Nitu Bansal
Reputation: 3856
why active directory search result return 1000 records
my code is as below
using (DirectorySearcher mySearcher = new DirectorySearcher(entry))
{
mySearcher.PageSize = 1001
mySearcher.Filter = "(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!samaccountname=*.service)(!samaccountname=_*)(company=*)(mail=*)(telephoneNumber=*)(|(" + extAttribute + "=LIMITED)(" + extAttribute + "=ALL)))";
dtAdUsers = new DataTable("dtAdUsers");
DataColumn firstNameColumn = new DataColumn();
firstNameColumn.ColumnName = "firstName";
dtAdUsers.Columns.Add(firstNameColumn);
DataColumn lastNameColumn = new DataColumn();
lastNameColumn.ColumnName = "lastName";
dtAdUsers.Columns.Add(lastNameColumn);
DataColumn middleInitialColumn = new DataColumn();
middleInitialColumn.ColumnName = "middleInitial";
dtAdUsers.Columns.Add(middleInitialColumn);
DataColumn titleColumn = new DataColumn();
titleColumn.ColumnName = "title";
dtAdUsers.Columns.Add(titleColumn);
DataColumn companyNameColumn = new DataColumn();
companyNameColumn.ColumnName = "companyName";
dtAdUsers.Columns.Add(companyNameColumn);
DataColumn address1Column = new DataColumn();
address1Column.ColumnName = "address1";
dtAdUsers.Columns.Add(address1Column);
DataColumn cityColumn = new DataColumn();
cityColumn.ColumnName = "city";
dtAdUsers.Columns.Add(cityColumn);
DataColumn stateColumn = new DataColumn();
stateColumn.ColumnName = "state";
dtAdUsers.Columns.Add(stateColumn);
DataColumn zipcodeColumn = new DataColumn();
zipcodeColumn.ColumnName = "zipcode";
dtAdUsers.Columns.Add(zipcodeColumn);
DataColumn countryColumn = new DataColumn();
countryColumn.ColumnName = "country";
dtAdUsers.Columns.Add(countryColumn);
DataColumn emailColumn = new DataColumn();
emailColumn.ColumnName = "email";
dtAdUsers.Columns.Add(emailColumn);
DataColumn phoneNumberColumn = new DataColumn();
phoneNumberColumn.ColumnName = "phoneNumber";
dtAdUsers.Columns.Add(phoneNumberColumn);
DataColumn flex1RegionColumn = new DataColumn();
flex1RegionColumn.ColumnName = "flex1Region";
dtAdUsers.Columns.Add(flex1RegionColumn);
DataColumn flex2CompanyColumn = new DataColumn();
flex2CompanyColumn.ColumnName = "flex2Company";
dtAdUsers.Columns.Add(flex2CompanyColumn);
DataColumn flex3SubBrandColumn = new DataColumn();
flex3SubBrandColumn.ColumnName = "flex3SubBrand";
dtAdUsers.Columns.Add(flex3SubBrandColumn);
DataColumn extensionAttribute15Column = new DataColumn();
extensionAttribute15Column.ColumnName = "extensionAttribute15";
dtAdUsers.Columns.Add(extensionAttribute15Column);
DataColumn GUIDColumn = new DataColumn();
GUIDColumn.ColumnName = "ObjectGUID";
dtAdUsers.Columns.Add(GUIDColumn);
DataRow dr;
int count = 0;
using (SearchResultCollection results = mySearcher.FindAll())
{
foreach (SearchResult resEnt in results)
{
string Flex1Region = resEnt.GetDirectoryEntry().Properties["distinguishedName"].Value as string;
string[] Flex1Array = Flex1Region.Split(',');
Flex1Region = Flex1Array[3];
Flex1Region = Flex1Region.Split('=')[1];
count++;
dr = dtAdUsers.NewRow();
dr["firstName"] = resEnt.GetDirectoryEntry().Properties["givenName"].Value as string;
dr["lastName"] = resEnt.GetDirectoryEntry().Properties["sn"].Value as string;
dr["middleInitial"] = resEnt.GetDirectoryEntry().Properties["initials"].Value as string;
dr["title"] = resEnt.GetDirectoryEntry().Properties["title"].Value as string;
dr["companyName"] = resEnt.GetDirectoryEntry().Properties["company"].Value as string;
dr["address1"] = resEnt.GetDirectoryEntry().Properties["streetAddress"].Value as string;
dr["city"] = resEnt.GetDirectoryEntry().Properties["l"].Value as string;
dr["state"] = resEnt.GetDirectoryEntry().Properties["st"].Value as string;
dr["zipcode"] = resEnt.GetDirectoryEntry().Properties["postalCode"].Value as string;
dr["country"] = resEnt.GetDirectoryEntry().Properties["co"].Value as string;
dr["email"] = resEnt.GetDirectoryEntry().Properties["mail"].Value as string;
dr["phoneNumber"] = resEnt.GetDirectoryEntry().Properties["telephoneNumber"].Value as string;
dr["flex1Region"] = Flex1Region;
dr["flex2Company"] = resEnt.GetDirectoryEntry().Properties["company"].Value as string;
dr["flex3SubBrand"] = resEnt.GetDirectoryEntry().Properties["GroupMcompany"].Value as string;
dr["extensionAttribute15"] = resEnt.GetDirectoryEntry().Properties[extAttribute].Value as string;
dr["ObjectGUID"] = resEnt.GetDirectoryEntry().Guid.ToString();
dtAdUsers.Rows.Add(dr);
lblText.Text = "Ad Users " + count.ToString();
lblText.Refresh();
Application.DoEvents();
}
}
}
it is return only 1000 record. can somebody suggest what is the problem
Upvotes: 1
Views: 1824
Answers (2)
Laky
Reputation: 193
You can allow more results through LDAP query somewhere at the AD configuration, however there is a good reason to limit LDAP queries to max 1000 results (in large corporate domains you can really simply run DOS attack even without knowing…) The best approach (from infrastructure point of view) is to split your queries to thousands with range argument
See this code in PowerShell (getUsers.ps1 myADGroupName)
#get the group
$myGroup = [string]$args[0];
$myGroup = $myGroup.replace(" ",",");
$group = [adsi]("LDAP://$($myGroup)");
#set the inital from value
$from = 0
#escape trigger when the $ds.findall() errors
$all = $false
#array for the members of the group
$members = @()
while (! $all) {
#catch an error and set all to $true to escape
trap{$script:all = $True;continue}
#top end of the range so initally 0-999. a Range of 1000 is used to make sure it works on all versions of AD
$to = $from + 999
#Query the group object for members using "member;range=$from-$to" to just return the range of objects for this pass.
#This will generate an error with an invalid range
$DS = New-Object DirectoryServices.DirectorySearcher($Group,"(objectClass=*)","member;range=$from-$to",'Base')
#as the variable name for the group name is not member, but member;range=0-999 etc, the $_.PropertyNames -like 'member;*' catches all instances
$members += $ds.findall() | foreach {$_.properties | foreach {$_.item($_.PropertyNames -like 'member;*')}}
#set up the next search range
$from += 1000
}
#dislay the count
$currentExecuting = (Get-Item $MyInvocation.MyCommand.Path)
$group.sAMAccountName
$members | measure-object
#dislay the member list
$members > "$($currentExecuting.Directory)\$($group.sAMAccountName).txt"
Upvotes: 1
matcheek
Reputation: 5147
Because of the value PageSize property was set to
mySearcher.PageSize = 1001
and SizeLimit property used its default value(=1000).
Also, take a look at the SizeLimit property http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.sizelimit(v=vs.110).aspx
Upvotes: 4
Related Questions
- Why does my DirectorySearcher throw an ArgumentOutOfRangeException when I try to retrieve a property by name?
- How to get more than 20000 records from Active Directory
- Can I get more than 1000 records from a DirectorySearcher?
- LDAP search returns less objects than expected
- DirectorySearcher does not return all AD group members
- Issue with search result
- Active Directory DirectorySearcher is not returning all of the available properties
- Active Directory different results for DirectorySearcher and PrincipalSearcher
- Get 2000 of 6000 records from DirectorySearcher
- Active Directory Search getting Object reference not set