Zum Inhalt

Schlagwort: ad

PHP LDAP Pagination (Solution for PHP5.4+)

Because Active Directory restricts returning all results fetched by LDAP Query, I found a solution to get around this problem, without changing anything in Active Directory.

The root cause for this problem is: AD has a pagesize limit for returning elements through LDAP (default is 1000). As every good Admin / Dev knows, systemwide hardlimits should not be changed by a client system, which sends requests, because this could end up in hugh desaster. Why? Because everyone would set these limits as high as he can to prevent his software from crashing itself (better burn server cpu)

That means, we can’t set any pagelimit in PHP above the pagelimit from the server. What we need to do is to iterate through all results, check if there are more pages left and start another request until we fetched everything.

There are two functions we need to focus on. ldap_control_paged_result and ldap_control_paged_result_response

The first function enables the pagination for the current connection. The second function retrieves the information if more paged data is available (more than 1000 results). After we put everything together, we have something like that:

Weiterlesen PHP LDAP Pagination (Solution for PHP5.4+)

Powershell – Script automation with jobs (AD Quota)

After working a while with Powershell and doing some time expensive jobs like getting the quota of all Microsoft servers I came to the point when i was looking for some parallelisation in Powershell. My problem was the quota script, that executes the following command for each file server:

Actually we have a couple of servers and need to get the quota from all servers to calculate the file system usage and built a daily statistic. The first script collected the data from each server. Since this is a boring job, because reading a file stream and writing it to a local file is really boring, even for a computer. I wanted to accelerate this step. So i got in touch with Powershell and jobs. Jobs are (dont kill me) distantly related with multithreading in .NET. Indeed, multithreading in .NET has many more advantages and features than in powershell, but as a beginner (some years ago 🙂 ) in development i didn’t do anything more than just starting threads and wait until they are finished (Yep, invokation was a foreign concept to me). So this relation is not so far out. Anyway, jobs do a great job if you…

Weiterlesen Powershell – Script automation with jobs (AD Quota)

Active Directory – Supersonic and the directory searcher

Whats the difference between supersonic and the directory searcher? Nothing, because if you get over ~1000 you crash into a wall. 🙂 Last week we had to deal with the limitations on the directory searcher. We performed a user search on an organizational unit (subtree) with more than 1000 users beneath. We where astonished that our userobject only contained 1000 items every time we did the search. I wrote a little test script in powershell to reproduce this behaviour and to see if this limitation is a C# problem or not. So I wrote this script:

As expected, powershell returned only 1000 objects. Then we tried to find out why and looked at the $objSearcher property list.

As you can see, there are two interesting properties: sizelimit and pagesize. So I played around with these two properties and found some explanations for them. Sizelimit is the limit for the maximum returned results, but you can’t set this property above 1000. So I looked at the second property, pagesize. This property sets the maximum result items per returned page. So all you have to do is, set sizelimit to 0 and set pagesize to 1000 and you will get…

Weiterlesen Active Directory – Supersonic and the directory searcher