定為 ADForestMode cmdlet。To raise or lower the forest functional level using Windows PowerShell, use the Set-ADForestMode cmdlet.

若要設定 contoso.com FFL Windows Server 2008 模式:To set the contoso.com FFL to Windows Server 2008 mode:

Set-ADForestMode -ForestMode Windows2008Forest -Identity contoso.com  

提高或降低使用 Windows PowerShell 網域功能等級,請使用 Set-ADDomainMode cmdlet。To raise or lower the domain functional level using Windows PowerShell, use the Set-ADDomainMode cmdlet.

若要設定 contoso.com DFL Windows Server 2008 模式:To set the contoso.com DFL to Windows Server 2008 mode:

Set-ADDomainMode -DomainMode Windows2008Domain -Identity contoso.com  

Windows Server 2012 R2 做為額外的複本遇到現有的網域執行 2003 DFL DC 升級的運作方式。Promotion of a DC running Windows Server 2012 R2 as an additional replica into an existing domain running 2003 DFL works.

建立網域新在現有的樹系New domain creation in an existing forest

Directory 服務更新

ADPREPADPREP

不有任何新的樹系或在此版本的網域作業。There are no new forest or domain operations in this release.

這些.ldf 的檔案包含架構變更適用於裝置登記服務These .ldf files contain schema changes for the Device Registration Service.

  1. Sch59Sch59

  2. Sch61Sch61

  3. Sch62Sch62

  4. Sch63Sch63

  5. Sch64Sch64

  6. Sch65Sch65

  7. Sch67Sch67

工作資料夾:Work Folders:

  1. Sch66Sch66

MSODS:MSODS:

  1. Sch60Sch60

驗證原則和筒倉Authentication Policies and Silos

  1. Sch68Sch68

  2. Sch69Sch69

取代 NTFRS 了Deprecation of NTFRS

概觀Overview

在 Windows Server 2012 R2 會取代 FRS。FRS is deprecated in Windows Server 2012 R2. 做出的 FRS 被透過執行 Windows Server 2008 的最低網域功能等級 (DFL)。The deprecation of FRS is accomplished by enforcing a minimum domain functional level (DFL) of Windows Server 2008. 這個執法才會顯示出來使用伺服器管理員及 Windows PowerShell 來建立新的網域。This enforcement is present only if the new domain is created using Server Manager or Windows PowerShell.

若要指定網域功能等級-DomainMode 參數使用 Install-ADDSForest 或 Install-ADDSDomain cmdlet 中。You use the -DomainMode parameter with the Install-ADDSForest or Install-ADDSDomain cmdlets to specify the domain functional level. 支援此參數值可以正確整數或對應列舉的字串值。Supported values for this parameter can be either a valid integer or a corresponding enumerated string value. 例如,若要設定 Windows Server 2008 R2 網域模式層級,,您可以指定值 4 或是」Win2008R2」。For example, to set the domain mode level to Windows Server 2008 R2, you can specify either a value of 4 or "Win2008R2". 從 Server 2012 R2 有效執行這些 cmdlet 時值包括與 Windows Server 2008 (3 Win2008) 的 Windows Server 2008 R2 (4 Win2008R2) (5 Win2012) 的 Windows Server 2012 和 Windows Server 2012 R2 (6 Win2012R2)。When executing these cmdlets from Server 2012 R2 valid values include those for Windows Server 2008 (3, Win2008) Windows Server 2008 R2 (4, Win2008R2) Windows Server 2012 (5, Win2012) and Windows Server 2012 R2 (6, Win2012R2). 層級不得低於的樹系功能的層級,但很高正常運作的網域。The domain functional level cannot be lower than the forest functional level, but it can be higher. 由於 FRS 在此版本中,Windows Server 2003 (2,Win2003) 取代不是辨識的參數,使用下列 cmdlet 執行的 Windows Server 2012 R2。Since FRS is deprecated in this release, Windows Server 2003 (2, Win2003) is not a recognized parameter with these cmdlets when executed from Windows Server 2012 R2.

Directory 服務更新

Directory 服務更新

變更 LDAP 最佳化LDAP Query Optimizer changes

概觀Overview

LDAP 查詢最佳化演算法是評估,並進一步最佳化。The LDAP query optimizer algorithm was reevaluated and further optimized. 結果是 LDAP 搜尋效率和 LDAP 搜尋查詢複雜時間效能改進。The result is the performance improvement in LDAP search efficiency and LDAP search time of complex queries.

