Ignoring the 16 bytes at the beginning of the metadata for version and attr count info, and garbage wasted space ... the metadata for a single attribute is 48 bytes, adding the SID (28 bytes) would be an expansion of 57% on the _raw_ per attribute metadata size.
A sampling of a corporate DB showed the raw metadata size to be 15% of the DIT size, which would lead me to believe the DIT would expand by ~10% for a trivial implementation against this paticular corporate DIT.[1] However, if you look at the /showobjmeta for _any_ object, you will realize that is a data structure that is over ripe (like banannas you wouldn't even use for a bananna cake) for being compressed. I think I could add a SID, (custom) compress it, and shrink the DIT in size. While you might think a GUID is better, because If you add a GUID, it is only 16 bytes, but that's a very uncompressible 16 bytes, "effectively a random hash". The SID is more likely to compress properly. [1] I expect that corporate DITs vary what % is meta-data by how many certs and big blobs they stick in thier AD. I imagine most corporate DITs are worse (as in higher % is metadata) than the one I checked out. Not that I've been thought of it ... Cheers, -BrettSh [msft] This posting is provided "AS IS" with no warranties, and confers no rights. On Fri, 14 Oct 2005, Al Mulnick wrote: > <raises hand> > GUID or SID of the user account that made the delete request. Last mod my > not be enough in case some process gets hold of that data in the deleted > items, even if unlikely. I want the id of the identity that put caused the > object to be there in the first place. > > Having the data for a full undelete option wouldn't seem too terrible > either, although that might significantly increase the storage in the DIT. > In the past I've had to write apps to keep that information out of band in > order to put back items mistakenly removed. But I can't see why I should > have to trip through all the DC's Audit logs to find the information about > who deleted something given how common this type of question is. It should > be recorded same as the audit log (we have the information, why not stamp it > on the object at time of deletion?) > > Al > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Friday, October 14, 2005 11:03 AM > To: [email protected] > Subject: RE: [ActiveDir] Knowing when users were deleted. > > > Correct, you can currenlty only get the when and the where (DC Where not > Client Where). > > Which raises the question. How many people would like a metadata stamp with > the GUID or SID of the userid that made the modification for a given > attribute (or value if appropriate)? Or would it be ok to just have who made > the last change to the object? Either way, none of the "administrators > group" nonsense, it points to a specific security principal. > > > > _____ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Freddy HARTONO > Sent: Friday, October 14, 2005 3:18 AM > To: [email protected] > Subject: RE: [ActiveDir] Knowing when users were deleted. > > > Hi Yann, > > You can find at the deletedobject folder via adfind -showdel and see the > Last modified date - that would be when the object is deleted. > > But as for who deleted - I dont think you can find it without the auditing. > > > > Thank you and have a splendid day! > > Kind Regards, > > Freddy Hartono > Group Support Engineer > InternationalSOS Pte Ltd > mail: [EMAIL PROTECTED] > phone: (+65) 6330-9740 - temp > > > > _____ > > From: Yann [mailto:[EMAIL PROTECTED] > Sent: Friday, October 14, 2005 2:57 PM > To: [email protected] > Subject: [ActiveDir] Knowing when users were deleted. > > > Hi there, > > I wonder if there is a way to know when a user has been deleted from AD > other than using security audt, because at the time of the deletion, i > forgot to activate the audit :( > > So my boss urge me to find the guilty user AND the time of deletion. > I looked for attributes in adsi and found that there is the whencreated, > whenmodified attribute but not whendeletedtimestamp one. > > Any idea ? > > > > _____ > > Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger > T?l?chargez > <http://us.rd.yahoo.com/messenger/mail_taglines/default/*http://fr.messenger > yahoo.com> le ici ! > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
