Change History - Log Retention

The answer to this really depends on how busy your environment is - that is, new accounts, changes to accounts and groups etc.   

The size of the database (in GB) is not really the issue - it's more about performance as again, in a busy environment where there is a lot of change being recorded daily, a very large change history database can get sluggish.  This can manifests in the user experience as slow retrieval of change history records and also slower deprovisioning actions.

For archival of (and reporting on) the change history, I recommend customers use something like Splunk to mine and archive the information out of the Administrative Service Windows event log rather than relying on the Change History database itself for long term storage.

If you don't already have Splunk (or similar) another good option is Quest's Change Auditor which provides optimized auditing and storage of Active Directory changes.  It features integration with Active Roles too.

The answer to this really depends on how busy your environment is - that is, new accounts, changes to accounts and groups etc.   

The size of the database (in GB) is not really the issue - it's more about performance as again, in a busy environment where there is a lot of change being recorded daily, a very large change history database can get sluggish.  This can manifests in the user experience as slow retrieval of change history records and also slower deprovisioning actions.

For archival of (and reporting on) the change history, I recommend customers use something like Splunk to mine and archive the information out of the Administrative Service Windows event log rather than relying on the Change History database itself for long term storage.

If you don't already have Splunk (or similar) another good option is Quest's Change Auditor which provides optimized auditing and storage of Active Directory changes.  It features integration with Active Roles too.