Active Directory Configured as an Identity Source

When configuring Active Directory as an identity source, it is recommended to verify the default LDAP policy on the active directory server and check for MaxPageSize that limits the number of objects that the server will return. The default value is 1000.

Perform the following steps to verify the quotas on the Active Directory server:

Open the ADSI Edit page.
In the Configuration partition window, navigate to Services ==> Windows NT ==> Directory Service ==> Query Policies.
In the left pane, click on the Query Policies container, then right-click on the Default Query Policy object in the right pane, and select Properties.
Double-click on the lDAPAdminLimits attribute and select the MaxPageSize attribute.
Click Remove and modify the value in the Value to add field to add the new value (for example, MaxPageSize=2000) and click Add.
Click OK twice.

LDAP policy can also be modified using Ntdsutil.exe, follow instructions mentioned in https://support.microsoft.com/en-us/kb/315071 to view and set LDAP policy on Active Directory server.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Active Directory Configured as an Identity Source

Documentation Feedback