+1 for Michael's comment. Paging is a core concept for LDAP directories. Applications that do not understand how to do that properly will probably also do lots of other 'bad' things to your directory.
If the application cannot be fixed and your management insists on moving forward with it broken I would recommend pointing the application to an instance of LDS on a separate system. At least then if when it abuses the directory service it will not be service impacting for your users. /jim ----- James Rupprecht IT Architect, Enterprise Systems The University of Kansas Information Technology Office: +1 785 864-0116<tel:+17858640116> E-mail: [email protected]<mailto:[email protected]> Lync: [email protected]<sip:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Thursday, June 16, 2016 2:45 PM To: [email protected] Subject: [NTSysADM] RE: Active Directory LDAP MaxPageSize limit This is a very bad idea. Fix the application. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Dave Lum Sent: Thursday, June 16, 2016 3:31 PM To: '[email protected]' Subject: [NTSysADM] Active Directory LDAP MaxPageSize limit I've had a request to increase the LDAP MaxPageSize to 5000 (from 1000) due to an application limitation - DC's are 2012 (non-R2). I see the hard coded limit is 20000. The environment in question is fairly small, and the DC's are multi CPU VM's with 8GB RAM and there are under 2000 user objects currently, so I assume my change will have pretty much zero impact on my DC's, yes? Dave Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender with a copy to [email protected]<mailto:[email protected]>, delete this email and destroy all copies.
