Location: Mailing List

Syndicate

Friends

Friends

Adventnet Sky

The List

ActiveDir.org is the home of the Active Directory Discussions Mailing List which was started in January 2001 with the aim of providing a forum for discussing various aspects of Microsoft's Active Directory technology. Since then the list has grown to a membership of over 1000 subscribers and 5000 site members.  The list has become extremely active, and includes many of the foremost experts in Active Directory.

The focus here at ActiveDir.org is the mailing list, but we now also offer a range of useful resources (see left navigation options).

The forum below is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our mailing list community.  See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

The Archives

Subject: [ActiveDir] OT: Delete Large LDAP container?
Prev Next
You are not authorized to post a reply.

AuthorMessages
edsiboneUser is Offline

Posts:9

10/30/2011 5:41 PM  
Hey all,

I've been trying to delete a container in my LDS that contains 1000s of
objects.. ADSIEdit seems to choke on it when I right click delete, LDP, I
cant quite figure out the way to delete. How can I wax this container.. I
would imagine the same procedure in AD had I had a large OU.. I am about
to try admod with -treedelete but am unsure of the proper syntax...

eg, container to delete is "Accounts"

admod -h localhost -b DC=BigDir,DC=local -treedelete
CN=Accounts,DC=BigDir,DC=local

I dont have access to this server at the moment so I am just brainstorming
it to try later....

Thanks all.
-Ed.

dloderUser is Offline

Posts:151

10/30/2011 5:45 PM  
See http://blog.joeware.net/2007/06/01/905/     -- http://dloder.blogspot.com -- From: Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> To: activedir@xxxxxxxxxxxxxxxx Sent: Thursday, August 11, 2011 8:09 AM Subject: Re: [ActiveDir] OT: Delete Large LDAP container? Hmm, is that a MS thing or an LDAP thing?    I tried setting up the Subtree Delete control in LDP and when I go to delete it just says "Size Limit Exceeded".  ADSI, sort of the same thing.  Anyone know the admod syntax to dump this container? On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote: Yep, the subtree delete LDAP control is the most efficient way to do >this.  However, you will have to run it several times on a truly >massive subtree; the command will work for a while before it gives you >a result like, "I tried, and made progress, but am willing to do this >for only so long." > >--Steve > > >On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> wrote: >> Hey all, >> >> I've been trying to delete a container in my LDS that contains 1000s of >> objects..  ADSIEdit seems to choke on it when I right click delete, LDP, I >> cant quite figure out the way to delete.   How can I wax this container..  I >> would imagine the same procedure in AD had I had a large OU..   I am about >> to try admod with -treedelete but am unsure of the proper syntax... >> >> eg, container to delete is "Accounts" >> >> admod -h localhost -b DC=BigDir,DC=local -treedelete >> CN=Accounts,DC=BigDir,DC=local >> >> I dont have access to this server at the moment so I am just brainstorming >> it to try later.... >> >> Thanks all. >> -Ed. > >List info: http://www.activedir.org/List.aspx >
bdesmondUser is Offline

Posts:1049

10/30/2011 5:47 PM  
What is the error from admod when you run it with the -exterr switch?



Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx<mailto:brian@xxxxxxxxxxxxxxxx>

c - 312.731.3132

From: activedir-owner@xxxxxxxxxxxxxxxx [mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Ed Sibone
Sent: Thursday, August 11, 2011 6:59 PM
To: activedir@xxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] OT: Delete Large LDAP container?

I have a need.. I got this huge LDAP container with easily 100,000+ objects I need to remove.. Since I cant seem to remove the container via LDP, ADSIEdit or ADMOD, its that or kill the LDS instance and rebuild it.. trying to avoid that....
On Thu, Aug 11, 2011 at 9:31 AM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx<mailto:skradel@xxxxxxxxxxxxxxxx>> wrote:
Technically it's plain LDAP, but not all directory services support
every kind of server control.

For another solution, I've written a multithreaded mass deletion
program in .NET that takes an LDAP search filter, search base, etc.,
and nukes individual entries in parallel while using the lazy commit
control. It's very speedy and not subject to the same administrative
limit, although still not as fast as a subtree delete on less than 16K
objects. If there's any public call for this thing I'll cheerfully
add it to the Zetetic.Ldap freeware tools collection. I'd think you
could get a similar result, minus the multithreading, from admod.

--Steve

On Thu, Aug 11, 2011 at 8:09 AM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx<mailto:edsibone.rdy@xxxxxxxxxxxxxxxx>> wrote:
> Hmm, is that a MS thing or an LDAP thing? I tried setting up the Subtree
> Delete control in LDP and when I go to delete it just says "Size Limit
> Exceeded". ADSI, sort of the same thing. Anyone know the admod syntax to
> dump this container?
>
> On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx<mailto:skradel@xxxxxxxxxxxxxxxx>> wrote:
>>
>> Yep, the subtree delete LDAP control is the most efficient way to do
>> this. However, you will have to run it several times on a truly
>> massive subtree; the command will work for a while before it gives you
>> a result like, "I tried, and made progress, but am willing to do this
>> for only so long."
>>
>> --Steve
>>
>> On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx<mailto:edsibone.rdy@xxxxxxxxxxxxxxxx>>
>> wrote:
>> > Hey all,
>> >
>> > I've been trying to delete a container in my LDS that contains 1000s of
>> > objects.. ADSIEdit seems to choke on it when I right click delete, LDP,
>> > I
>> > cant quite figure out the way to delete. How can I wax this
>> > container.. I
>> > would imagine the same procedure in AD had I had a large OU.. I am
>> > about
>> > to try admod with -treedelete but am unsure of the proper syntax...
>> >
>> > eg, container to delete is "Accounts"
>> >
>> > admod -h localhost -b DC=BigDir,DC=local -treedelete
>> > CN=Accounts,DC=BigDir,DC=local
>> >
>> > I dont have access to this server at the moment so I am just
>> > brainstorming
>> > it to try later....
>> >
>> > Thanks all.
>> > -Ed.
>>
>> List info: http://www.activedir.org/List.aspx
>
>

List info: http://www.activedir.org/List.aspx


DonHUser is Offline

Posts:75

10/30/2011 5:47 PM  
You can indeed do it via LDP, ADSIedit, or anything else that can tree
delete, just not in one step. When you tree delete the offending container
it takes out 16k objects each time. That's seven steps for a 100,000 object
container.

Sorry that this sucks so bad. There's a long technical explanation as to
why it needed to be done in chunks and why doing the restart loop on the
server side would have been hard, but the short version is that the end user
experience is just lousy. We should have done better.

Don

_____

From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Ed Sibone
Sent: Thursday, August 11, 2011 4:59 PM
To: activedir@xxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] OT: Delete Large LDAP container?


I have a need.. I got this huge LDAP container with easily 100,000+ objects
I need to remove.. Since I cant seem to remove the container via LDP,
ADSIEdit or ADMOD, its that or kill the LDS instance and rebuild it..
trying to avoid that....


On Thu, Aug 11, 2011 at 9:31 AM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:


Technically it's plain LDAP, but not all directory services support
every kind of server control.

For another solution, I've written a multithreaded mass deletion
program in .NET that takes an LDAP search filter, search base, etc.,
and nukes individual entries in parallel while using the lazy commit
control. It's very speedy and not subject to the same administrative
limit, although still not as fast as a subtree delete on less than 16K
objects. If there's any public call for this thing I'll cheerfully
add it to the Zetetic.Ldap freeware tools collection. I'd think you
could get a similar result, minus the multithreading, from admod.

--Steve


On Thu, Aug 11, 2011 at 8:09 AM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> wrote:
> Hmm, is that a MS thing or an LDAP thing? I tried setting up the
Subtree
> Delete control in LDP and when I go to delete it just says "Size Limit
> Exceeded". ADSI, sort of the same thing. Anyone know the admod syntax to
> dump this container?
>
> On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:
>>
>> Yep, the subtree delete LDAP control is the most efficient way to do
>> this. However, you will have to run it several times on a truly
>> massive subtree; the command will work for a while before it gives you
>> a result like, "I tried, and made progress, but am willing to do this
>> for only so long."
>>
>> --Steve
>>
>> On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx>
>> wrote:
>> > Hey all,
>> >
>> > I've been trying to delete a container in my LDS that contains 1000s of
>> > objects.. ADSIEdit seems to choke on it when I right click delete,
LDP,
>> > I
>> > cant quite figure out the way to delete. How can I wax this
>> > container.. I
>> > would imagine the same procedure in AD had I had a large OU.. I am
>> > about
>> > to try admod with -treedelete but am unsure of the proper syntax...
>> >
>> > eg, container to delete is "Accounts"
>> >
>> > admod -h localhost -b DC=BigDir,DC=local -treedelete
>> > CN=Accounts,DC=BigDir,DC=local
>> >
>> > I dont have access to this server at the moment so I am just
>> > brainstorming
>> > it to try later....
>> >
>> > Thanks all.
>> > -Ed.
>>
>> List info: http://www.activedir.org/List.aspx
>
>

List info: http://www.activedir.org/List.aspx




edsiboneUser is Offline

Posts:9

10/30/2011 5:47 PM  
Well, before I got the syntax right for admod, I couldnt even get it do
anything.. now I got it right and got the same message from joe's article..

Extended Error: 000020CD: SvcErr: DSID-030907D2, problem 5008
(ADMIN_LIMIT_EXCEEDED), d
ata 0

It appears no way around this, as I see its by design, unless I find a way
to programatically keep hitting it till its gone.

On Thu, Aug 11, 2011 at 7:31 PM, Brian Desmond <brian@xxxxxxxxxxxxxxxx>wrote:

> *What is the error from admod when you run it with the –exterr switch?*
>
> * *
>
> * *
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *brian@xxxxxxxxxxxxxxxx* <brian@xxxxxxxxxxxxxxxx>**
>
> * *
>
> *c – 312.731.3132*
>
> * *
>
> *From:* activedir-owner@xxxxxxxxxxxxxxxx [mailto:
> activedir-owner@xxxxxxxxxxxxxxxx] *On Behalf Of *Ed Sibone
> *Sent:* Thursday, August 11, 2011 6:59 PM
>
> *To:* activedir@xxxxxxxxxxxxxxxx
> *Subject:* Re: [ActiveDir] OT: Delete Large LDAP container?****
>
> ** **
>
> I have a need.. I got this huge LDAP container with easily 100,000+
> objects I need to remove.. Since I cant seem to remove the container via
> LDP, ADSIEdit or ADMOD, its that or kill the LDS instance and rebuild it..
> trying to avoid that.... ****
>
> On Thu, Aug 11, 2011 at 9:31 AM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:
> ****
>
> Technically it's plain LDAP, but not all directory services support
> every kind of server control.
>
> For another solution, I've written a multithreaded mass deletion
> program in .NET that takes an LDAP search filter, search base, etc.,
> and nukes individual entries in parallel while using the lazy commit
> control. It's very speedy and not subject to the same administrative
> limit, although still not as fast as a subtree delete on less than 16K
> objects. If there's any public call for this thing I'll cheerfully
> add it to the Zetetic.Ldap freeware tools collection. I'd think you
> could get a similar result, minus the multithreading, from admod.
>
> --Steve****
>
>
> On Thu, Aug 11, 2011 at 8:09 AM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> wrote:
> > Hmm, is that a MS thing or an LDAP thing? I tried setting up the
> Subtree
> > Delete control in LDP and when I go to delete it just says "Size Limit
> > Exceeded". ADSI, sort of the same thing. Anyone know the admod syntax
> to
> > dump this container?
> >
> > On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx>
> wrote:
> >>
> >> Yep, the subtree delete LDAP control is the most efficient way to do
> >> this. However, you will have to run it several times on a truly
> >> massive subtree; the command will work for a while before it gives you
> >> a result like, "I tried, and made progress, but am willing to do this
> >> for only so long."
> >>
> >> --Steve
> >>
> >> On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx>
> >> wrote:
> >> > Hey all,
> >> >
> >> > I've been trying to delete a container in my LDS that contains 1000s
> of
> >> > objects.. ADSIEdit seems to choke on it when I right click delete,
> LDP,
> >> > I
> >> > cant quite figure out the way to delete. How can I wax this
> >> > container.. I
> >> > would imagine the same procedure in AD had I had a large OU.. I am
> >> > about
> >> > to try admod with -treedelete but am unsure of the proper syntax...
> >> >
> >> > eg, container to delete is "Accounts"
> >> >
> >> > admod -h localhost -b DC=BigDir,DC=local -treedelete
> >> > CN=Accounts,DC=BigDir,DC=local
> >> >
> >> > I dont have access to this server at the moment so I am just
> >> > brainstorming
> >> > it to try later....
> >> >
> >> > Thanks all.
> >> > -Ed.
> >>
> >> List info: http://www.activedir.org/List.aspx
> >
> >
>
> List info: http://www.activedir.org/List.aspx****
>
> ** **
>

