RE: AD Page Size help
So, a lot of people have given some great suggestions but I am still unable to get this to work and am still confused. The nearest I have been able to come is to create an array with the different OU's that contain users within our domain. Anything without the array (just looking at the entire domain all at once) throws the error below. Using the array works but it seems pretty hackey. Plus I will need to always be sure I have every OU that contains users in it at all times. I really wanted this to be an exercise in understanding the code. Why does this work with the array but not without? OLE exception from Provider: The size limit for this request was exceeded. Win32::OLE(0.1709) error 0x80072023: The size limit for this request was exceeded in METHOD/PROPERTYGET MoveNext Thanks, Rich -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Joachim Thuau Sent: Friday, April 22, 2011 6:45 PM To: perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help I have had issues in the past where searching with a null base inside AD yielded errors, but putting one level of OU in the base made it work. (the first time I encountered that, it was with AD integration with apache). Maybe adjusting the base will yield different results. Thanks, Jok -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl- win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Thursday, April 21, 2011 8:18 AM To: perl-win32-admin@listserv.ActiveState.com Subject: AD Page Size help I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? __ _ __ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; $objConn-{Properties}-{Page Size} = 100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } __ _ ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
Must set it at least to 1000. -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Dutrieux Yves Sent: Tuesday, April 26, 2011 10:32 AM To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help Hi, I think you must increase limit size in ad object. In MMC, this settings is under menu : Display - Filter options - maximum number of item displayed by folder. Yves -Message d'origine- De : perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] De la part de Gomes, Rich Envoyé : mardi 26 avril 2011 17:24 À : perl-win32-admin@listserv.ActiveState.com Objet : RE: AD Page Size help So, a lot of people have given some great suggestions but I am still unable to get this to work and am still confused. The nearest I have been able to come is to create an array with the different OU's that contain users within our domain. Anything without the array (just looking at the entire domain all at once) throws the error below. Using the array works but it seems pretty hackey. Plus I will need to always be sure I have every OU that contains users in it at all times. I really wanted this to be an exercise in understanding the code. Why does this work with the array but not without? OLE exception from Provider: The size limit for this request was exceeded. Win32::OLE(0.1709) error 0x80072023: The size limit for this request was exceeded in METHOD/PROPERTYGET MoveNext Thanks, Rich -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Joachim Thuau Sent: Friday, April 22, 2011 6:45 PM To: perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help I have had issues in the past where searching with a null base inside AD yielded errors, but putting one level of OU in the base made it work. (the first time I encountered that, it was with AD integration with apache). Maybe adjusting the base will yield different results. Thanks, Jok -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl- win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Thursday, April 21, 2011 8:18 AM To: perl-win32-admin@listserv.ActiveState.com Subject: AD Page Size help I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? __ _ __ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; $objConn-{Properties}-{Page Size} = 100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } __ _ ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs == DISCLAIMER == htmlBRBRA href=http://www.cph.be/maildisclaimer;http://www.cph.be/maildisclaimer/A/html ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
I would assume that if you are getting a size limit error, that you are hitting a hard maximum that AD implements to make sure that you don't sit all day parsing through results and degrade performance on this DC as a result. Your query is pulling back every user object in your AD infrastructure (enabled, disabled, etc) if I am correctly identifying your filter below. my $strFilter = ((objectclass=user)(objectcategory=person));; How many users do you have in AD? (when you use the Array permutation of this script (that works correctly), can you... print total users in this OU: . $objRS-{RecordCount} . \n; ...to see how many users we are talking about?) If you dare, and you do indeed have tons of users in your AD, you can change the hard max size limit because of your AD infrastructure size, but it would probably be advisable to limit the scope of this change to 1 Domain Controller, or one Site, as this could pose a Security threat in the form of a DOS attack on AD if you increase either of these limits because you want to pull back all the users. The