Search code examples
active-directoryldap

Is there a universal way to get LDAP Policy MaxPageSize value during LDAP session with AD?


I'm using LDAP to get users from Active Directory domain controller, and I want to resolve MaxPageSize allowed to use it later.

There is a difficult AD-specific mechanism to get actual MaxPageSize policy value for specific domain controller.

Is there is any mechanism to get MaxPageSize policy for current established LDAP connection, except guessing? I expect to get some kind of virtual object like RootDSE from DC or something.


Solution

  • There is no need to know current value of MaxPageSize for DC when using paged requests.

    Passing PageResultRequestControl (1.2.840.113556.1.4.319) with value greater than DC's MaxPageSize value makes DC answer with pages of MaxPageSize records per page without any errors.

    For Active Directory LDAP on Windows Server 2008 and newer, hardcoded limit is 20000, so I can pass 20000 in request and I will get responses of maximum MaxPageSize entries in response.