RE: AD Page Size help
So, a lot of people have given some great suggestions but I am still unable to
get this to work and am still confused.
The nearest I have been able to come is to create an array with the different
OU's that contain users within our domain.
Anything without the array (just looking at the entire domain all at once)
throws the error below.
Using the array works but it seems pretty hackey. Plus I will need to always be
sure I have every OU that contains users in it at all times.
I really wanted this to be an exercise in understanding the code.
Why does this work with the array but not without?
OLE exception from Provider:
The size limit for this request was exceeded.
Win32::OLE(0.1709) error 0x80072023: The size limit for this request was
exceeded
in METHOD/PROPERTYGET MoveNext
Thanks,
Rich
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Joachim
Thuau
Sent: Friday, April 22, 2011 6:45 PM
To: perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
I have had issues in the past where searching with a null base inside AD
yielded errors, but putting one level of OU in the base made it work.
(the first time I encountered that, it was with AD integration with apache).
Maybe adjusting the base will yield different results.
Thanks,
Jok
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-
win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich
Sent: Thursday, April 21, 2011 8:18 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: AD Page Size help
I know this has been talked about a lot but I cannot seem to get my
script to work.
I am trying to not hit the LDAP search limit but cannot seem to get
the PageSize line correct
Any thoughts?
__
_
__
my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject; $objConn-Open;
$objConn-{Properties}-{Page Size} = 100;
my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs .
$strScope);
$objRS-MoveFirst;
while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
__
_
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
Must set it at least to 1000.
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of
Dutrieux Yves
Sent: Tuesday, April 26, 2011 10:32 AM
To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
Hi,
I think you must increase limit size in ad object.
In MMC, this settings is under menu : Display - Filter options - maximum number
of item displayed by folder.
Yves
-Message d'origine-
De : perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] De la part de Gomes,
Rich
Envoyé : mardi 26 avril 2011 17:24
À : perl-win32-admin@listserv.ActiveState.com
Objet : RE: AD Page Size help
So, a lot of people have given some great suggestions but I am still unable to
get this to work and am still confused.
The nearest I have been able to come is to create an array with the different
OU's that contain users within our domain.
Anything without the array (just looking at the entire domain all at once)
throws the error below.
Using the array works but it seems pretty hackey. Plus I will need to always be
sure I have every OU that contains users in it at all times.
I really wanted this to be an exercise in understanding the code.
Why does this work with the array but not without?
OLE exception from Provider:
The size limit for this request was exceeded.
Win32::OLE(0.1709) error 0x80072023: The size limit for this request was
exceeded
in METHOD/PROPERTYGET MoveNext
Thanks,
Rich
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Joachim
Thuau
Sent: Friday, April 22, 2011 6:45 PM
To: perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
I have had issues in the past where searching with a null base inside AD
yielded errors, but putting one level of OU in the base made it work.
(the first time I encountered that, it was with AD integration with apache).
Maybe adjusting the base will yield different results.
Thanks,
Jok
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-
win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich
Sent: Thursday, April 21, 2011 8:18 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: AD Page Size help
I know this has been talked about a lot but I cannot seem to get my
script to work.
I am trying to not hit the LDAP search limit but cannot seem to get
the PageSize line correct
Any thoughts?
__
_
__
my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject; $objConn-Open;
$objConn-{Properties}-{Page Size} = 100;
my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs .
$strScope);
$objRS-MoveFirst;
while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
__
_
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
== DISCLAIMER ==
htmlBRBRA
href=http://www.cph.be/maildisclaimer;http://www.cph.be/maildisclaimer/A/html
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
I would assume that if you are getting a size limit error, that you
are hitting a hard maximum that AD implements to make sure that you
don't sit all day parsing through results and degrade performance on
this DC as a result.
Your query is pulling back every user object in your AD infrastructure
(enabled, disabled, etc) if I am correctly identifying your filter
below.
my $strFilter = ((objectclass=user)(objectcategory=person));;
How many users do you have in AD? (when you use the Array permutation of
this script (that works correctly), can you...
print total users in this OU: . $objRS-{RecordCount} . \n;
...to see how many users we are talking about?)
If you dare, and you do indeed have tons of users in your AD, you can
change the hard max size limit because of your AD infrastructure size,
but it would probably be advisable to limit the scope of this change to
1 Domain Controller, or one Site, as this could pose a Security threat
in the form of a DOS attack on AD if you increase either of these limits
because you want to pull back all the users. The article below goes
through making that change, but use it with care.
As well, I am also wondering if you want all the users (enabled and
disabled) as part of this, as you could totally descope the disabled
users with a modified filter, and possibly reduce your resultset to the
upper limits of the default size limits in AD. If you really do want
All the users, and pulling only the enabled ones gets you under the
size limit, you could definitely do a second search for the disabled
ones as I am sure that you'd want to handle them differently than the
enabled users.
http://support.microsoft.com/kb/315071
You're hitting one of these two limits:
MaxResultSetSize
MaxReceiveBuffer
HTH
Steven
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On
Behalf Of Gomes, Rich
Sent: Tuesday, April 26, 2011 8:24 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
So, a lot of people have given some great suggestions but I
am still unable to get this to work and am still confused.
The nearest I have been able to come is to create an array
with the different OU's that contain users within our domain.
Anything without the array (just looking at the entire domain
all at once) throws the error below.
Using the array works but it seems pretty hackey. Plus I will
need to always be sure I have every OU that contains users in
it at all times.
I really wanted this to be an exercise in understanding the code.
Why does this work with the array but not without?
OLE exception from Provider:
The size limit for this request was exceeded.
Win32::OLE(0.1709) error 0x80072023: The size limit for this
request was exceeded
in METHOD/PROPERTYGET MoveNext
Thanks,
Rich
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On
Behalf Of Joachim Thuau
Sent: Friday, April 22, 2011 6:45 PM
To: perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
I have had issues in the past where searching with a null
base inside AD yielded errors, but putting one level of OU
in the base made it work.
(the first time I encountered that, it was with AD
integration with apache). Maybe adjusting the base will yield
different results.
Thanks,
Jok
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-
win32-admin-boun...@listserv.activestate.com] On Behalf Of
Gomes, Rich
Sent: Thursday, April 21, 2011 8:18 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: AD Page Size help
I know this has been talked about a lot but I cannot seem to get my
script to work.
I am trying to not hit the LDAP search limit but cannot seem to get
the PageSize line correct
Any thoughts?
__
_
__
my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject; $objConn-Open;
$objConn-{Properties}-{Page Size} = 100;
my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs .
$strScope);
$objRS-MoveFirst;
while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
__
_
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin
RE: AD Page Size help
Right now that setting in AD is set to 2000 entries.
My script has a PageSize value of 1 ( I have tried multiple numbers from
100 to 10)
All my searches stop at the 1000 results mark.
-Original Message-
From: Trang Tran [mailto:tt...@stewart.com]
Sent: Tuesday, April 26, 2011 11:46 AM
To: Dutrieux Yves; Gomes, Rich; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
Must set it at least to 1000.
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of
Dutrieux Yves
Sent: Tuesday, April 26, 2011 10:32 AM
To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
Hi,
I think you must increase limit size in ad object.
In MMC, this settings is under menu : Display - Filter options - maximum number
of item displayed by folder.
Yves
-Message d'origine-
De : perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] De la part de Gomes,
Rich Envoyé : mardi 26 avril 2011 17:24 À :
perl-win32-admin@listserv.ActiveState.com
Objet : RE: AD Page Size help
So, a lot of people have given some great suggestions but I am still unable to
get this to work and am still confused.
The nearest I have been able to come is to create an array with the different
OU's that contain users within our domain.
Anything without the array (just looking at the entire domain all at once)
throws the error below.
Using the array works but it seems pretty hackey. Plus I will need to always be
sure I have every OU that contains users in it at all times.
I really wanted this to be an exercise in understanding the code.
Why does this work with the array but not without?
OLE exception from Provider:
The size limit for this request was exceeded.
Win32::OLE(0.1709) error 0x80072023: The size limit for this request was
exceeded
in METHOD/PROPERTYGET MoveNext
Thanks,
Rich
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Joachim
Thuau
Sent: Friday, April 22, 2011 6:45 PM
To: perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
I have had issues in the past where searching with a null base inside AD
yielded errors, but putting one level of OU in the base made it work.
(the first time I encountered that, it was with AD integration with apache).
Maybe adjusting the base will yield different results.
Thanks,
Jok
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-
win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich
Sent: Thursday, April 21, 2011 8:18 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: AD Page Size help
I know this has been talked about a lot but I cannot seem to get my
script to work.
I am trying to not hit the LDAP search limit but cannot seem to get
the PageSize line correct
Any thoughts?
__
_
__
my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject; $objConn-Open;
$objConn-{Properties}-{Page Size} = 100;
my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs .
$strScope);
$objRS-MoveFirst;
while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
__
_
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
== DISCLAIMER ==
htmlBRBRA
href=http://www.cph.be/maildisclaimer;http://www.cph.be/maildisclaimer/A/html
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
Well... by adding your suggestion, I noticed there was an OU that I has missed
in my array.
Adding that OU to the array gave me the error I normally get.
It says there are 960 users in that OU. However if I do a Find in ADUC on just
that OU, it says there are 4268 users.
I thought the whole point to setting the Page Size variable was to momentarily
get around the search limits.
Is that not the case?
-Original Message-
From: Steven Manross [mailto:ste...@manross.net]
Sent: Tuesday, April 26, 2011 11:53 AM
To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
I would assume that if you are getting a size limit error, that you are
hitting a hard maximum that AD implements to make sure that you don't sit all
day parsing through results and degrade performance on this DC as a result.
Your query is pulling back every user object in your AD infrastructure
(enabled, disabled, etc) if I am correctly identifying your filter below.
my $strFilter = ((objectclass=user)(objectcategory=person));;
How many users do you have in AD? (when you use the Array permutation of this
script (that works correctly), can you...
print total users in this OU: . $objRS-{RecordCount} . \n;
...to see how many users we are talking about?)
If you dare, and you do indeed have tons of users in your AD, you can change
the hard max size limit because of your AD infrastructure size, but it would
probably be advisable to limit the scope of this change to
1 Domain Controller, or one Site, as this could pose a Security threat in the
form of a DOS attack on AD if you increase either of these limits because you
want to pull back all the users. The article below goes through making that
change, but use it with care.
As well, I am also wondering if you want all the users (enabled and
disabled) as part of this, as you could totally descope the disabled users with
a modified filter, and possibly reduce your resultset to the upper limits of
the default size limits in AD. If you really do want All the users, and
pulling only the enabled ones gets you under the size limit, you could
definitely do a second search for the disabled ones as I am sure that you'd
want to handle them differently than the enabled users.
http://support.microsoft.com/kb/315071
You're hitting one of these two limits:
MaxResultSetSize
MaxReceiveBuffer
HTH
Steven
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf
Of Gomes, Rich
Sent: Tuesday, April 26, 2011 8:24 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
So, a lot of people have given some great suggestions but I am still
unable to get this to work and am still confused.
The nearest I have been able to come is to create an array with the
different OU's that contain users within our domain.
Anything without the array (just looking at the entire domain all at
once) throws the error below.
Using the array works but it seems pretty hackey. Plus I will need to
always be sure I have every OU that contains users in it at all times.
I really wanted this to be an exercise in understanding the code.
Why does this work with the array but not without?
OLE exception from Provider:
The size limit for this request was exceeded.
Win32::OLE(0.1709) error 0x80072023: The size limit for this request
was exceeded
in METHOD/PROPERTYGET MoveNext
Thanks,
Rich
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf
Of Joachim Thuau
Sent: Friday, April 22, 2011 6:45 PM
To: perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
I have had issues in the past where searching with a null base
inside AD yielded errors, but putting one level of OU in the base made
it work.
(the first time I encountered that, it was with AD integration with
apache). Maybe adjusting the base will yield different results.
Thanks,
Jok
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-
win32-admin-boun...@listserv.activestate.com] On Behalf Of
Gomes, Rich
Sent: Thursday, April 21, 2011 8:18 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: AD Page Size help
I know this has been talked about a lot but I cannot seem to get my
script to work.
I am trying to not hit the LDAP search limit but cannot seem to get
the PageSize line correct
Any thoughts?
__
_
__
my $strDomainDN = DC=mydomain,DC=com; use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs
RE: AD Page Size help
So, there is a difference between page size and size limit. If you hit
a problem with PageSize, the query grabs the first 1000 records and then
calls it done (providing your MaxPageSize = 1000), without error. You
are getting a size limit error, which means that something is
prohibiting you from getting the number or size of results you want.
HTH
The KB article describes that Absolute Limits that AD will search
with.
Note that the:
MaxPageSize is usually set to 1000 (how many records to send in a
given chunk of data -- you can request lots of chunks as long as they
don't exceed the other maximums as well). Setting Page Size to
something = 1000 fixes that.
MaxRecieveBuffer is default set at 10485760 (10MB -- how much actual
data can I request back -- i.e. sending back 50 columns of data for
20 records might get you there -- total guess)
MaxResultSetSize is default set to 262144 (number of individual
records you can request -- seems like a lot).
If you can verify these values in your Active directory implementation,
and respond with them, that would help.
Can you also send the value of your $strAttrs variable, as I am confused
by the thread below as it is referenced twice. It looks like you either
want the 'distinguishedname' or the 'name' -- neither should bet you
anywhere close to 10MB, but the distinguishedname is much larger, and
dependent on your ou structure.
P.S. What is your Activestate Perl version?
Steven
-Original Message-
From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com]
Sent: Tuesday, April 26, 2011 9:07 AM
To: Steven Manross; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
Well... by adding your suggestion, I noticed there was an OU
that I has missed in my array.
Adding that OU to the array gave me the error I normally get.
It says there are 960 users in that OU. However if I do a
Find in ADUC on just that OU, it says there are 4268 users.
I thought the whole point to setting the Page Size variable
was to momentarily get around the search limits.
Is that not the case?
-Original Message-
From: Steven Manross [mailto:ste...@manross.net]
Sent: Tuesday, April 26, 2011 11:53 AM
To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
I would assume that if you are getting a size limit error,
that you are hitting a hard maximum that AD implements to
make sure that you don't sit all day parsing through results
and degrade performance on this DC as a result.
Your query is pulling back every user object in your AD
infrastructure (enabled, disabled, etc) if I am correctly
identifying your filter below.
my $strFilter = ((objectclass=user)(objectcategory=person));;
How many users do you have in AD? (when you use the Array
permutation of this script (that works correctly), can you...
print total users in this OU: . $objRS-{RecordCount} . \n;
...to see how many users we are talking about?)
If you dare, and you do indeed have tons of users in your AD,
you can change the hard max size limit because of your AD
infrastructure size, but it would probably be advisable to
limit the scope of this change to
1 Domain Controller, or one Site, as this could pose a
Security threat in the form of a DOS attack on AD if you
increase either of these limits because you want to pull back
all the users. The article below goes through making that
change, but use it with care.
As well, I am also wondering if you want all the users (enabled and
disabled) as part of this, as you could totally descope the
disabled users with a modified filter, and possibly reduce
your resultset to the upper limits of the default size
limits in AD. If you really do want All the users, and
pulling only the enabled ones gets you under the size limit,
you could definitely do a second search for the disabled ones
as I am sure that you'd want to handle them differently than
the enabled users.
http://support.microsoft.com/kb/315071
You're hitting one of these two limits:
MaxResultSetSize
MaxReceiveBuffer
HTH
Steven
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com]
On Behalf
Of Gomes, Rich
Sent: Tuesday, April 26, 2011 8:24 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
So, a lot of people have given some great suggestions but I
am still
unable to get this to work and am still confused.
The nearest I have been able to come is to create an array with the
different OU's that contain users within our domain.
Anything without the array (just looking at the entire domain all at
once) throws the error below.
Using the array works but it seems pretty hackey. Plus I
will need to
always be sure I have every OU that contains users in it at
all times.
I really wanted
RE: AD Page Size help
Here are the values from ntdsutil:
ldap policy: Show Values
Policy Current(New)
MaxReceiveBuffer10485760
MaxPageSize 1000
MaxResultSetSize262144
So it definite looks as if I am hitting the PageSize limit as everything I
query stops at 1000 results.
So, I thought that setting this in the script would temporarily allow you to
get more results or is the only way to get more results to change it in AD
itself?
-Original Message-
From: Steven Manross [mailto:ste...@manross.net]
Sent: Tuesday, April 26, 2011 1:30 PM
To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
So, there is a difference between page size and size limit. If you hit a
problem with PageSize, the query grabs the first 1000 records and then calls it
done (providing your MaxPageSize = 1000), without error. You are getting a
size limit error, which means that something is prohibiting you from getting
the number or size of results you want.
HTH
The KB article describes that Absolute Limits that AD will search with.
Note that the:
MaxPageSize is usually set to 1000 (how many records to send in a given chunk
of data -- you can request lots of chunks as long as they don't exceed the
other maximums as well). Setting Page Size to something = 1000 fixes that.
MaxRecieveBuffer is default set at 10485760 (10MB -- how much actual data can
I request back -- i.e. sending back 50 columns of data for
20 records might get you there -- total guess)
MaxResultSetSize is default set to 262144 (number of individual records you
can request -- seems like a lot).
If you can verify these values in your Active directory implementation, and
respond with them, that would help.
Can you also send the value of your $strAttrs variable, as I am confused by the
thread below as it is referenced twice. It looks like you either want the
'distinguishedname' or the 'name' -- neither should bet you anywhere close to
10MB, but the distinguishedname is much larger, and dependent on your ou
structure.
P.S. What is your Activestate Perl version?
Steven
-Original Message-
From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com]
Sent: Tuesday, April 26, 2011 9:07 AM
To: Steven Manross; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
Well... by adding your suggestion, I noticed there was an OU that I
has missed in my array.
Adding that OU to the array gave me the error I normally get.
It says there are 960 users in that OU. However if I do a Find in ADUC
on just that OU, it says there are 4268 users.
I thought the whole point to setting the Page Size variable was to
momentarily get around the search limits.
Is that not the case?
-Original Message-
From: Steven Manross [mailto:ste...@manross.net]
Sent: Tuesday, April 26, 2011 11:53 AM
To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
I would assume that if you are getting a size limit error, that you
are hitting a hard maximum that AD implements to make sure that you
don't sit all day parsing through results and degrade performance on
this DC as a result.
Your query is pulling back every user object in your AD infrastructure
(enabled, disabled, etc) if I am correctly identifying your filter
below.
my $strFilter = ((objectclass=user)(objectcategory=person));;
How many users do you have in AD? (when you use the Array permutation
of this script (that works correctly), can you...
print total users in this OU: . $objRS-{RecordCount} . \n;
...to see how many users we are talking about?)
If you dare, and you do indeed have tons of users in your AD, you can
change the hard max size limit because of your AD infrastructure size,
but it would probably be advisable to limit the scope of this change
to
1 Domain Controller, or one Site, as this could pose a Security threat
in the form of a DOS attack on AD if you increase either of these
limits because you want to pull back all the users. The article below
goes through making that change, but use it with care.
As well, I am also wondering if you want all the users (enabled and
disabled) as part of this, as you could totally descope the disabled
users with a modified filter, and possibly reduce your resultset to
the upper limits of the default size limits in AD. If you really do
want All the users, and pulling only the enabled ones gets you under
the size limit, you could definitely do a second search for the
disabled ones as I am sure that you'd want to handle them differently
than the enabled users.
http://support.microsoft.com/kb/315071
You're hitting one of these two limits:
MaxResultSetSize
MaxReceiveBuffer
HTH
Steven
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin
RE: AD Page Size help
Forgot to mention perl version:
5.8.9
Only that far back due to incompatibility with some of Dave Roth's Win32
modules and newer versions of perl
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes,
Rich
Sent: Tuesday, April 26, 2011 1:41 PM
To: Steven Manross; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
Here are the values from ntdsutil:
ldap policy: Show Values
Policy Current(New)
MaxReceiveBuffer10485760
MaxPageSize 1000
MaxResultSetSize262144
So it definite looks as if I am hitting the PageSize limit as everything I
query stops at 1000 results.
So, I thought that setting this in the script would temporarily allow you to
get more results or is the only way to get more results to change it in AD
itself?
-Original Message-
From: Steven Manross [mailto:ste...@manross.net]
Sent: Tuesday, April 26, 2011 1:30 PM
To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
So, there is a difference between page size and size limit. If you hit a
problem with PageSize, the query grabs the first 1000 records and then calls it
done (providing your MaxPageSize = 1000), without error. You are getting a
size limit error, which means that something is prohibiting you from getting
the number or size of results you want.
HTH
The KB article describes that Absolute Limits that AD will search with.
Note that the:
MaxPageSize is usually set to 1000 (how many records to send in a given chunk
of data -- you can request lots of chunks as long as they don't exceed the
other maximums as well). Setting Page Size to something = 1000 fixes that.
MaxRecieveBuffer is default set at 10485760 (10MB -- how much actual data can
I request back -- i.e. sending back 50 columns of data for
20 records might get you there -- total guess)
MaxResultSetSize is default set to 262144 (number of individual records you
can request -- seems like a lot).
If you can verify these values in your Active directory implementation, and
respond with them, that would help.
Can you also send the value of your $strAttrs variable, as I am confused by the
thread below as it is referenced twice. It looks like you either want the
'distinguishedname' or the 'name' -- neither should bet you anywhere close to
10MB, but the distinguishedname is much larger, and dependent on your ou
structure.
P.S. What is your Activestate Perl version?
Steven
-Original Message-
From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com]
Sent: Tuesday, April 26, 2011 9:07 AM
To: Steven Manross; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
Well... by adding your suggestion, I noticed there was an OU that I
has missed in my array.
Adding that OU to the array gave me the error I normally get.
It says there are 960 users in that OU. However if I do a Find in ADUC
on just that OU, it says there are 4268 users.
I thought the whole point to setting the Page Size variable was to
momentarily get around the search limits.
Is that not the case?
-Original Message-
From: Steven Manross [mailto:ste...@manross.net]
Sent: Tuesday, April 26, 2011 11:53 AM
To: Gomes, Rich; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
I would assume that if you are getting a size limit error, that you
are hitting a hard maximum that AD implements to make sure that you
don't sit all day parsing through results and degrade performance on
this DC as a result.
Your query is pulling back every user object in your AD infrastructure
(enabled, disabled, etc) if I am correctly identifying your filter
below.
my $strFilter = ((objectclass=user)(objectcategory=person));;
How many users do you have in AD? (when you use the Array permutation
of this script (that works correctly), can you...
print total users in this OU: . $objRS-{RecordCount} . \n;
...to see how many users we are talking about?)
If you dare, and you do indeed have tons of users in your AD, you can
change the hard max size limit because of your AD infrastructure size,
but it would probably be advisable to limit the scope of this change
to
1 Domain Controller, or one Site, as this could pose a Security threat
in the form of a DOS attack on AD if you increase either of these
limits because you want to pull back all the users. The article below
goes through making that change, but use it with care.
As well, I am also wondering if you want all the users (enabled and
disabled) as part of this, as you could totally descope the disabled
users with a modified filter, and possibly reduce your resultset to
the upper limits of the default size limits in AD. If you really do
want All the users, and pulling only
RE: AD Page Size help
To everyone..
My apologies are due, as I seem to have code floating around the
internet that doesn't work as a paged query (and have professed that it
works as a paged LDAP query).
:( Sorry. :(
The actual problem seems to be that declaring the:
$objCMD-{Properties}-{Page Size} = 100; #or 1000, etc (= the
MaxPageSize defined by AD)
...prior to setting the
$objCMD-{ActiveConnection} = $Conn;
Causes issues for paged searches (guessing that something gets reset to
a bad value during that declaration).
A proper (working) subroutine is below:
While I have commented out the while loop, the print recordcount
should suffice to show that if you have more than 1000 user objects to
display, it does because the query is returning the proper number of
records (instead of 1000).
I added 1027 user accounts to my test lab to guarantee my query works
now, as using someone else's AD to test might not always be a good test
if they have changed defaults (which I am also guilty of). :(
Again, Apologies. :(
HTH
Steven
Code (based off of Rich Gomes' test with modifications):
---
use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP://DC=somedomain,DC=com;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
query_ldap($strBase . $strFilter . $strAttrs . $strScope,$objRS);
print records = . $objRS-{RecordCount}.\n;
#while (! $objRS-EOF) {
# print $objRS-Fields(0)-Value,\n;
# $objRS-MoveNext;
#}
sub query_ldap {
my $ldap_query = $_[0];
my $error_num;
my $error_name;
my $RS;
my $Conn = Win32::OLE-new(ADODB.Connection);
if (Win32::OLE-LastError() != 0) {
print Failed creating ADODB.Connection object
(.Win32::OLE-LastError().)\n - $ldap_query\n;
return 0;
}
$Conn-{'Provider'} = ADsDSOObject;
if (Win32::OLE-LastError() != 0) {
print Failed setting ADODB.Command Provider
(.Win32::OLE-LastError().)\n - $ldap_query\n;
return 0;
}
$Conn-{Open} = Perl Active Directory Query;
my $Cmd = Win32::OLE-new(ADODB.Command);
if (Win32::OLE-LastError() != 0) {
print Failed creating ADODB.Command object
(.Win32::OLE-LastError().)\n - $ldap_query\n;
return 0;
}
$Cmd-{CommandText} = $ldap_query;
$Cmd-{ActiveConnection} = $Conn;
$Cmd-{Properties}-{Page Size} = 100;
$RS = $Cmd-Execute();
if (Win32::OLE-LastError() != 0) {
print Failed Executing ADODB Command object
(.Win32::OLE-LastError().)\nExecuting ADODB Command -
$ldap_query\n;
return 0;
} else {
$_[1] = $RS;
return 1;
}
}
-Original Message-
From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com]
Sent: Tuesday, April 26, 2011 11:06 AM
To: Steven Manross
Subject: RE: AD Page Size help
use Win32::OLE qw(in);
use Data::Dumper;
$Win32::OLE::Warn = 3;
my $strBase = LDAP://DC=mydomain,DC=com;;
# To search the whole forest using the global catalog,
uncomment the following line:
# $strBase = GC:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject;
$objConn-Open;
#$ADOCmd-Properties-{Page Size}=1;
#$objConn-Properties-{Page Size}=1;
#$objADOcmd-Properties-{Page Size} = 10;
#$objConn-{Properties}-{Page Size} = 10;
#$objConn-Properties(Page Size)-{Value} = 10;
#$ADOrs-PageSize-{Value}=1; #$objConn-PageSize-{Value}=1;
my $objRS = Win32::OLE-new(ADODB.RecordSet);
$objRS-PageSize-{Value}=100;
my $objRS = $objConn-Execute($strBase . $strFilter .
$strAttrs . $strScope); $objRS-MoveFirst; while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
-Original Message-
From: Steven Manross [mailto:ste...@manross.net]
Sent: Tuesday, April 26, 2011 2:02 PM
To: Gomes, Rich
Subject: RE: AD Page Size help
Resend me the script, please, in it's current form..
Obfuscate proprietary info (OUs, etc)
Steven
-Original Message-
From: Gomes, Rich [mailto:rich.go...@uniform.aramark.com]
Sent: Tuesday, April 26, 2011 10:52 AM
To: Gomes, Rich; Steven Manross;
perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
Forgot to mention perl version:
5.8.9
Only that far back due to incompatibility with some of Dave Roth's
Win32 modules and newer versions of perl
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com]
On Behalf
Of Gomes, Rich
Sent: Tuesday, April 26, 2011 1:41 PM
To: Steven Manross; perl-win32-admin@listserv.ActiveState.com
Subject: RE: AD Page Size help
Here are the values from ntdsutil:
ldap policy: Show Values
Policy
Re: AD Page Size help
Hello,
try the following way, it has worked for a couple of times in the past:
use Win32::OLE;
$Win32::OLE::Warn = 3;
# connect to AD with explicit credentials
my $conn = Win32::OLE-new('ADODB.Connection');
$conn-{Provider} = 'ADsDSObject';
$conn-Properties-{'User ID'} = 'cn=Strat,ou=User,dc=myDomain,dc=tld';
$conn-Properties-{'Password'} = 'secret';
$conn-open('ADSI Provider');
# search configuration
my $searchBase = 'ou=Benutzer,dc=myDomain,dc=tld';
my $searchFilter = '((objectClass=user)(sn=F*))';
my $scope= 'SubTree';
my @wantedAttributes = qw( ADsPath cn sn givenName userPrincipalName
objectGuid title telephoneNumber );
# build AD search string
my $searchString = join( ';', $searchBase, $searchFilter,
join(,, @wantedAttributes), $scope );
# create a command/search object
my $adoCmd = Win32::OLE-new('ADODB.Command');
$adoCmd-{ActiveConnection} = $conn;
$adoCmd-{CommandText} = $searchString;
$adoCmd-Properties-{'Page Size'} = 1000;
# fetch resultsets
my $rs = Win32::OLE-new('ADODB.RecordSet');
$rs-Open( { Source = $adoCmd } );
# fetch entries
while( not $rs-EOF ) {
my( %data ) = map {
$wantedAttributes[$_] = $rs-Fields($_)-{Value}
} 0..$#wantedAttributes;
if( exists $data{objectGuid} ) { # objectGuid is octettstring (=binary)
$data-{objectGuid} = unpack( 'H*', $data-{objectGuid} );
} # if
print $_ = $data{$_}\n foreach sort keys %data;
$rs-MoveNext; # move cursor to next object
} # while
$conn-Close();
Regards,
Strat
-Ursprüngliche Nachricht-
From: Gomes, Rich
Sent: Thursday, April 21, 2011 5:18 PM
To: perl-win32-admin@listserv.ActiveState.com
Subject: AD Page Size help
I know this has been talked about a lot but I cannot seem to get my script
to work.
I am trying to not hit the LDAP search limit but cannot seem to get the
PageSize line correct
Any thoughts?
_
my $strDomainDN = DC=mydomain,DC=com;
use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject;
$objConn-Open;
$objConn-{Properties}-{Page Size} = 100;
my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs .
$strScope);
$objRS-MoveFirst;
while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
___
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
I have had issues in the past where searching with a null base inside AD
yielded errors, but putting one level of OU in the base made it work.
(the first time I encountered that, it was with AD integration with apache).
Maybe adjusting the base will yield different results.
Thanks,
Jok
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-
win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich
Sent: Thursday, April 21, 2011 8:18 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: AD Page Size help
I know this has been talked about a lot but I cannot seem to get my
script to work.
I am trying to not hit the LDAP search limit but cannot seem to get the
PageSize line correct
Any thoughts?
___
__
my $strDomainDN = DC=mydomain,DC=com;
use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject;
$objConn-Open;
$objConn-{Properties}-{Page Size} = 100;
my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs .
$strScope);
$objRS-MoveFirst;
while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
___
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
Hi Michele,
Thanks for the tips.
Here is what I get for an error:
The size limit for this request was exceeded.
Win32::OLE(0.1709) error 0x80072023: The size limit for this request was
exceeded
in METHOD/PROPERTYGET MoveNext at temp-perl-findallusers.pl line 62
If I add this line:
$objConn-Properties('Page Size')-{Value} = 10;
I get this for an error:
OLE exception from ADODB.Connection:
Item cannot be found in the collection corresponding to the requested name
or ordinal.
Win32::OLE(0.1709) error 0x800a0cc1
in METHOD/PROPERTYGET Properties at temp-perl-findallusers.pl line 58
Thanks,
Rich
From: Michele Berg [mailto:michele.r.b...@gmail.com]
Sent: Thursday, April 21, 2011 11:34 AM
To: Gomes, Rich
Subject: Re: AD Page Size help
Also, something you may want to consider - are you sure you're hitting a search
limit? Depending on the structure of your domain and how deeply-nested it is,
you may need to chase referrals in order to search sub-domains:
$objConn-Properties('Chase Referrals')-{Value} = ADS_CHASE_REFERRALS_ALWAYS;
Michele
On Thu, Apr 21, 2011 at 10:31 AM, Michele Berg michele.r.b...@gmail.com wrote:
When I set my page size, I set it like so:
$objConn-Properties('Page Size')-{Value} = 10;
Notice that the number you use here doesn't seem to limit the number of records
returned by the query - it just affects behind-the-scenes ADSI processing. We
originally tried 1000 but it occasionally hung; once we reduced it to 10 we had
no more problems. The large page size seemed to allow some timeouts to occur.
hth,
Michele
On Thu, Apr 21, 2011 at 10:18 AM, Gomes, Rich rich.go...@uniform.aramark.com
wrote:
I know this has been talked about a lot but I cannot seem to get my script to
work.
I am trying to not hit the LDAP search limit but cannot seem to get the
PageSize line correct
Any thoughts?
_
my $strDomainDN = DC=mydomain,DC=com;
use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject;
$objConn-Open;
$objConn-{Properties}-{Page Size} = 100;
my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope);
$objRS-MoveFirst;
while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
___
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
-Original Message-
From: perl-win32-admin-boun...@listserv.activestate.com [mailto:perl-
win32-admin-boun...@listserv.activestate.com] On Behalf Of Gomes, Rich
Sent: Thursday, April 21, 2011 11:18 AM
To: perl-win32-admin@listserv.ActiveState.com
Subject: AD Page Size help
I know this has been talked about a lot but I cannot seem to get my
script to work.
I am trying to not hit the LDAP search limit but cannot seem to get the
PageSize line correct
Any thoughts?
I never tried to do paged queries via Win32::OLE, instead I used the
following modules:
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );
calls like this worked for me:
my( $ldap ) = Net::LDAP-new( $ldapHost ) or die $@;
.
.
.
$mesg = $ldap-bind( $ID, password = $PW );
$page = Net::LDAP::Control::Paged-new( size = PAGE_SIZE );
@args = (
Sizelimit = LDAP_SIZELIMIT,
scope = LDAP_SCOPE,
base = makeBaseDN,
filter= LDAP_FILTER,
attrs = [ LDAP_ATTR ],
control = [ $page ],
);
while( 1 ) {
$mesg = $ldap-search( @args );
last if ( $mesg-code $mesg-code != 4 );
foreach my $entry ( $mesg-entries ) {
my $dn = $entry-dn();
foreach my $attr ( $entry-attributes ) {
my $value = $entry-get_value( $attr );
# do something with $value
}
}
$objCount += $mesg-count;
last unless my( $resp ) = $mesg-control( LDAP_CONTROL_PAGED );
last unless $cookie = $resp-cookie;
$page-cookie( $cookie );
}
if ( $cookie ) {
printf $tee INFO: query interrupted: %s: %s!\n, $mesg-code,
$mesg-error;
$page-cookie( $cookie );
$page-size( 0 );
$ldap-search( @args );
foreach my $entry ( $mesg-entries ) {
my $dn = $entry-dn();
foreach my $attr ( $entry-attributes ) {
my $value = $entry-get_value( $attr );
# do something with $value
}
}
$objCount += $mesg-count;
}
$mesg = $ldap-unbind; # take down session
___
__
my $strDomainDN = DC=mydomain,DC=com;
use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject;
$objConn-Open;
$objConn-{Properties}-{Page Size} = 100;
my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs .
$strScope);
$objRS-MoveFirst;
while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
___
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
smime.p7s
Description: S/MIME cryptographic signature
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: AD Page Size help
Here's what I put in:
$objConn-Properties(Page Size)-{Value} = 10;
(Also tried single quotes), but still get the same error.
Tried the DataDumper line as well... same issue
From: Michele Berg [mailto:michele.r.b...@gmail.com]
Sent: Thursday, April 21, 2011 11:57 AM
To: Gomes, Rich
Subject: Re: AD Page Size help
Hi Rich,
Try setting your page size to 10 using your original syntax. We've set our
queries up a little differently.
However, this doesn't look like a page size issue. If it was, you wouldn't
ever get to the MoveNext.
Do you have Data::Dumper loaded on your system? I'd use it, and then instead
of doing a simple print within your while loop, I'd do
print Dumper($objRS-Fields(0)-Value);
If that doesn't work, I can send you the way that I set up my connection,
because I know that it works.
Michele
On Thu, Apr 21, 2011 at 10:45 AM, Gomes, Rich rich.go...@uniform.aramark.com
wrote:
Hi Michele,
Thanks for the tips.
Here is what I get for an error:
The size limit for this request was exceeded.
Win32::OLE(0.1709) error 0x80072023: The size limit for this request was
exceeded
in METHOD/PROPERTYGET MoveNext at temp-perl-findallusers.pl line 62
If I add this line:
$objConn-Properties('Page Size')-{Value} = 10;
I get this for an error:
OLE exception from ADODB.Connection:
Item cannot be found in the collection corresponding to the requested name
or ordinal.
Win32::OLE(0.1709) error 0x800a0cc1
in METHOD/PROPERTYGET Properties at temp-perl-findallusers.pl line 58
Thanks,
Rich
From: Michele Berg [mailto:michele.r.b...@gmail.com]
Sent: Thursday, April 21, 2011 11:34 AM
To: Gomes, Rich
Subject: Re: AD Page Size help
Also, something you may want to consider - are you sure you're hitting a search
limit? Depending on the structure of your domain and how deeply-nested it is,
you may need to chase referrals in order to search sub-domains:
$objConn-Properties('Chase Referrals')-{Value} = ADS_CHASE_REFERRALS_ALWAYS;
Michele
On Thu, Apr 21, 2011 at 10:31 AM, Michele Berg michele.r.b...@gmail.com wrote:
When I set my page size, I set it like so:
$objConn-Properties('Page Size')-{Value} = 10;
Notice that the number you use here doesn't seem to limit the number of records
returned by the query - it just affects behind-the-scenes ADSI processing. We
originally tried 1000 but it occasionally hung; once we reduced it to 10 we had
no more problems. The large page size seemed to allow some timeouts to occur.
hth,
Michele
On Thu, Apr 21, 2011 at 10:18 AM, Gomes, Rich rich.go...@uniform.aramark.com
wrote:
I know this has been talked about a lot but I cannot seem to get my script to
work.
I am trying to not hit the LDAP search limit but cannot seem to get the
PageSize line correct
Any thoughts?
_
my $strDomainDN = DC=mydomain,DC=com;
use Win32::OLE qw(in);
$Win32::OLE::Warn = 3;
my $strBase = LDAP:// . $strDomainDN . ;;
my $strFilter = ((objectclass=user)(objectcategory=person));;
my $strAttrs = name;;
my $strAttrs = distinguishedName;;
my $strScope = subtree;
my $objConn = Win32::OLE-CreateObject(ADODB.Connection);
$objConn-{Provider} = ADsDSOObject;
$objConn-Open;
$objConn-{Properties}-{Page Size} = 100;
my $objRS = $objConn-Execute($strBase . $strFilter . $strAttrs . $strScope);
$objRS-MoveFirst;
while (not $objRS-EOF) {
print $objRS-Fields(0)-Value,\n;
$objRS-MoveNext;
}
___
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
___
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
