Increasing the number of objects returned in a single LDAP query

by Shijaz Abdulla on 09.10.2008 at 16:33

By default, windows returns only a maximum of 1000 objects in response to a single LDAP query. This can be a limitation when you have more than 1000 objects in your Active Directory and you are running some kind of script that does a bulk import of objects (user accounts and/or computers) from Active Directory.

Some applications like Adobe Connect also require such bulk imports. If you find that the number of user accounts imported from Active Directory is exactly 1000 when you are sure there are more, its time to take a look at this.

The 1000-object limit is governed by the MaxPageSize LDAP administration limit, which is defined using NTDSUTIL. To increase the value:

  1. Open Command Prompt on a domain controller, logged in as domain administrator.
  2. Type NTDSUTIL and press ENTER.
  3. In the ntdsutil: prompt, type ldap policies
  4. In the ldap policy: prompt, type connections
  5. In the server connections: prompt, type connect to server <FQDN of domain controller>
  6. Once you are connected, type q to come back to the ldap policy: prompt.
  7. If you type show values, you can see the current value for the administration limits, including the MaxPageSize limit.
  8. To change the value to allow up to 30,000 objects to be returned in a single LDAP query, type set MaxPageSize to 30000
  9. You can view your changes by typing Show Changes. Note that the new values appear in brackets, because you have not yet commited your changes.
  10. To commit changes type commit changes


Trackback Permanent Link

3 Responses to Increasing the number of objects returned in a single LDAP query

Leave a Reply