Active Directory Search Limit

Friday, October 28, 2011

By default, the search results when querying Active Directory is limited. This limit affects all browse displays associated with Active Directory, the Active Directory Users and Computers (ADUC) management console, and other Active Directory related dialog boxes. As the Active Directory organization grows, you might need to change the number of objects to search. There are generally three ways that this can be accomplished: a group policy object, the Microsoft Management Console (MMC) that you are using, or directly modify the registry. The difference among the three is that with a group policy object linked to an organizational unit, all of the user objects within the OU, or users within a child OU will be configured to use the setting. Directly modifying the MMC console or registry for a particular user, only affects that user. In the following examples, the new value to be set is 50,000. You can use the value that fits your needs.

Group Policy Method

  1. Start the Group Policy Management Console
  2. Either modify an existing GPO, or create a new one by Right clicking a container.
  3. Select the Group Policy Object, and select Edit.
  4. Select the Group Policy Object, and select Edit.
  5. Select the User Configuration branch, and expand Administrative Templates > Desktop > Active Directory.
  6. Double-click Maximum size of Active Directory searches.
  7. Select Enabled, and set the number (e.g., 50000).
  8. Click Apply.
  9. Click OK.
  10. Close the Group Policy Editor.

This picture depicts the setting for the "Maximum size of Active Directory Searches" using the Remote Server Administration Tools (RSAT) on a Windows 7 computer.

Active Directory Search Limit

Regardless of the version of Active Directory, or console that you use, the way you configure the values is fairly the same. Windows 2000, 2003, and XP require "AdminPak" to be installed for Active Directory and Group Policy Management tools to be available. On Windows 2000 and XP (Gold), the Group Policy Managment console is not avaiable by default. The tools can be found on Microsoft's web site and can be freely downloaded. Make sure you download the latest version for your Operating System.

Registry Edit Method

  1. Start regedit.
  2. Go to the registry entry: HKEY_CURRENT_USER\Software\Policies\Microsoft

Active Directory Search Limit Registry Edit

From the Edit menu, select New > Key, name it 'Windows'. Select the new Windows key, and from the Edit menu, select New, Key, name it 'Directory UI'. Go to the Directory UI key, and from the Edit menu, select New, DWORD Value, name it 'QueryLimit'. Double-click the new value, and set the decimal value (i.e. 50000). Click OK. Close the registry editor.

MMC Configuration

By far, this is the simpliest option when requiring the change for a single user. Open the Active Directory Users and Computers MMC console. In the standard menu, click on 'View', then 'Filter Options'. In the 'Filter Options' window, type in the desired number of items to display per folder as shown here:

Active Directory Search Limit MMC

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

Windows Server 2008 R2 Unleashed MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647