cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
895
Views
0
Helpful
1
Replies

IronPort Security Management Appliance - Directory Search Results Size

marotts77
Level 1
Level 1

I'm creating an access policy for a web security appliance that is applied to an authorized group within an idenity.  My question is in regards to the number of returned results when using the Directory search function to find and add the group.  Only the first 500 matching entries are shown and attempting to search for the group fails if it isn't part of that first 500.  How do I increase the amount of results returned when searching for groups?

1 Accepted Solution

Accepted Solutions

Tao Yang
Cisco Employee
Cisco Employee

Hello Alex,

By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 groups configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech

MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

Default value: 1,000

You can also simply input the group name and then click "Add" to manually add it as a workaround.

Hope it helps.

View solution in original post

1 Reply 1

Tao Yang
Cisco Employee
Cisco Employee

Hello Alex,

By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 groups configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech

MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

Default value: 1,000

You can also simply input the group name and then click "Add" to manually add it as a workaround.

Hope it helps.