Active Directory Synchronization fails to add all users to MailStore
Posted by Daniel Weuthen on 29 Nov 2012 11:20

Affected: MailStore Server < 5.0

Problem: You have more than 1,000 Exchange users in your Active Directory. During Active Directory synchronization, MailStore only finds 1,000 users.

Solution This is a known limitation of Microsoft Active Directory. The page size for LDAP responses is limited to 1,000 by default. To change this default limit, you need Domain-Admin rights as well as the program ADSI-Edit. The program is located in the Windows Server 2003 Support Tools and can be downloaded from Microsoft. Starting with Windows 2008, ADSI-Edit is included as a standard feature.

To modify the LDAP query policy settings in GUI mode, please proceed as follows:

  • Open ADSI Edit.
  • In the tree under Configuration, navigate to CN=Services > CN=Windows NT > CN=Directory Service > CN=Query Policies.
  • In the left pane, click on the Query Policies container, then right-click on the Default Query Policy object in the right pane and select Properties.
  • Double-click on the lDAPAdminLimits attribute.
  • Click on the MAXPAGESIZE attribute and click on Remove.
  • Modify the value in the Value to add text field and click on Add.
  • Click OK twice to save the new settings.

If you prefer to use command, open a command window (cmd.exe) and enter the following command:

 c:\>ntdsutil "ldap policies" connect "connect to server [DCNAME]" q "show values"

[DCNAME] is the FQDN or IP number of your DC

 ldap policy: Set MAXPAGESIZE to [xxxx]

[xxxx] don't use a value higher than the number of mail enabled users in your AD

 ldap policy: commit changes
 ldap policy: q
 ntdsutil: q

Now, all Active Directory users will be synchronized to MailStore.

(0 vote(s))
Not helpful

Remote Support

Please download our TeamViewer client in order to allow the MailStore support team a one-time only access to your system.

Premium Support

If your MailStore Server license includes Premium Support or you are using the MailStore Service Provider Edition, you are entitled to get in touch with our support team directly via phone.