注意

開發:改善效能的改進從 LDAP 對應的搜尋查詢 ESE 查詢。From the Developer:improvements in the performance of searches through improvements in the mapping from LDAP query to ESE query. LDAP 複雜的特定的層級以外的篩選器避免最佳化的索引選取項目,會導致效能(1000 x 以上)大幅降低。LDAP filters beyond a certain level of complexity prevent optimized index selection, resulting in drastically decreased performance (1000x or more). 這項變更更改我們中,選取 [索引 LDAP 查詢,以避免此問題的方式。This change alters the way in which we select indices for LDAP queries to avoid this problem.

注意

完整的 LDAP 查詢最佳化演算法,會導致 overhaul:A complete overhaul of the LDAP query optimizer algorithm, resulting in:

  • 更快速地搜尋時間Faster search times
  • 提高可及範圍效率允許 Dc 執行更多Efficiency gains allow DCs to do more
  • 相關廣告效能問題較不支援電話Less support calls regarding AD Performance issues
  • 返回移植到 Windows Server 2008 R2 (2862304 KB)Back ported to Windows Server 2008 R2 (KB 2862304)

背景Background

Active Directory 搜尋功能提供網域控制站的核心服務。The ability to search Active Directory is a core service provided by domain controllers. 其他服務及營運應用程式需依賴 Active Directory 搜尋。Other services and line of business applications rely on Active Directory searches. 如果無法使用這項功能可以停止停滯企業營運。Business operations can cease to a halt if this feature is not available. Core 和常用的服務,請務必網域控制站處理 LDAP 搜尋傳輸有效率。As a core and heavily used service, it is imperative that domain controllers handle LDAP search traffic efficiently. 讓 LDAP 搜尋效率,可以透過記錄編製索引資料庫中滿足結果組對應 LDAP 搜尋篩選嘗試 LDAP 查詢最佳化演算法。The LDAP query optimizer algorithm attempts to make LDAP searches efficient as possible by mapping LDAP search filters to a result set that can be satisfied via records already indexed in the database. 這個演算法是評估,並進一步最佳化。This algorithm was reevaluated and further optimized. 結果是 LDAP 搜尋效率和 LDAP 搜尋查詢複雜時間效能改進。The result is the performance improvement in LDAP search efficiency and LDAP search time of complex queries.

變更詳細資訊Details of change

包含的 LDAP 搜尋:An LDAP search contains:

  • 在 [開始搜尋階層某個位置(NC 標頭,組織單位,物件)A location (NC head, OU, Object) within the hierarchy to begin the search

  • 搜尋條件A search filter

  • 若要返回屬性的清單A list of attributes to return

搜尋程序摘要如下:The search process can be summarized as follows:

  1. 如果可能的話簡化搜尋篩選。Simplify the search filter if possible.

  2. 選取 [索引鍵,將會退還小涵蓋的設定的設定。Select a set of Index Keys that will return the smallest covered set.

  3. 執行一個或多個索引鍵,以減少涵蓋的設定交叉。Perform one or more intersections of Index Keys, to reduce the covered set.

  4. 每個記錄涵蓋設定中,評估篩選以及安全性。For each record in the covered set, evaluate the filter expression as well as the security. 如果篩選評估為 TRUE 且存取,然後回到此記錄 client。If the filter evaluates to TRUE and access is granted, then return this record to the client.

LDAP 查詢最佳化工作修改步驟 2 和 3,以減少涵蓋集的大小。The LDAP query optimization work modifies steps 2 and 3, to reduce the size of the covered set. 更多尤其是目前的實作選取索引重複的按鍵,並執行備援交叉。More specifically, the current implementation selects duplicate Index Keys and performs redundant intersections.

舊和新演算法之間的比較Comparison between old and new algorithm

在此範例中效率 LDAP 搜尋的目標是 Windows Server 2012 網域控制站。The target of the inefficient LDAP search in this example is a Windows Server 2012 domain controller. 搜尋完成根據無法找到更有效率索引大約 44 秒。The search completes in approximately 44 seconds as a result of failing to find a more efficient index.

adfind -b dc=blue,dc=contoso,dc=com -f "(| (& (|(cn=justintu) (postalcode=80304) (userprincipalname=justintu@blue.contoso.com)) (|(objectclass=person) (cn=justintu)) ) (&(cn=justintu)(objectclass=person)))" -stats >>adfind.txt  

