Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
966
Views
0
Helpful
1
Replies

IronPort Security Management Appliance - Directory Search Results Size

Go to solution
marotts77
Level 1
Level 1

‎08-07-2012 07:34 AM

I'm creating an access policy for a web security appliance that is applied to an authorized group within an idenity.  My question is in regards to the number of returned results when using the Directory search function to find and add the group.  Only the first 500 matching entries are shown and attempting to search for the group fails if it isn't part of that first 500.  How do I increase the amount of results returned when searching for groups?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tao Yang
Cisco Employee
Cisco Employee

‎08-07-2012 04:39 PM

Hello Alex,

By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 groups configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech

MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

Default value: 1,000

You can also simply input the group name and then click "Add" to manually add it as a workaround.

Hope it helps.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Tao Yang
Cisco Employee
Cisco Employee

‎08-07-2012 04:39 PM

Hello Alex,

By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 groups configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech

MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

Default value: 1,000

You can also simply input the group name and then click "Add" to manually add it as a workaround.

Hope it helps.

0 Helpful
Customers Also Viewed These Support Documents