listmailUser is Offline

Posts:831

10/30/2011 5:47 PM  
Yeah I started to change this in AdMod so that it would truly nuke the whole
subtree but then I stopped. I don't recall exactly why I did because it was
a long time ago. Possibly because I sometimes use AdFind/Mod to troubleshoot
LDAP functionality and I don't want to do too much magic in the background
because then after a time I forget the magic is happening and start assuming
things work in certain ways and then bam I get it upside the head from some
place I didn't expect. ;) Of course I could add another switch for that
like treenuke or something. People are always looking for me to add new
switches. J



In the meanwhile, and I probably should have updated the blog entry, and
maybe I will, who knows. But you could use a simple FOR /L loop to handle
this. The usage for the FOR /L command:



FOR /L %param in (start,incremement,end) do blah



So for 100K entries you could do something like



FOR /L %i in (1,1,7) do admod -b blah -deltree



And that should work for you.





Now to the actual issue. Is this for testing or something like that? I am
not sure why you would create hundreds of thousands of objects and then want
to delete them afterward, especially multiple times such that you want a
tool to do it effectively. If that is the case, then I would consider using
dynamic objects with the appropriate TTL. Then when the time comes, they
just evaporate and you don't worry about them anymore. No going back and
cleaning them up. Of course if you don't know the lifetime that makes it
tougher, you would either have to set something huge and then drop it down
to min value when ready to see them die or you could just keep extending the
TTL as needed.





joe





--

O'Reilly Active Directory Fourth Edition -
http://www.joeware.net/win/ad4e.htm

Blog: http://blog.joeware.net <http://blog.joeware.net/>



From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Ed Sibone
Sent: Friday, August 12, 2011 7:49 AM
To: activedir@xxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] OT: Delete Large LDAP container?



Well, before I got the syntax right for admod, I couldnt even get it do
anything.. now I got it right and got the same message from joe's article..



Extended Error: 000020CD: SvcErr: DSID-030907D2, problem 5008
(ADMIN_LIMIT_EXCEEDED), d
ata 0



It appears no way around this, as I see its by design, unless I find a way
to programatically keep hitting it till its gone.

On Thu, Aug 11, 2011 at 7:31 PM, Brian Desmond <brian@xxxxxxxxxxxxxxxx>
wrote:

What is the error from admod when you run it with the -exterr switch?







Thanks,

Brian Desmond

<mailto:brian@xxxxxxxxxxxxxxxx> brian@xxxxxxxxxxxxxxxx



c - 312.731.3132



From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Ed Sibone
Sent: Thursday, August 11, 2011 6:59 PM


To: activedir@xxxxxxxxxxxxxxxx

Subject: Re: [ActiveDir] OT: Delete Large LDAP container?



I have a need.. I got this huge LDAP container with easily 100,000+ objects
I need to remove.. Since I cant seem to remove the container via LDP,
ADSIEdit or ADMOD, its that or kill the LDS instance and rebuild it..
trying to avoid that....

On Thu, Aug 11, 2011 at 9:31 AM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:

Technically it's plain LDAP, but not all directory services support
every kind of server control.

For another solution, I've written a multithreaded mass deletion
program in .NET that takes an LDAP search filter, search base, etc.,
and nukes individual entries in parallel while using the lazy commit
control. It's very speedy and not subject to the same administrative
limit, although still not as fast as a subtree delete on less than 16K
objects. If there's any public call for this thing I'll cheerfully
add it to the Zetetic.Ldap freeware tools collection. I'd think you
could get a similar result, minus the multithreading, from admod.

--Steve


On Thu, Aug 11, 2011 at 8:09 AM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> wrote:
> Hmm, is that a MS thing or an LDAP thing? I tried setting up the
Subtree
> Delete control in LDP and when I go to delete it just says "Size Limit
> Exceeded". ADSI, sort of the same thing. Anyone know the admod syntax to
> dump this container?
>
> On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:
>>
>> Yep, the subtree delete LDAP control is the most efficient way to do
>> this. However, you will have to run it several times on a truly
>> massive subtree; the command will work for a while before it gives you
>> a result like, "I tried, and made progress, but am willing to do this
>> for only so long."
>>
>> --Steve
>>
>> On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx>
>> wrote:
>> > Hey all,
>> >
>> > I've been trying to delete a container in my LDS that contains 1000s of
>> > objects.. ADSIEdit seems to choke on it when I right click delete,
LDP,
>> > I
>> > cant quite figure out the way to delete. How can I wax this
>> > container.. I
>> > would imagine the same procedure in AD had I had a large OU.. I am
>> > about
>> > to try admod with -treedelete but am unsure of the proper syntax...
>> >
>> > eg, container to delete is "Accounts"
>> >
>> > admod -h localhost -b DC=BigDir,DC=local -treedelete
>> > CN=Accounts,DC=BigDir,DC=local
>> >
>> > I dont have access to this server at the moment so I am just
>> > brainstorming
>> > it to try later....
>> >
>> > Thanks all.
>> > -Ed.
>>
>> List info: http://www.activedir.org/List.aspx
>
>

List info: http://www.activedir.org/List.aspx






skradelUser is Offline

Posts:376

10/30/2011 5:49 PM  
Source (and a binary in the .zip) are available here:
https://github.com/skradel/Zetetic.Ldap/tree/master/Zetetic.Ldap.MassDeleter

It's really nothing fancy, just a paged search and plenty of deletes.

