Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get around 1000 records limit in Active Directory with T-SQL query?

Tags:

sql

sql-server

tsql

active-directory

active-directory-group

Code below works perfectly* if I limit the cursor to a few groups but if I let it run against our whole domain I encounter 1000 records limit in AD. Any ideas on how to get this paging?

*perfectly because it should only return a limited number of records which number below the 1000 record limit.

CREATE TABLE #MemberOfGroups
(
    groupName   VARCHAR (400),
    cn          VARCHAR (400),
    displayName VARCHAR (400)
);

SET NOCOUNT ON;

DECLARE @t AS VARCHAR (100), 
@t2 AS VARCHAR (1000), 
@ot AS VARCHAR (4000), 
@tt AS VARCHAR (4000);

DECLARE gC CURSOR
    FOR SELECT cn,
               distinguishedName
        FROM   OPENQUERY (ADSI, 'SELECT cn, distinguishedName
     FROM ''LDAP://DC=coal,DC=local''
     WHERE objectCategory = ''group''');

OPEN gC;

FETCH NEXT FROM gC INTO @t, @t2;

WHILE @@FETCH_STATUS = 0
    BEGIN
        SET @ot = '''SELECT cn, displayName
     FROM ''''LDAP://DC=coal,DC=local''''
     WHERE objectCategory = ''''Person'''' AND objectClass = ''''user''''
     AND memberOf=''''' + @t2 + '''''';
        SET @tt = 'select ' + '''' + @t + '''' + ' As GroupName, cn, displayName from openquery(ADSI,' + @ot + ''') order by cn';
        INSERT INTO #MemberOfGroups (groupName, cn, displayName)
        EXECUTE (@tt);
        --print @tt
        FETCH NEXT FROM gC INTO @t, @t2;
    END

CLOSE gC;

DEALLOCATE gC;
like image 354
Teresa Avatar asked Feb 21 '23 19:02

Teresa

1 Answers

The SQL Server ADO querying into Active Directory is very limited and doesn't offer all the capabilities of a full-blown AD interface.

According to Active Directory MVP Richard Mueller on his web site, this limitation of 1000-1500 objects returned from a search cannot be circumvented or fixed in SQL Server AD searches:

There are two limitations you should be aware of. First, the OPENQUERY statement does not support multi-valued attributes. You cannot retrieve the values of multi-valued attributes, like memberOf. Second, the total number of records that can be retrieved is limited to 1500 (1000 in Windows 2000 Active Directory). Paging is not supported from an SQL distributed query, so this limitation cannot be overcome, except by modifying the Active Directory server limit for maxPageSize.

So I'm afraid you won't be able to do this directly from SQL Server - you'll have to find another way to achieve this.

like image 167
marc_s Avatar answered Feb 23 '23 11:02

marc_s
Sign in to Comment

Related questions

Closed ResultSet without closing statement
ORACLE Constraint to allow Null Value, IF
Order by a field containing Numbers and Letters
how to get the "next row" and "previous row" in a resultset, without selecting the entire resultset?
Order of execution of LINQ methods returning same results but different SQL in this code. What exactly is going on inside?
Microsoft SQL Server Like keyword
How would you do this task using SQL or R library sqldf?
sql unique constraint on a 2 columns combination

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!