Dieser Wert kann jedoch angepasst werden.
Siehe dazu folgende Anleitung (http://www.selfadsi.org/search.htm#PagedResults):
Configuring the maximal number of result entries (Active Directory)
In an directory search performed with ADO you have to keep in mind that a Windows domain controller only returns up to 1000 object in a search result per default. This behavior is designed to avoid a denial of service attack, in which normal users (which have read permissions in the directory by default) can overstress a domain controller with massive LDAP searches.
The maximum count of returned search results is configured with the server parameter 'MaxPageResult'. This parameter can be configured with the utility NTDSUTIL. The details are outlined in the Microsoft knowledge base article Q315071. You have to launch NTDSUTIL as an enterprise administrator on a domain controller and you have to enter the following commands then:
ldap policies
connections
connect to server <name of the local domain controller>
quit
set maxpagesize to <new maximum value for search results>
commit changes
quit
Don't forget to use the command commit changes, otherwise the changes don't become operative! By the way: This parameter is a global configuration and changes the behavior of all domain controllers in the entire forest (after AD synchronization took place). There is no reboot of any domain controller necessary.
- dos.jpg (69.72 KiB) 5459 mal betrachtet
Did you know that these LDAP policies are stored directly in the configuration partition of the directory, namely in this object: cn=Default Query Policy,cn=Query-Policies,cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=Forest RootDomain. This object has an attribute named lDAPAdminLimits:
- adsi.jpg (122.78 KiB) 5458 mal betrachtet