article below goes through making that change, but use it with care. As well, I am also wondering if you want all the users (enabled and disabled) as part of this, as you could totally descope the disabled users with a modified filter, and possibly reduce your resultset to the upper limits of the default size limits in AD. If you really do want All the users, and pulling only the enabled ones gets you under the size limit, you could definitely do a second search for the disabled ones as I am sure that you'd want to handle them differently than the enabled users. http://support.microsoft.com/kb/315071 You're hitting one of these two limits: MaxResultSetSize MaxReceiveBuffer HTH Steven -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Tuesday, April 26, 2011 8:24 AM To: perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help So, a lot of people have given some great suggestions but I am still unable to get this to work and am still confused. The nearest I have been able to come is to create an array with the different OU's that contain users within our domain. Anything without the array (just looking at the entire domain all at once) throws the error below. Using the array works but it seems pretty hackey. Plus I will need to always be sure I have every OU that contains users in it at all times. I really wanted this to be an exercise in understanding the code. Why does this work with the array but not without? OLE exception from Provider: The size limit for this request was exceeded. Win32::OLE(0.1709) error 0x80072023: The size limit for this request was exceeded in METHOD/PROPERTYGET MoveNext Thanks, Rich -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Joachim Thuau Sent: Friday, April 22, 2011 6:45 PM To: perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help I have had issues in the past where searching with a null base inside AD yielded errors, but putting one level of OU in the base made it work. (the first time I encountered that, it was with AD integration with apache). Maybe adjusting the base will yield different results. Thanks, Jok -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl- win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Thursday, April 21, 2011 8:18 AM To: perl-win32-admin@listserv.ActiveState.com Subject: AD Page Size help I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? __ _ __ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; $objConn-{Properties}-{Page Size} = 100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } __ _ ___ Perl-Win32-Admin mailing list Perl-Win32-Admin
RE: AD Page Size help
Right now that setting in AD is set to 2000 entries. My script has a PageSize value of 1 ( I have tried multiple numbers from 100 to 10) All my searches stop at the 1000 results mark. -Original Message- From: Trang Tran [mailto:tt...@stewart.com] Sent: Tuesday, April 26, 2011 11:46 AM To: Dutrieux Yves; Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help Must set it at least to 1000. -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Dutrieux Yves Sent: Tuesday, April 26, 2011 10:32 AM To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help Hi, I think you must increase limit size in ad object. In MMC, this settings is under menu : Display - Filter options - maximum number of item displayed by folder. Yves -Message d'origine- De : perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] De la part de Gomes, Rich Envoyé : mardi 26 avril 2011 17:24 À : perl-win32-admin@listserv.ActiveState.com Objet : RE: AD Page Size help So, a lot of people have given some great suggestions but I am still unable to get this to work and am still confused. The nearest I have been able to come is to create an array with the different OU's that contain users within our domain. Anything without the array (just looking at the entire domain all at once) throws the error below. Using the array works but it seems pretty hackey. Plus I will need to always be sure I have every OU that contains users in it at all times. I really wanted this to be an exercise in understanding the code. Why does this work with the array but not without? OLE exception from Provider: The size limit for this request was exceeded. Win32::OLE(0.1709) error 0x80072023: The size limit for this request was exceeded in METHOD/PROPERTYGET MoveNext Thanks, Rich -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Joachim Thuau Sent: Friday, April 22, 2011 6:45 PM To: perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help I have had issues in the past where searching with a null base inside AD yielded errors, but putting one level of OU in the base made it work. (the first time I encountered that, it was with AD integration with apache). Maybe adjusting the base will yield different results. Thanks, Jok -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl- win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Thursday, April 21, 2011 8:18 AM To: perl-win32-admin@listserv.ActiveState.com Subject: AD Page Size help I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? __ _ __ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; $objConn-{Properties}-{Page Size} = 100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } __ _ ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs == DISCLAIMER == htmlBRBRA href=http://www.cph.be/maildisclaimer;http://www.cph.be/maildisclaimer/A/html ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
