LDAP directories have limits on the size of results that they will return. Consider a group with a million members. It could consume all of your available memory to return the result from the LDAP database. That isn't desirable.
So, instead, there is a limit on the number of results returned in single API call. Typically around 1K. So, when using the API itself, you first request values 0-999, then 1000-1999, etc. Part of the result tells you whether or not there are more values to be requested. This API limit is hidden from you by many command line tools like dsquery, adfind, etc. (although all of them do have limits on the number of results that they will return, without setting some specific argument). Not to minimize Steve's contribution (it's great!), but there is a fairly recent port of OpenLDAP for Windows available at http://www.userbooster.de/en/download/openldap-for-windows.aspx that includes ldapsearch. -----Original Message----- From: Guyer, Donald [mailto:[email protected]] Sent: Thursday, March 22, 2012 8:48 AM To: NT System Admin Issues Subject: RE: "ldapsearch" for Windows This looks cool but, what does this mean? " Note: this program does not currently attempt to fetch range-based attributes, such as AD groups with over 1,000 members." Regards, Don Guyer Directory and Messaging Services Catholic Health East, ITSS -----Original Message----- From: Steve Kradel [mailto:[email protected]] Sent: Wednesday, March 21, 2012 6:15 PM To: NT System Admin Issues Subject: "ldapsearch" for Windows Cross-posting this from the ActiveDir list: this tool may be of interest to folks with non-AD directories, maybe you just don't like ldifde, or want to pipe LDIF from stdout to another program. I went ahead and knocked out a quick and dirty .NET LdapSearch. Source code is on GitHub: https://github.com/skradel/Zetetic.Ldap Here's a binary build: http://dl.dropbox.com/u/1742256/Zetetic.Ldap/ZLdapSearch_1.0.zip It is certainly no competitor for AdFind, but it is: * open source * plain old .NET 2 * LDAP v3 directory agnostic * a producer of carefully-managed LDIF output to handle binary values, long strings, and non-7-bit-ASCII characters properly. I might wrangle around the commandline options if there's interest to make it more of a drop-in replacement for ldapsearch, but it is pretty close as it stands. Note: this program does not currently attempt to fetch range-based attributes, such as AD groups with over 1,000 members. It *does* support (but does not require) paging on directory servers that support it. Insert standard "free software, no warranty, provided in hopes you will find it useful" disclaimer here. --Steve ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
