Re: Can we limit the total number of search results returned?
From: Richard Mueller [MVP] (rlmueller-NOSPAM_at_ameritech.NOSPAM.net)
Date: 04/19/04
- Next message: Jupiter Jones [MVP]: "Re: Gray hair on user image?"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: ADAM password"
- In reply to: Brian Desmond [MVP]: "Re: Can we limit the total number of search results returned?"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: Can we limit the total number of search results returned?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 19 Apr 2004 09:52:58 -0500
Hi,
When using ADO to search AD, the Command object has a "Size Limit" property,
which is the number of records the domain controller will return before
completing the search. The default value is 1000. I was told by Microsoft
that increasing this limit on the client would have no affect because a
similar limit exists on the server. I was also told that the server-side
policy can be adjusted, but it was not recommended to increase it as it
affects performance.
The article linked below describes a group policy setting:
http://support.microsoft.com/default.aspx?scid=kb;en-us;243281
This article states that the default limit is 10,000 records. The help on
the policy says the same. It sounds like this setting is what you want.
Group Policy - User Configuration, Administrative Templates, Desktop, Active
Directory - "Maximum size of Active Directory searches".
-- Richard Microsoft MVP Scripting and ADSI HilltopLab web site - http://www.rlmueller.net -- "Brian Desmond [MVP]" <desmondb@payton.cps.k12.il.us> wrote in message news:OjCqC5bJEHA.3592@TK2MSFTNGP09.phx.gbl... > It's called defaultPageSize or something like that - default is 1000 (hence > the 1000 users/group thing in S.DS I think). > > -- > -- > Brian Desmond > Windows Server MVP > desmondb@payton.cps.k12.il.us > > http://www.briandesmond.com > > > "Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message > news:e4Y%236vYJEHA.2556@TK2MSFTNGP11.phx.gbl... > > There is a client side way to do that, > > (http://support.microsoft.com/default.aspx?scid=kb;en-us;243281) but I was > > thinking there was a server side way to do the same via ntdsutil. What > has > > me perplexed, is why you would want to do that. > > I mean, why are you putting email addresses in the directory if you don't > > want them read? Or is it just that you don't want the entire directory > > pulled down at one time (presumably, 100 at a time is OK?). > > > > Can you expand on why you would want to limit that number below the > default > > 10,000? > > > > > > "Eric Chamberlain" <eric.chamberlain@newsgroups.nospam> wrote in message > > news:%23l49UkWJEHA.2736@TK2MSFTNGP12.phx.gbl... > > > We have 40,000 users and don't want them to be able to pull all the > > e-mail > > > addresses from AD. In iPlanet, we can limit the search results to 100 > > > records. Is there an equivalent setting we can configure on the domain > > > controllers, without impacting normal functions? > > > > > > Users may be connecting via LDAP and paging. I see we can limit page > > > results returned, but we want to limit the entire search results. > > > > > > Currently we can track abuses by logging expensive queries and long > > running > > > queries, but we would rather be proactive than reactive. > > > > > > > > > > > >
- Next message: Jupiter Jones [MVP]: "Re: Gray hair on user image?"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: ADAM password"
- In reply to: Brian Desmond [MVP]: "Re: Can we limit the total number of search results returned?"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: Can we limit the total number of search results returned?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