--Steve

On Thu, Aug 11, 2011 at 7:59 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> wrote:
> I have a need..  I got this huge LDAP container with easily 100,000+ objects
> I need to remove..   Since I cant seem to remove the container via LDP,
> ADSIEdit or ADMOD, its that or kill the LDS instance and rebuild it..
> trying to avoid that....
>
> On Thu, Aug 11, 2011 at 9:31 AM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:
>>
>> Technically it's plain LDAP, but not all directory services support
>> every kind of server control.
>>
>> For another solution, I've written a multithreaded mass deletion
>> program in .NET that takes an LDAP search filter, search base, etc.,
>> and nukes individual entries in parallel while using the lazy commit
>> control.  It's very speedy and not subject to the same administrative
>> limit, although still not as fast as a subtree delete on less than 16K
>> objects.  If there's any public call for this thing I'll cheerfully
>> add it to the Zetetic.Ldap freeware tools collection.  I'd think you
>> could get a similar result, minus the multithreading, from admod.
>>
>> --Steve
>>
>> On Thu, Aug 11, 2011 at 8:09 AM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> wrote:
>> > Hmm, is that a MS thing or an LDAP thing?    I tried setting up the
>> > Subtree
>> > Delete control in LDP and when I go to delete it just says "Size Limit
>> > Exceeded".  ADSI, sort of the same thing.  Anyone know the admod syntax
>> > to
>> > dump this container?
>> >
>> > On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx>
>> > wrote:
>> >>
>> >> Yep, the subtree delete LDAP control is the most efficient way to do
>> >> this.  However, you will have to run it several times on a truly
>> >> massive subtree; the command will work for a while before it gives you
>> >> a result like, "I tried, and made progress, but am willing to do this
>> >> for only so long."
>> >>
>> >> --Steve
>> >>
>> >> On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx>
>> >> wrote:
>> >> > Hey all,
>> >> >
>> >> > I've been trying to delete a container in my LDS that contains 1000s
>> >> > of
>> >> > objects..  ADSIEdit seems to choke on it when I right click delete,
>> >> > LDP,
>> >> > I
>> >> > cant quite figure out the way to delete.   How can I wax this
>> >> > container..  I
>> >> > would imagine the same procedure in AD had I had a large OU..   I am
>> >> > about
>> >> > to try admod with -treedelete but am unsure of the proper syntax...
>> >> >
>> >> > eg, container to delete is "Accounts"
>> >> >
>> >> > admod -h localhost -b DC=BigDir,DC=local -treedelete
>> >> > CN=Accounts,DC=BigDir,DC=local
>> >> >
>> >> > I dont have access to this server at the moment so I am just
>> >> > brainstorming
>> >> > it to try later....
>> >> >
>> >> > Thanks all.
>> >> > -Ed.
>> >>
>> >> List info: http://www.activedir.org/List.aspx
>> >
>> >
>>
>> List info: http://www.activedir.org/List.aspx
>
>

List info: http://www.activedir.org/List.aspx
listmailUser is Offline

Posts:831

02/09/2012 11:23 PM  
FYI.



http://blog.joeware.net/2012/02/09/2422/





--

O'Reilly Active Directory Fourth Edition -
http://www.joeware.net/win/ad4e.htm

Blog: http://blog.joeware.net







From: joe [mailto:listmail@xxxxxxxxxxxxxxxx]
Sent: Friday, August 12, 2011 11:26 AM
To: activedir@xxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] OT: Delete Large LDAP container?



Yeah I started to change this in AdMod so that it would truly nuke the whole
subtree but then I stopped. I don't recall exactly why I did because it was
a long time ago. Possibly because I sometimes use AdFind/Mod to troubleshoot
LDAP functionality and I don't want to do too much magic in the background
because then after a time I forget the magic is happening and start assuming
things work in certain ways and then bam I get it upside the head from some
place I didn't expect. ;) Of course I could add another switch for that
like treenuke or something. People are always looking for me to add new
switches. J



In the meanwhile, and I probably should have updated the blog entry, and
maybe I will, who knows. But you could use a simple FOR /L loop to handle
this. The usage for the FOR /L command:



FOR /L %param in (start,incremement,end) do blah



So for 100K entries you could do something like



FOR /L %i in (1,1,7) do admod -b blah -deltree



And that should work for you.





Now to the actual issue. Is this for testing or something like that? I am
not sure why you would create hundreds of thousands of objects and then want
to delete them afterward, especially multiple times such that you want a
tool to do it effectively. If that is the case, then I would consider using
dynamic objects with the appropriate TTL. Then when the time comes, they
just evaporate and you don't worry about them anymore. No going back and
cleaning them up. Of course if you don't know the lifetime that makes it
tougher, you would either have to set something huge and then drop it down
to min value when ready to see them die or you could just keep extending the
TTL as needed.





joe





--

O'Reilly Active Directory Fourth Edition -
http://www.joeware.net/win/ad4e.htm

Blog: http://blog.joeware.net <http://blog.joeware.net/>



From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Ed Sibone
Sent: Friday, August 12, 2011 7:49 AM
To: activedir@xxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] OT: Delete Large LDAP container?



Well, before I got the syntax right for admod, I couldnt even get it do
anything.. now I got it right and got the same message from joe's article..



Extended Error: 000020CD: SvcErr: DSID-030907D2, problem 5008
(ADMIN_LIMIT_EXCEEDED), d
ata 0



It appears no way around this, as I see its by design, unless I find a way
to programatically keep hitting it till its gone.

On Thu, Aug 11, 2011 at 7:31 PM, Brian Desmond <brian@xxxxxxxxxxxxxxxx>
wrote:

What is the error from admod when you run it with the -exterr switch?







Thanks,

Brian Desmond

<mailto:brian@xxxxxxxxxxxxxxxx> brian@xxxxxxxxxxxxxxxx



c - 312.731.3132



From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Ed Sibone
Sent: Thursday, August 11, 2011 6:59 PM


To: activedir@xxxxxxxxxxxxxxxx

Subject: Re: [ActiveDir] OT: Delete Large LDAP container?



I have a need.. I got this huge LDAP container with easily 100,000+ objects
I need to remove.. Since I cant seem to remove the container via LDP,
ADSIEdit or ADMOD, its that or kill the LDS instance and rebuild it..
trying to avoid that....

On Thu, Aug 11, 2011 at 9:31 AM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:

Technically it's plain LDAP, but not all directory services support
every kind of server control.

For another solution, I've written a multithreaded mass deletion
program in .NET that takes an LDAP search filter, search base, etc.,
and nukes individual entries in parallel while using the lazy commit
control. It's very speedy and not subject to the same administrative
limit, although still not as fast as a subtree delete on less than 16K
objects. If there's any public call for this thing I'll cheerfully
add it to the Zetetic.Ldap freeware tools collection. I'd think you
could get a similar result, minus the multithreading, from admod.

