You might notice that searches with large numbers of matches stop displaying after 1000. Domain controllers return only a maximum of 1,000 entries from a search unless paging is enabled. This is done to prevent queries from consuming a lot of resources on domain controllers by retrieving the results all at once instead of in “pages” or batches. The following examples are variations of Recipe 4.5, which will show how to enable paging and return all matching entries.
Perform the same steps as in Recipe 4.5, but before clicking OK to start the search, click the Options button.
For Timeout (s), enter a value such as 10.
For Page size, enter the number of objects to be returned with each page—e.g., 1,000.
Under Search Call Type, select Paged.
Click OK.
A page of results (i.e., 1,000 entries) will be displayed each time you click on Run until all results have been returned.
' This code enables paged searching ' ------ SCRIPT CONFIGURATION ------ strBase = "<LDAP://<BaseDN>>;" strFilter = "<Filter>;" strAttrs = "<AttrList>;" strScope = "<Scope>" ' ------ END CONFIGURATION --------- set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objComm = CreateObject("ADODB.Command") objComm.ActiveConnection = objConn objComm.Properties("Page Size") = 1000 objComm.CommandText = strBase & strFilter & strAttrs & strScope set objRS = objComm.Execute objRS.MoveFirst while Not objRS.EOF Wscript.Echo objRS.Fields(0).Value objRS.MoveNext wend
Paged searching support is implemented via an LDAP control. LDAP controls were defined in RFC 2251 and the Paged control in RFC 2696. Controls are extensions to LDAP that were not built into the protocol, so not all directory vendors support the same ones.
Tip
In Active Directory, you can change the default maximum page size of 1,000 by modifying the LDAP query policy. See Recipe 4.23 for more information.
If you need searches to return hundreds of thousands of entries, Active Directory will return a maximum of only 262,144 entries even when paged searching is enabled. This value is defined in the LDAP query policy and can be modified like the maximum page size (see Recipe 4.23).
A word of caution when using LDP to display a large number of entries—by default, only 2,048 lines will be displayed in the right pane. To change that value, go to Options → General and change the Line Value under Buffer Size to a larger number.
The only difference between this solution and Recipe 4.5 is the addition of the -limit 0 flag. With -limit set to 0, paging
will be enabled and all matching objects will be returned. If
-limit is not specified, a maximum of 100 entries.
Recipe 4.5 for searching for objects, Recipe 4.23 for viewing the default LDAP policy, RFC 2251 (Lightweight Directory Access Protocol (v3)), RFC 2696 (LDAP Control Extension for Simple Paged Results Manipulation), and MSDN: Searching with ActiveX Data Objects (ADO)
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
