Active Directory Synchronization fails to add all users to MailStore
Posted by Daniel Weuthen on 29 Nov 2012 11:20
Affected: MailStore Server < 5.0
Problem: You have more than 1,000 Exchange users in your Active Directory. During Active Directory synchronization, MailStore only finds 1,000 users.
Solution This is a known limitation of Microsoft Active Directory. The page size for LDAP responses is limited to 1,000 by default. To change this default limit, you need Domain-Admin rights as well as the program ADSI-Edit. The program is located in the Windows Server 2003 Support Tools and can be downloaded from Microsoft. Starting with Windows 2008, ADSI-Edit is included as a standard feature.
To modify the LDAP query policy settings in GUI mode, please proceed as follows:
If you prefer to use command, open a command window (cmd.exe) and enter the following command:
c:\>ntdsutil "ldap policies" connect "connect to server [DCNAME]" q "show values"
[DCNAME] is the FQDN or IP number of your DC
ldap policy: Set MAXPAGESIZE to [xxxx]
[xxxx] don't use a value higher than the number of mail enabled users in your AD
ldap policy: commit changes ldap policy: q ntdsutil: q
Now, all Active Directory users will be synchronized to MailStore.