0

I am using the Novell.Directory.Ldap library from .net core to search Active Directories. By and large, this library works really well and I've used it on many directories successfully.

However, I have come across a problem with the search limit being limited to 1,000 records - I have come across an AD that has more like 10,000 entries.

I know that I can set the limits to increase the soft limit in the Novell library, and that will then use the DC's search limits, which from what I can see are 5,000 by default.

If I were using the full framework, I could use System.DirectoryServices which has a paged search option, which would allow me to search using a smaller page size, but eventually get all results.

Is there any way to do an equivalent paged search operation in the Novell.Directory.Ldap library?

T-Heron
  • 5,385
  • 7
  • 26
  • 52
Richard Comish
  • 197
  • 2
  • 20
  • Just because the DIT has 10,000 entries isn't a reason why you need > 1000 search results. If you're using that many you're really doing something wrong. But I would be astonished if the Novell code didn't support the paged search results control. They were first into this field by several years. – user207421 Sep 08 '17 at 22:24
  • @EJP I'm doing an audit, I need all of them - just not in one batch. The Novell code has support for something that seems to be labelled Vertical Window Lists (although I think it's a typo and should be Virtual Window Lists) - that may be the key. I will take a look this morning. – Richard Comish Sep 09 '17 at 04:51
  • You can do an audit without exceeding the search results limit. You can recursively list the contents of any subtree. – user207421 Sep 09 '17 at 10:07
  • The problem is that this is not a well organized AD. it's a single OU that contains about 3,000 computer objects that's causing the problem. I think the paged version below will do what I want and if that doesn't then I'll do sub searches based on machine name. Thanks for your suggestions, they're very helpful. – Richard Comish Sep 09 '17 at 10:41

1 Answers1

2

The Simple Paged Results Control can be set with a window used to retrieve all entries from Microsoft Active Directory.

Active Directory servers have a default server-side limit of 1000 entries as the maximum number of results that are returned in a single request. If the results of a query exceed this limit, the Paged Results control is used with a page size equal to or less than the server-side limit in order to retrieve all of the results of the query.

So you should be able to make this happen as long as the page size is less than 1000.

Not sure about the implementation but I did find a sample in Github.

jwilleke
  • 10,467
  • 1
  • 30
  • 51
  • Thank you very much - that worked really well. To anyone who wants to do this in the future with this library, note that the version on Nuget (Novell.Directory.LDAP.netstandard will not work with these additional controls since it appears that that version creates a new connection for every search, which results in the AD server giving an exception) - instead clone the repo from the GitHub link (remembering to take the coreclr branch) and use that. – Richard Comish Sep 09 '17 at 21:54
  • 1
    The link does not work anymore - this leads to the main repo - https://github.com/VQComms/CsharpLDAP/ – A Petrov Feb 11 '21 at 15:20