Recipe 15.16 Setting the Default Quota for All Security Principals in a Partition
|
This recipe requires a Windows Server 2003 domain controller.
|
|
15.16.1 Problem
You want to set a default quota for all security
principals.
15.16.2 Solution
15.16.2.1 Using a graphical user interface
Open ADSI Edit. Connect to the partition you want to modify (has to be done on a per
partition basis). In the left pane, expand the root of the partition. Right-click on cn=NTDS Quotas and select
Properties. Set the msDS-DefaultQuota attribute to the number
objects that security principals should be allowed to create if they
are not assigned another quota. Click OK.
15.16.2.2 Using a command-line interface
Create an LDIF file called set_default_quota.ldf with the following
contents:
dn: cn=NTDS Quotas,<PartitionDN>
changetype: modify
replace: msDs-DefaultQuota
msDs-DefaultQuota: <NumberOfObjects>
-
then run the following command:
> ldifde -v -i -f set_default_quota.ldf
15.16.2.3 Using VBScript
' This code sets the default quota for the specified partition
' ------ SCRIPT CONFIGURATION ------
strPartitionDN = "<PartitionDN>" ' e.g. dc=rallencorp,dc=com
intDefaultQuota = <NumberOfObjects> ' e.g. 10
' ------ END CONFIGURATION ---------
set objPart = GetObject("LDAP://cn=NTDS Quotas," & strPartitionDN )
objPart.Put "msDs-DefaultQuota", intDefaultQuota
objPart.SetInfo
WScript.Echo "Set the default quota for " & _
strPartitionDN & " to " & intDefaultQuota
15.16.3 Discussion
The easiest way to apply a default quota to all of your users is to
modify the msDS-DefaultQuota
attribute on the NTDS Quotas container for the
target partition. This attribute contains the default quota limit
that is used if no other quotas have been assigned to a security
principal.
You should be careful when setting the default quota because it
applies to every non-administrator security principal. If you set the
default to 0, for example, computers would not be able to dynamically
update their DNS records in an AD-integrated zone because that
creates an object. This may not be applicable in your environment,
but the point is that you need to consider the impact of the
default quota and test it thoroughly before implementing it.
|