LDAP Limits – Are now hardcoded in Active Directory.

On ActiveDir.org a couple of weeks ago, there was a discussion around the fact that Microsoft now have hardcoded LDAP limits for Active Directory. This may not directly affect you in a Windows 2003 forest – but if you have changed your LDAP Policies to make a poorly written application work in Windows Server 2003 then in Windows Server 2008 and 2008 R2 rather than modify Active Directory – you may have to modify the application – which might not be that simple.

Further information:

Hardcoded LDAP limitations have been introduced in Windows Server 2008 R2 and Windows Server 2008 to prevent overloading the domain controller. These limits overwrite the LDAP policy setting when the policy value should be higher.

LDAP setting hardcoded) Maximum value (hardcoded)
MaxReceiveBuffer       20971520
MaxPageSize                20000
MaxQueryDuration    1200
MaxTempTableSize    100000
MaxValRange             5000


Full KB Article:

Windows Server 2008 R2 or Windows Server 2008 domain controller returns only 5000 attributes in a LDAP response

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.