Well... by adding your suggestion, I noticed there was an OU that I has missed in my array. Adding that OU to the array gave me the error I normally get. It says there are 960 users in that OU. However if I do a Find in ADUC on just that OU, it says there are 4268 users. I thought the whole point to setting the Page Size variable was to momentarily get around the search limits. Is that not the case? -Original Message- From: Steven Manross [mailto:ste...@manross.net] Sent: Tuesday, April 26, 2011 11:53 AM To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help I would assume that if you are getting a size limit error, that you are hitting a hard maximum that AD implements to make sure that you don't sit all day parsing through results and degrade performance on this DC as a result. Your query is pulling back every user object in your AD infrastructure (enabled, disabled, etc) if I am correctly identifying your filter below. my $strFilter = ((objectclass=user)(objectcategory=person));; How many users do you have in AD? (when you use the Array permutation of this script (that works correctly), can you... print total users in this OU: . $objRS-{RecordCount} . \n; ...to see how many users we are talking about?) If you dare, and you do indeed have tons of users in your AD, you can change the hard max size limit because of your AD infrastructure size, but it would probably be advisable to limit the scope of this change to 1 Domain Controller, or one Site, as this could pose a Security threat in the form of a DOS attack on AD if you increase either of these limits because you want to pull back all the users. The article below goes through making that change, but use it with care. As well, I am also wondering if you want all the users (enabled and disabled) as part of this, as you could totally descope the disabled users with a modified filter, and possibly reduce your resultset to the upper limits of the default size limits in AD. If you really do want All the users, and pulling only the enabled ones gets you under the size limit, you could definitely do a second search for the disabled ones as I am sure that you'd want to handle them differently than the enabled users. http://support.microsoft.com/kb/315071 You're hitting one of these two limits: MaxResultSetSize MaxReceiveBuffer HTH Steven -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Tuesday, April 26, 2011 8:24 AM To: perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help So, a lot of people have given some great suggestions but I am still unable to get this to work and am still confused. The nearest I have been able to come is to create an array with the different OU's that contain users within our domain. Anything without the array (just looking at the entire domain all at once) throws the error below. Using the array works but it seems pretty hackey. Plus I will need to always be sure I have every OU that contains users in it at all times. I really wanted this to be an exercise in understanding the code. Why does this work with the array but not without? OLE exception from Provider: The size limit for this request was exceeded. Win32::OLE(0.1709) error 0x80072023: The size limit for this request was exceeded in METHOD/PROPERTYGET MoveNext Thanks, Rich -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Joachim Thuau Sent: Friday, April 22, 2011 6:45 PM To: perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help I have had issues in the past where searching with a null base inside AD yielded errors, but putting one level of OU in the base made it work. (the first time I encountered that, it was with AD integration with apache). Maybe adjusting the base will yield different results. Thanks, Jok -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl- win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Thursday, April 21, 2011 8:18 AM To: perl-win32-admin@listserv.ActiveState.com Subject: AD Page Size help I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? __ _ __ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs
RE: AD Page Size help
So, there is a difference between page size and size limit. If you hit a problem with PageSize, the query grabs the first 1000 records and then calls it done (providing your MaxPageSize = 1000), without error. You are getting a size limit error, which means that something is prohibiting you from getting the number or size of results you want. HTH The KB article describes that Absolute Limits that AD will search with. Note that the: MaxPageSize is usually set to 1000 (how many records to send in a given chunk of data -- you can request lots of chunks as long as they don't exceed the other maximums as well). Setting Page Size to something = 1000 fixes that. MaxRecieveBuffer is default set at 10485760 (10MB -- how much actual data can I request back -- i.e. sending back 50 columns of data for 20 records might get you there -- total guess) MaxResultSetSize is default set to 262144 (number of individual records you can request -- seems like a lot). If you can verify these values in your Active directory implementation, and respond with them, that would help. Can you also send the value of