{"id":7001,"date":"2020-09-08T10:10:54","date_gmt":"2020-09-08T15:10:54","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=7001"},"modified":"2020-09-08T10:10:54","modified_gmt":"2020-09-08T15:10:54","slug":"dynamically-determining-ad-page-size","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=7001","title":{"rendered":"Dynamically determining AD Page Size"},"content":{"rendered":"<p>Question &#8212; is it possible to dynamically determine the maximum page size when communicating with AD via LDAP? Since the page size (1) changed between versions and (2) can be user-customized &#8230; a guess is sub-optimal.<\/p>\n<p>Answer &#8212; yes. If only the default query policy is used, search at<br \/>\nCN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,*domain naming context* (e.g.<br \/>\nCN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=example,DC=com) with a filter like &#8220;(&amp;(cn=*))&#8221;<\/p>\n<p>Return the ldapAdminLimits attribute. Parse MaxPageSize out of the attribute:<\/p>\n<p>lDAPAdminLimits (13): MaxValRange=1500; MaxReceiveBuffer=10485760; MaxDatagramRecv=4096; MaxPoolThreads=4; MaxResultSetSize=262144; MaxTempTableSize=10000; MaxQueryDuration=120; **MaxPageSize=1000**; MaxNotificationPerConn=5; MaxActiveQueries=20; MaxConnIdleTime=900; InitRecvTimeout=120; MaxConnections=5000;<\/p>\n<p>To find all of the query policies, search at CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,*domain naming context* for (&amp;(objectClass=queryPolicy)) &#8230; either research a lot about query policies and figure out how to determine which applies to your connection or take the lowest value and know you&#8217;re safe.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Question &#8212; is it possible to dynamically determine the maximum page size when communicating with AD via LDAP? Since the page size (1) changed between versions and (2) can be user-customized &#8230; a guess is sub-optimal. Answer &#8212; yes. If only the default query policy is used, search at CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,*domain naming &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[68,303,1119,1120,1121,1118],"class_list":["post-7001","post","type-post","status-publish","format-standard","hentry","category-coding","tag-active-directory","tag-ldap","tag-max-entries","tag-page-size","tag-paging","tag-query-limit"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/7001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7001"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/7001\/revisions"}],"predecessor-version":[{"id":7002,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/7001\/revisions\/7002"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}