This recipe requires a Windows Server 2003 domain controller.
You want to limit the number of objects a security principal can create in a partition by creating a quota.
> dsadd quota -part <
PartitionDN> -qlimit <
QuotaLimit> -acct <
PrincipalName>[RETURN] [-rdn <
The following command creates a quota specification that allows the
RALLENCORP\rallen user to create only
5 objects in the dc=rallencorp,dc=com partition:
> dsadd quota -part dc=rallencorp,dc=com -qlimit 5 -acct RALLENCORP\rallen
Quotas are a new feature in Windows Server 2003 that allow an administrator to limit the number of objects that a user (or group of users) can create. This is similar in nature to the quota for creating computer objects found in Windows 2000 (see Recipe 8.9 for more details), except the quotas in Windows Server 2003 apply to the creation of all object types.
There are three things that need to be set when creating a quota specification, including:
Currently, quotas can apply only to an entire partition. You cannot create a quota that pertains only to a subtree in a partition. You can create quotas for any partition, including application partitions, except for the schema-naming context. The reasoning behind this restriction is that the schema is a highly protected area of the directory and you shouldn’t need to restrict how many objects get created there.
A quota can be defined ...