Recipe 15.15 Changing How Tombstone Objects Count Against Quota Usage

This recipe requires a Windows Server 2003 domain controller.

15.15.1 Problem

You want to change the relative weight of tombstone objects in quota calculations.

15.15.2 Solution Using a graphical user interface
  1. Open ADSI Edit.

  2. Connect to the partition on which you want to modify this setting (has to be done on a per partition basis).

  3. In the left pane, expand the root of the partition.

  4. Right-click on cn=NTDS Quotas and select Properties.

  5. Set the msDS-TombstoneQuotaFactor attribute to a value between 0 and 100.

  6. Click OK. Using a command-line interface

Create an LDIF file called change_tombstone_quota.ldf with the following contents:

dn: cn=NTDS Quotas,<PartitionDN>
changetype: modify
replace: msDs-TombstoneQuotaFactor
msDs-TombstoneQuotaFactor: <0-100>

then run the following command:

> ldifde -v -i -f change_tombstone_quota.ldf Using VBScript
' This code modifies the tombstone quota factor for the specified partition
strPartitionDN = "<PartitionDN>"  ' e.g. dc=rallencorp,dc=com
intTombstoneFactor = <0-100>      ' e.g. 50
' ------ END CONFIGURATION ---------

set objPart = GetObject("LDAP://cn=NTDS Quotas," & strPartitionDN )
objPart.Put "msDs-TombstoneQuotaFactor", intTombstoneLifetime
WScript.Echo "Set the tombstone quota factor for " & _
             strPartitionDN & " to " & intTombstoneFactor

15.15.3 Discussion

The tombstone quota factor is a percentage that determines how much each tombstone object counts against a security principal's quota usage. By default, tombstone objects count as one object. This means if a user's quota is set to 10, and the user deletes 10 objects, that user will not be able to create or delete any other objects until those tombstone objects have been purged from Active Directory.

The msDs-TombstoneQuotaFactor attribute on the NTDS Quota container for each partition defines the tombstone quota factor. As mentioned previously, the default is that tombstone objects count 100% of a normal object, and thus, the msDs-TombstoneQuotaFactor attribute contains 100 by default. If you modify that attribute to contain 50, and a user has a quota limit of 10, then that user could delete 20 objects (i.e., create 20 tombstone objects) because 20 x 50% = 10. You may not care about how many objects your users delete; in which case, you'd want to set the tombstone quota factor to 0.

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List