18 Nov 2013

Getting around Active Directory search size limit via ldapsearch

Written by fabio

If you ask for a large set of results to an Active Directory (AD) you will get a "size limit exceeded" error message: searches of Active Directory performed without paging are limited to returning a maximum of the first 1000 records.

A way to get around this search size limit is getting "pages" of results, via ldapsearch as well.


Ldapsearch provides '-E' option that allows to perform paged searches.

We can ask for all items of a large result set simply by providing the right paging policy.

For example, we can use -E and provide a value of pr=1000/noprompt in order to return all pages, with 1000 result items per page, without further user interaction (noprompt).

              ldapsearch -E pr=1000/noprompt -x
              -h adhost.domain.com
              -p 389
              -D  cn=administrator,cn=users,dc=domain,dc=com
              -w password
              -s sub -b  "OU=Users,DC=domain,DC=com"
              "(objectClass=user)" dn

« Return