RE: AD Page Size help

I would assume that if you are getting a "size limit" error, that you
are hitting a hard maximum that AD implements to make sure that you
don't sit all day parsing through results and degrade performance on
this DC as a result.

Your query is pulling back every user object in your AD infrastructure
(enabled, disabled, etc) if I am correctly identifying your filter
below.

my $strFilter = "(&(objectclass=user)(objectcategory=person));";

How many users do you have in AD? (when you use the Array permutation of
this script (that works correctly), can you...

print "total users in this OU: " . $objRS->{RecordCount} . "\n";

...to see how many users we are talking about?)

If you dare, and you do indeed have tons of users in your AD, you can
change the hard max size limit because of your AD infrastructure size,
but it would probably be advisable to limit the scope of this change to
1 Domain Controller, or one Site, as this could pose a Security threat
in the form of a DOS attack on AD if you increase either of these limits
because you want to pull back all the users.  The article below goes
through making that change, but use it with care.

As well, I am also wondering if you want "all the users" (enabled and
disabled) as part of this, as you could totally descope the disabled
users with a modified filter, and possibly reduce your resultset to the
upper limits of the default "size limits" in AD.  If you really do want
"All the users", and pulling only the enabled ones gets you under the
size limit, you could definitely do a second search for the disabled
ones as I am sure that you'd want to handle them differently than the
enabled users.

http://support.microsoft.com/kb/315071


You're hitting one of these two limits:

MaxResultSetSize
MaxReceiveBuffer

HTH

Steven
> -----Original Message-----> From: perl...@listserv.ActiveState.com > [mailto:perl...@listserv.ActiveState.com] On > Behalf Of Gomes, Rich> Sent: Tuesday, April 26, 2011 8:24 AM> To: perl...@listserv.ActiveState.com> Subject: RE: AD Page Size help> > So, a lot of people have given some great suggestions but I > am still unable to get this to work and am still confused.> The nearest I have been able to come is to create an array > with the different OU's that contain users within our domain.> Anything without the array (just looking at the entire domain > all at once) throws the error below.> Using the array works but it seems pretty hackey. Plus I will > need to always be sure I have every OU that contains users in > it at all times.> > I really wanted this to be an exercise in understanding the code.> Why does this work with the array but not without?> > > > OLE exception from "Provider":> > The size limit for this request was exceeded.> > Win32::OLE(0.1709) error 0x80072023: "The size limit for this > request was exceeded">     in METHOD/PROPERTYGET "MoveNext" > > > > Thanks,> Rich> > -----Original Message-----> From: perl...@listserv.ActiveState.com > [mailto:perl...@listserv.ActiveState.com] On > Behalf Of Joachim Thuau> Sent: Friday, April 22, 2011 6:45 PM> To: perl...@listserv.ActiveState.com> Subject: RE: AD Page Size help> > I have had issues in the past where searching with a "null > base" inside AD yielded errors, but putting one level of OU > in the base made it work. > (the first time I encountered that, it was with AD > integration with apache). Maybe adjusting the base will yield > different results.> > Thanks,> Jok> > > -----Original Message-----> > From: perl...@listserv.ActiveState.com > [mailto:perl- > > win3...@listserv.ActiveState.com] On Behalf Of > Gomes, Rich> > Sent: Thursday, April 21, 2011 8:18 AM> > To: perl...@listserv.ActiveState.com> > Subject: AD Page Size help> > > > I know this has been talked about a lot but I cannot seem to get my > > script to work.> > I am trying to not hit the LDAP search limit but cannot seem to get > > the PageSize line correct> > > > > > Any thoughts?> > > > > > > ______________________________________________________________________> > _> > ______> > > > my $strDomainDN = "DC=mydomain,DC=com"; use Win32::OLE qw(in);> > > > > > $Win32::OLE::Warn = 3;> > my $strBase   =  "<LDAP://" . $strDomainDN . ">;";> > > > > > my $strFilter = "(&(objectclass=user)(objectcategory=person));";> > my $strAttrs  = "name;";> > my $strAttrs  = "distinguishedName;";> > my $strScope  = "subtree";> > > > my $objConn = Win32::OLE->CreateObject("ADODB.Connection");> > $objConn->{Provider} = "ADsDSOObject"; $objConn->Open;> > > > $objConn->{Properties}->{"Page Size"} = 100;> > > > my $objRS = $objConn->Execute($strBase . $strFilter . $strAttrs .> > $strScope);> > $objRS->MoveFirst;> > while (not $objRS->EOF) {> >     print $objRS->Fields(0)->Value,"\n";> >     $objRS->MoveNext;> > }> > > > > ______________________________________________________________________> > _> > ________> > > > > > > > _______________________________________________> > Perl-Win32-Admin mailing list> > Perl...@listserv.ActiveState.com> > To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs> _______________________________________________> Perl-Win32-Admin mailing list> Perl...@listserv.ActiveState.com> To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs> _______________________________________________> Perl-Win32-Admin mailing list> Perl...@listserv.ActiveState.com> To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs> 
_______________________________________________
Perl-Win32-Admin mailing list
Perl...@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs