| .NET Framework Groups | View |
| .NET Distributed_Apps |  |
| .NET | |
| .NET ADO.NET | |
| .NET ASP.NET | |
| .NET ASP.NET Security | |
| .NET ASP.NET Webcontrols | |
| .NET ASP.NET Web Services | |
| .NET Clr | |
| .NET Compact Framework | |
| .NET Drawing | |
| .NET Interop | |
| .NET Performance | |
| .NET Web Services | |
| .NET Windows Forms | |
| .NET Windows Forms Controls | |
| .NET General | |
| .NET Csharp | |
| .NET Visual Basic | |
| .NET Vc | |
| .NET Security | |
| .NET Xml | |
| Vsnet Debugging | |
| Xml | |
| Xsl | |
| Scripting Jscript | |
| Scripting Visual Basicscript | |
| Scripting Wsh | |
| Smartphone Developer | |
| Visual Basic Com | |
| Visual Basic Controls | |
| Visual Basic Crystal | |
| Visual Basic Database Ado | |
| Visual Basic Syntax | |
| Visual Basic Winapi | |
| Vc Atl | |
| Vc Debugger | |
| Vc Language | |
| Vc Mfc | |
| Vc Stl | |
| Visio Developer Visual Basica | |
| Windowsce Embedded Vc | |
| Windows Powershell | |
| Visual Basic Vista Compatibility | |
| Deployment Server | |
| .NET Micro Porting | |
|
| Group Summaries | View |
| .NET Framework | |
| Access | |
| BizTalk | |
| Certifications | |
| CRM | |
| DDK | |
| Exchange Server | |
| FoxPro | |
| French | |
| French .NET | |
| Games | |
| German | |
| German .NET | |
| Graphic Design | |
| IIS | |
| Internet | |
| ISA Server | |
| Italian | |
| Italian .NET | |
| Maps | |
| MCIS | |
| Miscellaneous | |
| Mobile Apps | |
| Money | |
| MSN | |
| Networking | |
| Office | |
| Ops Mgr | |
| Publisher | |
| Security | |
| SharePoint | |
| Small Business | |
| Spanish | |
| Spanish .NET | |
| SQL Server | |
| Systems Management Server | |
| Transaction Server | |
| Virtual PC / Virtual Server | |
| Visual Studio | |
| Win32 | |
| Windows 2000 | |
| Windows 2003 Server | |
| Windows 7 | |
| Windows Live | |
| Windows Media | |
| Windows Update | |
| Windows Vista | |
| Windows XP | |
| |
|
|
|
| View All Microsoft Windows Powershell Posts Ask A New Question |
|
Search.All in AD (LDAP) found exactly 1000 - is this a built in limit? |
Bruce Sanderson posted on Friday, August 29, 2008 5:08 PM
|
I ran a script to list all computers in an Active Directory OU (or a child
OU) with their last password changed date. This seems to work OK, but I got
exactly 1000 computer accounts listed. I'm, pretty sure there are more than
1000 computer accounts, becuase some computer accounts are in OUs that don't
appear in the list.
Is there a built-in limit to how many items will be returned by an LDAP
query or that can be put into a Power Shell variable and if so, can this be
changed or is there some way to get the rest of the computer accouts?
