September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
4.23. Modifying the Default LDAP Query Policy
Problem
You want to view or modify the default LDAP query policy of a forest. The query policy contains settings that restrict search behavior, such as the maximum number of entries that can be returned from a search.
Solution
Using a graphical user interface
Open ADSI Edit.
In the Configuration partition, browse to Services → Windows NT → Directory Service → Query Policies.
In the left pane, click on the Query Policies container, then right-click on the Default Query Policy object in the right pane, and select Properties.
Double-click on the
lDAPAdminLimitsattribute.Click on the attribute you want to modify and click Remove.
Modify the value in the Value to add box and click Add.
Click OK twice.
Using a command-line interface
To view the current settings, use the following command:
> ntdsutil "ldap pol" conn "con to server <DomainControllerName>" q "show values"To change the MaxPageSize value to 2000, you can
do the following:
> ntdsutil "ldap pol" conn "con to server <DomainControllerName>" q
ldap policy: set MaxPageSize to 2000
ldap policy: Commit ChangesUsing VBScript
' This code modifies a setting of the default query policy for a forest ' ------ SCRIPT CONFIGURATION ------ pol_attr = "MaxPageSize" ' Set to the name of the setting you want to modify new_value = 1000 ' Set to the value of the setting you want modify ' ------ END CONFIGURATION --------- Const ADS_PROPERTY_APPEND = 3 Const ADS_PROPERTY_DELETE = 4 set rootDSE = GetObject("LDAP://RootDSE") ...