Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    Copyright
    Preface
    Ch. 1. Getting Started
    Ch. 2. Forests, Domains, and Trusts
    Ch. 3. Domain Controllers, Global Catalogs, and FSMOs
    Ch. 4. Searching and Manipulating Objects
    Recipe 4.1. Introduction
    Recipe 4.2. Viewing the RootDSE
    Recipe 4.3. Viewing the Attributes of an Object
    Recipe 4.4. Counting Objects in Active Directory
    Recipe 4.5. Using LDAP Controls
    Recipe 4.6. Using a Fast or Concurrent Bind
    Recipe 4.7. Connecting to an Object GUID
    Recipe 4.8. Connecting to a Well-Known GUID
    Recipe 4.9. Searching for Objects in a Domain
    Recipe 4.10. Searching the Global Catalog
    Recipe 4.11. Searching for a Large Number of Objects
    Recipe 4.12. Searching with an Attribute-Scoped Query
    Recipe 4.13. Searching with a Bitwise Filter
    Recipe 4.14. Creating an Object
    Recipe 4.15. Modifying an Object
    Recipe 4.16. Modifying a Bit Flag Attribute
    Recipe 4.17. Dynamically Linking an Auxiliary Class
    Recipe 4.18. Creating a Dynamic Object
    Recipe 4.19. Refreshing a Dynamic Object
    Recipe 4.20. Modifying the Default TTL Settings for Dynamic Objects
    Recipe 4.21. Moving an Object to a Different OU or Container
    Recipe 4.22. Moving an Object to a Different Domain
    Recipe 4.23. Referencing an External Domain
    Recipe 4.24. Renaming an Object
    Recipe 4.25. Deleting an Object
    Recipe 4.26. Deleting a Container That Has Child Objects
    Recipe 4.27. Viewing the Created and Last Modified Timestamp of an Object
    Recipe 4.28. Modifying the Default LDAP Query Policy
    Recipe 4.29. Exporting Objects to an LDIF File
    Recipe 4.30. Importing Objects Using an LDIF File
    Recipe 4.31. Exporting Objects to a CSV File
    Recipe 4.32. Importing Objects Using a CSV File
    Ch. 5. Organizational Units
    Ch. 6. Users
    Ch. 7. Groups
    Ch. 8. Computer Objects
    Ch. 9. Group Policy Objects
    Ch. 10. Schema
    Ch. 11. Site Topology
    Ch. 12. Replication
    Ch. 13. DNS and DHCP
    Ch. 14. Security and Authentication
    Ch. 15. Logging, Monitoring, and Quotas
    Ch. 16. Backup, Recovery, DIT Maintenance, and Deleted Objects
    Ch. 17. Application Partitions
    Ch. 18. Active Directory Application Mode and Active Directory Lightweight Directory Service
    Ch. 19. Active Directory Federation Services
    Ch. 20. Microsoft Exchange Server 2007 and Exchange Server 2003
    Ch. 21. Microsoft Identity Lifecycle Manager
    Colophon
    Index
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    Chapter 4. Searching and Manipulating Objects > Refreshing a Dynamic Object

    Recipe 4.19. Refreshing a Dynamic Object

    NOTE

    This recipe requires the Windows Server 2003 or Windows Server 2008 forest functional level.

    4.19.1. Problem

    You want to refresh a dynamic object to keep it from expiring and getting deleted from Active Directory.

    4.19.2. Solution

    In each solution below, an example of adding a user object is used. Modify the examples as needed to refresh whatever object is needed.

    4.19.2.1. Using a graphical user interface

    1. Open LDP.

    2. From the menu, select Connection→Connect.

    3. For Server, enter the name of a domain controller (or leave it blank to do a serverless bind).

    4. For Port, enter 389.

    5. Click OK.

    6. From the menu, select Connection→Bind.

    7. Enter credentials of a user who can modify the object.

    8. Click OK.

    9. Select Browse→Modify.

    10. For DN, enter the DN of the dynamic object you want to refresh.

    11. For Attribute, enter entryTTL.

    12. For Values, enter the new time to live (TTL) for the object in seconds.

    13. Under Operation, select Replace.

    14. Click Enter.

    15. Click Run.

    4.19.2.2. Using a command-line interface

    Create an LDIF file called refresh_dynamic_object.ldf with the following contents:

    dn: cn=jsmith,cn=users,dc=adatum,dc=com
changetype: modify
replace: entryTTL
entryTTL: 1800
-

    Then run the following command:

    > ldifde -v -i -f refresh_dynamic_object.ldf

    You can also use AdMod with the following syntax:

    > admod -b <ObjectDN> entryTTL::<TTL in Seconds>

    4.19.2.3. Using VBScript
    set objUser = GetObject("LDAP://cn=jsmith,cn=users,dc=adatum,dc=com")
objUser.Put "entryTTL", "1800"
objUser.SetInfo

    4.19.2.4. Using PowerShell

    To refresh a dynamic object using the Quest AD cmdlets, use the following syntax:

    set-QADObject -Identity <ObjectDN> @{entryTTL=1800}

    To modify an object using ADSI, use the following:

    $objDyn = [System.DirectoryServices.DirectoryEntry] "LDAP://<ObjectDN>"
$objDyn.put("entryTTL","1800")
$objDyn.SetInfo()

    4.19.3. Discussion

    Dynamic objects expire after their TTL becomes 0. You can determine when a dynamic object will expire by looking at the current value of an object’s entryTTL attribute or by querying msDS-Entry-Time-To-Die, which contains the seconds remaining until expiration. If you’ve created a dynamic object and need to refresh it so that it will not get deleted, you must reset the entryTTL attribute to a new value. There is no limit to the number of times you can refresh a dynamic object. As long as the entryTTL value does not reach 0, the object will remain in Active Directory.

    4.19.4. See Also

    Section 4.15 for modifying an object and Section 4.18 for creating a dynamic object