[THIN] Re: CTX Password Manager
- From: "James Scanlon" <James.Scanlon@xxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 16 Mar 2011 13:11:39 -0000
After your detais about too many results I set the app to look in a deeper
level OU than ROOT.
All working Perfect now :)
Cheers Gents!
James
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Jeremy (J House Consulting)
Sent: 16 March 2011 07:17
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CTX Password Manager
Cool. Glad I could help.
It's interesting because what you read on MSDN is not always 100% accurate in
practice :-)
What I have documented, which is a quote from one of the VBScripting gurus from
years ago is "Enable paging, which means that ADO retrieves the number of rows
you specify repeatedly until all rows are retrieved, no matter how many there
are. It has been found that it makes very little difference what value you
assign, as long as you assign a value so that paging is enabled."
He then went on to say that 100 is a good efficient value to use, and will work
under all scenarios.
I don't use Size Limit in my scripts, as setting it to 0, which is the default
if not defined, allows for an unlimited number of results, which is exactly
what we want.
So set PageSize to 100 and SizeLimit to 0 and all should be good.
Cheers,
Jeremy.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Warren Simondson
Sent: Wednesday, 16 March 2011 1:43 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CTX Password Manager
Excellent work Jeremy, and spot on. Yes the initial query is an ADO query and
is limited to 1000 search returns. I program everything in C so it will be an
easy fix. I found thi on MSDN:
"The SizeLimit and PageSize properties both affect the number of items that are
returned by a search.
The SizeLimit property sets the maximum number of items that will be returned
by a search, but there may be other search result limitations imposed by the
underlying directory service. For example, Active Directory Domain Services
limits the maximum number of search results to 1000. In this case, setting the
SizeLimit property to a value greater than 1000 has no effect.
The PageSize property sets the maximum number of items in each page of results
that will be returned by a search. The page size is also affected by the
underlying directory service. With Active Directory Domain Services, the
largest page size is 1000. Any value over 1000 will be ignored. If PageSize is
set to its default value (zero), no paging will occur and the maximum number of
items returned by the search will be the lesser of SizeLimit and 1000.
To retrieve a set of results that is larger than 1000 items, you must set
SizeLimit to its default value
(zero) and set PageSize to a value that is less than or equal to 1000. For
example, if a search will result in 12,000 items being returned and SizeLimit
is set to 500, a total of 500 items will be returned. If, however, SizeLimit is
set to zero and PageSize is set to 500, the search will return all 12,000
results in pages of 500 items, with the last page containing only 200 items.
The paging occurs transparently to the application and the application does not
have to perform any special processing other than setting the PageSize property
to the proper value."
For those interested, this is the code to make the change:
http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryse
archer.pagesize
(v=vs.80).aspx#
So, I will need to include that in my code. James, if you can wait a few days,
I'll include this in my code and resubmit the app in the freeware section of
the Ctrl-Alt-Del Web Site. I haven't been able to do any programming in over a
year and a half because we have been sooooooo busy, so I'll have to dust off my
brain.
Thanks agian Jeremy for pointing that out. It's always us AUSTRALIANS that know
how to fix things with Citrix products. Those USA people....well, need I say
more ;)
--
Warren Simondson
Ctrl-Alt-Del IT Consultancy Pty Ltd
Website: http://www.ctrl-alt-del.com.au
On Wed, Mar 16th, 2011 at 1:41 PM, "Jeremy (J House Consulting)"
<jeremy@xxxxxxxxxxxxxxxxxxxx>
wrote:
> Hey Warren,
>
> Not sure how your code works, what language you're using, or whether
> or not you are doing an ADO search. But if you are, then when doing
> ADO searches I have found that you need to enable paging to be able to
> retrieve large numbers of records correctly. Setting the "Page Size"
> property to say 100 makes a big difference between my scripts working
> in large AD environments or not. But they never fail in the smaller
> environments. I've never bothered to do a record count to understand
> what the limitations are when using no paging. It's just one of those
> "best practice" type things I ensure I enable when writing a script to
> do an ADO search.
>
> Maybe I'm well off topic, but it's something that's caught me off
> guard before.
>
> Cheers,
> Jeremy.
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
> Behalf Of Warren Simondson
> Sent: Wednesday, 16 March 2011 5:19 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: CTX Password Manager
>
> How many users are in your AD? I have been told the my utility will
> stop searching at a certain number (around 2000), although I have
> never seen it myself.
> --
> Warren Simondson
>
> Ctrl-Alt-Del IT Consultancy Pty Ltd
>
> Website: http://www.ctrl-alt-del.com.au
>
>
>
>
>
>
>
>
> On Wed, Mar 16th, 2011 at 1:28 AM, James Scanlon
> <James.Scanlon@xxxxxxxxxxxxxxxx> wrote:
>
> > Warren,
> > Provisioning is working - put pointing it tot he root of our domain
> > finds probably 75% of the users.
