Recipe 15.15 Changing How Tombstone Objects Count Against Quota Usage
|
This recipe requires a Windows Server 2003 domain controller.
|
|
15.15.1 Problem
You want to change the relative weight of tombstone
objects
in quota calculations.
15.15.2 Solution
15.15.2.1 Using a graphical user interface
Open ADSI Edit. Connect to the partition on which you want to modify this setting
(has to be done on a per partition basis). In the left pane, expand the root of the partition. Right-click on cn=NTDS Quotas and select
Properties. Set the msDS-TombstoneQuotaFactor attribute to a
value between 0 and 100. Click OK.
15.15.2.2 Using a command-line interface
Create an LDIF file called change_tombstone_quota.ldf with the following
contents:
dn: cn=NTDS Quotas,<PartitionDN>
changetype: modify
replace: msDs-TombstoneQuotaFactor
msDs-TombstoneQuotaFactor: <0-100>
-
then run the following command:
> ldifde -v -i -f change_tombstone_quota.ldf
15.15.2.3 Using VBScript
' This code modifies the tombstone quota factor for the specified partition
' ------ SCRIPT CONFIGURATION ------
strPartitionDN = "<PartitionDN>" ' e.g. dc=rallencorp,dc=com
intTombstoneFactor = <0-100> ' e.g. 50
' ------ END CONFIGURATION ---------
set objPart = GetObject("LDAP://cn=NTDS Quotas," & strPartitionDN )
objPart.Put "msDs-TombstoneQuotaFactor", intTombstoneLifetime
objPart.SetInfo
WScript.Echo "Set the tombstone quota factor for " & _
strPartitionDN & " to " & intTombstoneFactor
15.15.3 Discussion
The tombstone quota factor is a percentage that determines how much
each tombstone object counts against a security
principal's quota usage. By default, tombstone
objects count as one object. This means if a user's
quota is set to 10, and the user deletes 10 objects, that user will
not be able to create or delete any other objects until those
tombstone objects have been purged from Active Directory.
The msDs-TombstoneQuotaFactor
attribute on the NTDS Quota container for each
partition defines the tombstone quota factor. As mentioned
previously, the default is that tombstone objects count 100% of a
normal object, and thus, the
msDs-TombstoneQuotaFactor attribute contains 100
by default. If you modify that attribute to contain 50, and a user
has a quota limit of 10, then that user could delete 20 objects
(i.e., create 20 tombstone objects) because 20 x 50% = 10.
You may not care about how many objects your users delete; in which case,
you'd want to set the tombstone quota factor to 0.
|