Re: Deleted Objects

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 08/23/04 

Date: Mon, 23 Aug 2004 15:00:03 -0400

Yep backlinks or you have to have something monitor your objects and clean out
references to deleted objects. Backlinks are the better way though because they
will also handle moved obejcts (which is what a deleted object effectively is).

   joe 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Joe Kaplan (MVP - ADSI) wrote:
> The way it works is that DN syntax attributes with matching backlink
> attributes (e.g. member and memberOf) will have automatically "clean up"
> removed references.  DN attributes that don't have a backlink will have the
> DN change the DN of the tombstone DN of the deleted object.
> 
> So, what you should probably do is change your schema to include backlinks.
> There is some reference to how to do this the AD reference in MSDN.  Note
> that you can't set the linkID attribute after creation, so you will probably
> need to start over with new attributes to do this.
> 
> HTH,
> 
> Joe K.
> 
> <anonymous@discussions.microsoft.com> wrote in message
> news:b14e01c488c9$022500c0$a601280a@phx.gbl...
> 
>>Yes. I have created some poliy rules and users. And also I
>>associated those rules to some users. When I deleted the
>>rule , then I was expecting that the rule entry will not
>>associated to this user. But it mared as deleted objects.
>>Is there any way to remove this entry from that user? But
>>this happens for OpenLDAP.( with EQUALITY rule) Thats why
>>I am searching these kind of stuff in AD.
>>
>>Thanks.
>>M Venkatesan
>>
>>
>>
>>
>>>-----Original Message-----
>>>What corresponding entries? Should I guess that you have
>>
>>set up some custom DN
>>
>>>attributes on other objects that link to the user's DN
>>
>>and those aren't being
>>
>>>cleaned up?
>>>
>>>--
>>>Joe Richards Microsoft MVP Windows Server Directory
>>
>>Services
>>
>>>www.joeware.net
>>>
>>>
>>>
>>>maya_v wrote:
>>>
>>>>In Active Directory, when we delete an object, the
>>>>corresponding entries in the attribute of any other
>>>>objects should be removed. But it is not removed in AD.
>>>>Instead it is marked as deleted entry. This affects our
>>>>operation.
>>>>While debugging AD, we found a property named tombstone
>>>>lifetime. We configured it as "0". Even after this
>>>>configuration, AD doesn't removes the deleted attribute
>>>>entries.
>>>>
>>>
>>>.
>>>
> 
> 
>

Relevant Pages

  • Re: Deleted Objects
    ... Unless you are using backlinks these will not get updated automatically, ... Joe Richards Microsoft MVP Windows Server Directory Services ... >>references to deleted objects. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Deleted Objects
    ... Actually I am talking about the deleted objects and those ... >Yep backlinks or you have to have something monitor your ... >references to deleted objects. ... >Joe Richards Microsoft MVP Windows Server Directory ...
    (microsoft.public.windows.server.active_directory)
  • Re: Deleted Objects
    ... Are the two attributes set up as a linkID pair in the schema? ... That's what Joe and I have been trying to explain. ... There are more details on this in the schema extension reference in MSDN. ... > all are search the entries and marked as Deleted objects. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Deleted DSA in Repadmin
    ... they are deleted by the garbage collection process, ... the directory database. ... How to search for deleted objects in Active Directory ... How long should I expect to see these references? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Signle-Sign on web application running on IIS
    ... Deleted objects are in the deleted objects container in AD. ... objects container and must load a special LDAP control to see these objects. ... Joe K. ...
    (microsoft.public.dotnet.security)
Loading