On Wed, Sep 26, 2012 at 5:46 AM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Steven Jones wrote:
>> I dont have a ldapmodify command for changing something in AD.
>> I have increased the only scope I/we know about which is the return of
>> objects from a search inside the AD gui but that might be specific to that
>> view tool. That is 2000 by default, Ive set 40000, I am testing it now, if
>> that doesn't work....
>> Our best AD person is currently researching to see if its even possible to
>> alter that hard code in AD. The only way he can see is using a windows/ad
>> specific command line command to modify the internals of AD but he's never
>> seen or read about doing it for this attribute.
sounds like you need to upgrade your MaxPageSize and LDAPAdminLimits
attribute of the Default Query Policy object in the Query-Policies
container. We needed to do this to be able to get more than 1000
objects from AD a long time ago.
The details I used back then were here:
cmd.exe -> ntdsutil.exe (on a domain controller)
At the Ntdsutil.exe command prompt, type LDAP policies, and then press ENTER.
show values [enter]
ldap policy: show values
We want to change MaxPageSize.
First we need to authenticate:
set creds domain user pwd
connect to domain your.domain
then we got to ldap policy
set MaxPageSize to 2000
Freeipa-users mailing list