JSI Tip 4678. How do I view and manage LDAP policies using Ntdsutil?
January 13, 2002
LDAP operations have default limits that help prevent adversely impacting server performance and help prevent denial of service attacks.
The LDAP administration limits and defaults are:
InitRecvTimeout - Initial receive time-out (120 seconds).
MaxConnections - Maximum number of open connections (5,000).
MaxConnIdleTime - Maximum amount of time a connection can be idle (900 seconds).
MaxActiveQueries - Maximum number of queries that can be active at one time (20).
MaxNotificationPerConnection - Maximum number of notifications that a client can request for a given connection (5).
MaxPageSize - Maximum page size that is supported for LDAP responses (1,000 records).
MaxQueryDuration - Maximum length of time the domain controller can execute a query (120 seconds).
MaxTempTableSize - Maximum size of temporary storage that is allocated to execute queries (10,000 records).
MaxResultSetSize - Maximum size of the LDAP Result Set (262144 bytes).
MaxPoolThreads - Maximum number of threads that are created by the DC for query execution (4 for each processor).
MaxDatagramRecv - Maximum number of datagrams that can be simultaneously processed by the DC (1,024).
Ntdsutil is installed with the Windows 2000 Support Tools. You can run it from a CMD prompt or from Start / Run / Ntdsutil.exe / OK.
To view the current policy settings, at a Ntdsutil command prompt:
1. Type LDAP policies and press ENTER.
2. Type connections and press ENTER.
3. Type connect to server and press ENTER.
4. Type q and press ENTER.
5. Type Show Values and press ENTER.
6. The current policies will be displayed.
To change a policy setting:
1. Type LDAP policies and press ENTER.
2. Type Set to and press ENTER.
To change the MaxPoolThreads to 8, type Set MaxPoolThreads to 8.
To verify your changes, use the Show Values command.
When you are finished, type q and press ENTER.
To exit Ntdsutil, type q and press ENTER.
NOTE: See tip 4675 How do I automate Ntdsutil using a batch file?
About the Author
You May Also Like