How to effectively remove user from large policy group?
Now i use:
dirEntry = new DirectoryEntry(…
dirEntry.Properties["msDS-PSOAppliesTo"].Remove(userDn);
problem: dirEntry only holds upto 1500 users. i have more than 1M users so i have to loop over using paging untill i find entry that holds the user, and only then call Remove(userDn). IT TAKES TO LONG, HOW DO I REMOVE THE USER POLICY MORE EFFECTIVELY?
antricode
Member
2 Points
2 Posts
remove user from large policy group using ldap
Dec 20, 2011 08:16 AM|LINK
How to effectively remove user from large policy group?
Now i use:
dirEntry = new DirectoryEntry(…
dirEntry.Properties["msDS-PSOAppliesTo"].Remove(userDn);
problem: dirEntry only holds upto 1500 users. i have more than 1M users so i have to loop over using paging untill i find entry that holds the user, and only then call Remove(userDn). IT TAKES TO LONG, HOW DO I REMOVE THE USER POLICY MORE EFFECTIVELY?
CURRENT UNEFFECTIVE CODE:
DirectoryEntry dirEntry = null;
string LDAPQuery = LDAP_INIT + "CN=" + policy + ",CN=Password Settings Container,CN=System," + LDAP;
dirEntry = new DirectoryEntry(LDAPQuery, DOMAIN + "\\" + ADS_ADMIN.userName, ADS_ADMIN.pwd);
dirEntry.AuthenticationType = AuthenticationTypes.Secure;
int ctr = 0;
while (ctr < 1000)
{
if (ctr == 0)
dirEntry.RefreshCache(new string[] { "msDS-PSOAppliesTo;range=0-1000" });
else
dirEntry.RefreshCache(new string[] { "msDS-PSOAppliesTo;range=" + ((ctr * 1000) + 1).ToString() + "-" + ((ctr + 1) * 1000).ToString() });
if (dirEntry.Properties["msDS-PSOAppliesTo"].Contains(userDn))
{
dirEntry.Properties["msDS-PSOAppliesTo"].Remove(userDn);
dirEntry.CommitChanges();
break;
}
ctr++;
}
policy