September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
4.16. Modifying the Default TTL Settings for Dynamic Objects
Tip
This recipe requires the Windows Server 2003 forest functional level.
Problem
You want to modify the minimum and default TTLs for dynamic objects.
Solution
In each solution below, I’ll show how to set the
DynamicObjectDefaultTTL setting to 172800.
Modifying the DynamicObjectMinTTL can be done in
the same manner.
Using a graphical user interface
Open ADSI Edit.
If an entry for the Configuration naming context is not already displayed, do the following:
Right-click on ADSI Edit in the right pane and click Connect to . . .
Fill in the information for the naming context for your forest. Click on the Advanced button if you need to enter alternate credentials.
In the left pane, browse to the following path under the Configuration naming context: Services → Windows NT → Directory Service.
Right-click
cn=Directory Serviceand select Properties.Edit the
msDS-Other-Settingsattribute.Click on
DynamicObjectDefaultTTL=<xxxxx>and click Remove.The attribute/value pair should have been populated in the “Value to add” field.
Edit the number part of the value to be 172800.
Click Add.
Click OK twice.
Using a command-line interface
The following ntdsutil command
connects to
<DomainControllerName>, displays the
current values for the dynamic object TTL settings, sets the
DynamicObjectDefaultTTL to 172800, commits the
change, and displays the results:
> ntdsutil "config settings" connections "connect to server <DomainControllerName>"[RETURN] q "show ...