Thanks, just found an article (315071) that explains how to display the server side enforced policies. Seems the default size is 1000 entries.
I'll look over the paged control module and see how that one works, makes sense now. What about sAMAccountType attribute? Would that reduce the unnecessary entries even more perhaps? I know there are at least 30,000 "good" accounts in AD and probably another 10,000 that aren't supposed to be there, those are the ones I need to compare to our database and ultimately delete. > -----Original Message----- > From: Giuoco, Aaron [mailto:[EMAIL PROTECTED] > Sent: Friday, June 17, 2005 11:40 AM > To: Young, Darren; [email protected] > Subject: RE: Sizelimit Exceeded from Active Directory > > I think you need to enable paging using the > Net::LDAP::Control::Paged module. > > Also, if you are searching for all users, I think the proper > filter is: > > $filter = '(&(objectClass=user)(objectCategory=person))'; > > Many objects have a sAMAccountName. So you might be pulling > more than you need. > > AG > > > > -----Original Message----- > > From: Young, Darren [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 17, 2005 11:31 AM > > To: [email protected] > > Subject: Sizelimit Exceeded from Active Directory > > > > > > Have a Net::LDAP script that needs to query AD and gather a list of > > all users then shove that information into an array for processing. > > What I'm doing at the moment is to search for > sAMAccountName=* however > > I get the following from the script: > > > > 06-17-2005 11:10:09: main(): LDAP search failed on gsbad1:389 > > 06-17-2005 11:10:09: main(): LDAP error code is: 4 > > 06-17-2005 11:10:09: main(): LDAP error text is: Sizelimit exceeded > > > > From what I've seen on MSDN there is a way to increase the > sizelimit > > of the result set, however everything they show is either > ADSI or for > > the MS ldap manager widget. > > > > Tried only searching for the letter a* and setting the > sizelimit param > > in the Net::LDAP search: > > > > my $mesg = $ldap->search( sizelimit => 35000, > > base => "$basedn", > > filter => '(&(sAMAccountName=' . "a*" . > > '))' > > ); > > > > Same results. Any thoughts? Maybe a better way to do this? Server > > enforced size limit perhaps? > > > > ------------------------------------------------------------- > > | Darren Young | http://www.chicagogsb.edu | > > | Senior UNIX Administrator | [EMAIL PROTECTED] | > > | University of Chicago GSB | [EMAIL PROTECTED] | > > ------------------------------------------------------------- > > >
