Recipe 15.16 Setting the Default Quota for All Security Principals in a Partition

This recipe requires a Windows Server 2003 domain controller.

15.16.1 Problem

You want to set a default quota for all security principals.

15.16.2 Solution

15.16.2.1 Using a graphical user interface

15.16.2.2 Using a command-line interface

Create an LDIF file called set_default_quota.ldf with the following contents:

dn: cn=NTDS Quotas,<PartitionDN>
changetype: modify
replace: msDs-DefaultQuota
msDs-DefaultQuota: <NumberOfObjects>
-

then run the following command:

> ldifde -v -i -f set_default_quota.ldf

15.16.2.3 Using VBScript

' This code sets the default quota for the specified partition
' ------ SCRIPT CONFIGURATION ------
strPartitionDN = "<PartitionDN>"        ' e.g. dc=rallencorp,dc=com
intDefaultQuota = <NumberOfObjects>     ' e.g. 10
' ------ END CONFIGURATION ---------

set objPart = GetObject("LDAP://cn=NTDS Quotas," & strPartitionDN )
objPart.Put "msDs-DefaultQuota", intDefaultQuota
objPart.SetInfo
WScript.Echo "Set the default quota for " & _
             strPartitionDN & " to " & intDefaultQuota

15.16.3 Discussion

The easiest way to apply a default quota to all of your users is to modify the msDS-DefaultQuota attribute on the NTDS Quotas container for the target partition. This attribute contains the default quota limit that is used if no other quotas have been assigned to a security principal.

You should be careful when setting the default quota because it applies to every non-administrator security principal. If you set the default to 0, for example, computers would not be able to dynamically update their DNS records in an AD-integrated zone because that creates an object. This may not be applicable in your environment, but the point is that you need to consider the impact of the default quota and test it thoroughly before implementing it.