15.17. Finding the Quota Usage for a Security Principal
Tip
This recipe requires a Windows Server 2003 domain controller.
Problem
You want to find the quota usage for a certain security principal.
Solution
The quota usage of a security principal can be determined a few
different ways. First, you can use the dsget
command. Here is an example:
> dsget user "<UserDN
>" -part <PartitionDN
> -qlimit -qused
This displays the effective quota limit and how much quota has been
used for a particular user. You can use similar parameters with
dsget
computer
and
dsget
group
to find the quota
usage for those types of objects.
Users can find their own quota usage by querying the
msDs-QuotaUsed
and
msDs-QuotaEffective
attributes on the
cn=NTDS Quotas
container for a partition. These
two attributes are constructed, which means they are dynamically
calculated based on the user that is accessing them (see Recipe 10.15 for more on constructed attributes). The
msDs-QuotaUsed
attribute returns how much of the
quota has been used by the user and the
msDs-QuotaEffective
attribute contains the quota
limit.
Alternatively, view the msDs-TopQuotaUsage
attribute on a partition’s
cn=NTDS
Quotas
container, which
contains the user’s with the top quota usage. This
attribute is multi-valued, with each value being XML-like text that
contains the SID and how much of the quota the principal has used.
See the Discussion section for an example.
Discussion
If you implement quotas, you’ll certainly need to tell users what their quotas ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.