RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Forgot to mention earlier... Yes, it is also correct the article mentions to disable the DLT server service while it still will do the cleanup. That is not correct. My apologies for not bringing that up earlier Jorge From: [EMAIL PROTECTED] on behalf of Almeida Pinto, Jorge de Sent: Tue 11/29/2005 8:20 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers OK, you are right on the choice of words... they don't age out, but will get cleaned by the DLT server service when the DLT client service is disabled on all clients/servers... I just meant the objects disappeared automatically, independent of auto aging or auto cleanup by something. (I did not pay attention to the auto aging wording as you described it here below) So there is no need to forcebly delete them if you take other measures (as in disabling the DLT Client service). Isn't that true? Jorge From: [EMAIL PROTECTED] on behalf of joe Sent: Tue 11/29/2005 1:01 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers The objects don't age out. A service cleans them up. AD doesn't clean them up. It is on par with saying that old computers age themselves out because you run oldcmp to clean them. Something that ages itself out as a counter example would be say like a dynamic object. Of course someone could have a script go through and make them all dynamic so they just age out automatically then (assuming K3 DCs). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Monday, November 28, 2005 5:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Aric, You are correct on that... I'm referring to Joe's remark They don't age out. You need to delete them As the article mentions, if the DLT client service does not update them the DLT server service on the DCs will age them out. Another solution could be disable all DLT client services (not the DLT server service) and wait 90 days. That's what I'm referring to, or am I not correct on that? (somewhat like DNS scavenging) Jorge From: [EMAIL PROTECTED] on behalf of Bernard, Aric Sent: Mon 11/28/2005 10:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Might be a problem if the service is disabled, no? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Monday, November 28, 2005 1:22 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers ehhh... according to the KB article (http://support.microsoft.com/?id=312403) objects do age out.. QUOTE It is not critical that you manually delete the Distributed Link Tracking objects after you stop the Distributed Link Tracking server service unless you have to reclaim the disk space that is being consumed by these objects as quickly as possible. Distributed Link Tracking clients prompt the Distributed Link Tracking server to update links every 30 days. The Distributed Link Tracking Server service scavenges objects that have not been updated in 90 days. QUOTE Jorge From: [EMAIL PROTECTED] on behalf of joe Sent: Mon 11/28/2005 10:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, November 28, 2005 12:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Thanks! I'm not as bad off as I thought. I do most of that. Just need to look further into the filelinks, lost and found and a couple of others. Bob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joePosted At: Monday, November 28, 2005 4:45 PMPosted To: ActiveDirectoryConversation: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain ControllersSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers Heh. I don't think one exists. Items off the top of my head that need to be cleaned up oInactive users (temp users and/or turnover) o Inactive computers o Inactive groups o Group memberships of groups that are still active but contain members that shouldn't have access o Unused or unresolvable FSPs o Unused filelinks o Unused contactso Objects in lost and found (all NCs, even config) o Conflict (CNF) objects o Unused trusts o Unused OUs/Containers o Unused Shares/Printers that were manually created outside of the computer object o Unused GPOS (including ipsec gunk that isn't being used) o Crud hanging around from failed DC Demotions (FRS objects, site objects, etc) o Make sure DNS objects are being scavenged out o Unused site objects o Unused subnet objects (this also should include collapsing subnets if possible, say 2 24 bit subnets for same site that could be set iup as a 23 bit subnet) All of these pretty much have possible issues with them in terms of when you might like to delete or if it is even safe to delete. Something that should be simple would be users or computers yet they aren't. Exchange can really confuse whether or not a userid is truly needed in the case of resource mailboxes. Computer accounts could be for a cluster or a PC that is on the other side of a VPN so doesn't update anything in AD, etc. When I was an ops guy I would regularly just fish around the directory looking for things to get rid of. I might spend a day looking at all of the trusts and delete 10, 20 or 100 of them because the NT domains were migrated in a long while back and someone forgot to tell the Enterprise Admins. I would run oldcmp to look for old computers and users and try to clean them up. I can't even guess how much that tool has helped folks with cleaning up. Groups was tough because you never really knew if they were used, you could make them into DLs which might help but some apps use them for security but don't use them as NT Security so being a DL has no bearing on whether they work or not. Group memberships is even tougher so you have to require the group or resource owner to "certify" the membership on regular say quarterly periods and make them responsible for anyone in the group who shouldn't be. Basically without this occasional pruning AD becomes like your closet or garage, you just stack things up in there as needed and then forget about them until you stumble over them looking for something else. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ActiveDirectorySent: Monday, November 28, 2005 4:23 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers I will admin to being one of those Admins. Can you recommend a good book that shows a clean up best practices for all those items that require manual cleanup? Thanks! Bob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joePosted At: Monday, November 28, 2005 3:10 PMPosted To: ActiveDirectoryConversation: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain ControllersSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Monday, November 28, 2005 12:52 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking S
