On Wed, Sep 26, 2012 at 5:46 AM, Rob Crittenden <rcrit...@redhat.com> wrote: > > Steven Jones wrote: >> >> Hi, >> >> I dont have a ldapmodify command for changing something in AD. >> >> I have increased the only scope I/we know about which is the return of >> objects from a search inside the AD gui but that might be specific to that >> view tool. That is 2000 by default, Ive set 40000, I am testing it now, if >> that doesn't work.... >> >> Our best AD person is currently researching to see if its even possible to >> alter that hard code in AD. The only way he can see is using a windows/ad >> specific command line command to modify the internals of AD but he's never >> seen or read about doing it for this attribute. > >
sounds like you need to upgrade your MaxPageSize and LDAPAdminLimits attribute of the Default Query Policy object in the Query-Policies container. We needed to do this to be able to get more than 1000 objects from AD a long time ago. The details I used back then were here: http://technet.microsoft.com/en-us/library/aa998536.aspx cmd.exe -> ntdsutil.exe (on a domain controller) At the Ntdsutil.exe command prompt, type LDAP policies, and then press ENTER. show values [enter] ldap policy: show values Policy Current(New) MaxPoolThreads 4 MaxDatagramRecv 4096 MaxReceiveBuffer 10485760 InitRecvTimeout 120 MaxConnections 5000 MaxConnIdleTime 900 MaxPageSize 1000 MaxQueryDuration 120 MaxTempTableSize 10000 MaxResultSetSize 262144 MaxNotificationPerConn 5 MaxValRange 1500 We want to change MaxPageSize. First we need to authenticate: connections [enter] set creds domain user pwd connect to domain your.domain q then we got to ldap policy set MaxPageSize to 2000 Commit Changes quit quit -- natxo _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users