Problem:
Doing a standard ldapsearch for users against an Active Directory domain will by default return a "Size limit exceeded" error assuming your AD search result limit was left at the default setting and your search query has more than 1000 results to be returned.
ldapsearch -LLL -H YourActiveDirectoryHostName:3268 -b 'CN=Users,DC=YourActiveDirectoryDomainName,DC=TLD' -D ADUsername@yourDomainName - w ADUserPWD objectclass=user -E pr=2147483647/noprompt
The Solution:
Found this from the source link below. I've only modified the port name to query AD's Global Catalog port 3268 instead of 389 and the base for search to be my AD Users' OU in the -b parameter (CN=Users, DC=etc...)
Source: http://www.commandlinefu.com/commands/view/2779/bypass-1000-entry-limit-of-active-directory-with-ldapsearch
See some useful ldapsearch examples here: http://goo.gl/3LuVy
Also, click here for ldapseach operators
No comments:
Post a Comment