Your search is returning only 1,000 objects and you want it to return all matching objects.
You might notice that searches with large numbers of matches stop displaying after 1000. Domain controllers return only a maximum of 1,000 entries from a search unless paging is enabled. This is done to prevent queries from consuming a lot of resources on domain controllers by retrieving the results all at once instead of in "pages" or batches. The following examples are variations of Recipe 4.5, which will show how to enable paging and return all matching entries.
220.127.116.11 Using a graphical user interface
18.104.22.168 Using a command-line interface
> dsquery * <BaseDN> -limit 0 -scope <Scope> -filter "<Filter>" -attr "<AttrList>"
22.214.171.124 Using VBScript
' This code enables paged searching ' ------ SCRIPT CONFIGURATION ------ strBase = "<LDAP://<BaseDN>>;" strFilter = "<Filter>;" strAttrs = "<AttrList>;" strScope = "<Scope>" ' ------ END CONFIGURATION --------- set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objComm = CreateObject("ADODB.Command") objComm.ActiveConnection = objConn objComm.Properties("Page Size") = 1000 objComm.CommandText = strBase & strFilter & strAttrs & strScope set objRS = objComm.Execute objRS.MoveFirst while Not objRS.EOF Wscript.Echo objRS.Fields(0).Value objRS.MoveNext wend
Paged searching support is implemented via an LDAP control. LDAP controls were defined in RFC 2251 and the Paged control in RFC 2696. Controls are extensions to LDAP that were not built into the protocol, so not all directory vendors support the same ones.
If you need searches to return hundreds of thousands of entries, Active Directory will return a maximum of only 262,144 entries even when paged searching is enabled. This value is defined in the LDAP query policy and can be modified like the maximum page size (see Recipe 4.23).
126.96.36.199 Using a graphical user interface
A word of caution when using LDP to display a large number of entries by default, only 2,048 lines will be displayed in the right pane. To change that value, go to Options General and change the Line Value under Buffer Size to a larger number.
188.8.131.52 Using a command-line interface
The only difference between this solution and Recipe 4.5 is the addition of the -limit 0 flag. With -limit set to 0, paging will be enabled and all matching objects will be returned. If -limit is not specified, a maximum of 100 entries.
184.108.40.206 Using VBScript
To enable paged searching in ADO, you must instantiate an ADO Command object. A Command object allows for various properties of a query to be set, including size limit, time limit, and page size, to name a few. See MSDN for the complete list.
4.7.4 See Also
Recipe 4.5 for searching for objects, Recipe 4.23 for viewing the default LDAP policy, RFC 2251 (Lightweight Directory Access Protocol (v3)), RFC 2696 (LDAP Control Extension for Simple Paged Results Manipulation), and MSDN: Searching with ActiveX Data Objects (ADO)