Thanks Vladimir, You Aelita guys are okay in my book....
Todd -----Original Message----- From: Turin, Vladimir [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 09, 2002 6:14 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Issue enumerating more than 1000 members of a group Todd, When a group contains more than 1000 members, AD (through LDAP or ADSI) returns two "member" attributes, one empty (no values) "member" and second one is "member;1-1000". In this case you should repeat request with "member;1001-2000" attribute requested. And so on, until you get less than you requested. It's an indication that you've fetched all of members. Said is true for any linked attribute. Number "1000" is hardcoded into AD implementation and cannot be changed, so it's safe to embed that number in your script also. <advertising> Aelita EDM ADSI provider automatically does described process. </advertising> Vladimir Turin -----Original Message----- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 09, 2002 1:33 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Issue enumerating more than 1000 members of a group I am using some LDAP tools to enumerate the members of a group and it will only list the first 1000 members. I have tried several tools, all with the same result. Is their a query policy that limits the number of results returned MaxResultSetSize is the only one that comes to mind. Any help is appreciated. Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