Using server: WINSRV-DC1.blue.contoso.com:389  

<removed search results>  

Statistics  
=====  
Elapsed Time: 44640 (ms)  
Returned 324 entries of 553896 visited - (0.06%)  

Used Filter:  
 ( |  ( &  ( |  (cn=justintu)  (postalCode=80304)  (userPrincipalName=justintu@blue.contoso.com) )  ( |  (objectClass=person)  (cn=justintu) ) )  ( &  (cn=justintu)  (objectClass=person) ) )   

Used Indices:  
 DNT_index:516615:N  

Pages Referenced          : 4619650  
Pages Read From Disk      : 973  
Pages Pre-read From Disk  : 180898  
Pages Dirtied             : 0  
Pages Re-Dirtied          : 0  
Log Records Generated     : 0  
Log Record Bytes Generated: 0  

使用新的演算法範例結果Sample results using the new algorithm

重複上述完全相同搜尋此範例中,但針對 Windows Server 2012 R2 網域控制站。This example repeats the exact same search as above but targets a Windows Server 2012 R2 domain controller. 相同搜尋完成小於秒因為 LDAP 查詢最佳化演算法中的改良功能。The same search completes in less than a second due to the improvements in the LDAP query optimizer algorithm.

adfind -b dc=blue,dc=contoso,dc=com -f "(| (& (|(cn=justintu) (postalcode=80304) (userprincipalname=dhunt@blue.contoso.com)) (|(objectclass=person) (cn=justintu)) ) (&(cn=justintu)(objectclass=person)))" -stats >>adfindBLUE.txt  

Using server: winblueDC1.blue.contoso.com:389  

.<removed search results>  

Statistics  
=====  
Elapsed Time: 672 (ms)  
Returned 324 entries of 648 visited - (50.00%)  

Used Filter:  
 ( |  ( &  ( |  (cn=justintu)  (postalCode=80304)  (userPrincipalName=justintu@blue.contoso.com) )  ( |  (objectClass=person)  (cn=justintu) ) )  ( &  (cn=justintu)  (objectClass=person) ) )   

Used Indices:  
 idx_userPrincipalName:648:N  
 idx_postalCode:323:N  
 idx_cn:1:N  

Pages Referenced          : 15350  
Pages Read From Disk      : 176  
Pages Pre-read From Disk  : 2  
Pages Dirtied             : 0  
Pages Re-Dirtied          : 0  
Log Records Generated     : 0  
Log Record Bytes Generated: 0  
  • 如果無法最佳化樹:If unable to optimize the tree:

    • 例如:樹運算式是透過不編製索引一欄For example: an expression in the tree was over a column not indexed

    • 錄製指數防止最佳化的清單Record a list of indices that prevent optimization

    • 透過 ETW 描圖和事件 1644 來電顯示公開Exposed via ETW tracing and event ID 1644

      Directory 服務更新

若要讓 LDP 統計資料控制項To enable the Stats control in LDP

  1. 打開 LDP.exe 連接並連結到網域控制站。Open LDP.exe, and connect and bind to a domain controller.

  2. 選項功能表上,按控制項On the Options menu, click Controls.

  3. 在控制項] 對話方塊中,展開載入預先定義的下拉式功能表,按搜尋統計資料,然後按一下 [ [確定]On the Controls dialog box, expand the Load Predefined pull-down menu, click Search Stats and then click OK.

    Directory 服務更新

  4. 瀏覽]功能表上,按搜尋On the Browse menu, click Search

  5. 在 [搜尋] 對話方塊中,選取 [選項按鈕。In the Search dialog box, select the Options button.

  6. 確認延伸核取方塊已選取上搜尋選項] 對話方塊中選取[確定]Ensure the Extended check box is selected on the Search Options dialog box and select OK.

    Directory 服務更新

請嘗試︰ 使用 LDP 返回查詢統計資料Try This: Use LDP to return query statistics

網域控制站,或從加入網域的 client 或已安裝的 AD DS 工具的伺服器,請執行下列。Perform the following on a domain controller, or from a domain-joined client or server that has the AD DS tools installed. 重複下列您的 Windows Server 2012 俠與 Windows Server 2012 R2 俠目標。Repeat the following targeting your Windows Server 2012 DC and your Windows Server 2012 R2 DC.

  1. 檢視「建立更有效率 Microsoft AD 支援的應用程式]文章,並視需要回到參考它。Review the "Creating More Efficient Microsoft AD Enabled Applications" article and refer back to it as needed.