> > Of which I seem to be able to reset those discovered... The rest are
> > just 'not there'... (even though they have registered for SSO) any
> > further ideas?
> >
> > Thanks again very much for your help with this mate, cool little app!
> > James
> >
> >
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Warren Simondson
> > Sent: 14 March 2011 13:24
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: CTX Password Manager
> >
> > Hi James
> >
> > this error looks like either you haven't got the provision services
> > module installed with your default password manager install on the
> > PM Server. This is essential for the helpdek utility to work. If you
> > have got this then it will either be certificate related or
> > permisisons related to the PM server - specifically the provisioning
> > module. You can add the proviosioning module even after you have
> > configured PM, you just have to goto to add/remove and modify the
> > components installed. No harm will be done to your existing environment.
> >
> > To see if the service is running correctly, goto to a web browser
> > within the domain and type
> > https://servicemachinefqdn/MPMService/ProvisionSvc.asmx in the
> > address bar. you should get a repsonse. If you get an eror then this
> > is where the issue exists.
> >
> > The PMHelpDesk.exe.config must be configured prior to using this
> > utility.
> > This file contains the following:
> > - the location of the password manager services
> > - the Fully Qualified Domain Name of the Active Directory
> > - the Root OU in the Active Directory that contains the PM users
> >
> > Notes on this Configuration file
> >
> > Change the following values to suit your environment:
> > - key="PMHelpDesk.ProvisionServices.ProvisionSvc"
> >
> > value="https://servicemachinefqdn/MPMService/ProvisionSvc.asmx"/>
> > Set this value to the location of the password manager services
> > eg.
> > value="https://myPMserver.mydomain.local/MPMService/ProvisionSvc.asmx";
> > />
> >
> > - key="PMHelpDesk.ADHelper.ADLookup"
> > value="domain.local"/>
> > Set this value to the FQDN. This value can be left blank.
> > eg. value="mydomain.local"/>
> > or
> > eg. value=""/>
> > - key="PMHelpDesk.ADHelper.OULookup"
> > value=""/>
> > Set this value to the Root OU in the Active Directory that
> > contains
> > the PM users.
> > This value can be left blank.
> > eg. value="myStaff"/>
> > (This would be viewed as OU="mystaff",DC="mydomain",DC="local")
> > or
> > eg. value=""/>
> >
> > --
> > Warren Simondson
> >
> > Ctrl-Alt-Del IT Consultancy Pty Ltd
> >
> > Website: http://www.ctrl-alt-del.com.au
> >
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Mar 14th, 2011 at 9:54 PM, James Scanlon
> > <James.Scanlon@xxxxxxxxxxxxxxxx> wrote:
> >
> > >
> >
> > ************************************************
> > For Archives, RSS, to Unsubscribe, Subscribe or set Digest or
> > Vacation mode use the below link:
> > //www.freelists.org/list/thin
> > Follow ThinList on Twitter
> > http://twitter.com/thinlist
> > ************************************************
> >
> > ______________________________________
> >
> > C. Hoare & Co. is authorised and regulated by the Financial Services
> > Authority with registration no. 122093. The FSAââ'¬â"¢s address is
> > 25,
>
> > The North Colonnade, Canary Wharf, London E14 5HS.
> > Registered in England no. 240822. Registered office 37 Fleet St,
> > London, EC4P 4DQ
> >
> > Confidentiality Disclaimer:
> > This message and attachments are confidential and may be privileged,
> > and are sent for the personal attention of the addressee(s). If you
> > are not the intended addressee, any use, disclosure or copying of
> > this document is unauthorised. Information transmitted by email may
> > be intercepted, lost, destroyed, corrupted or delayed and as a
> > result,
C.
> > Hoare & Co. do not accept responsibility for any errors or omissions
> > in the contents of this message. If you would like to confirm the
> > contents of this email, please request a hard copy version.
> >
> > If the contents of this message are of a personal nature, the email
> > will have been sent in a personal capacity and not on behalf of C.
> > Hoare
> & Co.
> >
> > Monitoring/Viruses:
> > C. Hoare & Co. may monitor all incoming and outgoing emails in line
> > with current legislation. Although emails are screened for viruses, C.
> > Hoare & Co. cannot guarantee that any transmissions will be virus free.
> > ________________________________________
> >
> > ************************************************
> > For Archives, RSS, to Unsubscribe, Subscribe or set Digest or
> > Vacation mode use the below link:
> > //www.freelists.org/list/thin
> > ************************************************
> >
> >
> >
>
> ************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
> mode use the below link:
> //www.freelists.org/list/thin
> ************************************************
>
> ************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
> mode use the below link:
> //www.freelists.org/list/thin
> ************************************************
>
>
>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
//www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
//www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
