Jaa


What are DLT Objects and how should we deal with them

The DLT object can cause NTDS.DIT Bloat in the Active Directory. This will of course mean you are replicating objects around in your Active Directory unnecessarily. So firstly what are DLT objects

DLT Objects

See below as taken from https://support.microsoft.com/?id=312403

"You can use the Distributed Link Tracking Server service and the Distributed Link Tracking Client service to track links to files on NTFS-formatted partitions. Distributed Link Tracking tracks links in scenarios where the link is made to a file on an NTFS volume, such as shell shortcuts and OLE links. If that file is renamed, moved to another volume on the same computer, moved to another computer, or moved in other similar scenarios, Windows uses Distributed Link Tracking to find the file. When you access a link that has moved, Distributed Link Tracking locates the link; you are unaware that the file has moved, or that Distributed Link Tracking is used to find the moved file"

Implications for the Active Directory

When shortcuts are created, objects are created in Active Directory. However, this feature is unreliable and is rarely used. The net result is the creation of lots of unnecessary objects that can cause database growth. By default, DLT services are disabled in Microsoft Windows Server 2003. Each Microsoft Windows 2000 system or later will have the DLT Client service. Each DC will also have a DLT Server service. DLT objects are stored in the domain partition under \System\FileLinks\.
The DLT services should be disabled through Group Policy and then the objects deleted. The objects can be deleted by using the script, dltpurge.vbs,

The actual size of the NTDS.DIT will not shrink unless an offline defragmentation is performed against it. This is specific to DC, so it has to be performed separately against each DC. If an offline defragmentation is warranted, it should not be performed until after the DLT objects are deleted and the tombstone lifetime interval has passed. This is because the DLT objects actually remain in the database until then. Additionally, the garbage collection process that actually deletes the tombstoned objects must be allowed to permanently delete the objects after the tombstone lifetime interval has elapsed. This can take several days if there are multiple DLT objects.
Because DLT objects are small and have very few attributes, the objects actually grow in size when deleted. This is due to how certain attributes are modified when an object is tombstoned. Although the amount of growth is relatively small, it can add up when there are multiple DLT objects to delete. This is a particular concern if there are DCs with low available disk space on their database volume. If this might be an issue, temporary DCs can be built, split off into an isolated environment, and then the entire process run against them to determine potential database growth. DCs with inadequate disk space should be addressed prior to deleting the objects.

References:
Distributed link tracking on domain controllers based on Microsoft Windows
https://support.microsoft.com/?id=312403

Comments