Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

IronPort Security Management Appliance - Directory Search Results Size

I'm creating an access policy for a web security appliance that is applied to an authorized group within an idenity.  My question is in regards to the number of returned results when using the Directory search function to find and add the group.  Only the first 500 matching entries are shown and attempting to search for the group fails if it isn't part of that first 500.  How do I increase the amount of results returned when searching for groups?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IronPort Security Management Appliance - Directory Search Re

Hello Alex,

By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 groups configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech

MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

Default value: 1,000

You can also simply input the group name and then click "Add" to manually add it as a workaround.

Hope it helps.

1 REPLY
Cisco Employee

Re: IronPort Security Management Appliance - Directory Search Re

Hello Alex,

By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 groups configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech

MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

Default value: 1,000

You can also simply input the group name and then click "Add" to manually add it as a workaround.

Hope it helps.

412
Views
0
Helpful
1
Replies
CreatePlease to create content