Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
platform
active.directory
adsi
adsi.iis-admin
base
com_ole
complus_mts
component_svcs
database
directx
gdi
graphics_mm
internet.client
internet.server
internet.server.isapi-dev
localization
mapi
messaging
msi
mslayerforunicode
multimedia
networking
networking.ipv6
sdk_install
security
shell
telephony.tapi_2
telephony.tapi_3
telephony.tsp
telephony.wte
tools
ui
ui_shell
win_base_svcs
win16
  
 
date: Mon, 1 Oct 2007 13:22:54 -0400,    group: microsoft.public.platformsdk.active.directory        back       


DIT files increased 43% in a single day    
We have an AD2000 forest and The GC's in all domains have increased from 1.7 
GB's to 2.3 GB's in a 24 hour period.  Obviously something happened but 
there were no new accounts created.  Some non-GC's in just one of the 
domains also have 2.3GB, and they are not even GC's; but no other non-GC's 
in other domains have a DIT that is larger than 1GB.  The admin of the 
likely originating domain said that they were working on IP telephony.  I 
know that Cisco has a permissions wizard, and I'm wondering if a mass update 
of the ACL's on many accounts can cause the metadata of the accounts, and 
subsequently the DNC and then GC, to increase accordingly.  What else could 
cause such a dramatic increase in size in such a short time?
date: Mon, 1 Oct 2007 13:22:54 -0400   author:   -

Re: DIT files increased 43% in a single day    
Hi
Probably a bunch of new objects were created and deleted, now all these 
objects are in Deleted Objects container and you must wait until the 
Tombstone lifetime expires o these objects are permanently deleted from AD 
DB.


-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

<-> wrote in message news:uwB42%23EBIHA.4160@TK2MSFTNGP06.phx.gbl...
> We have an AD2000 forest and The GC's in all domains have increased from 
> 1.7 GB's to 2.3 GB's in a 24 hour period.  Obviously something happened 
> but there were no new accounts created.  Some non-GC's in just one of the 
> domains also have 2.3GB, and they are not even GC's; but no other non-GC's 
> in other domains have a DIT that is larger than 1GB.  The admin of the 
> likely originating domain said that they were working on IP telephony.  I 
> know that Cisco has a permissions wizard, and I'm wondering if a mass 
> update of the ACL's on many accounts can cause the metadata of the 
> accounts, and subsequently the DNC and then GC, to increase accordingly. 
> What else could cause such a dramatic increase in size in such a short 
> time?
>
date: Mon, 1 Oct 2007 20:19:00 +0100   author:   Jorge Silva

Re: DIT files increased 43% in a single day    
That's very likely.  Also, though, the admins of that domain recently did a 
bunch of work which changed the ACL's on a number of objects.  I don't know 
if maybe that contributed to it.  In any event, the DA of that domain 
demoted and re-promoted a non-GC DC in that domain, and the DIT file is 
smaller, for now.  I'm going to monitor the size and see if it starts to 
grow again.

"Jorge Silva"  wrote in message 
news:eyLYo$FBIHA.5196@TK2MSFTNGP02.phx.gbl...
> Hi
> Probably a bunch of new objects were created and deleted, now all these 
> objects are in Deleted Objects container and you must wait until the 
> Tombstone lifetime expires o these objects are permanently deleted from AD 
> DB.
>
>
> -- 
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
>
> <-> wrote in message news:uwB42%23EBIHA.4160@TK2MSFTNGP06.phx.gbl...
>> We have an AD2000 forest and The GC's in all domains have increased from 
>> 1.7 GB's to 2.3 GB's in a 24 hour period.  Obviously something happened 
>> but there were no new accounts created.  Some non-GC's in just one of the 
>> domains also have 2.3GB, and they are not even GC's; but no other 
>> non-GC's in other domains have a DIT that is larger than 1GB.  The admin 
>> of the likely originating domain said that they were working on IP 
>> telephony.  I know that Cisco has a permissions wizard, and I'm wondering 
>> if a mass update of the ACL's on many accounts can cause the metadata of 
>> the accounts, and subsequently the DNC and then GC, to increase 
>> accordingly. What else could cause such a dramatic increase in size in 
>> such a short time?
>>
>
>
date: Mon, 1 Oct 2007 18:42:57 -0400   author:   -

Re: DIT files increased 43% in a single day    
Adding ACLs, especially at the top of the directory in the domain, will 
increase the size of the DIT.  Even though you may specify a particular 
object type, the ACL is applied to ALL child objects.  For example the OU 
object gets the ACL so it can apply it to it's child objects.

The recently promoted DC will have a smaller DIT because it is not 
fragmented.  Give it some time and it will expand so it has some "working 
room" and then level off. 

