Sub-Title: “Getting more than 1000 results from your LDAP(S) query to AD”
This is part 5 in a series of 5 posts on this subject; for background, please also see part 1, part 2, part 3, and part 4.
By default, Active Directory does not properly respond to LDAP based queries which return more than 1000 results. If you have more than 1000 users configured in Active Directory, you must increase the maximum page size (MaxPageSize) using the Microsoft Ntdsutil.exe tool. You can find details, specs, etc., about the tool here:
http://support.microsoft.com/kb/315071
Here’s an example of the steps from that MS KnowledgeBase article, re-worded to change the result limit from the default of 1000 to 2000:
- At the Ntdsutil.exe command prompt, type LDAP policies, and then press ENTER.
- At the LDAP policy command prompt, type
Set MaxPageSize to 2000, and then press ENTER. - You can use the
Show Valuescommand to verify your changes. To save the changes, useCommit Changes. - When you finish, type
q, and then press ENTER. - To quit Ntdsutil.exe, at the command prompt, type
q, and then press ENTER.
…and that should do it! I hope this series of articles/tips/posts helped you be more productive in your marriage between Linux and Microsoft… (he says, with tongue firmly planted in cheek…).
😉