|
You want to set a default quota for all security principals.
Open ADSI Edit.
Connect to the partition you want to modify (has to be done on a per partition basis).
In the left pane, expand the root of the partition.
Right-click on cn=NTDS Quotas and select Properties.
Set the msDS-DefaultQuota attribute to the number objects that security principals should be allowed to create if they are not assigned another quota.
Click OK.
Create an LDIF file called set_default_quota.ldf with the following contents:
dn: cn=NTDS Quotas,<PartitionDN> changetype: modify replace: msDs-DefaultQuota msDs-DefaultQuota: <NumberOfObjects> -
then run the following command:
> ldifde -v -i -f set_default_quota.ldf
' This code sets the default quota for the specified partition ' ------ SCRIPT CONFIGURATION ------ strPartitionDN = "<PartitionDN>" ' e.g. dc=rallencorp,dc=com intDefaultQuota = <NumberOfObjects> ' e.g. 10 ' ------ END CONFIGURATION --------- set objPart = GetObject("LDAP://cn=NTDS Quotas," & strPartitionDN ) objPart.Put "msDs-DefaultQuota", intDefaultQuota objPart.SetInfo WScript.Echo "Set the default quota for " & _ strPartitionDN & " to " & intDefaultQuota
The easiest way to apply a default quota to all of your users is to modify the msDS-DefaultQuota attribute on the NTDS Quotas container for the target partition. This attribute contains the default quota limit that is used if no other quotas have been assigned to a security principal.
You should be careful when setting the default quota because it applies to every non-administrator security principal. If you set the default to 0, for example, computers would not be able to dynamically update their DNS records in an AD-integrated zone because that creates an object. This may not be applicable in your environment, but the point is that you need to consider the impact of the default quota and test it thoroughly before implementing it.