SQL ADSI Query limitation

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 7,2000 » In The Enterprise » SQL ADSI Query limitation

SQL ADSI Query limitation

Rate Topic

Display Mode

Topic Options

Author

Message

Jan-155192

Posted Monday, October 24, 2005 8:14 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, July 06, 2007 3:11 AM
Points: 145, Visits: 1

Hi,

I am trying to query a list of 2500 users out of the AD in SQL Server with the following query:

SELECT employeeId, SAMAccountName, Mail
FROM OPENQUERY( ADSI, 'SELECT Mail, SAMAccountName, employeeID FROM 'LDAP://dc=central,dc=mydomain,dc=int''WHERE objectCategory = ''Person''' )

However the result set seems to be limited to 1000 records. I have read that the "Page Size" parameter for AD should be given, but I don't know the exact SQL syntax.

... 'LDAP://dc=central,dc=mydomain,dc=int''WHERE objectCategory = ''Person'';''Page Size''=50' ) doesn't work. Neither does the range parameter.

Somebody suggested that I should partition the query, asking first for all userids starting with A, then B,... but I don't like that suggestion too much and even if I would use it, the Like 'A%' doesn't work.

Does somebody have any experience with this?

Many thanks,

Jan

Post #231658

vinny_1973

Posted Monday, October 24, 2005 10:35 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, February 22, 2013 7:40 AM
Points: 176, Visits: 55

Have a search on the site, as someone else asked the same question a week or so ago. Basically though, my understanding from the answers to that article was that the limit of 1000 records is set (hardcoded!) in AD and there is nothing you can do to change it ... therefore, paging your results was the only way to accomplish what you want!

Post #231739

Don Staten

Posted Monday, October 24, 2005 12:39 PM

Valued Member

Group: General Forum Members
Last Login: Monday, August 27, 2012 11:42 AM
Points: 65, Visits: 50

Vinny is right. ADSI is limited to returning the first 1000 records without paging. Here's a Microsoft article for reference:

http://msdn.microsoft.com/library/en-us/adsi/adsi/paging_with_idirectorysearch.asp?frame=true

Quote from article:

"Searches of the Active Directory performed without paging are limited to returning a maximum of the first 1000 records, so you must use a paged search if there is the possibility that the result set will contain more than 1000 items."

Post #231786

Jan-155192

Posted Tuesday, October 25, 2005 1:47 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, July 06, 2007 3:11 AM
Points: 145, Visits: 1

Vinny & Newbie,

Thanks, but I knew this. My question is: how can we do this paging from the OPENQUERY function?

In a vb script (or for that matter any language that uses ADO), we can write something like that:

objCommand.CommandText = _
"<LDAP://dc=Central,dc=mydomain,dc=int>;(objectCategory=user)" & _
";distinguishedName,Name,sAMAccountName,primaryGroupID,memberOf,canonicalName,Mail,telephoneNumber;subtree"
objCommand.Properties("Page Size") = 50

This tells AD to send batches with 50 records at one time. But where can I put this parameter in the SQL syntax? The following doesn't work:

SELECT employeeId, SAMAccountName, Mail
FROM OPENQUERY( ADSI, 'SELECT Mail, SAMAccountName, employeeID FROM 'LDAP://dc=central,dc=mydomain,dc=int''WHERE objectCategory = ''Person'';''Page Size''=50' )

I can partition (not page!) the query like this:

... FROM OPENQUERY( ADSI, 'SELECT Mail, SAMAccountName, employeeID FROM ''LDAP://dc=central,dc=mydomain,dc=int''WHERE objectCategory = ''Person'' AND SAMAccountName = ''A*''' )

and ask for A,B,C, ... , Z. But I prefer the paging attribute, and would like to know how to submit it.

Many thanks,

Jan

Post #231915

Jan-155192

Posted Tuesday, October 25, 2005 4:19 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, July 06, 2007 3:11 AM
Points: 145, Visits: 1

By the way, I ended up with the following code. Thanks for helping.

Jan

CREATE TABLE #tmpADUsers
( employeeId varchar(10) NULL,
SAMAccountName varchar(255) NOT NULL,
email varchar(255) NULL)
GO

/* AD is limited to send 1000 records in one batch. In an ADO interface you can define this batch size, not in OPENQUERY.
Because of this limitation, we just loop through the alphabet.
*/

DECLARE @cmdstr varchar(255)
DECLARE @nAsciiValue smallint
DECLARE @sChar char(1)

SELECT @nAsciiValue = 65

WHILE @nAsciiValue < 91
BEGIN

SELECT @sChar= CHAR(@nAsciiValue)

  EXEC master..xp_sprintf @cmdstr OUTPUT, 'SELECT employeeId, SAMAccountName, Mail FROM OPENQUERY( ADSI, ''SELECT Mail, SAMAccountName, employeeID FROM ''''LDAP://dc=central,dc=mydomain,dc=int''''WHERE objectCategory = ''''Person'''' AND SAMAccountName = ''''%s*'''''' )', @sChar

  INSERT #tmpADUsers
  EXEC( @cmdstr )

  SELECT @nAsciiValue = @nAsciiValue + 1
END

DROP TABLE #tmpADUsers

Post #231935

Don Staten

Posted Tuesday, October 25, 2005 6:08 AM

Valued Member

Group: General Forum Members
Last Login: Monday, August 27, 2012 11:42 AM
Points: 65, Visits: 50

Jan - I misunderstood your original question. Kudos on the work-around and thank you for posting it on the forum.