--Steve


On Thu, Aug 11, 2011 at 8:09 AM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> wrote:
> Hmm, is that a MS thing or an LDAP thing? I tried setting up the
Subtree
> Delete control in LDP and when I go to delete it just says "Size Limit
> Exceeded". ADSI, sort of the same thing. Anyone know the admod syntax to
> dump this container?
>
> On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:
>>
>> Yep, the subtree delete LDAP control is the most efficient way to do
>> this. However, you will have to run it several times on a truly
>> massive subtree; the command will work for a while before it gives you
>> a result like, "I tried, and made progress, but am willing to do this
>> for only so long."
>>
>> --Steve
>>
>> On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx>
>> wrote:
>> > Hey all,
>> >
>> > I've been trying to delete a container in my LDS that contains 1000s of
>> > objects.. ADSIEdit seems to choke on it when I right click delete,
LDP,
>> > I
>> > cant quite figure out the way to delete. How can I wax this
>> > container.. I
>> > would imagine the same procedure in AD had I had a large OU.. I am
>> > about
>> > to try admod with -treedelete but am unsure of the proper syntax...
>> >
>> > eg, container to delete is "Accounts"
>> >
>> > admod -h localhost -b DC=BigDir,DC=local -treedelete
>> > CN=Accounts,DC=BigDir,DC=local
>> >
>> > I dont have access to this server at the moment so I am just
>> > brainstorming
>> > it to try later....
>> >
>> > Thanks all.
>> > -Ed.
>>
>> List info: http://www.activedir.org/List.aspx
>
>

List info: http://www.activedir.org/List.aspx






edsiboneUser is Offline

Posts:9

03/16/2012 3:52 PM  
whoa, right on joe! When can we expect that version to hit the public :p

Thanks!!

On Thu, Feb 9, 2012 at 5:21 PM, joe <listmail@xxxxxxxxxxxxxxxx> wrote:

> FYI.****
>
> ** **
>
> http://blog.joeware.net/2012/02/09/2422/****
>
> ** **
>
> ** **
>
> --****
>
> O'Reilly Active Directory Fourth Edition -
> http://www.joeware.net/win/ad4e.htm****
>
> Blog: http://blog.joeware.net****
>
> ** **
>
> ** **
>
> ** **
>
> *From:* joe [mailto:listmail@xxxxxxxxxxxxxxxx]
> *Sent:* Friday, August 12, 2011 11:26 AM
> *To:* activedir@xxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] OT: Delete Large LDAP container?****
>
> ** **
>
> Yeah I started to change this in AdMod so that it would truly nuke the
> whole subtree but then I stopped. I don’t recall exactly why I did because
> it was a long time ago. Possibly because I sometimes use AdFind/Mod to
> troubleshoot LDAP functionality and I don’t want to do too much magic in
> the background because then after a time I forget the magic is happening
> and start assuming things work in certain ways and then bam I get it upside
> the head from some place I didn’t expect. ;) Of course I could add another
> switch for that like treenuke or something. People are always looking for
> me to add new switches. J****
>
> ** **
>
> In the meanwhile, and I probably should have updated the blog entry, and
> maybe I will, who knows… But you could use a simple FOR /L loop to handle
> this. The usage for the FOR /L command: ****
>
> ** **
>
> FOR /L %param in (start,incremement,end) do blah****
>
> ** **
>
> So for 100K entries you could do something like****
>
> ** **
>
> FOR /L %i in (1,1,7) do admod -b blah -deltree****
>
> ** **
>
> And that should work for you.****
>
> ** **
>
> ** **
>
> Now to the actual issue… Is this for testing or something like that? I am
> not sure why you would create hundreds of thousands of objects and then
> want to delete them afterward, especially multiple times such that you want
> a tool to do it effectively. If that is the case, then I would consider
> using dynamic objects with the appropriate TTL. Then when the time comes,
> they just evaporate and you don’t worry about them anymore. No going back
> and cleaning them up. Of course if you don’t know the lifetime that makes
> it tougher, you would either have to set something huge and then drop it
> down to min value when ready to see them die or you could just keep
> extending the TTL as needed.****
>
> ** **
>
> ** **
>
> joe****
>
> ** **
>
> ** **
>
> --****
>
> O'Reilly Active Directory Fourth Edition -
> http://www.joeware.net/win/ad4e.htm****
>
> Blog: http://blog.joeware.net****
>
> ** **
>
> *From:* activedir-owner@xxxxxxxxxxxxxxxx
> [mailto:activedir-owner@xxxxxxxxxxxxxxxx] *On Behalf Of *Ed Sibone
> *Sent:* Friday, August 12, 2011 7:49 AM
> *To:* activedir@xxxxxxxxxxxxxxxx
> *Subject:* Re: [ActiveDir] OT: Delete Large LDAP container?****
>
> ** **
>
> Well, before I got the syntax right for admod, I couldnt even get it do
> anything.. now I got it right and got the same message from joe's article..
> ****
>
> ****
>
> Extended Error: 000020CD: SvcErr: DSID-030907D2, problem 5008
> (ADMIN_LIMIT_EXCEEDED), d
> ata 0****
>
> ****
>
> It appears no way around this, as I see its by design, unless I find a way
> to programatically keep hitting it till its gone.****
>
> On Thu, Aug 11, 2011 at 7:31 PM, Brian Desmond <brian@xxxxxxxxxxxxxxxx>
> wrote:****
>
> *What is the error from admod when you run it with the –exterr switch?****
> *
>
> * *****
>
> * *****
>
> * *****
>
> *Thanks,*****
>
> *Brian Desmond*****
>
> *brian@xxxxxxxxxxxxxxxx* <brian@xxxxxxxxxxxxxxxx>****
>
> * *****
>
> *c – 312.731.3132*****
>
> * *****
>
> *From:* activedir-owner@xxxxxxxxxxxxxxxx [mailto:
> activedir-owner@xxxxxxxxxxxxxxxx] *On Behalf Of *Ed Sibone
> *Sent:* Thursday, August 11, 2011 6:59 PM****
>
>
> *To:* activedir@xxxxxxxxxxxxxxxx****
>
> *Subject:* Re: [ActiveDir] OT: Delete Large LDAP container?****
>
> ****
>
> I have a need.. I got this huge LDAP container with easily 100,000+
> objects I need to remove.. Since I cant seem to remove the container via
> LDP, ADSIEdit or ADMOD, its that or kill the LDS instance and rebuild it..
> trying to avoid that.... ****
>
> On Thu, Aug 11, 2011 at 9:31 AM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:
> ****
>
> Technically it's plain LDAP, but not all directory services support
> every kind of server control.
>
> For another solution, I've written a multithreaded mass deletion
> program in .NET that takes an LDAP search filter, search base, etc.,
> and nukes individual entries in parallel while using the lazy commit
> control. It's very speedy and not subject to the same administrative
> limit, although still not as fast as a subtree delete on less than 16K
> objects. If there's any public call for this thing I'll cheerfully
> add it to the Zetetic.Ldap freeware tools collection. I'd think you
> could get a similar result, minus the multithreading, from admod.
>
> --Steve****
>
>
> On Thu, Aug 11, 2011 at 8:09 AM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> wrote:
> > Hmm, is that a MS thing or an LDAP thing? I tried setting up the
> Subtree
> > Delete control in LDP and when I go to delete it just says "Size Limit
> > Exceeded". ADSI, sort of the same thing. Anyone know the admod syntax
> to
> > dump this container?
> >
> > On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx>
> wrote:
> >>
> >> Yep, the subtree delete LDAP control is the most efficient way to do
> >> this. However, you will have to run it several times on a truly
> >> massive subtree; the command will work for a while before it gives you
> >> a result like, "I tried, and made progress, but am willing to do this
> >> for only so long."
> >>
> >> --Steve
> >>
> >> On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx>
> >> wrote:
> >> > Hey all,
> >> >
> >> > I've been trying to delete a container in my LDS that contains 1000s
> of
> >> > objects.. ADSIEdit seems to choke on it when I right click delete,
> LDP,
> >> > I
> >> > cant quite figure out the way to delete. How can I wax this
> >> > container.. I
> >> > would imagine the same procedure in AD had I had a large OU.. I am
> >> > about
> >> > to try admod with -treedelete but am unsure of the proper syntax...
> >> >
> >> > eg, container to delete is "Accounts"
> >> >
> >> > admod -h localhost -b DC=BigDir,DC=local -treedelete
> >> > CN=Accounts,DC=BigDir,DC=local
> >> >
> >> > I dont have access to this server at the moment so I am just
> >> > brainstorming
> >> > it to try later....
> >> >
> >> > Thanks all.
> >> > -Ed.
> >>
> >> List info: http://www.activedir.org/List.aspx
> >
> >
>
> List info: http://www.activedir.org/List.aspx****
>
> ****
>
> ** **
>

