DIT files increased 43% in a single day

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have an AD2000 forest and The GC's in all domains have increased from 1.7
GB's to 2.3 GB's in a 24 hour period. Obviously something happened but
there were no new accounts created. Some non-GC's in just one of the
domains also have 2.3GB, and they are not even GC's; but no other non-GC's
in other domains have a DIT that is larger than 1GB. The admin of the
likely originating domain said that they were working on IP telephony. I
know that Cisco has a permissions wizard, and I'm wondering if a mass update
of the ACL's on many accounts can cause the metadata of the accounts, and
subsequently the DNC and then GC, to increase accordingly. What else could
cause such a dramatic increase in size in such a short time?
 
Hi
Probably a bunch of new objects were created and deleted, now all these
objects are in Deleted Objects container and you must wait until the
Tombstone lifetime expires o these objects are permanently deleted from AD
DB.


--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
 
That's very likely. Also, though, the admins of that domain recently did a
bunch of work which changed the ACL's on a number of objects. I don't know
if maybe that contributed to it. In any event, the DA of that domain
demoted and re-promoted a non-GC DC in that domain, and the DIT file is
smaller, for now. I'm going to monitor the size and see if it starts to
grow again.
 
Adding ACLs, especially at the top of the directory in the domain, will
increase the size of the DIT. Even though you may specify a particular
object type, the ACL is applied to ALL child objects. For example the OU
object gets the ACL so it can apply it to it's child objects.

The recently promoted DC will have a smaller DIT because it is not
fragmented. Give it some time and it will expand so it has some "working
room" and then level off.
 
If that change were in another domain, and it was a change to user objects,
would the ACL notations replicate to the Global Catalog?
 
Back
Top