"-" wrote:

> That's very likely.  Also, though, the admins of that domain recently did a 
> bunch of work which changed the ACL's on a number of objects.  I don't know 
> if maybe that contributed to it.  In any event, the DA of that domain 
> demoted and re-promoted a non-GC DC in that domain, and the DIT file is 
> smaller, for now.  I'm going to monitor the size and see if it starts to 
> grow again.
> 
> "Jorge Silva"  wrote in message 
> news:eyLYo$FBIHA.5196@TK2MSFTNGP02.phx.gbl...
> > Hi
> > Probably a bunch of new objects were created and deleted, now all these 
> > objects are in Deleted Objects container and you must wait until the 
> > Tombstone lifetime expires o these objects are permanently deleted from AD 
> > DB.
> >
> >
> > -- 
> >
> > I hope that the information above helps you.
> > Have a Nice day.
> >
> > Jorge Silva
> > MCSE, MVP Directory Services
> >
> > <-> wrote in message news:uwB42%23EBIHA.4160@TK2MSFTNGP06.phx.gbl...
> >> We have an AD2000 forest and The GC's in all domains have increased from 
> >> 1.7 GB's to 2.3 GB's in a 24 hour period.  Obviously something happened 
> >> but there were no new accounts created.  Some non-GC's in just one of the 
> >> domains also have 2.3GB, and they are not even GC's; but no other 
> >> non-GC's in other domains have a DIT that is larger than 1GB.  The admin 
> >> of the likely originating domain said that they were working on IP 
> >> telephony.  I know that Cisco has a permissions wizard, and I'm wondering 
> >> if a mass update of the ACL's on many accounts can cause the metadata of 
> >> the accounts, and subsequently the DNC and then GC, to increase 
> >> accordingly. What else could cause such a dramatic increase in size in 
> >> such a short time?
> >>
> >
> > 
> 
> 
>
date: Tue, 2 Oct 2007 09:29:01 -0700   author:   David Douglas David

Re: DIT files increased 43% in a single day    
If that change were in another domain, and it was a change to user objects, 
would the ACL notations replicate to the Global Catalog?

"David Douglas" <David Douglas@discussions.microsoft.com> wrote in message 
news:15E1994B-963E-4730-9F02-8476FD9EB4BB@microsoft.com...
> Adding ACLs, especially at the top of the directory in the domain, will
> increase the size of the DIT.  Even though you may specify a particular
> object type, the ACL is applied to ALL child objects.  For example the OU
> object gets the ACL so it can apply it to it's child objects.
>
> The recently promoted DC will have a smaller DIT because it is not
> fragmented.  Give it some time and it will expand so it has some "working
> room" and then level off.
>
> "-" wrote:
>
>> That's very likely.  Also, though, the admins of that domain recently did 
>> a
>> bunch of work which changed the ACL's on a number of objects.  I don't 
>> know
>> if maybe that contributed to it.  In any event, the DA of that domain
>> demoted and re-promoted a non-GC DC in that domain, and the DIT file is
>> smaller, for now.  I'm going to monitor the size and see if it starts to
>> grow again.
>>
>> "Jorge Silva"  wrote in message
>> news:eyLYo$FBIHA.5196@TK2MSFTNGP02.phx.gbl...
>> > Hi
>> > Probably a bunch of new objects were created and deleted, now all these
>> > objects are in Deleted Objects container and you must wait until the
>> > Tombstone lifetime expires o these objects are permanently deleted from 
>> > AD
>> > DB.
>> >
>> >
>> > -- 
>> >
>> > I hope that the information above helps you.
>> > Have a Nice day.
>> >
>> > Jorge Silva
>> > MCSE, MVP Directory Services
>> >
>> > <-> wrote in message news:uwB42%23EBIHA.4160@TK2MSFTNGP06.phx.gbl...
>> >> We have an AD2000 forest and The GC's in all domains have increased 
>> >> from
>> >> 1.7 GB's to 2.3 GB's in a 24 hour period.  Obviously something 
>> >> happened
>> >> but there were no new accounts created.  Some non-GC's in just one of 
>> >> the
>> >> domains also have 2.3GB, and they are not even GC's; but no other
>> >> non-GC's in other domains have a DIT that is larger than 1GB.  The 
>> >> admin
>> >> of the likely originating domain said that they were working on IP
>> >> telephony.  I know that Cisco has a permissions wizard, and I'm 
>> >> wondering
>> >> if a mass update of the ACL's on many accounts can cause the metadata 
>> >> of
>> >> the accounts, and subsequently the DNC and then GC, to increase
>> >> accordingly. What else could cause such a dramatic increase in size in
>> >> such a short time?
>> >>
>> >
>> >
>>
>>
>>
date: Tue, 2 Oct 2007 13:23:21 -0400   author:   -

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us