listmailUser is Offline

Posts:831

03/17/2012 6:16 PM  
I keep getting ready to release and someone dings me with something else I
want to slip in to one or the other tool, Princess (Jorge) just recently
pinged me on getting forced recycle of objects into AdMod. Plus he has
pointed out some weirdness around removing massive numbers of members from a
group that I want to look into a little closer. But I need to get these out
the door so I may just say no more and to the final testing and ship.



joe



--

O'Reilly Active Directory Fourth Edition -
http://www.joeware.net/win/ad4e.htm

Blog: http://blog.joeware.net







From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Ed Sibone
Sent: Friday, March 16, 2012 11:50 AM
To: activedir@xxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] OT: Delete Large LDAP container?



whoa, right on joe! When can we expect that version to hit the public :p



Thanks!!

On Thu, Feb 9, 2012 at 5:21 PM, joe <listmail@xxxxxxxxxxxxxxxx> wrote:

FYI.



http://blog.joeware.net/2012/02/09/2422/





--

O'Reilly Active Directory Fourth Edition -
http://www.joeware.net/win/ad4e.htm

Blog: http://blog.joeware.net







From: joe [mailto:listmail@xxxxxxxxxxxxxxxx]
Sent: Friday, August 12, 2011 11:26 AM
To: activedir@xxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] OT: Delete Large LDAP container?



Yeah I started to change this in AdMod so that it would truly nuke the whole
subtree but then I stopped. I don't recall exactly why I did because it was
a long time ago. Possibly because I sometimes use AdFind/Mod to troubleshoot
LDAP functionality and I don't want to do too much magic in the background
because then after a time I forget the magic is happening and start assuming
things work in certain ways and then bam I get it upside the head from some
place I didn't expect. ;) Of course I could add another switch for that
like treenuke or something. People are always looking for me to add new
switches. J



In the meanwhile, and I probably should have updated the blog entry, and
maybe I will, who knows. But you could use a simple FOR /L loop to handle
this. The usage for the FOR /L command:



FOR /L %param in (start,incremement,end) do blah



So for 100K entries you could do something like



FOR /L %i in (1,1,7) do admod -b blah -deltree



And that should work for you.





Now to the actual issue. Is this for testing or something like that? I am
not sure why you would create hundreds of thousands of objects and then want
to delete them afterward, especially multiple times such that you want a
tool to do it effectively. If that is the case, then I would consider using
dynamic objects with the appropriate TTL. Then when the time comes, they
just evaporate and you don't worry about them anymore. No going back and
cleaning them up. Of course if you don't know the lifetime that makes it
tougher, you would either have to set something huge and then drop it down
to min value when ready to see them die or you could just keep extending the
TTL as needed.





joe





--

O'Reilly Active Directory Fourth Edition -
http://www.joeware.net/win/ad4e.htm

Blog: http://blog.joeware.net <http://blog.joeware.net/>



From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Ed Sibone
Sent: Friday, August 12, 2011 7:49 AM
To: activedir@xxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] OT: Delete Large LDAP container?



Well, before I got the syntax right for admod, I couldnt even get it do
anything.. now I got it right and got the same message from joe's article..



Extended Error: 000020CD: SvcErr: DSID-030907D2, problem 5008
(ADMIN_LIMIT_EXCEEDED), d
ata 0



It appears no way around this, as I see its by design, unless I find a way
to programatically keep hitting it till its gone.

On Thu, Aug 11, 2011 at 7:31 PM, Brian Desmond <brian@xxxxxxxxxxxxxxxx>
wrote:

What is the error from admod when you run it with the -exterr switch?







