Forest/Domain Prep & Schema Update Cause member workstation to make ldap calls

Question

I have a approx. 3000 endpoints with a small connection back to local domain controllers. Bandwidth is approx. 60mbps. We have noticed that when we run a schema update or domain/forest prep, this causes these workstations to completely saturate this connection with ldap calls. First occurrence happened during a Exchange CU update and the CU required a schema update. Second occurrence happened when we promoted the first server 2019 domain controller into the environment and a domain/forest prep was required. We cannot figure out what it is these workstations are downloading at the time of this bandwidth constraint.

Do workstations require to download a local copy of the schema? Do they require downloading a copy of the domain\forest instructions when a change is made?

Any suggestions or help would be greatly appreciated.

Thank You,

Answer 1

Hi @Ryan-AD

I don't know specifically what the workstations are doing, but I can speculate on what is happening. When you do a schema update, the last instruction in the update file is to flush the schema cache on DC using the UpdateSchemaNow RootDSE modify operators. It likely that this and added a domain controller to the domain will cause the Exchange servers to issue a refresh command to all connected clients, so they refresh their cached information about the Exchange environment, any newly added AD attributes, and the DC that exist in the domain.

Gary.