Set the MaxPageSize in Active Directory

21 Feb 2006   | Active Directory

Tags:

In large environments there are lots of objects in Active Directory. Querying the objects via LDAP is done by different third party applications to (for example) verify users. But sometimes these queries return an error with regard to the sizelimit and not all objects are returned.

This behavior may occur due to either of the two possible reasons, or both:

  • Client Settings: the client which is used to query the LDAP database has a result size limit. This depends on which client is used.
  • LDAP Server Settings: By default in Microsoft Active Directory the query limit is set to 1000 objects per request.

The parameter in Active Directory can be changed in different ways. It can be changed with the NTDSUtil.exe utility or with the ADSI Edit Snap-in.

The following LDAP entry needs to be changed.

CN=Default Query Policy, CN=Query-Policies, CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=YOUR_COMPANY, DC=YOUR_COMPANY_TLD

When using NTDSUtil.exe type the following :

ntdsutil
ldap policies
connections
connect to server servername
q
show values
Policy                          Current(New)
MaxPoolThreads                  4
MaxDatagramRecv                 4096
MaxReceiveBuffer                        10485760
InitRecvTimeout                 120
MaxConnections                  5000
MaxConnIdleTime                 900
MaxPageSize                     1000
MaxQueryDuration                        120
MaxTempTableSize                        10000
MaxResultSetSize                        262144
MaxNotificationPerConn                  5
MaxValRange                     1500

set maxpagesize to 5000
commit changes
q
q

The setting is immediatly effective. If you use multiple sites you may need to force replication.

When using the ADSI Edit Snap-In, connect to the Configuration Naming context. Go to the LDAP entry given above and view the properties of CN=Default Query Policy. The following screen will appear:

MaxPageSize

Doubleclick on the lDapAdminLimits. Click on MaxPageSize and remove the entry. Change the entry as shown next :

MaxPageSize2

Change the value of the entry to meet your needs, for example 3000. Click on Add and Ok and the entry is changed in Active Directory.

For more information on this subject see :
How to view and set LDAP policy in Active Directory by using Ntdsutil.exe
http://support.microsoft.com/?kbid=315071
MaxPageSize is set too high
http://www.microsoft.com/technet/prodtechnol/exchange/Analyzer/ef05b737-0a94-49ab-8deb-5acf91865531.mspx

Hans Sleurink

Hans Sleurink works as a Consultant at Wortell in the Netherlands where he designs and deploys Unified Communications solutions. His main focus is on, but not limited to, Microsoft Teams (migrations), including Enterprise Voice, contact center solutions, AudioCodes, Direct Routing, Exchange, Office 365, Active Directory and other UC related topics.

More Posts - Website

Follow Me:
LinkedIn

Leave a Reply

  

  

  

This site uses Akismet to reduce spam. Learn how your comment data is processed.