Thanks,

Brian Desmond

<mailto:brian@xxxxxxxxxxxxxxxx> brian@xxxxxxxxxxxxxxxx



c - 312.731.3132



From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Ed Sibone
Sent: Thursday, August 11, 2011 6:59 PM


To: activedir@xxxxxxxxxxxxxxxx

Subject: Re: [ActiveDir] OT: Delete Large LDAP container?



I have a need.. I got this huge LDAP container with easily 100,000+ objects
I need to remove.. Since I cant seem to remove the container via LDP,
ADSIEdit or ADMOD, its that or kill the LDS instance and rebuild it..
trying to avoid that....

On Thu, Aug 11, 2011 at 9:31 AM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:

Technically it's plain LDAP, but not all directory services support
every kind of server control.

For another solution, I've written a multithreaded mass deletion
program in .NET that takes an LDAP search filter, search base, etc.,
and nukes individual entries in parallel while using the lazy commit
control. It's very speedy and not subject to the same administrative
limit, although still not as fast as a subtree delete on less than 16K
objects. If there's any public call for this thing I'll cheerfully
add it to the Zetetic.Ldap freeware tools collection. I'd think you
could get a similar result, minus the multithreading, from admod.

--Steve


On Thu, Aug 11, 2011 at 8:09 AM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx> wrote:
> Hmm, is that a MS thing or an LDAP thing? I tried setting up the
Subtree
> Delete control in LDP and when I go to delete it just says "Size Limit
> Exceeded". ADSI, sort of the same thing. Anyone know the admod syntax to
> dump this container?
>
> On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx> wrote:
>>
>> Yep, the subtree delete LDAP control is the most efficient way to do
>> this. However, you will have to run it several times on a truly
>> massive subtree; the command will work for a while before it gives you
>> a result like, "I tried, and made progress, but am willing to do this
>> for only so long."
>>
>> --Steve
>>
>> On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx>
>> wrote:
>> > Hey all,
>> >
>> > I've been trying to delete a container in my LDS that contains 1000s of
>> > objects.. ADSIEdit seems to choke on it when I right click delete,
LDP,
>> > I
>> > cant quite figure out the way to delete. How can I wax this
>> > container.. I
>> > would imagine the same procedure in AD had I had a large OU.. I am
>> > about
>> > to try admod with -treedelete but am unsure of the proper syntax...
>> >
>> > eg, container to delete is "Accounts"
>> >
>> > admod -h localhost -b DC=BigDir,DC=local -treedelete
>> > CN=Accounts,DC=BigDir,DC=local
>> >
>> > I dont have access to this server at the moment so I am just
>> > brainstorming
>> > it to try later....
>> >
>> > Thanks all.
>> > -Ed.
>>
>> List info: http://www.activedir.org/List.aspx
>
>

List info: http://www.activedir.org/List.aspx








robertsingersUser is Offline

Posts:648

03/18/2012 9:00 PM  
Maybe you can add a -jorge switch that fires up Clippy "So you appear to be trying to delete a large number of objects!"

--
Rob "bring back clippy" Singers

From: activedir-owner@xxxxxxxxxxxxxxxx [mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Sunday, 18 March 2012 7:14 a.m.
To: activedir@xxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] OT: Delete Large LDAP container?

I keep getting ready to release and someone dings me with something else I want to slip in to one or the other tool, Princess (Jorge) just recently pinged me on getting forced recycle of objects into AdMod. Plus he has pointed out some weirdness around removing massive numbers of members from a group that I want to look into a little closer. But I need to get these out the door so I may just say no more and to the final testing and ship.

joe

--
O'Reilly Active Directory Fourth Edition - http://www.joeware.net/win/ad4e.htm
Blog: http://blog.joeware.net



From: activedir-owner@xxxxxxxxxxxxxxxx<mailto:activedir-owner@xxxxxxxxxxxxxxxx> [mailto:activedir-owner@xxxxxxxxxxxxxxxx]<mailto:[mailto:activedir-owner@xxxxxxxxxxxxxxxx]> On Behalf Of Ed Sibone
Sent: Friday, March 16, 2012 11:50 AM
To: activedir@xxxxxxxxxxxxxxxx<mailto:activedir@xxxxxxxxxxxxxxxx>
Subject: Re: [ActiveDir] OT: Delete Large LDAP container?

whoa, right on joe! When can we expect that version to hit the public :p

Thanks!!
On Thu, Feb 9, 2012 at 5:21 PM, joe <listmail@xxxxxxxxxxxxxxxx<mailto:listmail@xxxxxxxxxxxxxxxx>> wrote:
FYI.

http://blog.joeware.net/2012/02/09/2422/


--
O'Reilly Active Directory Fourth Edition - http://www.joeware.net/win/ad4e.htm
Blog: http://blog.joeware.net



From: joe [mailto:listmail@xxxxxxxxxxxxxxxx<mailto:listmail@xxxxxxxxxxxxxxxx>]
Sent: Friday, August 12, 2011 11:26 AM
To: activedir@xxxxxxxxxxxxxxxx<mailto:activedir@xxxxxxxxxxxxxxxx>
Subject: RE: [ActiveDir] OT: Delete Large LDAP container?

Yeah I started to change this in AdMod so that it would truly nuke the whole subtree but then I stopped. I don't recall exactly why I did because it was a long time ago. Possibly because I sometimes use AdFind/Mod to troubleshoot LDAP functionality and I don't want to do too much magic in the background because then after a time I forget the magic is happening and start assuming things work in certain ways and then bam I get it upside the head from some place I didn't expect. ;) Of course I could add another switch for that like treenuke or something. People are always looking for me to add new switches. :)

In the meanwhile, and I probably should have updated the blog entry, and maybe I will, who knows... But you could use a simple FOR /L loop to handle this. The usage for the FOR /L command:

FOR /L %param in (start,incremement,end) do blah

So for 100K entries you could do something like

FOR /L %i in (1,1,7) do admod -b blah -deltree

And that should work for you.