  2. 使用 LDP,讓搜尋統計資料 (查看以讓 LDP 統計資料控制項)Using LDP, enable search statistics (see To enable the Stats control in LDP)

  3. 為了數個 LDAP 搜尋,並觀察統計資訊頂端的結果。Conduct several LDAP searches and observe the statistical information at the top of the results. 您將會重複其他相同的搜尋活動中的文件它們記事本文字檔案。You will repeat the same search in other activities so document them in a notepad text file.

  4. 執行最佳化無法因為屬性指數最佳化的 LDAP 搜尋Perform an LDAP search that the query optimizer should be able to optimize because of attributes indices

  5. 嘗試建構搜尋這需要很長的時間來完成 (您可能想要增加的時間限制選項,讓搜尋是否無法逾時)。Attempt to construct a search that takes a long time to complete (you may want to increase the Time limit option so the search does not timeout).

其他資源Additional Resources

Active Directory 搜尋為何?What Are Active Directory Searches?

Active Directory 搜尋的工作方式How Active Directory Searches Work

建立更有效率 Microsoft Active Directory 功能的應用程式Creating More Efficient Microsoft Active Directory-Enabled Applications

951581 LDAP 查詢的執行速度變慢比預期廣告或 LDS 日 ADAM directory 服務與事件 ID 1644 可能登入951581 LDAP queries are executed more slowly than expected in the AD or LDS/ADAM directory service and Event ID 1644 may be logged

1644 事件改良功能1644 Event improvements

概觀Overview

這項更新會協助進行疑難排解的事件編號 1644 年其他 LDAP 搜尋結果統計資料。This update adds additional LDAP search result statistics to event ID 1644 to aid in troubleshooting purposes. 此外,也可以用來登入以時間為基礎的閾值可讓新登錄值。Additionally, there is a new registry value that can be used to enable logging on a time-based threshold. 這些改良已可在 Windows Server 2012 和 Windows Server 2008 R2 SP1 KB 透過2800945,將可讓 Windows Server 2008 SP2。These improvements were made available in Windows Server 2012 and Windows Server 2008 R2 SP1 via KB 2800945 and will be made available to Windows Server 2008 SP2.

注意

  • 其他 LDAP 搜尋統計資料] 會新增至事件 ID 1644,協助您疑難排解效率或便宜 LDAP 搜尋Additional LDAP search statistics are added to event ID 1644 to aid in troubleshooting inefficient or expensive LDAP searches
  • 您現在可以指定搜尋時間臨界值(例如。You can now specify a Search Time Threshold (eg. 登入事件 1644 年搜尋拍攝超過 100ms 年)而不是指定昂貴且 Inefficient 搜尋結果臨界值Log event 1644 for searches taking longer than 100ms) instead of specifying the Expensive and Inefficient search result threshold values

背景Background

同時 Active Directory 效能問題的疑難排解,就能發揮 LDAP 搜尋活動可能造成問題的原因。While troubleshooting Active Directory performance problems, it becomes apparent that LDAP search activity may be contributing to the problem. 您可以選擇要登入,以便您可以看到寶貴或效率 LDAP 查詢網域控制站處理。You decide to enable logging so that you can see expensive or inefficient LDAP queries processed by domain controller. 為了讓登入,您必須設定欄位工程診斷,也可以指定便宜 / 效率搜尋結果臨界值。In order to enable the logging, you must set the Field Engineering diagnostics value and can optionally specify the expensive / inefficient search results threshold values. 時讓欄位工程登入層級 5 的值,以符合下列條件任何搜尋已登入的事件編號 1644 年 Directory 服務事件登入。Upon enabling the Field Engineering logging level to a value of 5, any search that meets these criteria is logged in the Directory Services event log with an event ID 1644.

事件包含:The event contains:

  • Client IP 和連接埠Client IP and port

  • 開始節點Starting Node

  • 篩選Filter

  • 搜尋範圍Search scope

  • 屬性選取項目Attribute selection

  • 伺服器控制項Server controls

  • 瀏覽項目Visited entries

  • 傳回項目Returned entries

不過,事件遺失重要的資料是的話指數等(如果有的話)上的搜尋作業和項目所花費的時間。However, key data is missing from the event such as the amount of time spent on the search operation and what (if any) index was used.

