The MaxPageSize value for the LDAPAdminLimits attribute controls the number of records that can be returned upon an LDAP query. If there are more then 1000 items returned for an LDAP query, then the Active Directory sees this maximum value of (1000) and return nothing.
This is due to by default in Microsoft Active Directory the query limit is set to 1000 objects per request. The parameter in Active Directory can be changed in different ways. It can be changed with the NTDSUtil.exe utility or with the ADSI Edit Snap-in.
The following LDAP entry needs to be changed.CN=Default Query Policy, CN=Query-Policies, CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=YOUR_COMPANY, DC=YOUR_COMPANY_TLD.
To start ntdsutil.exe:
Go Start and then click on Run.
At the command prompt, type ntdsutil and then press ENTER.
At the ntdsutil command prompt, type LDAP policies and then ENTER.
At the LDAP policy prompt, type connections and then ENTER.
AT the server connections prompt, type connect to server (DNS name of the Server or localhost)
But if you like to modify the default values, For Example the MaxPageSize (say to 2500), At the command prompt enter the following commands:
Type ntdsutil, then Enter
Type LDAP policies and then ENTER
Type Set MaxPageSize to 2500
To confirm the changes, use the Show Values command.
Once the values are confirmed then
Type Commit Changes, then Enter
Type q, then press ENTER to return to previous menu.
Type q again and then press ENTER to exit ntdsutil.
The changes are immediatly effective and if you have multiple sites you may need to force replication accross your network.
To use the ADSI Edit:
http://www.fots.nl/index.php/how-to/set-the-maxpagesize/
http://www.computerperformance.co.uk/w2k3/utilities/adsi_edit.htm
No comments:
Post a Comment