Now to the actual issue... Is this for testing or something like that? I am not sure why you would create hundreds of thousands of objects and then want to delete them afterward, especially multiple times such that you want a tool to do it effectively. If that is the case, then I would consider using dynamic objects with the appropriate TTL. Then when the time comes, they just evaporate and you don't worry about them anymore. No going back and cleaning them up. Of course if you don't know the lifetime that makes it tougher, you would either have to set something huge and then drop it down to min value when ready to see them die or you could just keep extending the TTL as needed.


joe


--
O'Reilly Active Directory Fourth Edition - http://www.joeware.net/win/ad4e.htm
Blog: http://blog.joeware.net<http://blog.joeware.net/>

From: activedir-owner@xxxxxxxxxxxxxxxx<mailto:activedir-owner@xxxxxxxxxxxxxxxx> [mailto:activedir-owner@xxxxxxxxxxxxxxxx]<mailto:[mailto:activedir-owner@xxxxxxxxxxxxxxxx]> On Behalf Of Ed Sibone
Sent: Friday, August 12, 2011 7:49 AM
To: activedir@xxxxxxxxxxxxxxxx<mailto:activedir@xxxxxxxxxxxxxxxx>
Subject: Re: [ActiveDir] OT: Delete Large LDAP container?

Well, before I got the syntax right for admod, I couldnt even get it do anything.. now I got it right and got the same message from joe's article..

Extended Error: 000020CD: SvcErr: DSID-030907D2, problem 5008 (ADMIN_LIMIT_EXCEEDED), d
ata 0

It appears no way around this, as I see its by design, unless I find a way to programatically keep hitting it till its gone.
On Thu, Aug 11, 2011 at 7:31 PM, Brian Desmond <brian@xxxxxxxxxxxxxxxx<mailto:brian@xxxxxxxxxxxxxxxx>> wrote:
What is the error from admod when you run it with the -exterr switch?



Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx<mailto:brian@xxxxxxxxxxxxxxxx>

c - 312.731.3132<tel:312.731.3132>

From: activedir-owner@xxxxxxxxxxxxxxxx<mailto:activedir-owner@xxxxxxxxxxxxxxxx> [mailto:activedir-owner@xxxxxxxxxxxxxxxx<mailto:activedir-owner@xxxxxxxxxxxxxxxx>] On Behalf Of Ed Sibone
Sent: Thursday, August 11, 2011 6:59 PM

To: activedir@xxxxxxxxxxxxxxxx<mailto:activedir@xxxxxxxxxxxxxxxx>
Subject: Re: [ActiveDir] OT: Delete Large LDAP container?

I have a need.. I got this huge LDAP container with easily 100,000+ objects I need to remove.. Since I cant seem to remove the container via LDP, ADSIEdit or ADMOD, its that or kill the LDS instance and rebuild it.. trying to avoid that....
On Thu, Aug 11, 2011 at 9:31 AM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx<mailto:skradel@xxxxxxxxxxxxxxxx>> wrote:
Technically it's plain LDAP, but not all directory services support
every kind of server control.

For another solution, I've written a multithreaded mass deletion
program in .NET that takes an LDAP search filter, search base, etc.,
and nukes individual entries in parallel while using the lazy commit
control. It's very speedy and not subject to the same administrative
limit, although still not as fast as a subtree delete on less than 16K
objects. If there's any public call for this thing I'll cheerfully
add it to the Zetetic.Ldap freeware tools collection. I'd think you
could get a similar result, minus the multithreading, from admod.

--Steve

On Thu, Aug 11, 2011 at 8:09 AM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx<mailto:edsibone.rdy@xxxxxxxxxxxxxxxx>> wrote:
> Hmm, is that a MS thing or an LDAP thing? I tried setting up the Subtree
> Delete control in LDP and when I go to delete it just says "Size Limit
> Exceeded". ADSI, sort of the same thing. Anyone know the admod syntax to
> dump this container?
>
> On Wed, Aug 10, 2011 at 9:48 PM, Steve Kradel <skradel@xxxxxxxxxxxxxxxx<mailto:skradel@xxxxxxxxxxxxxxxx>> wrote:
>>
>> Yep, the subtree delete LDAP control is the most efficient way to do
>> this. However, you will have to run it several times on a truly
>> massive subtree; the command will work for a while before it gives you
>> a result like, "I tried, and made progress, but am willing to do this
>> for only so long."
>>
>> --Steve
>>
>> On Wed, Aug 10, 2011 at 10:41 PM, Ed Sibone <edsibone.rdy@xxxxxxxxxxxxxxxx<mailto:edsibone.rdy@xxxxxxxxxxxxxxxx>>
>> wrote:
>> > Hey all,
>> >
>> > I've been trying to delete a container in my LDS that contains 1000s of
>> > objects.. ADSIEdit seems to choke on it when I right click delete, LDP,
>> > I
>> > cant quite figure out the way to delete. How can I wax this
>> > container.. I
>> > would imagine the same procedure in AD had I had a large OU.. I am
>> > about
>> > to try admod with -treedelete but am unsure of the proper syntax...
>> >
>> > eg, container to delete is "Accounts"
>> >
>> > admod -h localhost -b DC=BigDir,DC=local -treedelete
>> > CN=Accounts,DC=BigDir,DC=local
>> >
>> > I dont have access to this server at the moment so I am just
>> > brainstorming
>> > it to try later....
>> >
>> > Thanks all.
>> > -Ed.
>>
>> List info: http://www.activedir.org/List.aspx
>
>

List info: http://www.activedir.org/List.aspx






This message has been scanned for viruses and is believed to be clean.

#####################################################################################
This message has been scanned for viruses and is believed to be clean.
#####################################################################################

----------------------------------------------------------------------------------------
Please Note:
The information contained in this email message and any attached files may be confidential and subject to privilege. If you are not the intended recipient of this message, privilege and confidentiality is not waived or lost, and you are not entitled to use, disclose or copy it in any way. Opinions expressed in this message are not necessarily those of the Department of Building and Housing. The Department does not accept any liability for any technical opinions offered. While we use standard virus protection software, we do not accept responsibility for viruses or anything similar in this email or its attachments, nor do we accept responsibility for changes made to this email or to its attachments after it leaves our system. If you have received this email in error, please notify us immediately by reply email and delete the original and any attachment(s). Thank you.
----------------------------------------------------------------------------------------

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] OT: Delete Large LDAP container?



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:LloLightfoo
New TodayNew Today:6
New YesterdayNew Yesterday:4
User CountOverall:6708

People OnlinePeople Online:
VisitorsVisitors:317
MembersMembers:0
TotalTotal:317

Online NowOnline Now:

Ads

Copyright 2014 ActiveDir.org
Terms Of Use