PROBLEM:
When trying to fetch users or valid recipient email addresses, the LDAP Query stops exactly at 1000 records. Scheduled import job return error: “PHP Warning: ldap_search(): Partial search results returned: Sizelimit exceeded in /etc/cron.hourly/ldap_valid_recipient_fetch.php on line 35″
SOLUTION:
There is a maxPageSize limit of 1000 in the windows AD which limits the LDAP query records to a max of 1000.
In simple words whenever an LDAP search or query is made to the AD, no more than 1000 records are returned from the directory. This limitation is actually a security design so as to prevent the AD from DOS attacks for LDAP queries. In case less than 1000 users are defined in the AD, no additional work is required but for a large setup this limit needs to be changed at the AD using the “ntdsutil” utility.
So the following steps need to be done at your AD to change the MaxPageSize value from 1000 to 5000(or whatever value suits ur requirement).
C:> ntdsutil
ntdsutil: ldap policies
ldap policy: connections
server connections: connect to server x.x.x.x ( here a few messages regarding connectivity are displayed)
server connections : q
ldap policy : show values ( here we will see all the values including MaxPageSize which is 1000 currently)
ldap policy : set maxpagesize to 5000
ldap policy : commit changes
ldap policy : q
ntdsutil : q
After performing above commands Esva can successfully import more than 1000 users from the AD.