How to Set MaxPageSize in Active Directory

Certain LDAP clients can only receive the first 1,000 results when they make an LDAP query to Active Directory, when more results exist that satisfy the query scope.  If there are 1,200 results to be returned, the client will receive the “Size Limit Exceeded” error when the paging control is not used.

Microsoft lists MaxPageSize as:

MaxPageSize – This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSizevalue. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

Default value: 1,000

Here are the steps for showing and changing the default MaxPageSize in AD.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:Documents and Settingsusername>ntdsutil
ntdsutil: ldap policies
ldap policy: connections
server connections: connect to server <yourservername>
Binding to <yourservername> ...
Connected to <yourservername> using credentials of locally logged on user.
server connections: q
ldap policy: show values

Policy                          Current(New)

MaxPoolThreads                  4
MaxDatagramRecv                 1024
MaxReceiveBuffer                10485760
InitRecvTimeout                 120
MaxConnections                  5000
MaxConnIdleTime                 900
MaxPageSize                     1000
MaxQueryDuration                120
MaxTempTableSize                10000
MaxResultSetSize                262144
MaxNotificationPerConn          5
MaxValRange                     0

ldap policy: set maxpagesize to 7000
ldap policy: commit changes
ldap policy: q
ntdsutil: q


No Restart is required for this settings change



How to edit the password policy on Windows Server 2008 R2 or Windows 2012

It’s not possible directly to edit the password policies in AD setup both in Windows 2008 and 2012 environment. Before doing the changes have a look into the current settings, and backup if necessary. To check the currents settings, type ‘gpedit.msc’ in command prompt and then navigate to  ‘Computer SettingsWindows SettingsSecurity SettingsAccount PoliciesPassword Policy’ section.

localsecpolicyMost of the times the settings will be greyed out (disabled), if it’s greydout here how we can change it.

  1. Go to a command prompt
  2. Type ‘secedit /export /cfg c:local.cfg‘ and hit enter
  3. Using notepad, edit c:local.cfg (keep a backup if required)
  4. Look for the line which you want to edit. For eg. “PasswordComplexity = 1” and change it to “PasswordComplexity = 0”
  5. Save the file
  6. At a command prompt type ‘secedit /configure /db %windir%securitylocal.sdb /cfg c:local.cfg /areas SECURITYPOLICY

This will apply the new settings and refreshing the gpedit.msc should reflect the new settings
Set your new less complex password!