I did, however,find a Microsoft article (Article 299410) that specifically addresses the paging issue within a distributed query. You must use other means to retrieve more than 1000 objects from ADSI. Quote:

"While paging is available through ADSI's OLEDB provider, there is currently no way available to perform it from a SQL distributed query. This means that the total number of objects that can be returned for a query is the server limit. In the Windows 2000 Active Directory, the default server limit is 1,000 objects."

http://support.microsoft.com/default.aspx?scid=kb;en-us;299410

Don

Post #231954

jonathan.stokes

Posted Thursday, December 10, 2009 2:32 AM

Grasshopper

Group: General Forum Members
Last Login: Thursday, April 29, 2010 2:38 AM
Points: 12, Visits: 77

SSC-Enthusiastic

You are the best. I have been trying to come up with something to overcome the 1000 limit on and off for the last few weeks.

Brilliant solution and thanks to you.

Post #832065

YSLGuru

Posted Thursday, May 19, 2011 1:29 PM

SSC Eights!

Group: General Forum Members
Last Login: Tuesday, May 14, 2013 12:38 PM
Points: 846, Visits: 1,451

Jan-155192 (10/25/2005)

By the way, I ended up with the following code. Thanks for helping.

Jan

CREATE TABLE #tmpADUsers
( employeeIdvarchar(10) NULL,
SAMAccountNamevarchar(255) NOT NULL,
emailvarchar(255) NULL)
GO

/* AD is limited to send 1000 records in one batch. In an ADO interface you can define this batch size, not in OPENQUERY.
Because of this limitation, we just loop through the alphabet.
*/

DECLARE @cmdstr varchar(255)
DECLARE @nAsciiValue smallint
DECLARE @sChar char(1)

SELECT @nAsciiValue = 65

WHILE @nAsciiValue < 91
BEGIN

SELECT @sChar= CHAR(@nAsciiValue)

EXEC master..xp_sprintf @cmdstr OUTPUT, 'SELECT employeeId, SAMAccountName, Mail FROM OPENQUERY( ADSI, ''SELECT Mail, SAMAccountName, employeeID FROM ''''LDAP://dc=central,dc=mydomain,dc=int''''WHERE objectCategory = ''''Person'''' AND SAMAccountName = ''''%s*'''''' )', @sChar

INSERT #tmpADUsers
EXEC( @cmdstr )

SELECT @nAsciiValue = @nAsciiValue + 1
END

DROP TABLE #tmpADUsers

I know this reply is over a year later but I came across your post while searching on the ADSI Linked server provider. I can get your sample to work but I hit a brick wall when I try to get too many columns of data and I can't see where you change this if at all. I'm trying to access 5 more items in addition to the 3 in your code and I can access all of them if I select only part of the 8 fields at once. For example of the 8 I'm trying to get:

employeeID, SAMAccountName, Mail, DisplayName, sn, givenName, department & userAccountControl

I can get any 5-6 but if I try for 6 to 8, depending on the combination I get an error.

Thoughts?

Kindest Regards,

A Democracy works great until the day you find yourself on the sheep side of a vote between 5 wolves and 4 sheep on what’s for dinner when neither have eaten in many days. A free Republic where the rights of the few and the individual are protected is the only one in which Freedom and Prosperity for all have a chance to blossom.

Post #1111983

Brian ODwyer

Posted Thursday, February 09, 2012 12:36 PM

Forum Newbie

Group: General Forum Members
Last Login: Friday, February 15, 2013 9:53 AM
Points: 2, Visits: 17

I found that to be true as well, think it is something to do with the string length, used * to just pull all the columns and save on the string length instead of directly naming then in the select. Tried increasing the string length from 255 to 512 and it did not work. Will research it.

Post #1249897

Brian ODwyer

Posted Thursday, February 09, 2012 2:54 PM

Forum Newbie

Group: General Forum Members
Last Login: Friday, February 15, 2013 9:53 AM
Points: 2, Visits: 17

Definite 255 char limit. See http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=65584

I used the function to get around and loop through

declare @Apptemp3 table (BSamName varchar(255),
BDisplayName varchar(255),
BPhone varchar(100),
BEMail varchar(255),
BFirstName varchar(100),
BLastName varchar(100))

DECLARE @sChar char(1)
declare @body varchar(8000)
DECLARE @nAsciiValue smallint

SELECT @nAsciiValue = 65

WHILE @nAsciiValue < 91
BEGIN

SELECT @sChar= CHAR(@nAsciiValue)

SET @body = (select dbo.fnSprintf('SELECT sAMAccountName, displayName, mail, telephoneNumber, sn, givenName FROM OPENQUERY( ADSI, ''SELECT displayName, sAMAccountName, mail, telephoneNumber, sn, givenName FROM ''''LDAP://dc=cchcs,dc=ldap''''WHERE objectCategory = ''''Person'''' AND SAMAccountName = ''''%s*'''''' )', @SChar +'*', default))

INSERT @Apptemp3
EXEC( @body)

SELECT @nAsciiValue = @nAsciiValue + 1
END

Select ISNULL(Upper(BSamName),'NoSamID'),ISNULL(BDisplayName,'NoDName'),ISNULL(BPhone,'NoPhone'),ISNULL(BEMail,'Nomail'),ISNULL(BFirstName,'NoFname'),ISNULL(BLastName,'NoLname') from @Apptemp3
order by BSamName

Post #1249991

« Prev Topic | Next Topic »

Permissions