[ Team LiB ] |
Recipe 4.16 Modifying the Default TTL Settings for Dynamic Objects
4.16.1 ProblemYou want to modify the minimum and default TTLs for dynamic objects. 4.16.2 SolutionIn each solution below, I'll show how to set the DynamicObjectDefaultTTL setting to 172800. Modifying the DynamicObjectMinTTL can be done in the same manner. 4.16.2.1 Using a graphical user interface
4.16.2.2 Using a command-line interfaceThe following ntdsutil command connects to <DomainControllerName>, displays the current values for the dynamic object TTL settings, sets the DynamicObjectDefaultTTL to 172800, commits the change, and displays the results: > ntdsutil "config settings" connections "connect to server <DomainControllerName>"[RETURN] q "show values" "set DynamicObjectDefaultTTL to 172800" "commit changes" "show[RETURN] values" q q 4.16.2.3 Using VBScript' This code modifies the default TTL setting for dynamic objects in a forest ' ------ SCRIPT CONFIGURATION ------ strNewValue = 172800 'Could be DynamicObjectMinTTL instead if you wanted to set that instead strTTLSetting = "DynamicObjectDefaultTTL" ' ------ END CONFIGURATION --------- const ADS_PROPERTY_APPEND = 3 const ADS_PROPERTY_DELETE = 4 set objRootDSE = GetObject("LDAP://RootDSE") set objDS = GetObject("LDAP://CN=Directory Service,CN=Windows NT," & _ "CN=Services,CN=Configuration," & _ objRootDSE.Get("rootDomainNamingContext") for each strVal in objDS.Get("msDS-Other-Settings") Set objRegEx = New RegExp objRegEx.Pattern = strTTLSetting & "=" objRegEx.IgnoreCase = True Set colMatches = objRegEx.Execute(strVal) For Each objMatch in colMatches Wscript.Echo "Deleting " & strVal objDS.PutEx ADS_PROPERTY_DELETE, "msDS-Other-Settings", Array(strVal) objDS.SetInfo Next Next Wscript.Echo "Setting " & strTTLSetting & "=" & strNewValue objDS.PutEx ADS_PROPERTY_APPEND, _ "msDS-Other-Settings", _ Array(strTTLSetting & "=" & strNewValue) objDS.SetInfo 4.16.3 DiscussionTwo configuration settings apply to dynamic objects:
Unfortunately, these two settings are not stored as discrete attributes. Instead, they are stored as attribute-value-assertions (AVA) in the msDS-Other-Settings attribute on the cn=DirectoryServices,cn=WindowsNT,cn=Configuration,<ForestRootDN> object. AVAs are used occasionally in Active Directory on multivalued attributes, in which the values take the form of Setting1=Value1, Setting2=Value2, etc. For this reason, you cannot simply manipulate AVA attributes as you would another attribute. You have to be sure to add or replace values with the same format, as they existed previously. 4.16.3.1 Using a command-line interfaceYou can use ntdsutil in interactive mode or in single-command mode. In this solution, I've included all the necessary commands on a single line. You can, of course, step through each command by simply running ntdsutil in interactive mode and entering each command one by one. 4.16.3.2 Using VBScriptBecause we are dealing with AVAs, the VBScript solution is not very straightforward. Getting a pointer to the Directory Service object is easy, but then we must step through each value of the mSDS-Other-Settings attribute until we find the one we are looking for. The reason it is not straightforward is that we do not know the exact value of the setting we are looking for. All we know is that it begins with DynamicObjectDefaultTTL=. That is why it is necessary to resort to regular expressions. With a regular expression, we can compare each value against DefaultObjectDefaultTTL= and if we find a match, delete that value only. After we've iterated through all of the values and hopefully deleted the one we are looking for, we append the new setting using PutEx. Simple as that! 4.16.4 See AlsoRecipe 4.11 for modifying an object and MSDN: Regular Expression (RegExp) Object |
[ Team LiB ] |