your $strAttrs variable, as I am confused by the thread below as it is referenced twice. It looks like you either want the 'distinguishedname' or the 'name' -- neither should bet you anywhere close to 10MB, but the distinguishedname is much larger, and dependent on your ou structure. P.S. What is your Activestate Perl version? Steven -Original Message- From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com] Sent: Tuesday, April 26, 2011 9:07 AM To: Steven Manross; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help Well... by adding your suggestion, I noticed there was an OU that I has missed in my array. Adding that OU to the array gave me the error I normally get. It says there are 960 users in that OU. However if I do a Find in ADUC on just that OU, it says there are 4268 users. I thought the whole point to setting the Page Size variable was to momentarily get around the search limits. Is that not the case? -Original Message- From: Steven Manross [mailto:ste...@manross.net] Sent: Tuesday, April 26, 2011 11:53 AM To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help I would assume that if you are getting a size limit error, that you are hitting a hard maximum that AD implements to make sure that you don't sit all day parsing through results and degrade performance on this DC as a result. Your query is pulling back every user object in your AD infrastructure (enabled, disabled, etc) if I am correctly identifying your filter below. my $strFilter = ((objectclass=user)(objectcategory=person));; How many users do you have in AD? (when you use the Array permutation of this script (that works correctly), can you... print total users in this OU: . $objRS-{RecordCount} . \n; ...to see how many users we are talking about?) If you dare, and you do indeed have tons of users in your AD, you can change the hard max size limit because of your AD infrastructure size, but it would probably be advisable to limit the scope of this change to 1 Domain Controller, or one Site, as this could pose a Security threat in the form of a DOS attack on AD if you increase either of these limits because you want to pull back all the users. The article below goes through making that change, but use it with care. As well, I am also wondering if you want all the users (enabled and disabled) as part of this, as you could totally descope the disabled users with a modified filter, and possibly reduce your resultset to the upper limits of the default size limits in AD. If you really do want All the users, and pulling only the enabled ones gets you under the size limit, you could definitely do a second search for the disabled ones as I am sure that you'd want to handle them differently than the enabled users. http://support.microsoft.com/kb/315071 You're hitting one of these two limits: MaxResultSetSize MaxReceiveBuffer HTH Steven -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Tuesday, April 26, 2011 8:24 AM To: perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help So, a lot of people have given some great suggestions but I am still unable to get this to work and am still confused. The nearest I have been able to come is to create an array with the different OU's that contain users within our domain. Anything without the array (just looking at the entire domain all at once) throws the error below. Using the array works but it seems pretty hackey. Plus I will need to always be sure I have every OU that contains users in it at all times. I really wanted
RE: AD Page Size help
Here are the values from ntdsutil: ldap policy: Show Values Policy Current(New) MaxReceiveBuffer10485760 MaxPageSize 1000 MaxResultSetSize262144 So it definite looks as if I am hitting the PageSize limit as everything I query stops at 1000 results. So, I thought that setting this in the script would temporarily allow you to get more results or is the only way to get more results to change it in AD itself? -Original Message- From: Steven Manross [mailto:ste...@manross.net] Sent: Tuesday, April 26, 2011 1:30 PM To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help So, there is a difference between page size and size limit. If you hit a problem with PageSize, the query grabs the first 1000 records and then calls it done (providing your MaxPageSize = 1000), without error. You are getting a size limit error, which means that something is prohibiting you from getting the number or size of results you want. HTH The KB article describes that Absolute Limits that AD will search with. Note that the: MaxPageSize is usually set to 1000 (how many records to send in a given chunk of data -- you can request lots of chunks as long as they don't exceed the other maximums as well). Setting Page Size to something = 1000 fixes that. MaxRecieveBuffer is default set at 10485760 (10MB -- how much actual data can I request back -- i.e. sending back 50 columns of data for 20 records might get you there -- total guess) MaxResultSetSize is default set to 262144 (number of individual records you can request -- seems like a lot). If you can verify these values in your Active directory implementation, and respond with them, that would help. Can you also send the value of your $strAttrs variable, as I am confused by the thread below as it is referenced twice. It looks like you either want the 'distinguishedname' or the 'name' -- neither should bet you anywhere close to 10MB, but the distinguishedname is much larger, and dependent on your ou structure. P.S. What is your Activestate Perl version? Steven -Original Message- From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com] Sent: Tuesday, April 26, 2011 9:07 AM To: Steven Manross; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help Well... by adding your suggestion, I noticed there was an OU that I has missed in my array. Adding that OU to the array gave me the error I normally get. It says there are 960 users in that OU. However if I do a Find in ADUC on just that OU, it says there are 4268 users. I thought the whole point to setting the Page Size variable was to momentarily get around the search limits. Is that not the case? -Original Message- From: Steven Manross [mailto:ste...@manross.net] Sent: Tuesday, April 26, 2011 11:53 AM To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help I would assume that if you are getting a size limit error, that you are hitting a hard maximum that AD implements to make sure that you don't sit all day parsing through results and degrade performance on this DC as a result. Your query is pulling back every user object in your AD infrastructure (enabled, disabled, etc) if I am correctly identifying your filter below. my $strFilter = ((objectclass=user)(objectcategory=person));; How many users do you have in AD? (when you use the Array permutation of this script (that works correctly), can you... print total users in this OU: . $objRS-{RecordCount} . \n; ...to see how many users we are talking about?) If you dare, and you do indeed have tons of users in your AD, you can change the hard max size limit because of your AD infrastructure size, but it would probably be advisable to limit the scope of this change to 1 Domain Controller, or one Site, as this could pose a Security threat in the form of a DOS attack on AD if you increase either of these limits because you want to pull back all the users. The article below goes through making that change, but use it with care. As well, I am also wondering if you want all the users (enabled and disabled) as part of this, as you could totally descope the disabled users with a modified filter, and possibly reduce your resultset to the upper limits of the default size limits in AD. If you really do want All the users, and pulling only the enabled ones gets you under the size limit, you could definitely do a second search for the disabled ones as I am sure that you'd want to handle them differently than the enabled users. http://support.microsoft.com/kb/315071 You're hitting one of these two limits: MaxResultSetSize MaxReceiveBuffer HTH Steven -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin
RE: AD Page Size help
Forgot to mention perl version: 5.8.9 Only that far back due to incompatibility with some of Dave Roth's Win32 modules and newer versions of perl -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Tuesday, April 26, 2011 1:41 PM To: Steven Manross; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help Here are the values from ntdsutil: ldap policy: Show Values Policy Current(New) MaxReceiveBuffer10485760 MaxPageSize 1000 MaxResultSetSize262144 So it definite looks as if I am hitting the PageSize limit as everything I query stops at 1000 results. So, I thought that setting this in the script would temporarily allow you to get more results or is the only way to get more results to change it in AD itself? -Original Message- From: Steven Manross [mailto:ste...@manross.net] Sent: Tuesday, April 26, 2011 1:30 PM To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help So, there is a difference between page size and size limit. If you hit a problem with PageSize, the query grabs the first 1000 records and then calls it done (providing your MaxPageSize = 1000), without error. You are getting a size limit error, which means that something is prohibiting you from getting the number or size of results you want. HTH The KB article describes that Absolute Limits that AD will search with. Note that the: MaxPageSize is usually set to 1000 (how many records to send in a given chunk of data -- you can request lots of chunks as long as they don't exceed the other maximums as well). Setting Page Size to something = 1000 fixes that. MaxRecieveBuffer is default set at 10485760 (10MB -- how much actual data can I request back -- i.e. sending back 50 columns of data for 20 records might get you there -- total guess) MaxResultSetSize is default set to 262144 (number of individual records you can request -- seems like a lot). If you can verify these values in your Active directory implementation, and respond with them, that would help. Can you also send the value of your $strAttrs variable, as I am confused by the thread below as it is referenced twice. It looks like you either want the 'distinguishedname' or the 'name' -- neither should bet you anywhere close to 10MB, but the distinguishedname is much larger, and dependent on your ou structure. P.S. What is your Activestate Perl version? Steven -Original Message- From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com] Sent: Tuesday, April 26, 2011 9:07 AM To: Steven Manross; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help Well... by adding your suggestion, I noticed there was an OU that I has missed in my array. Adding that OU to the array gave me the error I normally get. It says there are 960 users in that OU. However if I do a Find in ADUC on just that OU, it says there are 4268 users. I thought the whole point to setting the Page Size variable was to momentarily get around the search limits. Is that not the case? -Original Message- From: Steven Manross [mailto:ste...@manross.net] Sent: Tuesday, April 26, 2011 11:53 AM To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help I would assume that if you are getting a size limit error, that you are hitting a hard maximum that AD implements to make sure that you don't sit all day parsing through results and degrade performance on this DC as a result. Your query is pulling back every user object in your AD infrastructure (enabled, disabled, etc) if I am correctly identifying your filter below. my $strFilter = ((objectclass=user)(objectcategory=person));; How many users do you have in AD? (when you use the Array permutation of this script (that works correctly), can you... print total users in this OU: . $objRS-{RecordCount} . \n; ...to see how many users we are talking about?) If you dare, and you do indeed have tons of users in your AD, you can change the hard max size limit because of your AD infrastructure size, but it would probably be advisable to limit the scope of this change to 1 Domain Controller, or one Site, as this could pose a Security threat in the form of a DOS attack on AD if you increase either of these limits because you want to pull back all the users. The article below goes through making that change, but use it with care. As well, I am also wondering if you want all the users (enabled and disabled) as part of this, as you could totally descope the disabled users with a modified filter, and possibly reduce your resultset to the upper limits of the default size limits in AD. If you really do want All the users, and pulling only
RE: AD Page Size help
To everyone.. My apologies are due, as I seem to have code floating around the internet that doesn't work as a paged query (and have professed that it works as a paged LDAP query). :( Sorry. :( The actual problem seems to be that declaring the: $objCMD-{Properties}-{Page Size} = 100; #or 1000, etc (= the MaxPageSize defined by AD) ...prior to setting the $objCMD-{ActiveConnection} = $Conn; Causes issues for paged searches (guessing that something gets reset to a bad value during that declaration). A proper (working) subroutine is below: While I have commented out the while loop, the print recordcount should suffice to show that if you have more than 1000 user objects to display, it does because the query is returning the proper number of records (instead of 1000). I added 1027 user accounts to my test lab to guarantee my query works now, as using someone else's AD to test might not always be a good test if they have changed defaults (which I am also guilty of). :( Again, Apologies. :( HTH Steven Code (based off of Rich Gomes' test with modifications): --- use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP://DC=somedomain,DC=com;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; query_ldap($strBase . $strFilter . $strAttrs . $strScope,$objRS); print records = . $objRS-{RecordCount}.\n; #while (! $objRS-EOF) { # print $objRS-Fields(0)-Value,\n; # $objRS-MoveNext; #} sub query_ldap { my $ldap_query = $_[0]; my $error_num; my $error_name; my $RS; my $Conn = Win32::OLE-new(ADODB.Connection); if (Win32::OLE-LastError() != 0) { print Failed creating ADODB.Connection object (.Win32::OLE-LastError().)\n - $ldap_query\n; return 0; } $Conn-{'Provider'} = ADsDSOObject; if (Win32::OLE-LastError() != 0) { print Failed setting ADODB.Command Provider (.Win32::OLE-LastError().)\n - $ldap_query\n; return 0; } $Conn-{Open} = Perl Active Directory Query; my $Cmd = Win32::OLE-new(ADODB.Command); if (Win32::OLE-LastError() != 0) { print Failed creating ADODB.Command object (.Win32::OLE-LastError().)\n - $ldap_query\n; return 0; } $Cmd-{CommandText} = $ldap_query; $Cmd-{ActiveConnection} = $Conn; $Cmd-{Properties}-{Page Size} = 100; $RS = $Cmd-Execute(); if (Win32::OLE-LastError() != 0) { print Failed Executing ADODB Command object (.Win32::OLE-LastError().)\nExecuting ADODB Command - $ldap_query\n; return 0; } else { $_[1] = $RS; return 1; } } -Original Message- From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com] Sent: Tuesday, April 26, 2011 11:06 AM To: Steven Manross Subject: RE: AD Page Size help use Win32::OLE qw(in); use Data::Dumper; $Win32::OLE::Warn = 3; my $strBase = LDAP://DC=mydomain,DC=com;; # To search the whole forest using the global catalog, uncomment the following line: # $strBase = GC:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; #$ADOCmd-Properties-{Page Size}=1; #$objConn-Properties-{Page Size}=1; #$objADOcmd-Properties-{Page Size} = 10; #$objConn-{Properties}-{Page Size} = 10; #$objConn-Properties(Page Size)-{Value} = 10; #$ADOrs-PageSize-{Value}=1; #$objConn-PageSize-{Value}=1; my $objRS = Win32::OLE-new(ADODB.RecordSet); $objRS-PageSize-{Value}=100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } -Original Message- From: Steven Manross [mailto:ste...@manross.net] Sent: Tuesday, April 26, 2011 2:02 PM To: Gomes, Rich Subject: RE: AD Page Size help Resend me the script, please, in it's current form.. Obfuscate proprietary info (OUs, etc) Steven -Original Message- From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com] Sent: Tuesday, April 26, 2011 10:52 AM To: Gomes, Rich; Steven Manross; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help Forgot to mention perl version: 5.8.9 Only that far back due to incompatibility with some of Dave Roth's Win32 modules and newer versions of perl -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Tuesday, April 26, 2011 1:41 PM To: Steven Manross; perl-win32-admin@listserv.ActiveState.com Subject: RE: AD Page Size help Here are the values from ntdsutil: ldap policy: Show Values Policy
Re: AD Page Size help
Hello, try the following way, it has worked for a couple of times in the past: use Win32::OLE; $Win32::OLE::Warn = 3; # connect to AD with explicit credentials my $conn = Win32::OLE-new('ADODB.Connection'); $conn-{Provider} = 'ADsDSObject'; $conn-Properties-{'User ID'} = 'cn=Strat,ou=User,dc=myDomain,dc=tld'; $conn-Properties-{'Password'} = 'secret'; $conn-open('ADSI Provider'); # search configuration my $searchBase = 'ou=Benutzer,dc=myDomain,dc=tld'; my $searchFilter = '((objectClass=user)(sn=F*))'; my $scope= 'SubTree'; my @wantedAttributes = qw( ADsPath cn sn givenName userPrincipalName objectGuid title telephoneNumber ); # build AD search string my $searchString = join( ';', $searchBase, $searchFilter, join(,, @wantedAttributes), $scope ); # create a command/search object my $adoCmd = Win32::OLE-new('ADODB.Command'); $adoCmd-{ActiveConnection} = $conn; $adoCmd-{CommandText} = $searchString; $adoCmd-Properties-{'Page Size'} = 1000; # fetch resultsets my $rs = Win32::OLE-new('ADODB.RecordSet'); $rs-Open( { Source = $adoCmd } ); # fetch entries while( not $rs-EOF ) { my( %data ) = map { $wantedAttributes[$_] = $rs-Fields($_)-{Value} } 0..$#wantedAttributes; if( exists $data{objectGuid} ) { # objectGuid is octettstring (=binary) $data-{objectGuid} = unpack( 'H*', $data-{objectGuid} ); } # if print $_ = $data{$_}\n foreach sort keys %data; $rs-MoveNext; # move cursor to next object } # while $conn-Close(); Regards, Strat -Ursprüngliche Nachricht- From: Gomes, Rich Sent: Thursday, April 21, 2011 5:18 PM To: perl-win32-admin@listserv.ActiveState.com Subject: AD Page Size help I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? _ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; $objConn-{Properties}-{Page Size} = 100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } ___ ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
I have had issues in the past where searching with a null base inside AD yielded errors, but putting one level of OU in the base made it work. (the first time I encountered that, it was with AD integration with apache). Maybe adjusting the base will yield different results. Thanks, Jok -Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl- win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Thursday, April 21, 2011 8:18 AM To: perl-win32-admin@listserv.ActiveState.com Subject: AD Page Size help I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? ___ __ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; $objConn-{Properties}-{Page Size} = 100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } ___ ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
Hi Michele, Thanks for the tips. Here is what I get for an error: The size limit for this request was exceeded. Win32::OLE(0.1709) error 0x80072023: The size limit for this request was exceeded in METHOD/PROPERTYGET MoveNext at temp-perl-findallusers.pl line 62 If I add this line: $objConn-Properties('Page Size')-{Value} = 10; I get this for an error: OLE exception from ADODB.Connection: Item cannot be found in the collection corresponding to the requested name or ordinal. Win32::OLE(0.1709) error 0x800a0cc1 in METHOD/PROPERTYGET Properties at temp-perl-findallusers.pl line 58 Thanks, Rich From: Michele Berg [mailto:michele.r.b...@gmail.com] Sent: Thursday, April 21, 2011 11:34 AM To: Gomes, Rich Subject: Re: AD Page Size help Also, something you may want to consider - are you sure you're hitting a search limit? Depending on the structure of your domain and how deeply-nested it is, you may need to chase referrals in order to search sub-domains: $objConn-Properties('Chase Referrals')-{Value} = ADS_CHASE_REFERRALS_ALWAYS; Michele On Thu, Apr 21, 2011 at 10:31 AM, Michele Berg michele.r.b...@gmail.com wrote: When I set my page size, I set it like so: $objConn-Properties('Page Size')-{Value} = 10; Notice that the number you use here doesn't seem to limit the number of records returned by the query - it just affects behind-the-scenes ADSI processing. We originally tried 1000 but it occasionally hung; once we reduced it to 10 we had no more problems. The large page size seemed to allow some timeouts to occur. hth, Michele On Thu, Apr 21, 2011 at 10:18 AM, Gomes, Rich rich.go...@uniform.aramark.com wrote: I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? _ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; $objConn-{Properties}-{Page Size} = 100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } ___ ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