Here's the script I'm using (I've changed the OU names):
$root=[ADSI]"LDAP://OU=Workstation
Computers,OU=Base,OU=mine,OU=ours,DC=domain,DC=local"
$search=[System.DirectoryServices.DirectorySearcher]$root
$Search.Filter="(&(objectcategory=computer))"
$result=$search.FindAll()
.\computers.txt
foreach ($Computer in $result)
{
$parts = $Computer.properties.distinguishedname -split ","
Foreach ($namepart in $parts)
{
$TypeName = $namepart -split "="
switch ($TypeName[0])
{
{
$OU = ""}
If (($TypeName[1] -eq "Base") -or ($TypeName[1] -eq
{Continue}
Else
{$OU=$TypeName[1], $OU -join "\"
}
}
}
$ComputerName = $Computer.properties.cn | out-string -stream
$pwdlastset =
[datetime]::FromFileTime($Computer.properties.item('pwdlastset')[0])
If ($pwdlastset -eq "31-Dec-1600 4:00:00 PM")
{$pwdlastset ="Never"}
$LastLogon =
[datetime]::FromFileTime($Computer.properties.item('lastLogonTimestamp')[0])
If ($LastLogon -eq "31-Dec-1600 4:00:00 PM")
{$LastLogon ="Never"}
}
-join ($ComputerName, "`t", $OU, "`t", $pwdlastset, "`t", $LastLogon) >>
.\computers.txt
}
--
Bruce Sanderson
http://members.shaw.ca/bsanders/
It's perfectly useless to know the right answer to the wrong question. |
 |
|
| |
|
|
Search.All in AD (LDAP) found exactly 1000 - is this a built in limit? |
alexandair posted on Sunday, August 31, 2008 10:37 PM
|
On Aug 29, 11:08=A0pm, "Bruce Sanderson" <bsand...@newsgroups.nospam>
d
I got
than
n't
be
Name)
1] -eq
$OU)
ream
0]=AD)
gon) >>
You need $Search.PageSize =3D 1000
By default, the search returns a maximum of 1000 results to prevent
load on the domain controller executing the search. By setting
PageSize to anything, you in effect disable the limitation altogether.
You may ask why would you set PageSize to 1000, and here is the answer
taken from Tobias Weltner's Mastering PowerShell in your Lunch Break
(Day 6: ADSI Connecting to Domains/Computers and Binding to Objects)
(http://powershelllive.com/blogs/lunch/archive/2007/04/04/day-6-adsi-
connecting-to-domains-computers-and-binding-to-objects.aspx):
results in one chunk. If it gets larger than 1000 objects, the
internal limitation kicks in and cancels the search. You get
incomplete results.
If you do set a PageSize, then you get back the results in separate
chunks, each with the size defined in PageSize. So, as long as your
PageSize is smaller than or equal to 1000, the chunks will not trigger
the limitation, and you get all results. You can try and set PageSize
=3D 1. You still get all results. The results now come in chunks of
exactly one entry which slows down the search. The best way therefore
is to set PageSize to the maximum allowed size of 1000. This limit is
set in your AD schema and may have been changed to another value."
-aleksandar
http://powershellers.blogspot.com |
| |
|
Thank you very much, both for the solution and the explanation! |
Bruce Sanderson posted on Tuesday, September 02, 2008 2:03 PM
|
Thank you very much, both for the solution and the explanation!
That fixed the problem - I now get all 2,331 computer accounts.
--
Bruce Sanderson
http://members.shaw.ca/bsanders/
It's perfectly useless to know the right answer to the wrong question.
On Aug 29, 11:08 pm, "Bruce Sanderson" <bsand...@newsgroups.nospam>
You need $Search.PageSize = 1000
By default, the search returns a maximum of 1000 results to prevent
load on the domain controller executing the search. By setting
PageSize to anything, you in effect disable the limitation altogether.
You may ask why would you set PageSize to 1000, and here is the answer
taken from Tobias Weltner's Mastering PowerShell in your Lunch Break
(Day 6: ADSI Connecting to Domains/Computers and Binding to Objects)
(http://powershelllive.com/blogs/lunch/archive/2007/04/04/day-6-adsi-
connecting-to-domains-computers-and-binding-to-objects.aspx):
results in one chunk. If it gets larger than 1000 objects, the
internal limitation kicks in and cancels the search. You get
incomplete results.
If you do set a PageSize, then you get back the results in separate
chunks, each with the size defined in PageSize. So, as long as your
PageSize is smaller than or equal to 1000, the chunks will not trigger
the limitation, and you get all results. You can try and set PageSize
= 1. You still get all results. The results now come in chunks of
exactly one entry which slows down the search. The best way therefore
is to set PageSize to the maximum allowed size of 1000. This limit is
set in your AD schema and may have been changed to another value."
-aleksandar
http://powershellers.blogspot.com |
| |
|
|
|
|
| Previous Microsoft Windows Powershell conversation. |
|
|