Vista - ADSI: Working with the local property cache

When deleting an object from Active Directory, you are not working with the
local property cache, but directly with the AD. You don't commit the delete
by using SetInfo.

When deleting the value of an attribute of an object in AD, the examples in
the Windows 2000 Scripting Guide show the use of SetInfo to commit the
changes. So does this mean that PutEx only works with the local property
cache and can't work directly with AD?

It just seems a little backwards to me. I think you'd want a "confirm" type
of action like SetInfo when deleting an object. It's not like you can create
a new object with the same name and have everything fixed. Attribute values
on the other hand aren't quite as big of a deal. if you delete a telephone
number you can add it back.

"Larry" <Larry@xxxxxx> wrote in message
news:6BE5C306-0739-4149-A173-88C0DBDD6C00@xxxxxxIMHO, the purpose of setinfo is not to give you the chance to make a few
changes by leaving you the option to back out by not using setinfo. Rather,
its purpose is to reduce the number of actual updates to AD when you are
making a few changes to one account, which could theoretically have some
impact on replication traffic.

A secondary use is to ensure that related changes are all either made
together or not at all. For example, if a user's legal name changes, you
might change a number of related fields, such as first, last, name,
samaccountname, smtp address, and so on. If each change made were
automatically committed, and then something failed before all were done, you
would wind up with an account inconsistently configured: "Why is Joan
Smith's SMTP address Joan.Jones@xxxxxx?"

But when it comes to deletion, what other changes could you possibly be
making that would remain in effect once the account is deleted? If you were
to set the description to "deleted on dec 19", disable the account, delete
it, and then commit those changes with setinfo, the account receiving the
first two changes would no longer exist. The end result will be no different
from having deleted the account with no other changes, so why bother?
Internally, deleting the value is simply removing a particular attribute and
its current value from the object. Another way to look at it is that, after
such deletion, the attribute has no significant value, which might also be
the case when a value is set to "". The distinction between "" and no value
is, in some ways, a perception of the application presenting the
information. ADU&C, for example, will show no visible difference; the fact
that a script can detect this difference is only a technical detail related
to how AD works internally.
If you write a script that does such tasks as deleting objects, you could
code it to require user confirmation before deleting. Even if a delete
required a setinfo, that would still only result in a confirmation if
explicitly coded to ask the user to confirm before the setinfo instead of
before an authoritative delete.
That is true, but, as I explain above, I think you are reading a purpose
into setinfo that it does not have.

/Al