Here are the values from ntdsutil: ldap policy: Show Values
Policy Current(New) MaxReceiveBuffer 10485760 MaxPageSize 1000 MaxResultSetSize 262144 So it definite looks as if I am hitting the PageSize limit as everything I query stops at 1000 results. So, I thought that setting this in the script would temporarily allow you to get more results or is the only way to get more results to change it in AD itself? -----Original Message----- From: Steven Manross [mailto:ste...@manross.net] Sent: Tuesday, April 26, 2011 1:30 PM To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help So, there is a difference between page size and size limit. If you hit a problem with PageSize, the query grabs the first 1000 records and then calls it done (providing your MaxPageSize = 1000), without error. You are getting a size limit error, which means that something is prohibiting you from getting the number or size of results you want. HTH The KB article describes that "Absolute Limits" that AD will search with. Note that the: "MaxPageSize" is usually set to 1000 (how many records to send in a given chunk of data -- you can request lots of chunks as long as they don't exceed the other maximums as well). Setting "Page Size" to something <= 1000 fixes that. "MaxRecieveBuffer" is default set at 10485760 (10MB -- how much actual data can I request back -- i.e. sending back 50 columns of data for 200000 records might get you there -- total guess) "MaxResultSetSize" is default set to 262144 (number of individual records you can request -- seems like a lot). If you can verify these values in your Active directory implementation, and respond with them, that would help. Can you also send the value of your $strAttrs variable, as I am confused by the thread below as it is referenced twice. It looks like you either want the 'distinguishedname' or the 'name' -- neither should bet you anywhere close to 10MB, but the distinguishedname is much larger, and dependent on your ou structure. P.S. What is your Activestate Perl version? Steven > -----Original Message----- > From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com] > Sent: Tuesday, April 26, 2011 9:07 AM > To: Steven Manross; perl-win32-admin@listserv.ActiveState.com > Subject: RE: AD Page Size help > > Well... by adding your suggestion, I noticed there was an OU that I > has missed in my array. > Adding that OU to the array gave me the error I normally get. > It says there are 960 users in that OU. However if I do a Find in ADUC > on just that OU, it says there are 4268 users. > > I thought the whole point to setting the Page Size variable was to > momentarily get around the search limits. > Is that not the case? > > > -----Original Message----- > From: Steven Manross [mailto:ste...@manross.net] > Sent: Tuesday, April 26, 2011 11:53 AM > To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com > Subject: RE: AD Page Size help > > I would assume that if you are getting a "size limit" error, that you > are hitting a hard maximum that AD implements to make sure that you > don't sit all day parsing through results and degrade performance on > this DC as a result. > > Your query is pulling back every user object in your AD infrastructure > (enabled, disabled, etc) if I am correctly identifying your filter > below. > > my $strFilter = "(&(objectclass=user)(objectcategory=person));"; > > How many users do you have in AD? (when you use the Array permutation > of this script (that works correctly), can you... > > print "total users in this OU: " . $objRS->{RecordCount} . "\n"; > > ...to see how many users we are talking about?) > > If you dare, and you do indeed have tons of users in your AD, you can > change the hard max size limit because of your AD infrastructure size, > but it would probably be advisable to limit the scope of this change > to > 1 Domain Controller, or one Site, as this could pose a Security threat > in the form of a DOS attack on AD if you increase either of these > limits because you want to pull back all the users. The article below > goes through making that change, but use it with care. > > As well, I am also wondering if you want "all the users" (enabled and > disabled) as part of this, as you could totally descope the disabled > users with a modified filter, and possibly reduce your resultset to > the upper limits of the default "size limits" in AD. If you really do > want "All the users", and pulling only the enabled ones gets you under > the size limit, you could definitely do a second search for the > disabled ones as I am sure that you'd want to handle them differently > than the enabled users. > > http://support.microsoft.com/kb/315071 > > > You're hitting one of these two limits: > > MaxResultSetSize > MaxReceiveBuffer > > HTH > > Steven > > -----Original Message----- > > From: perl-win32-admin-boun...