?
Solved

AD user object restriction

Posted on 2009-02-20
8
Medium Priority
?
278 Views
Last Modified: 2012-05-06
Hey all --

How do stop the AD user restriction of only showing 1000 objects from the server?
0
Comment
Question by:nyceuser
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 23695539
where in AD are you talking about
In AD users and computers you can to to view >> Filter options and set the maximum number of items displayed
 
Thanks
Mike
0
 

Author Comment

by:nyceuser
ID: 23695573
Ok here is my problem.   vendor is here and is using a 3rd party app that connects to AD to pull the users.  But it's only showing 1000 users for him.  Is this because of the restriction in AD?
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 23695594
More than likely this is due to the LDAP limit of 1000 entries.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 35

Accepted Solution

by:
Joseph Daly earned 1600 total points
ID: 23695605
The SizeLimit and PageSize properties both affect the number of items that are returned by a search. The SizeLimit property sets the maximum number of items that will be returned by a search, but there may be other search result limitations imposed by the underlying directory service. For example, Active Directory limits the maximum number of search results to 1000. In this case, setting the SizeLimit property to a value greater than 1000 has no effect.

The PageSize property sets the maximum number of items in each page of results that will be returned by a search. The page size is also affected by the underlying directory service. With Active Directory, the largest page size is 1000. Any value over 1000 will be ignored. If PageSize is set to its default value (zero), no paging will occur and the maximum number of items returned by the search will be the lesser of SizeLimit and 1000.

To retrieve a set of results that is larger than 1000 items, you must set SizeLimit to its default value (zero) and set PageSize to a value that is less than or equal to 1000. For example, if a search will result in 12,000 items being returned and SizeLimit is set to 500, a total of 500 items will be returned. If, however, SizeLimit is set to zero and PageSize is set to 500, the search will return all 12,000 results in pages of 500 items, with the last page containing only 200 items. The paging occurs transparently to the application and the application does not have to perform any special processing other than setting the PageSize property to the proper value.
0
 

Author Comment

by:nyceuser
ID: 23695612
is there a way to change this?
0
 

Author Comment

by:nyceuser
ID: 23695642
wow..thanks for that info xxdcmast...where do I go to set the PageSize and SizeLimit?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 400 total points
ID: 23695962
http://www.experts-exchange.com/Database/LDAP/Q_24099175.html
Some more info, Chris Dent and I were involved in a thread about this topic last month.
 
Thanks
Mike
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 23705842
> "vendor is here and is using a 3rd party app that connects to AD to pull the users.  But it's only showing 1000 users for him.  Is this because of the restriction in AD?"

Inform your vendor that their application needs to be configured to use paged LDAP queries. Modifying the default page size is not a recommended practice, as it can leave your domain controllers vulnerable to denial of service attacks by badly-formatted or inefficient queries.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question