事件 1644 年新增額外的搜尋統計資料Additional search statistics added to event 1644

  • 使用的索引Used indexes

  • 參考的網頁Pages referenced

  • 朗讀從磁碟頁面Pages read from disk

  • 從磁碟 preread 頁面Pages preread from disk

  • 修改全新的頁面Clean pages modified

  • 修改髒頁面Dirty pages modified

  • 搜尋時間Search time

  • 防止最佳化屬性Attributes Preventing Optimization

事件 1644 年登入新的時間型閾值來改善登錄值New time-based threshold registry value for event 1644 logging

指定昂貴且 Inefficient 搜尋結果臨界值,而您可以指定搜尋時間臨界值。Instead of specifying the Expensive and Inefficient search result threshold values, you can specify Search Time Threshold. 如果您需要登入拍攝 50 ms 的所有搜尋結果中或大,您可以指定 50 小數點 / 32 十六進位(除了欄位工程值設定)。If you wanted to log all search results that took 50 ms or greater, you would specify 50 decimal / 32 hex (in addition to setting the Field Engineering value).

Windows Registry Editor Version 5.00  
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]  
"Search Time Threshold (msecs)"=dword:00000032  

舊和新的事件編號 1644 年的比較Comparison of the old and new event ID 1644

OLD

Directory 服務更新

NEW

Directory 服務更新

請嘗試︰ 使用事件登入以返回查詢統計資料Try This: Use the event log to return query statistics

  1. 重複下列您的 Windows Server 2012 俠與 Windows Server 2012 R2 俠目標。Repeat the following targeting your Windows Server 2012 DC and your Windows Server 2012 R2 DC. 每個搜尋之後您會看到這兩個網域控制站的事件編號 1644s 年。Observe the event ID 1644s on both DCs after each search.

  2. 使用 regedit,讓 Windows Server 2012 R2 俠與 Windows Server 2012 DC 上舊的方法使用時間為基礎的閾值事件 ID 1644 登入。Using regedit, enable event ID 1644 logging using a time-based threshold on the Windows Server 2012 R2 DC and the old method on the Windows Server 2012 DC.

  3. 進行幾個 LDAP 搜尋超過閾值來改善,並觀察統計資訊頂端的結果。Conduct several LDAP searches that exceed the threshold and observe the statistical information at the top of the results. 使用您稍早記載 LDAP 查詢和重複相同搜尋。Use the LDAP queries you documented earlier and repeat the same searches.

  4. 執行 LDAP 搜尋最佳化不能最佳化因為屬性一或多個不編製索引。Perform an LDAP search that the query optimizer is not able to optimize because one or more attributes are not indexed.

Active Directory 複寫輸送量改進Active Directory Replication throughput improvement

概觀Overview

使用它複寫傳輸 RPC AD 複寫。AD replication uses RPC for its replication transport. 根據預設,RPC 使用 8 K 傳輸緩衝和 5 K 封包大小。By default, RPC uses an 8K transmit buffer and a 5K packet size. 這效果網路傳送執行個體將會傳送三個封包 (大約 15 K 值得的資料) 和需要往返將傳送更多之前,請先等候網路位置。This has the net effect where the sending instance will transmit three packets (approximately 15K worth of data) and then have to wait for a network round trip before sending more. 假設 3ms 往返的時間,最大的輸送量會在 40Mbps,即使是在 1Gbps 或 10 Gbps 網路。Assuming a 3ms roundtrip time, the highest throughput would be around 40Mbps, even on 1Gbps or 10 Gbps networks.

注意

  • 此更新調整到約 600 Mbps 40Mbps 的最大 AD 複寫輸送量。This update adjusts the maximum AD Replication throughput from 40Mbps to around 600 Mbps.

    • 它會增加 RPC 傳送緩衝大小減少的網路,往返It increases the RPC send buffer size which reduces the number of network round trips
  • 將最高的速度,明顯效果高延遲網路。The effect will be most noticeable on high speed, high latency network.

此更新變更 8 K RPC 傳送緩衝大小為 256 KB 增加約 600 Mbps 到最大的輸送量。This updates increase the maximum throughput to around 600 Mbps by changing the RPC send buffer size from 8K to 256KB. 這項變更可成長 8 K 以外的 TCP 視窗大小往返減少的網路。This change allows the TCP window size to grow beyond 8K, reducing the number of network round trips.

注意

有任何可設定的設定來變更此行為。There are no configurable settings to modify this behavior.

其他資源Additional Resources

複寫 Active Directory 型號的運作方式How the Active Directory Replication Model Works