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Definitely turn it off on the DCs and delete the tracking objects. MS actually recommends this for the configuration and K3 it is disabled by default. Here is the KB about it http://support.microsoft.com/default.aspx?scid=312403 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Monday, November 28, 2005 11:40 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers As anyone found any issues in disabling the "distributed link tracking server" onwindows 2000 server domain controllers? I would like to take a two step approachin disabling this useless service. First on the DCs and them on all workstations. Iwas just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Montag, 28. November 2005 17:40To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers As anyone found any issues in disabling the "distributed link tracking server" onwindows 2000 server domain controllers? I would like to take a two step approachin disabling this useless service. First on the DCs and them on all workstations. Iwas just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, GuidoSent: Mon 28/11/2005 11:46 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Montag, 28. November 2005 17:40To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers As anyone found any issues in disabling the "distributed link tracking server" onwindows 2000 server domain controllers? I would like to take a two step approachin disabling this useless service. First on the DCs and them on all workstations. Iwas just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
I did it in the Default Domain Controller policies several years ago while still at 2000 native when the recommendation first came to light and it's never proven to be an issue in our environment From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, November 28, 2005 8:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers As anyone found any issues in disabling the distributed link tracking server on windows 2000 server domain controllers? I would like to take a two step approach in disabling this useless service. First on the DCs and them on all workstations. I was just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Monday, November 28, 2005 12:52 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, GuidoSent: Mon 28/11/2005 11:46 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Montag, 28. November 2005 17:40To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers As anyone found any issues in disabling the "distributed link tracking server" onwindows 2000 server domain controllers? I would like to take a two step approachin disabling this useless service. First on the DCs and them on all workstations. Iwas just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Ditto. I also added a piece to the DC Scripts that are run on a machine after it has become a DC so that it gets shutdown before the first reboot after the policy applies (which is when policy will not restart it). If you don't use DC Scripts or other processes like that you could add it to the computer startup script for DCs. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Monday, November 28, 2005 1:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers I did it in the Default Domain Controller policies several years ago while still at 2000 native when the recommendation first came to light and it's never proven to be an issue in our environment From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, November 28, 2005 8:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers As anyone found any issues in disabling the distributed link tracking server on windows 2000 server domain controllers? I would like to take a two step approach in disabling this useless service. First on the DCs and them on all workstations. I was just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
I will admin to being one of those Admins. Can you recommend a good book that shows a clean up best practices for all those items that require manual cleanup? Thanks! Bob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joePosted At: Monday, November 28, 2005 3:10 PMPosted To: ActiveDirectoryConversation: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain ControllersSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Monday, November 28, 2005 12:52 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, GuidoSent: Mon 28/11/2005 11:46 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Montag, 28. November 2005 17:40To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers As anyone found any issues in disabling the "distributed link tracking server" onwindows 2000 server domain controllers? I would like to take a two step approachin disabling this useless service. First on the DCs and them on all workstations. Iwas just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
