Script enable archive doesn't work for all users - Veritas

This is a discussion on Script enable archive doesn't work for all users - Veritas ; Hi I have a script which is scheduled to run every night to enable archiving of users, based on a group membership. The ini file uses this LDAP Query: LDAPQuery = (memberof=CN=group,OU=ou_global_groups,DC=domain,D C=com) But this query in the ini file ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Script enable archive doesn't work for all users

  1. Script enable archive doesn't work for all users

    Hi

    I have a script which is scheduled to run every night to enable archiving of
    users, based on a group membership.

    The ini file uses this LDAP Query:
    LDAPQuery = (memberof=CN=group,OU=ou_global_groups,DC=domain,D C=com)

    But this query in the ini file only seems to have enabled approx 2000 users
    and there are over 2500 users within the group,
    why is that, would that be because of any limitations in the LDAPQuery, that
    it might only be able to read a certain number of object using memberof or ?

    Do anyone have an idea of what might be wrong and why all users of the group
    hasen't been enabled based on the group membership ?

    Thanks

    Regards
    Peter Schmidt






  2. Re: Script enable archive doesn't work for all users


    Hi Peter,

    there are maximums that LDAP queries can return. Number of records and size
    amongst other things.

    Here is an article:

    http://support.microsoft.com/default...315071&sd=tech

    seems to suggest rotation in group of 1,000 records. Ie keep running the
    script and you'll get there.


    David
    http://messy.bravehost.com/

  3. Re: Script enable archive doesn't work for all users


    Thanks, I thought so. Would the be a way to work around that with LDAP ?

    /Peter

    "David" wrote in message
    news:4316f395@ROSASTDMZ05....
    >
    > Hi Peter,
    >
    > there are maximums that LDAP queries can return. Number of records and
    > size
    > amongst other things.
    >
    > Here is an article:
    >
    > http://support.microsoft.com/default...315071&sd=tech
    >
    > seems to suggest rotation in group of 1,000 records. Ie keep running the
    > script and you'll get there.
    >
    >
    > David
    > http://messy.bravehost.com/




  4. Re: Script enable archive doesn't work for all users


    Looks like you can use Ntdsutil.exe to alter how many records your DCs return
    to the LDAP query. You can tie the server running the query to get it's
    results from a particular DC so you only need to Ntdsutil.exe on the one
    DC?

    Or make sure you design your query so it only returns records you are interested
    in - ie satisfy my criteria for enablement AND are not already enabled.
    I write the name of the EV store that a mailbox is assigned to when I enable
    it into an Exchange Custom Attribute. Means you can write applications for
    helpdesk personnel so if a user reports a problem they know which EV server
    he is on and they can check it's service/event logs etc. If you did the
    same (use a PUT command) then you can repeatedly run your LDAP until it start
    to return < 1000 results each night.

    By the way, I making this up as I go along so I'd test it if I woz you!!

+ Reply to Thread