On Wed, Sep 26, 2012 at 5:46 AM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Steven Jones wrote:
>> Hi,
>> I dont have a ldapmodify command for changing something in AD.
>> I have increased the only scope I/we know about which is the return of 
>> objects from a search inside the AD gui but that might be specific to that 
>> view tool.  That is 2000 by default, Ive set 40000, I am testing it now, if 
>> that doesn't work....
>> Our best AD person is currently researching to see if its even possible to 
>> alter that hard code in AD.  The only way he can see is using a  windows/ad 
>> specific command line command to modify the internals of AD but he's never 
>> seen or read about doing it for this attribute.

sounds like you need to upgrade your MaxPageSize and LDAPAdminLimits
attribute of the Default Query Policy object in the Query-Policies
container. We needed to do this to be able to get more than 1000
objects from AD a long time ago.

The details I used back then were here:


cmd.exe -> ntdsutil.exe (on a domain controller)

At the Ntdsutil.exe command prompt, type LDAP policies, and then press ENTER.

show values [enter]
ldap policy: show values

Policy  Current(New)
MaxPoolThreads  4
MaxDatagramRecv         4096
MaxReceiveBuffer        10485760
InitRecvTimeout         120
MaxConnections  5000
MaxConnIdleTime         900
MaxPageSize     1000
MaxQueryDuration        120
MaxTempTableSize        10000
MaxResultSetSize        262144
MaxNotificationPerConn  5
MaxValRange     1500

We want to change MaxPageSize.

First we need to authenticate:
connections [enter]
set creds domain user pwd
connect to domain your.domain

then we got to ldap policy

set MaxPageSize to 2000
Commit Changes


Freeipa-users mailing list

Reply via email to