A directory service for a computer network has system objects representing users, groups, computers, and various other things. Depending on the implementation of the directory service, the creation and deletion of the directory service objects may be done either only by authorized network administrators or computers or by regular users. Regardless of who is allowed to create objects, there is a security risk that an entity (a user, group, or computer) that has been delegated the authority to create objects may indiscriminately or intentionally create too many system objects that will hinder the operation of the directory service. For instance, a user that is allowed to create objects may turn renegade and launch a denial-of-service attack by creating a large number of objects to exhaust the resources of the directory service. To prevent such a risk, it has been proposed to impose an entity-based quota on the number of objects each user/computer may own in a given directory service database.
The use of quotas to control the creation of directory service objects, however, does not provide a complete solution. A network directory service is typically a distributed database system in which the creation and deletion of objects on one directory server (e.g., an Active Directory domain controller) are replicated to other directory servers in the distributed database. For replication purposes, when a directory server deletes an object, it sets up a “tombstone” object for the deleted object to keep track of the deletion while the deletion is replicated through the network to the other servers. Although tombstone objects are typically significantly smaller than regular directory service objects, they are not cost free. Thus, even if the directory service enforces object quotas, an entity can still create a problem by repeatedly creating and deleting objects to cause the generation of a large number of tombstones, while keeping the total system objects under its name within the quota assigned to it. Accordingly, there is a need to handle the creation of tombstones in connection with the use of object quotas in a directory service.