MaxValRange - This value controls the number of values that are returned for an attribute of an object, independent of how many attributes that object has, or of how many objects were in the search result. In Windows 2000 this control is "hard" coded at 1,000. If an attribute has more than the number of values that are specified by the MaxValRange value, you must use value range controls in LDAP to retrieve values that exceed the MaxValRange value. MaxValueRange controls the number of values that are returned on a single attribute on a single object.
The repurcussion is that it would be easier to allow a bad or otherwise expensive query have a greater impact on your domain controllers. Generally it's not a good idea to change this safeguard. My advice? I think it should be considered a high risk item. The reason is because if the vendor is unwilling to change their query to be more efficient, then it indicates to me that there is a significant risk of that same vendor taking down my DCs with a bad query. It also opens the door for other vendors to cause that same issue. Force the vendor to fix the query else find another vendor if you can. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, June 17, 2005 10:50 AM To: [email protected] Subject: [ActiveDir] Effect of change to MaxValRange All, What are the effects of changing the MaxValRange value? I have a vendor that does not want to change their code for LDAP queries that exceed this value. I wanted to know what repercussions I would experience if I increase it to 4,000. Chris List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
