Your search is returning only 1,000 objects and you want it to return all matching objects.
You might notice that searches with large numbers of matches stop displaying after 1000. Domain controllers return only a maximum of 1,000 entries from a search unless paging is enabled. This is done to prevent queries from consuming a lot of resources on domain controllers by retrieving the results all at once instead of in "pages" or batches. The following examples are variations of Recipe 4.5, which will show how to enable paging and return all matching entries.
Perform the same steps as in Recipe 4.5, but before clicking OK to start the search, click the Options button.
For Timeout (s), enter a value such as 10.
For Page size, enter the number of objects to be returned with each pagee.g., 1,000.
Under Search Call Type, select Paged.
A page of results (i.e., 1,000 entries) will be displayed each time you click on Run until all results have been returned.
> dsquery * <BaseDN> -limit 0 -scope <Scope> -filter "<Filter>" -attr "<AttrList>"
' This code enables paged searching ' ------ SCRIPT CONFIGURATION ------ strBase = "<LDAP://<BaseDN>>;" strFilter = "<Filter>;" strAttrs = "<AttrList>;" strScope = "<Scope>" ' ------ END CONFIGURATION --------- set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objComm = CreateObject("ADODB.Command") objComm.ActiveConnection = objConn objComm.Properties("Page Size") = 1000 objComm.CommandText = strBase & strFilter & strAttrs & strScope set objRS = objComm.Execute objRS.MoveFirst while Not objRS.EOF Wscript.Echo objRS.Fields(0).Value objRS.MoveNext wend
Paged searching support is implemented via an LDAP control. LDAP controls were defined in RFC 2251 and the Paged control in RFC 2696. Controls are extensions to LDAP that were not built into the protocol, so not all directory vendors support the same ones.
If you need searches to return hundreds of thousands of entries, Active Directory will return a maximum of only 262,144 entries even when paged searching is enabled. This value is defined in the LDAP query policy and can be modified like the maximum page size (see Recipe 4.23).
A word of caution when using LDP to display a large number of entriesby default, only 2,048 lines will be displayed in the right pane. To change that value, go to Options General and change the Line Value under Buffer Size to a larger number.
The only difference between this solution and Recipe 4.5 is the addition of the -limit 0 flag. With -limit set to 0, paging will be enabled and all matching objects will be returned. If -limit is not specified, a maximum of 100 entries.
To enable paged searching in ADO, you must instantiate an ADO Command object. A Command object allows for various properties of a query to be set, including size limit, time limit, and page size, to name a few. See MSDN for the complete list.
Recipe 4.5 for searching for objects, Recipe 4.23 for viewing the default LDAP policy, RFC 2251 (Lightweight Directory Access Protocol (v3)), RFC 2696 (LDAP Control Extension for Simple Paged Results Manipulation), and MSDN: Searching with ActiveX Data Objects (ADO)