If you would have come to the summit you would have gotten to find out. Dean gave his one man forest destruction show. He hit me with the concept about 15 minutes after I got off the plane which instantly put me into shock (which prepared me for Jimmy's driving actually). Later he showed it to me in action and I said, "Yep, I trusted you in the airport, can't we just forget that and I teach you perl?". Too late for you now. No soup for you.
I 125% agree with Dean on his warning but hope he doesn't explain it on the list. This isn't info that should be readily and openly distributed just like my forest destruction idea. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen Sent: Friday, August 13, 2004 7:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Delete ad object without Tombstone lifetime. > ******** WARNING - I'd like to point out to you that misuse of this > feature can entirely (and nigh on irrecoverably) destroy a forest ******** Details please? Thanks, Robbie Allen http://www.rallenhome.com/ > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells > Sent: Wednesday, August 11, 2004 11:22 AM > To: Send - AD mailing list > Subject: RE: [ActiveDir] Delete ad object without Tombstone lifetime. > > OK, if you had only Windows 2000 or even a hybrid this would not be > particularly feasible nor advisable but since you don�t, it's going to > be just peachy assuming you're at forest functional level 2 (Server > 2003 > Native) ... if you're not, it's still doable, just a lot more awkward > and less than supported. > > ******** WARNING - I'd like to point out to you that misuse of this > feature can entirely (and nigh on irrecoverably) destroy a forest > ******** > > Windows 2003's Active Directory supports two applicable LDAP features; > dynamic objects and dynamic auxiliary classes. > > 1. Dynamic aux. classes allow you to bolt an auxiliary class to new > object instances without having first made any schema alterations > (i.e. - no schema modification of any kind occurred). The attributes > assigned to the auxiliary class then become available to the object > instance(s) to which the > aux. class was assigned. > > 2. Dynamic objects provides a mean by which a TTL (using a unit of > seconds) can be written to an object after which time it self expires > ~simultaneously on all DCs without the need for a tombstone. > > By using dyn. aux. classes we can dynamically bolt the dynamicObject > class to new object instances which serves to provide us the > attributes we need; most prominently entryTTL. When the entry TTL is > populated, the directory service calculates an effective "time of > death" and writes that to msDS-Entry-Time-To-Die (both attributes are > actually constructed depending on how they're used). > > I've not attempted this with CSVDE but have done so numerous times via > code and through LDIFDE so I'll leave it you to attempt the > LDIF(DE) to CSV(DE) > conversion. Here's an example LDIF file that creates a "contact" > beneath the domain root using the default-minimum TTL of 15 minutes > (this default can be reduced if it's too high) - > > [Begin LDIF file named "foo.ldif"] > dn: cn=suicidal,dc=X > changetype: add > objectClass: contact > objectClass: dynamicObject > entryTTL: 901 > [/LDIF file] > > ... here's the command line syntax to inject its content - > > ldifde -i -f foo.ldif -c DC=X <your distinguished name here> > > ... for example - > > ldifde -i -f foo.ldif -c DC=X dc=mset,dc=local > > Hope that proves useful. > > Dean > > -- > Dean Wells > MSEtechnology > * Email: [EMAIL PROTECTED] > http://msetechnology.com > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of BATARD > olivier > Sent: Wednesday, August 11, 2004 8:39 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Delete ad object without Tombstone lifetime. > > I have a Windows 2003 domain exclusively. > > Olivier BATARD, Technicien syst�me - Poste 1655 Gestion Interne SIGMA > Informatique http://www.sigma.fr > 3 rue Newton, BP 4127, 44241 La Chapelle sur Erdre Cedex > > > > -----Message d'origine----- > De : Dean Wells [mailto:[EMAIL PROTECTED] Envoy� : > mercredi 11 ao�t > 2004 14:41 � : Send - AD mailing list Objet : RE: [ActiveDir] Delete > ad object without Tombstone lifetime. > > > Do you have Windows 2000, 2003 or a combination? > > -- > Dean Wells > MSEtechnology > * Email: [EMAIL PROTECTED] > http://msetechnology.com > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of BATARD > olivier > Sent: Wednesday, August 11, 2004 5:43 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Delete ad object without Tombstone lifetime. > > > Hello, > > I'm testing a csvde file and I want to delete object directly,without > Tombstonelifetime. How can I do that ? > > > Thanks, > > Olivier BATARD, Technicien syst�me - Poste 1655 Gestion Interne SIGMA > Informatique http://www.sigma.fr > 3 rue Newton, BP 4127, 44241 La Chapelle sur Erdre Cedex > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
