LDAP operations have default limits that help prevent adversely impacting server performance and help prevent denial of service attacks.
The LDAP administration limits and defaults are:
- InitRecvTimeout - Initial receive time-out (120 seconds).
- MaxConnections - Maximum number of open connections (5,000).
- MaxConnIdleTime - Maximum amount of time a connection can be idle (900 seconds).
- MaxActiveQueries - Maximum number of queries that can be active at one time (20).
- MaxNotificationPerConnection - Maximum number of notifications that a client can request for a given connection (5).
- MaxPageSize - Maximum page size that is supported for LDAP responses (1,000 records).
- MaxQueryDuration - Maximum length of time the domain controller can execute a query (120 seconds).
- MaxTempTableSize - Maximum size of temporary storage that is allocated to execute queries (10,000 records).
- MaxResultSetSize - Maximum size of the LDAP Result Set (262144 bytes).
- MaxPoolThreads - Maximum number of threads that are created by the DC for query execution (4 for each processor).
- MaxDatagramRecv - Maximum number of datagrams that can be simultaneously processed by the DC (1,024).
Ntdsutil is installed with the Windows 2000 Support Tools. You can run it from a CMD prompt or from Start / Run / Ntdsutil.exe / OK.
To view the current policy settings, at a Ntdsutil command prompt:
1. Type LDAP policies and press ENTER.
2. Type connections and press ENTER.
3. Type connect to server <DNS name of server> and press ENTER.
4. Type q and press ENTER.
5. Type Show Values and press ENTER.
6. The current policies will be displayed.
To change a policy setting:
1. Type LDAP policies and press ENTER.
2. Type Set <Setting Name> to <New Setting Value> and press ENTER.
To change the MaxPoolThreads to 8, type Set MaxPoolThreads to 8.
To verify your changes, use the Show Values command.
When you are finished, type q and press ENTER.
To exit Ntdsutil, type q and press ENTER.
NOTE: See tip 4675 » How do I automate Ntdsutil using a batch file?