@listserv.activestate.com > > [mailto:perl-win32-admin-boun...@listserv.activestate.com] > On Behalf > > Of Gomes, Rich > > Sent: Tuesday, April 26, 2011 8:24 AM > > To: perl-win32-admin@listserv.ActiveState.com > > Subject: RE: AD Page Size help > > > > So, a lot of people have given some great suggestions but I > am still > > unable to get this to work and am still confused. > > The nearest I have been able to come is to create an array with the > > different OU's that contain users within our domain. > > Anything without the array (just looking at the entire domain all at > > once) throws the error below. > > Using the array works but it seems pretty hackey. Plus I > will need to > > always be sure I have every OU that contains users in it at > all times. > > > > I really wanted this to be an exercise in understanding the code. > > Why does this work with the array but not without? > > > > > > > > OLE exception from "Provider": > > > > The size limit for this request was exceeded. > > > > Win32::OLE(0.1709) error 0x80072023: "The size limit for > this request > > was exceeded" > > in METHOD/PROPERTYGET "MoveNext" > > > > > > > > Thanks, > > Rich > > > > -----Original Message----- > > From: perl-win32-admin-boun...@listserv.activestate.com > > [mailto:perl-win32-admin-boun...@listserv.activestate.com] > On Behalf > > Of Joachim Thuau > > Sent: Friday, April 22, 2011 6:45 PM > > To: perl-win32-admin@listserv.ActiveState.com > > Subject: RE: AD Page Size help > > > > I have had issues in the past where searching with a "null base" > > inside AD yielded errors, but putting one level of OU in > the base made > > it work. > > (the first time I encountered that, it was with AD integration with > > apache). Maybe adjusting the base will yield different results. > > > > Thanks, > > Jok > > > > > -----Original Message----- > > > From: perl-win32-admin-boun...@listserv.activestate.com > > [mailto:perl- > > > win32-admin-boun...@listserv.activestate.com] On Behalf Of > > Gomes, Rich > > > Sent: Thursday, April 21, 2011 8:18 AM > > > To: perl-win32-admin@listserv.ActiveState.com > > > Subject: AD Page Size help > > > > > > I know this has been talked about a lot but I cannot seem > to get my > > > script to work. > > > I am trying to not hit the LDAP search limit but cannot > seem to get > > > the PageSize line correct > > > > > > > > > Any thoughts? > > > > > > > > > > > > ______________________________________________________________________ > > > _ > > > ______ > > > > > > my $strDomainDN = "DC=mydomain,DC=com"; use Win32::OLE qw(in); > > > > > > > > > $Win32::OLE::Warn = 3; > > > my $strBase = "<LDAP://" . $strDomainDN . ">;"; > > > > > > > > > my $strFilter = "(&(objectclass=user)(objectcategory=person));"; > > > my $strAttrs = "name;"; > > > my $strAttrs = "distinguishedName;"; my $strScope = "subtree"; > > > > > > my $objConn = Win32::OLE->CreateObject("ADODB.Connection"); > > > $objConn->{Provider} = "ADsDSOObject"; $objConn->Open; > > > > > > $objConn->{Properties}->{"Page Size"} = 100; > > > > > > my $objRS = $objConn->Execute($strBase . $strFilter . $strAttrs . > > > $strScope); > > > $objRS->MoveFirst; > > > while (not $objRS->EOF) { > > > print $objRS->Fields(0)->Value,"\n"; > > > $objRS->MoveNext; > > > } > > > > > > > > > ______________________________________________________________________ > > > _ > > > ________ > > > > > > > > > > > > _______________________________________________ > > > Perl-Win32-Admin mailing list > > > Perl-Win32-Admin@listserv.ActiveState.com > > > To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs > > _______________________________________________ > > Perl-Win32-Admin mailing list > > Perl-Win32-Admin@listserv.ActiveState.com > > To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs > > _______________________________________________ > > Perl-Win32-Admin mailing list > > Perl-Win32-Admin@listserv.ActiveState.com > > To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs > > > _______________________________________________ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs