Each DC uses the settings in its replica of the query policy object specified in the queryPolicyObject attribute of its corresponding nTDSDSA object. By default this attribute doesn't exist, so each DC uses its replica of CN=Default Query Policy. The key point here is that if you make a change to the queryPolicy object, you do have to wait for replication to occur before the change will take effect on other DCs.
A strategy for changing DC query policies is to create a new queryPolicyObject in the CN=Query-Policies containiner, and then set the queryPolicyObject attribute of the nTDSDSA object of each DC to refer to it. This way you keep the MSFT default query policy parameters around, and only change the query policies for those DCs that need it (assuming that not all DCs really need the change). -gil Gil Kirkpatrick Chief Technology Officer, NetPro Author of "Active Directory Programming" from MacMillan Got eBook? Get your free Active Directory Troubleshooting eBook at: http://www.netpro.com/ebook -----Original Message----- From: Parker, Edward [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 9:06 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] 1000 row limit I just tested this in the lab. I made the change to the root domain (1 DC) and forced replication to all DCs in the forest. I checked the settings on the other DCs (Both in the root and child) and the new settings was enabled. So this does not need to be done on each DC, but it does hit all DCs in the forest. Anyone want to confirm these findings? -----Original Message----- From: Darren Sykes [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 8:15 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] 1000 row limit That's what I thought, though didn't want to disagree for the sake of it! I would have thought that CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,dc=yourdomain,dc=com would be used. More specifically, the ldapadminlimits (multi-valued) attribute where one of the values is MaxPageSize=x. In that case, is this forest wide????? Darren. -----Original Message----- From: Neceda,Thomas W - LGA [mailto:[EMAIL PROTECTED]] Sent: 05 June 2002 14:01 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] 1000 row limit Actually, I'm pretty sure that a NTDSUTIL change made to any DC will replicate to all other DCs so there would be no reason to set each DC. Could be wrong though....wouldn't be the first time -----Original Message----- From: Parker, Edward [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 8:42 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] 1000 row limit Yes it is called LDAP policy and is set on each DC. -----Original Message----- From: Darren Sykes [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 2:11 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] 1000 row limit Yes, there is, though I thought it was a domain wide setting rather than a domain controller. You can use either NTDSUTIL or an LDAP client to manually change it, though it's not recommended!! Darren. -----Original Message----- From: Fleenor Todd [mailto:[EMAIL PROTECTED]] Sent: 22 April 2002 22:51 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] 1000 row limit Is there a setting on an AD Domain controller that limits the size of LDAP queries to 1000? I have read about using paging, etc. with ADO, but wanted to know if there was also a setting on the Active Directory Domain Contoller. Thanks! List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