-Original Message- From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl- win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich Sent: Thursday, April 21, 2011 11:18 AM To: perl-win32-admin@listserv.ActiveState.com Subject: AD Page Size help I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? I never tried to do paged queries via Win32::OLE, instead I used the following modules: use Net::LDAP; use Net::LDAP::Control::Paged; use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); calls like this worked for me: my( $ldap ) = Net::LDAP-new( $ldapHost ) or die $@; . . . $mesg = $ldap-bind( $ID, password = $PW ); $page = Net::LDAP::Control::Paged-new( size = PAGE_SIZE ); @args = ( Sizelimit = LDAP_SIZELIMIT, scope = LDAP_SCOPE, base = makeBaseDN, filter= LDAP_FILTER, attrs = [ LDAP_ATTR ], control = [ $page ], ); while( 1 ) { $mesg = $ldap-search( @args ); last if ( $mesg-code $mesg-code != 4 ); foreach my $entry ( $mesg-entries ) { my $dn = $entry-dn(); foreach my $attr ( $entry-attributes ) { my $value = $entry-get_value( $attr ); # do something with $value } } $objCount += $mesg-count; last unless my( $resp ) = $mesg-control( LDAP_CONTROL_PAGED ); last unless $cookie = $resp-cookie; $page-cookie( $cookie ); } if ( $cookie ) { printf $tee INFO: query interrupted: %s: %s!\n, $mesg-code, $mesg-error; $page-cookie( $cookie ); $page-size( 0 ); $ldap-search( @args ); foreach my $entry ( $mesg-entries ) { my $dn = $entry-dn(); foreach my $attr ( $entry-attributes ) { my $value = $entry-get_value( $attr ); # do something with $value } } $objCount += $mesg-count; } $mesg = $ldap-unbind; # take down session ___ __ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; $objConn-{Properties}-{Page Size} = 100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } ___ ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs smime.p7s Description: S/MIME cryptographic signature ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
Here's what I put in: $objConn-Properties(Page Size)-{Value} = 10; (Also tried single quotes), but still get the same error. Tried the DataDumper line as well... same issue From: Michele Berg [mailto:michele.r.b...@gmail.com] Sent: Thursday, April 21, 2011 11:57 AM To: Gomes, Rich Subject: Re: AD Page Size help Hi Rich, Try setting your page size to 10 using your original syntax. We've set our queries up a little differently. However, this doesn't look like a page size issue. If it was, you wouldn't ever get to the MoveNext. Do you have Data::Dumper loaded on your system? I'd use it, and then instead of doing a simple print within your while loop, I'd do print Dumper($objRS-Fields(0)-Value); If that doesn't work, I can send you the way that I set up my connection, because I know that it works. Michele On Thu, Apr 21, 2011 at 10:45 AM, Gomes, Rich rich.go...@uniform.aramark.com wrote: Hi Michele, Thanks for the tips. Here is what I get for an error: The size limit for this request was exceeded. Win32::OLE(0.1709) error 0x80072023: The size limit for this request was exceeded in METHOD/PROPERTYGET MoveNext at temp-perl-findallusers.pl line 62 If I add this line: $objConn-Properties('Page Size')-{Value} = 10; I get this for an error: OLE exception from ADODB.Connection: Item cannot be found in the collection corresponding to the requested name or ordinal. Win32::OLE(0.1709) error 0x800a0cc1 in METHOD/PROPERTYGET Properties at temp-perl-findallusers.pl line 58 Thanks, Rich From: Michele Berg [mailto:michele.r.b...@gmail.com] Sent: Thursday, April 21, 2011 11:34 AM To: Gomes, Rich Subject: Re: AD Page Size help Also, something you may want to consider - are you sure you're hitting a search limit? Depending on the structure of your domain and how deeply-nested it is, you may need to chase referrals in order to search sub-domains: $objConn-Properties('Chase Referrals')-{Value} = ADS_CHASE_REFERRALS_ALWAYS; Michele On Thu, Apr 21, 2011 at 10:31 AM, Michele Berg michele.r.b...@gmail.com wrote: When I set my page size, I set it like so: $objConn-Properties('Page Size')-{Value} = 10; Notice that the number you use here doesn't seem to limit the number of records returned by the query - it just affects behind-the-scenes ADSI processing. We originally tried 1000 but it occasionally hung; once we reduced it to 10 we had no more problems. The large page size seemed to allow some timeouts to occur. hth, Michele On Thu, Apr 21, 2011 at 10:18 AM, Gomes, Rich rich.go...@uniform.aramark.com wrote: I know this has been talked about a lot but I cannot seem to get my script to work. I am trying to not hit the LDAP search limit but cannot seem to get the PageSize line correct Any thoughts? _ my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; my $strBase = LDAP:// . $strDomainDN . ;; my $strFilter = ((objectclass=user)(objectcategory=person));; my $strAttrs = name;; my $strAttrs = distinguishedName;; my $strScope = subtree; my $objConn = Win32::OLE-CreateObject(ADODB.Connection); $objConn-{Provider} = ADsDSOObject; $objConn-Open; $objConn-{Properties}-{Page Size} = 100; my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) { print $objRS-Fields(0)-Value,\n; $objRS-MoveNext; } ___ ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ___ Perl-Win32-Admin mailing list Perl-Win32-Admin@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs