[gptalk] Re: GPMC

Are you using MIIS/ILM? What triggers the creation of an OU? You
probably need to look into this and seriously consider flattening your
AD structure to a more logical number of OUs. How is your AD currently
organized?

 

 

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Gary Noyes
Sent: Thursday, February 21, 2008 3:22 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPMC

 

Actually we only have 22 GPO's, but they are linked all over the place.
I have no answers for you as to why there are so many OUs other than it
was all in place before I got here. We use an Identity Management system
that has been customized and talks directly to AD for provisioning user
accounts and new OUs so the number just keeps growing. Thats about all
the detail I will get into because I am new here and was not involved
with any of the architecture so I don't have the answers. I'm still in
the discovery stage of all this. To manage it we use the built in tools,
but also we have the suite of Quest tools to help. Some are pretty
powerfull and very nice and some are not.

 

Gary

        ----- Original Message ----- 

        From: Alan & Margaret <mailto:syspro@xxxxxxxxxxxxxxxx>  

        To: gptalk@xxxxxxxxxxxxx 

        Sent: Thursday, February 21, 2008 4:10 PM

        Subject: [gptalk] Re: GPMC

         

        Hi Gary,

         

        Wow... I'm impressed (I think)... You seem to have an average of
1.5 objects per OU!

         

        It raises the question of why you would have so many OU's... and
how on earth do you manage them all? 

         

        Darren's assessment seems to suggest that not only do you have
thousands of OU's, you have many OU to GPO links (millions?). So how
many GPO's would you have and how many OU to GPO links? 

         

        Alan Cuthbertson

         

         

         Policy Management Software:-

        
http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml

         

        ADM Template Editor:-

        
http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml

         

        Policy Log Reporter(Free)

        
http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml

         

         

         

         

________________________________

        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Gary Noyes
        Sent: Friday, 22 February 2008 7:41 AM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: GPMC

         

        Ok, just got an OU total, 53171 so that would stand to reason my
delay when using that wonderful GPMC tool :-) 

                ----- Original Message ----- 

                From: Darren Mar-Elia <mailto:darren@xxxxxxxxxx>  

                To: gptalk@xxxxxxxxxxxxx 

                Sent: Thursday, February 21, 2008 12:58 PM

                Subject: [gptalk] Re: GPMC

                 

                This is a big flaw in GP design, as far as I'm
concerned. The fact that gp links are stored as a single concatenated
string instead of a multi-valued attribute was a big mistake for larger
environments.  There's effectively no way to speed this up, because even
if you were to index this attribute in AD, you still end up having to
parse the string for each GPO GUID. Really lame.

                 

                Darren

                 

                From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Gary Noyes
                Sent: Thursday, February 21, 2008 9:53 AM
                To: gptalk@xxxxxxxxxxxxx
                Subject: [gptalk] Re: GPMC

                 

                I'm pretty sure it's the amount of OU's as this tool
hangs no matter where I use it from. I will try your tool and let you
know.

                 

                Thanks

                Gary

                        ----- Original Message ----- 

                        From: Darren Mar-Elia <mailto:darren@xxxxxxxxxx>


                        To: gptalk@xxxxxxxxxxxxx 

                        Sent: Thursday, February 21, 2008 11:53 AM

                        Subject: [gptalk] Re: GPMC

                         

                        You'd probably have to script it. In any case,
for the enumeration to take minutes means you have a lot of  OUs and
potentially lots of GPOs linked to each of those. Either that or
something is broken. You might try a network trace from the machine
running GPMC and see if anything stands out. Outside of that, you could
downloading the trial version of my Backup Manager for GP product and
see if it takes the same lengthy time to show links. If so, then you
know its not a GPMC thing. 

                         

                        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Gary Noyes
                        Sent: Thursday, February 21, 2008 8:43 AM
                        To: gptalk@xxxxxxxxxxxxx
                        Subject: [gptalk] Re: GPMC

                         

                        Don't really have a number how can I get that?

                                ----- Original Message ----- 

                                From: tools@xxxxxxxxxx 

                                To: gptalk@xxxxxxxxxxxxx 

                                Sent: Thursday, February 21, 2008 10:53
AM

                                Subject: [gptalk] Re: GPMC

                                 

                                How many OUs are we talking about here
Gary? When you try to get information on where a given GPO is linked,
GPMC is having to search the entire domain, looking at every container
object, and searching its gpLink attribute for the GUID of the GPO.
Those attributes are not multi-valued, which means its doing a string
compare across each of the GUIDs in the link list. So, yes, this will be
an expensive process. I do this in fact in one of my products and it
usually doesn't take very long, but your environment may be very
different. 

                                 

                                Darren

                                 

                                From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Gary Noyes
                                Sent: Thursday, February 21, 2008 7:48
AM
                                To: gptalk@xxxxxxxxxxxxx
                                Subject: [gptalk] Re: GPMC

                                 

                                Ok, even in AD Users and Computers when
you click on the links tab it hangs so it looks like the GPMC is
probably automatically searching for all links when you click on a GPO.
Now the question is how do I change this behavior with the GPMC tool?

                                 

                                Thanks

                                Gary

                                ----- Original Message ----- 

                                From: Darren Mar-Elia
<mailto:darren@xxxxxxxxxx>  

                                To: gptalk@xxxxxxxxxxxxx 

                                Sent: Wednesday, February 20, 2008 10:48
PM

                                Subject: [gptalk] Re: GPMC

                                 

                                Gary-

                                I can't think of any reason this would
be the case under normal circumstances. What might be interesting is to
see if you get the same delay when accessing GPO information via the
GPMC scripts?

                                 

                                Darren

                                 

                                From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of gwnoyes@xxxxxxxxxxx
                                Sent: Wednesday, February 20, 2008 7:02
PM
                                To: gptalk@xxxxxxxxxxxxx
                                Subject: [gptalk] GPMC

                                 

                                We have a large AD 2003 domain, about 75
thousand objects and lots & lots of OUs. When I open the GPMC and click
on one the GPO's it takes about 10 minutes for it to display the
information about that GPO, it hangs at an hour glass. I made sure the
tool is pointing to the right DC and it still sits at an hour glass for
about 10 minutes. All servers are talking on Gig links so bandwidth
isn't a problem.

                                 

                                If anyone has seen this an has a fix I
would greatly appreciate your assistance with this as it drives me
crazy.

                                 

                                Thanks in advance

                                Gary

**********************************************************************
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).


This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

Other related posts: