[THIN] Re: CTX Password Manager
- From: Warren Simondson <caditc@xxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 16 Mar 2011 16:43:22 +1100
Excellent work Jeremy, and spot on. Yes the initial query is an ADO query and
is limited to 1000 search
returns. I program everything in C so it will be an easy fix. I found thi on
MSDN:
"The SizeLimit and PageSize properties both affect the number of items that are
returned by a search.
The SizeLimit property sets the maximum number of items that will be returned
by a search, but there
may be other search result limitations imposed by the underlying directory
service. For example, Active
Directory Domain Services limits the maximum number of search results to 1000.
In this case, setting the
SizeLimit property to a value greater than 1000 has no effect.
The PageSize property sets the maximum number of items in each page of results
that will be returned by
a search. The page size is also affected by the underlying directory service.
With Active Directory Domain
Services, the largest page size is 1000. Any value over 1000 will be ignored.
If PageSize is set to its
default value (zero), no paging will occur and the maximum number of items
returned by the search will
be the lesser of SizeLimit and 1000.
To retrieve a set of results that is larger than 1000 items, you must set
SizeLimit to its default value
(zero) and set PageSize to a value that is less than or equal to 1000. For
example, if a search will result in
12,000 items being returned and SizeLimit is set to 500, a total of 500 items
will be returned. If, however,
SizeLimit is set to zero and PageSize is set to 500, the search will return all
12,000 results in pages of 500
items, with the last page containing only 200 items. The paging occurs
transparently to the application and
the application does not have to perform any special processing other than
setting the PageSize property
to the proper value."
For those interested, this is the code to make the change:
http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.pagesize
(v=vs.80).aspx#
So, I will need to include that in my code. James, if you can wait a few days,
I'll include this in my code
and resubmit the app in the freeware section of the Ctrl-Alt-Del Web Site. I
haven't been able to do any
programming in over a year and a half because we have been sooooooo busy, so
I'll have to dust off my
brain.
Thanks agian Jeremy for pointing that out. It's always us AUSTRALIANS that know
how to fix things with
Citrix products. Those USA people....well, need I say more ;)
--
Warren Simondson
Ctrl-Alt-Del IT Consultancy Pty Ltd
Website: http://www.ctrl-alt-del.com.au
On Wed, Mar 16th, 2011 at 1:41 PM, "Jeremy (J House Consulting)"
<jeremy@xxxxxxxxxxxxxxxxxxxx>
wrote:
> Hey Warren,
>
> Not sure how your code works, what language you're using, or whether or
> not you are doing an ADO search. But if you are, then when doing ADO
> searches I have found that you need to enable paging to be able to
> retrieve large numbers of records correctly. Setting the "Page Size"
> property to say 100 makes a big difference between my scripts working in
> large AD environments or not. But they never fail in the smaller
> environments. I've never bothered to do a record count to understand what
> the limitations are when using no paging. It's just one of those "best
> practice" type things I ensure I enable when writing a script to do an ADO
> search.
>
> Maybe I'm well off topic, but it's something that's caught me off guard
> before.
>
> Cheers,
> Jeremy.
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
> Behalf Of Warren Simondson
> Sent: Wednesday, 16 March 2011 5:19 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: CTX Password Manager
>
> How many users are in your AD? I have been told the my utility will stop
> searching at a certain number (around 2000), although I have never seen it
> myself.
> --
> Warren Simondson
>
> Ctrl-Alt-Del IT Consultancy Pty Ltd
>
> Website: http://www.ctrl-alt-del.com.au
>
>
>
>
>
>
>
>
> On Wed, Mar 16th, 2011 at 1:28 AM, James Scanlon
> <James.Scanlon@xxxxxxxxxxxxxxxx> wrote:
>
> > Warren,
> > Provisioning is working - put pointing it tot he root of our domain
> > finds probably 75% of the users.
> > Of which I seem to be able to reset those discovered... The rest are
> > just 'not there'... (even though they have registered for SSO) any
> > further ideas?
> >
> > Thanks again very much for your help with this mate, cool little app!
> > James
> >
> >
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
> > Behalf Of Warren Simondson
> > Sent: 14 March 2011 13:24
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: CTX Password Manager
> >
> > Hi James
> >
> > this error looks like either you haven't got the provision services
> > module installed with your default password manager install on the PM
> > Server. This is essential for the helpdek utility to work. If you have
> > got this then it will either be certificate related or permisisons
> > related to the PM server - specifically the provisioning module. You
> > can add the proviosioning module even after you have configured PM,
> > you just have to goto to add/remove and modify the components
> > installed. No harm will be done to your existing environment.
> >
> > To see if the service is running correctly, goto to a web browser
> > within the domain and type
> > https://servicemachinefqdn/MPMService/ProvisionSvc.asmx in the address
> > bar. you should get a repsonse. If you get an eror then this is where
> > the issue exists.
> >
> > The PMHelpDesk.exe.config must be configured prior to using this
> > utility.
> > This file contains the following:
> > - the location of the password manager services
> > - the Fully Qualified Domain Name of the Active Directory
> > - the Root OU in the Active Directory that contains the PM users
> >
> > Notes on this Configuration file
> >
> > Change the following values to suit your environment:
> > - key="PMHelpDesk.ProvisionServices.ProvisionSvc"
> >
> > value="https://servicemachinefqdn/MPMService/ProvisionSvc.asmx"/>
> > Set this value to the location of the password manager services
> > eg.
> > value="https://myPMserver.mydomain.local/MPMService/ProvisionSvc.asmx";
> > />
> >
> > - key="PMHelpDesk.ADHelper.ADLookup"
> > value="domain.local"/>
> > Set this value to the FQDN. This value can be left blank.
> > eg. value="mydomain.local"/>
> > or
> > eg. value=""/>
> > - key="PMHelpDesk.ADHelper.OULookup"
> > value=""/>
> > Set this value to the Root OU in the Active Directory that
> > contains
> > the PM users.
> > This value can be left blank.
> > eg. value="myStaff"/>
> > (This would be viewed as OU="mystaff",DC="mydomain",DC="local")
> > or
> > eg. value=""/>
> >
> > --
> > Warren Simondson
> >
> > Ctrl-Alt-Del IT Consultancy Pty Ltd
> >
> > Website: http://www.ctrl-alt-del.com.au
> >
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Mar 14th, 2011 at 9:54 PM, James Scanlon
> > <James.Scanlon@xxxxxxxxxxxxxxxx> wrote:
> >
> > >
> >
> > ************************************************
> > For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
> > mode use the below link:
> > //www.freelists.org/list/thin
> > Follow ThinList on Twitter
> > http://twitter.com/thinlist
> > ************************************************
> >
> > ______________________________________
> >
> > C. Hoare & Co. is authorised and regulated by the Financial Services
> > Authority with registration no. 122093. The FSA�s address is 25,
>
> > The North Colonnade, Canary Wharf, London E14 5HS.
> > Registered in England no. 240822. Registered office 37 Fleet St,
> > London, EC4P 4DQ
> >
> > Confidentiality Disclaimer:
> > This message and attachments are confidential and may be privileged,
> > and are sent for the personal attention of the addressee(s). If you
> > are not the intended addressee, any use, disclosure or copying of this
> > document is unauthorised. Information transmitted by email may be
> > intercepted, lost, destroyed, corrupted or delayed and as a result, C.
> > Hoare & Co. do not accept responsibility for any errors or omissions
> > in the contents of this message. If you would like to confirm the
> > contents of this email, please request a hard copy version.
> >
> > If the contents of this message are of a personal nature, the email
> > will have been sent in a personal capacity and not on behalf of C. Hoare
> & Co.
> >
> > Monitoring/Viruses:
> > C. Hoare & Co. may monitor all incoming and outgoing emails in line
> > with current legislation. Although emails are screened for viruses, C.
> > Hoare & Co. cannot guarantee that any transmissions will be virus free.
> > ________________________________________
> >
> > ************************************************
> > For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
> > mode use the below link:
> > //www.freelists.org/list/thin
> > ************************************************
> >
> >
> >
>
> ************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
> mode use the below link:
> //www.freelists.org/list/thin
> ************************************************
>
> ************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> //www.freelists.org/list/thin
> ************************************************
>
>
>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
