That’s okay, this certainly helps. You have some zeros as well, but you also have the expected default of 4096 on MaxDatagramRecv, which is four times what we have. The same for your MaxValRange of 1500, where ours is 0. I think everything else is the same as yours.
There are three which you don’t have: MaxPercentDirSynRequests, MaxBatchReturnMessages and MaxValRangeTransitive, which are all 0 as well. Maybe those are new to 2012 (R2). I’m concerned about the two that don’t match yours, but I do have a couple of Windows 2012 R2 test domains that I can check. The response is much appreciated. *From:* listsadmin@lists.myitforum.com [mailto: listsadmin@lists.myitforum.com] *On Behalf Of *Christopher Bodnar *Sent:* Wednesday, August 26, 2015 4:58 PM *To:* ntsys...@lists.myitforum.com *Subject:* RE: [NTSysADM] AD LDAP Policies 2012 R2 Not up to 20012 R2 yet, at 2008 R2, but have upgraded from 2000à2003à2008 R2. Here are the current values: Policy Current(New) MaxPoolThreads 4 MaxDatagramRecv 4096 MaxReceiveBuffer 10485760 InitRecvTimeout 120 MaxConnections 5000 MaxConnIdleTime 900 MaxPageSize 1000 MaxQueryDuration 120 MaxTempTableSize 10000 MaxResultSetSize 262144 MinResultSets 0 MaxResultSetsPerConn 0 MaxNotificationPerConn 5 MaxValRange 1500 ThreadMemoryLimit 0 SystemMemoryLimitPercent 0 *From:* listsadmin@lists.myitforum.com [ mailto:listsadmin@lists.myitforum.com <listsadmin@lists.myitforum.com>] *On Behalf Of *Charles F Sullivan *Sent:* Wednesday, August 26, 2015 11:58 AM *To:* ntsys...@lists.myitforum.com *Subject:* [NTSysADM] AD LDAP Policies 2012 R2 We have a single domain/forest at Windows 2012 R2 functional level. This began 14 years ago as a Windows 2000 domain. (Actually it was originally migrated from NT 4, but I don’t think that would be a factor.) In checking the LDAP policies using ntdsutil, I see at least 5 settings that are non-default. An example is MaxValRange = 0. The default is 1500. Is there anyone else out there running a Windows 2012 R2 domain who is aware of these settings in their own environment, or who would be willing to check? Particularly helpful may be someone whose domain started out as Windows 2000. Does anyone know if this is expected or normal? Thanks for any help with this. Charlie Sullivan Sr. Windows Systems Administrator ------------------------------ ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
