Background: In recent months, we have discovered (reactively) a number of customers who are content dumping the entire Workers OU (70,000+ objects) at pretty frequent intervals, which is causing mini denial of service attacks on our domain controllers in small pipe locations.
Has anyone limited access to their production Windows 2000 Active Directory forests to prevent users from running intensive CSVDE/ADSI queries against their domain controllers? If so, how? Through technology? Through policy? Both? -- Alan A. Isham, IT Product Manager Messaging and Active Directory Engineering Intel Corporation List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
