Data Loss Prevention

Expand all | Collapse all

Active Directory Connector indexing failure

  • 1.  Active Directory Connector indexing failure

    Posted 12-27-2017 05:02 PM

    Hi everyone,

    My issue is as follows, there appears to be a  dependency in AD that limits only 1000 results to be returned per OU. There is a OU that we have implimented in a policy that has over 3 thousand user objects in it. The Syncing is failing when trying to sync every night due to the 1000 limitation.


    I know there is advanced options section when scheduling the sync job, does this allow for SQL commands? Or just AD query commands?


    If it allows SQL commands I can only think to have it run three jobs in incriments of 1-1000, then 1001-2000 and 2001-3000.which I inputted below.


    Only other way would be to change the limit at the Active Directory level which I do not want to explore unless there is no other options.


    Has anyone ever ran into this or has a better solution?



    SQL commands


    SELECT * FROM `AD Table` LIMIT 0, 1000

    SELECT * FROM `AD Table` LIMIT 1000, 2000

    SELECT * FROM `AD Table` LIMIT 2000, 3000



    Thank you,

  • 2.  RE: Active Directory Connector indexing failure

    Posted 01-02-2018 05:05 PM

  • 3.  RE: Active Directory Connector indexing failure

    Posted 01-10-2018 11:46 AM

    Hello Ksistr1,

    You cannot use slq but you can modify the config file : (/Protect/config)

    # Endpoint User Groups Browser max nodes shown in a search
    # The AD Server may also have a max configured limit that would additionally constrain this capability
    com.vontu.manager.directorybrowser.max_search_items = 1000

    Modify the "1000" value and restart the services and it should be ok.

    Sincerely yours