What happens when that isn't enough and they refuse to change again and you have to change your policy once more? How do you know you hit the limit and you aren't dropping entries? The application surely won't know. It will simply think there were only 4000 values and be done with it. If that attribute is for anything important, that could surely spell disaster for something.
It could break applications that handle ranging but have a hard coded value for how big they think the ranges are. This happened to several applications I heard about as well as my own adfind because the developers (and I) assumed that the range returned would always be a certain size. Hopefully it shouldn't be many now since we got caught out in the 2K to K3 MaxValRange change from 1000 to 1500 but you never know. How the apps break depends on the apps, adfind would display some of the same values multiple times. One app I heard would fault out because it knew there couldn't be duplicate values and would hit them thinking there was a directory corruption issue. I expect there could be some hit on perf from slight to pretty bad as additional resources would be tied up for every query that hit objects with more than 1500 values. I am not sure, this isn't something I would ever consider doing outside of playtime in the lab. It is just too dangerous in my opinion. I would consider increasing MaxResultSetSize before I increased MaxValRange and I almost certainly wouldn't ever increase MaxResultSetSize either. I would severely question using that vendor because you don't know what other things they aren't doing correctly for Active Directory. Production AD is not the place to play with crappy directory aware apps. Exchange is more than enough. :o) joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, June 17, 2005 10:50 AM To: [email protected] Subject: [ActiveDir] Effect of change to MaxValRange All, What are the effects of changing the MaxValRange value? I have a vendor that does not want to change their code for LDAP queries that exceed this value. I wanted to know what repercussions I would experience if I increase it to 4,000. Chris List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