ehhh... according to the KB article (http://support.microsoft.com/?id=312403) objects do age out.. QUOTE It is not critical that you manually delete the Distributed Link Tracking objects after you stop the Distributed Link Tracking server service unless you have to reclaim the disk space that is being consumed by these objects as quickly as possible. Distributed Link Tracking clients prompt the Distributed Link Tracking server to update links every 30 days. The Distributed Link Tracking Server service scavenges objects that have not been updated in 90 days. QUOTE Jorge From: [EMAIL PROTECTED] on behalf of joe Sent: Mon 11/28/2005 10:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, November 28, 2005 12:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, Guido Sent: Mon 28/11/2005 11:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Montag, 28. November 2005 17:40 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers As anyone found any issues in disabling the distributed link tracking server on windows 2000 server domain controllers? I would like to take a two step approach in disabling this useless service. First on the DCs and them on all workstations. I was just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Hmmm interesting thing you bring up Joe cleanup defaults and for that matter, other configuration defaults. Microsoft could set defaults on all these things, but I doubt the defaults would work as one-size-fits-all. A book could be written giving lots of various things like this that people dont think and/or know to do, along with recommendations and all the variables surrounding them (i.e. if you have more than x users and y computers and z sites and n DCs then you should clean this up, etc). Or maybe someone could write a wizard that would cover a lot of this obscure configuration and maintenance stuff, from this, to DNS scavenging, etc (check boxes are great as to what to include), and it could walk you through (how many users, how many computers, or it could even analyze stuff from the directory itself) and then give recommended values you can tweak if you want, and write a configuration file. Then run the utility with a -forreal switch and it pops up all the things its about to do/configure for you, make you check the things you want to do, and go out and do them. Not for the faint of heart, I admit and it might eat into some consulting $$ for some people but others would probably benefit from the scattered advice of what to scavenge, tombstone, disable, delete, etc all put into one wizard. Im just talking off the cuff here though, so maybe Im full of non-practical ideas this afternoon J --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, November 28, 2005 3:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, November 28, 2005 12:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, Guido Sent: Mon 28/11/2005 11:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Montag, 28. November 2005 17:40 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers As anyone found any issues in disabling the distributed link tracking server onwindows 2000 server domain controllers? I would like to take a two step approachin disabling this useless service. First on the DCs and them on all workstations. Iwas just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Might be a problem if the service is disabled, no? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Monday, November 28, 2005 1:22 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers ehhh... according to the KB article (http://support.microsoft.com/?id=312403) objects do age out.. QUOTE It is not critical that you manually delete the Distributed Link Tracking objects after you stop the Distributed Link Tracking server service unless you have to reclaim the disk space that is being consumed by these objects as quickly as possible. Distributed Link Tracking clients prompt the Distributed Link Tracking server to update links every 30 days. The Distributed Link Tracking Server service scavenges objects that have not been updated in 90 days. QUOTE Jorge From: [EMAIL PROTECTED] on behalf of joe Sent: Mon 11/28/2005 10:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, November 28, 2005 12:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, Guido Sent: Mon 28/11/2005 11:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Montag, 28. November 2005 17:40 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers As anyone found any issues in disabling the distributed link tracking server on windows 2000 server domain controllers? I would like to take a two step approach in disabling this useless service. First on the DCs and them on all workstations. I was just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Yes, but if you have disabled the service on all servers as the thread is discussing what is going to do the cleanup? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Posted At: Monday, November 28, 2005 3:22 PM Posted To: ActiveDirectory Conversation: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers ehhh... according to the KB article (http://support.microsoft.com/?id=312403) objects do age out.. QUOTE It is not critical that you manually delete the Distributed Link Tracking objects after you stop the Distributed Link Tracking server service unless you have to reclaim the disk space that is being consumed by these objects as quickly as possible. Distributed Link Tracking clients prompt the Distributed Link Tracking server to update links every 30 days. The Distributed Link Tracking Server service scavenges objects that have not been updated in 90 days. QUOTE Jorge From: [EMAIL PROTECTED] on behalf of joe Sent: Mon 11/28/2005 10:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, November 28, 2005 12:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, Guido Sent: Mon 28/11/2005 11:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Montag, 28. November 2005 17:40 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers As anyone found any issues in disabling the distributed link tracking server on windows 2000 server domain controllers? I would like to take a two step approach in disabling this useless service. First on the DCs and them on all workstations. I was just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
So they don't age out if you disable the DLT-S-S, only if you stop the DLT-C-S and let the DLT-S-S run for another 90 days. Hmm - thinking if it wouldn't be neat to use dynamic objects for DLT (and DNS?) Ulf |-Original Message- |From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de |Sent: Monday, November 28, 2005 10:22 PM |To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers | |ehhh... according to the KB article (http://support.microsoft.com/?id=312403) objects do age out.. | |QUOTE |It is not critical that you manually delete the Distributed Link Tracking objects after you stop the Distributed Link Tracking server |service unless you have to reclaim the disk space that is being consumed by these objects as quickly as possible. Distributed Link |Tracking clients prompt the Distributed Link Tracking server to update links every 30 days. The Distributed Link Tracking Server service |scavenges objects that have not been updated in 90 days. |QUOTE | | |Jorge | | | |From: [EMAIL PROTECTED] on behalf of joe |Sent: Mon 11/28/2005 10:10 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers | | |They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist |conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much |impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen |hundreds of thousands of the filelinks in a directory before eating up tremendous space. | |Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning |up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It |comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could |be perfectly reconstituted if necessary in the event of a bad delete. | | joe | | | |From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD |Sent: Monday, November 28, 2005 12:52 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers | | |Thanks for info the joe and Guido, | |Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the |park. | |If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? | |Thanks | |Y | | | |From: Grillenmeier, Guido |Sent: Mon 28/11/2005 11:46 AM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers | | |nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why |the service is disabled by default in Win2003). | |however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service |on the DCs. | |Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers |as these will surely contain a lot of garbage. | |/Guido | | | |From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD |Sent: Montag, 28. November 2005 17:40 |To: ActiveDir@mail.activedir.org |Subject: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers | | |As anyone found any issues in disabling the distributed link tracking server on windows 2000 server domain controllers? | |I would like to take a two step approach in disabling this useless service. First on the DCs and them on all workstations. I was just |wondering if there would be an impact on the clients seeing that cannot communicate with the server. | |Thanks | |Yves | | |This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential |information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are |not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. |List info : http://www.activedir.org/List.aspx |List FAQ: http://www.activedir.org/ListFAQ.aspx |List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Shhh, I wasn't going to say anything though I did submit a correction to MS for the KB -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Monday, November 28, 2005 4:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Might be a problem if the service is disabled, no? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Monday, November 28, 2005 1:22 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers ehhh... according to the KB article (http://support.microsoft.com/?id=312403) objects do age out.. QUOTE It is not critical that you manually delete the Distributed Link Tracking objects after you stop the Distributed Link Tracking server service unless you have to reclaim the disk space that is being consumed by these objects as quickly as possible. Distributed Link Tracking clients prompt the Distributed Link Tracking server to update links every 30 days. The Distributed Link Tracking Server service scavenges objects that have not been updated in 90 days. QUOTE Jorge From: [EMAIL PROTECTED] on behalf of joe Sent: Mon 11/28/2005 10:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, November 28, 2005 12:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, Guido Sent: Mon 28/11/2005 11:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Montag, 28. November 2005 17:40 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers As anyone found any issues in disabling the distributed link tracking server on windows 2000 server domain controllers? I would like to take a two step approach in disabling this useless service. First on the DCs and them on all workstations. I was just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Exactly. My point in the offlist discussion was that MS absolutely needed to come up with better ways to determine if something was actually being used or not. For instance, are user IDs really being used or not? Are mailboxes really being used or not. It definitely isn't an easy problem to solve. The comment that came back was yes, it isn't easy, but that isn't a reason for MS to ignore the problem and say that the admins have to deal with it. I agree wholeheartedly. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich MilburnSent: Monday, November 28, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers Hmmm interesting thing you bring up Joe cleanup defaults and for that matter, other configuration defaults. Microsoft could set defaults on all these things, but I doubt the defaults would work as one-size-fits-all. A book could be written giving lots of various things like this that people dont think and/or know to do, along with recommendations and all the variables surrounding them (i.e. if you have more than x users and y computers and z sites and n DCs then you should clean this up, etc). Or maybe someone could write a wizard that would cover a lot of this obscure configuration and maintenance stuff, from this, to DNS scavenging, etc (check boxes are great as to what to include), and it could walk you through (how many users, how many computers, or it could even analyze stuff from the directory itself) and then give recommended values you can tweak if you want, and write a configuration file. Then run the utility with a -forreal switch and it pops up all the things its about to do/configure for you, make you check the things you want to do, and go out and do them. Not for the faint of heart, I admit and it might eat into some consulting $$ for some people but others would probably benefit from the scattered advice of what to scavenge, tombstone, disable, delete, etc all put into one wizard. Im just talking off the cuff here though, so maybe Im full of non-practical ideas this afternoon J ---Rich MilburnMCSE, Microsoft MVP - Directory ServicesSr Network Analyst, Field Platform DevelopmentApplebee's International, Inc.4551 W. 107th StOverland Park, KS 66207913-967-2819--I love the smell of red herrings in the morning - anonymous From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, November 28, 2005 3:10 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Monday, November 28, 2005 12:52 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, GuidoSent: Mon 28/11/2005 11:46 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's Syst
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Aric, You are correct on that... I'm referring to Joe's remark They don't age out. You need to delete them As the article mentions, if the DLT client service does not update them the DLT server service on the DCs will age them out. Another solution could be disable all DLT client services (not the DLT server service) and wait 90 days. That's what I'm referring to, or am I not correct on that? (somewhat like DNS scavenging) Jorge From: [EMAIL PROTECTED] on behalf of Bernard, Aric Sent: Mon 11/28/2005 10:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Might be a problem if the service is disabled, no? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Monday, November 28, 2005 1:22 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers ehhh... according to the KB article (http://support.microsoft.com/?id=312403) objects do age out.. QUOTE It is not critical that you manually delete the Distributed Link Tracking objects after you stop the Distributed Link Tracking server service unless you have to reclaim the disk space that is being consumed by these objects as quickly as possible. Distributed Link Tracking clients prompt the Distributed Link Tracking server to update links every 30 days. The Distributed Link Tracking Server service scavenges objects that have not been updated in 90 days. QUOTE Jorge From: [EMAIL PROTECTED] on behalf of joe Sent: Mon 11/28/2005 10:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, November 28, 2005 12:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, Guido Sent: Mon 28/11/2005 11:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers nope, no known impact (unless you have specifically deployed an app that makes use of this service - none of the MS apps do, which is why the service is disabled by default in Win2003). however, if you want to make sure, why don't you just reverse your disabling process: first disable all clients, then disable the service on the DCs. Don't forget to cleanup the records underneath your domain's System\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTable containers as these will surely contain a lot of garbage. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Montag, 28. November 2005 17:40 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers As anyone found any issues in disabling the distributed link tracking server on windows 2000 server domain controllers? I would like to take a two step approach in disabling this useless service. First on the DCs and them on all workstations. I was just wondering if there would be an impact on the clients seeing that cannot communicate with the server. Thanks Yves This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Heh. I don't think one exists. Items off the top of my head that need to be cleaned up oInactive users (temp users and/or turnover) o Inactive computers o Inactive groups o Group memberships of groups that are still active but contain members that shouldn't have access o Unused or unresolvable FSPs o Unused filelinks o Unused contactso Objects in lost and found (all NCs, even config) o Conflict (CNF) objects o Unused trusts o Unused OUs/Containers o Unused Shares/Printers that were manually created outside of the computer object o Unused GPOS (including ipsec gunk that isn't being used) o Crud hanging around from failed DC Demotions (FRS objects, site objects, etc) o Make sure DNS objects are being scavenged out o Unused site objects o Unused subnet objects (this also should include collapsing subnets if possible, say 2 24 bit subnets for same site that could be set iup as a 23 bit subnet) All of these pretty much have possible issues with them in terms of when you might like to delete or if it is even safe to delete. Something that should be simple would be users or computers yet they aren't. Exchange can really confuse whether or not a userid is truly needed in the case of resource mailboxes. Computer accounts could be for a cluster or a PC that is on the other side of a VPN so doesn't update anything in AD, etc. When I was an ops guy I would regularly just fish around the directory looking for things to get rid of. I might spend a day looking at all of the trusts and delete 10, 20 or 100 of them because the NT domains were migrated in a long while back and someone forgot to tell the Enterprise Admins. I would run oldcmp to look for old computers and users and try to clean them up. I can't even guess how much that tool has helped folks with cleaning up. Groups was tough because you never really knew if they were used, you could make them into DLs which might help but some apps use them for security but don't use them as NT Security so being a DL has no bearing on whether they work or not. Group memberships is even tougher so you have to require the group or resource owner to "certify" the membership on regular say quarterly periods and make them responsible for anyone in the group who shouldn't be. Basically without this occasional pruning AD becomes like your closet or garage, you just stack things up in there as needed and then forget about them until you stumble over them looking for something else. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ActiveDirectorySent: Monday, November 28, 2005 4:23 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers I will admin to being one of those Admins. Can you recommend a good book that shows a clean up best practices for all those items that require manual cleanup? Thanks! Bob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joePosted At: Monday, November 28, 2005 3:10 PMPosted To: ActiveDirectoryConversation: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain ControllersSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers They don't age out. You need to delete them. MS cleans up very little in the directory automatically. Actually I was having an offlist conversation with one of my MS friends about this topic in regards to the previous FSP question. When deleting them it isn't too much impact, however, when they get purged out after the tombstone expires you may find your DCs chugging away if you have lots. I have seen hundreds of thousands of the filelinks in a directory before eating up tremendous space. Personally I would hope the AD admins are doing a good job cleaning things up but for all practical purposes, most places aren't cleaning up and have no clue that they should be or that they need to be. The hard part, when SHOULD the system automatically delete something. It comes down it being able to identify without a shadow of a doubt that the object isn't needed (say computer objects, FSP, etc) or could be perfectly reconstituted if necessary in the event of a bad delete. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Monday, November 28, 2005 12:52 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers Thanks for info the joe and Guido, Because of our politics where I work, modifiying 4 workstations is not that easy. Changing 20 DCs on the other hand is a walk in the park. If I do not remove all of the filelinks manually, aren't they going to age out automatically after 60 days? Thanks Y From: Grillenmeier, GuidoSent: Mon 28/11/2005 11:46 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server&qu
RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers
Title: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers The objects don't age out. A service cleans them up. AD doesn't clean them up. It is on par with saying that old computers age themselves out because you run oldcmp to clean them. Something that ages itself out as a counter example would be say like a dynamic object. Of course someone could have a script go through and make them all dynamic so they just age out automatically then (assuming K3 DCs). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Monday, November 28, 2005 5:31 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers Aric, You are correct on that... I'm referring to Joe's remark "They don't age out. You need to delete them" As the article mentions, if the DLT client service does not update them the DLT server service on the DCs will age them out. Another solution could be disable all DLT client services (not the DLT server service)and wait 90 days. That's what I'm referring to, or am I not correct on that? (somewhat like DNS scavenging) Jorge From: [EMAIL PROTECTED] on behalf of Bernard, AricSent: Mon 11/28/2005 10:59 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" on domain Controllers Might be a problem if the service is disabled, no?-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Almeida Pinto,Jorge deSent: Monday, November 28, 2005 1:22 PMTo: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" ondomain Controllersehhh... according to the KB article(http://support.microsoft.com/?id=312403) objects do age out..QUOTEIt is not critical that you manually delete the Distributed LinkTracking objects after you stop the Distributed Link Tracking serverservice unless you have to reclaim the disk space that is being consumedby these objects as quickly as possible. Distributed Link Trackingclients prompt the Distributed Link Tracking server to update linksevery 30 days. The Distributed Link Tracking Server service scavengesobjects that have not been updated in 90 days.QUOTEJorgeFrom: [EMAIL PROTECTED] on behalf of joeSent: Mon 11/28/2005 10:10 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" ondomain ControllersThey don't age out. You need to delete them. MS cleans up very little inthe directory automatically. Actually I was having an offlistconversation with one of my MS friends about this topic in regards tothe previous FSP question. When deleting them it isn't too much impact,however, when they get purged out after the tombstone expires you mayfind your DCs chugging away if you have lots. I have seen hundreds ofthousands of the filelinks in a directory before eating up tremendousspace.Personally I would hope the AD admins are doing a good job cleaningthings up but for all practical purposes, most places aren't cleaning upand have no clue that they should be or that they need to be. The hardpart, when SHOULD the system automatically delete something. It comesdown it being able to identify without a shadow of a doubt that theobject isn't needed (say computer objects, FSP, etc) or could beperfectly reconstituted if necessary in the event of a bad delete. joeFrom: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of ADSent: Monday, November 28, 2005 12:52 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" ondomain ControllersThanks for info the joe and Guido,Because of our politics where I work, modifiying 4 workstations isnot that easy. Changing 20 DCs on the other hand is a walk in the park.If I do not remove all of the filelinks manually, aren't they going toage out automatically after 60 days?ThanksYFrom: Grillenmeier, GuidoSent: Mon 28/11/2005 11:46 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Disabling "Distributed Link Tracking Server" ondomain Controllersnope, no known impact (unless you have specifically deployed an app thatmakes use of this service - none of the MS apps do, which is why theservice is disabled by default in Win2003).however, if you want to make sure, why don't you just reverse yourdisabling process: first disable all clients, then disable the serviceon the DCs.Don't forget to cleanup the records underneath your domain'sSystem\FileLinks\ObjectMoveTable and System\FileLinks\VolumeTablecontainers as these will surely contain a lot of garbage./GuidoFrom: [EMAIL PROTECTED][mailto:[EMAIL