Schema Question - msDS-AllUsersTrustQuota

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

In my 2003 AD, the msDS-AllUsersTrustQuota variable is set to 1000.

I keep doing queries for an audit using ADSI in a VBS, but all my search
returns are capped at 1000 results... I'm assuming this variable has
something to do with it? How can I change this?
 
Nevermind, I found it!

I used LDP.EXE to change the lDAPAdminlimits/MaxPageSize attribute in
CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=domain,DC=com for my AD Schema..
 
That is a horrible solution.

What happens as you need more and more objects, keep increasing it until the DC
blows up because it can't maintain the entire page in memory?

What you need to use is paged searches, it is extremely simple to implement via
the pagesize option.

joe
 
Tried that... even with pagesize set, all searches stop at 1000... I must be
doing something wrong, I can never get paging to work with my returned
recordsets... which is even more horrible when you have auditors and you
hand them an incomplete query! That's why I had to do it. We only have
approx. 1300 users here. Missing 300 does not go unnoticed.


Can you post known working code that utilizes pagesize assuming I want EVERY
user account for the BaseDN of DC=tcorp,DC=com?


Here's one original blurb of code that I can't seem to modify to return
pages:

Dim objConn, objRecordSet
Dim strDomain, strQuery

Set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOOBJECT"
objConn.Open "ADs Provider"
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strFilter =
"(&(objectClass=person)(objectClass=user)(objectCategory=Person))"
strQuery = "<LDAP://tcorp.com/" & strDNSDomain & ">;" & strFilter &
";cn,userAccountControl,sn,givenName,name,sAMAccountName;subtree"
Set objRecordSet = objConn.Execute(strQuery)
objRecordset.MoveFirst

While Not objRecordSet.EOF
<...>
Wend




Here's another blurb that utilizes pagesize (from KB 269361) that doesn't
work either:


const adUseClient=3
const adOpenStatic = 3
const adLockOptimistic = 3
const adLockReadOnly = 1
const adCmdText = 1
const adFilterFetchedRecords = 3

Dim cn, cmd, rs, lcConn, i, j

set cn = CreateObject("ADODB.Connection")
set cmd = CreateObject("ADODB.Command")
set rs = CreateObject("ADODB.RecordSet")

lcConn = "Provider=ADsDSOObject"
With cn
.Open lcConn
End With


With rs

Set .ActiveConnection = cn
.CursorLocation = adUseClient
.CursorType = adOpenStatic
.LockType = adLockOptimistic
.PageSize = 2000 '<--- this is the value to change for how many records
to return.
.CacheSize = .PageSize
.Open
LDAP://dcsvr001.tcorp.com:389;(objectClass=organizationalPerson);cn,adspath;
subtree, , adOpenStatic, adLockReadOnly, adCmdText
.AbsolutePage = 1
.Filter = adFilterFetchedRecords
End With

For i = 0 To rs.RecordCount - 1
For j = 0 To rs.Fields.Count - 1
WScript.Echo rs.Fields(j).Value 'not the real code obviously
Next
WScript.Echo
rs.MoveNext
Next






Can you fix the code or point out working code? Thanks!
 
Page size has to be set to 1000 or less, it controls how many rows are returned
for each page. ADO hides the backend so you will never know it is paging.

I would recommend picking up a book called Active Directory Cookbook which has
sample scripts for much of this. Here is an example


' This code enables paged searching
' ------ SCRIPT CONFIGURATION ------
strBase = "<LDAP://<BaseDN>>;"
strFilter = "<Filter>;"
strAttrs = "<AttrList>;"
strScope = "<Scope>"
' ------ END CONFIGURATION ---------

set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
set objComm = CreateObject("ADODB.Command")
objComm.ActiveConnection = objConn
objComm.Properties("Page Size") = 10
objComm.CommandText = strBase & strFilter & strAttrs & strScope
set objRS = objComm.Execute
objRS.MoveFirst
while Not objRS.EOF
Wscript.Echo objRS.Fields(0).Value
objRS.MoveNext
wend





joe
 
Back
Top