I am trying to delete an OU that has 1,000,000 users (ok, it should have a few less by now that I've hit it a few times with deletion attempts).
In any case, I am using admod -rm -unsafe and I get something of this sort after a while: >admod -b OU=megaou,<FULL_DN> -rm -treedelete -h .:50000 -unsafe AdMod V01.07.00cpp Joe Richards ([EMAIL PROTECTED]) October 2006 DN Count: 1 Using server: tstadamdc.tstadam.local:389 Directory: Active Directory Application Mode Deleting specified objects... DN: OU=megaou,OU=megaou,<FULL_DN>...: [tstadamdc.tstadam.local] Error 0xb (11) - Administration Limit Exceeded ERROR: Too many errors encountered, terminating... The command did not complete successfully .. Also, I finally found the reference to a "progress status" switch in admod over at http://blog.joeware.net/2006/09/23/631/, but I don't see any "dotcount" switch or similar in the admod usage screen of in the docs in joeware except for a reference in the tool's version history.... Thanks a lot again.. Javier -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de F. Javier Jarava Enviado el: jueves, 02 de noviembre de 2006 18:47 Para: ActiveDir@mail.activedir.org Asunto: Deleting an OU in AD and AD/AM with 1,000,000++ users (WAS: RE: [ActiveDir] ) Duh!! Sorry for answering myself, and also for forgetting to set a subject to my previous email (Sould-ve been "Deleting an OU in AD and AD/AM with 1,000,000++ users").... I have taken the time to re-read the help screens (I did read them all, I swear. I mean, how did I learn about -sc adau if not? ;) and I have found about the -treedelete switch that seems to be what I am looking for (I knew it had to be there somewhere; admod would not *really* let you shoot yourself in the foot if there was no way to really wipe a domain from it). In any case, my previous question about "progress signs" stands. In this case, I have two instances of admod happily chugging away (one is deleting the users in AD; other in ADAM) but no sign of what they are doing, other than the fact that the VM hosting the domain and ADAM is seriously tasked. Thanks a lot, and sorry for the unnecesary blunder. J -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de F. Javier Jarava Enviado el: jueves, 02 de noviembre de 2006 18:38 Para: ActiveDir@mail.activedir.org Asunto: [ActiveDir] Hi all!! I've been stress-testing some utilities we use internally, specifically a tool to "sync" users from AD to AD/AM (ok, not exactly sync; we just need a user/computer object with the same names that those in AD). For the purpose, I have created an OU in AD that I then filled with 1000000+ users (admod -sc adau:1000000;SomePassword1;CN=.... a couple of times ). The tool survived the beating, but now I want to delete the OU and the users within, both in AD and ADAM. I thought that: admod -b "OU_DN" -rm Would do the trick but it complains that it can't delete a non-leaf (otherwise understandable). ADUC and ADAM-ADSIEdit let me say "delete", but they take in the order of ages (they are at it now). Users&Comp. seems to hang, and ADSIEdit every now and then comes up with a message box saying: --------------------------- ADAM-ADSIEdit --------------------------- The tree deletion is not finished. The request must be made again to continue deleting the tree. --------------------------- OK --------------------------- I click OK, select "delete" again on the OU, and on it goes... My question is, I "know" that there has to be a better/quicker way to do this that does not involve "listing" all objetct and piping them to admod? Thanks a lot. Javier Jarava PS: For bonus "points", I seem to recall some post on joe's blog about having "progress dots" in admod that show objetcts being modified.. But I wasn't able to find the proper switch in the docs, so when I created 1000000 users I got 1000000 DNs shown on screen. So, what is the proper option to say "don't print all progress, just a running % or something like that"?? Thanks a bunch again. J List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
