AD Search: More data is available, or time limit was exceeded

[Guest]

I'm searching in AD for computers (objectClass=computer) in a few
domains. The search works just fine in "small" domains with less than
1,000 of computer entries, and failed on domain with more than 4,000
entries. I do receive only first 560 objects and either get a timeout,
or app is never stopped.

Using System.DirectoryServices....

foreach (SearchResult r in searcher.FindAll())
{
....
}

I get an exception "DirectoryServicesCOMException: More data is
available" on the line with searcher.FindAll()

Using System.DirectoryServices.Protocols....

PageResultRequestControl pageRequest =
new PageResultRequestControl(20);

searchRequest.Controls.Add(pageRequest);

SearchOptionsControl searchOptions =
new SearchOptionsControl(SearchOption.DomainScope);

searchRequest.Controls.Add(searchOptions);

while (true)
{
....
}

(as descibed at http://msdn2.microsoft.com/en-us/library/bb332056.aspx)

I receive only first 28 of pages (560 computers) and a message
"DirectoryOperationException: The time limit set by the server-side
time limit parameter was exceeded."

If I set an additional settings to increase the timeout e.g.

connection.Timeout = new TimeSpan(0, 3, 30);

then after 560 entries and a while (about 1-2 min) I get another page
(#29) with 10(!) computers only (PageResultRequestControl(20)) and app
goes to hang.

So, my question is how to solve this problem and get all of computers?

Environment: ASP.NET2, DC - Win2000

 

[Guest]

I'm searching in AD for computers (objectClass=computer) in a few
domains. The search works just fine in "small" domains with less than
1,000 of computer entries, and failed on domain with more than 4,000
entries. I do receive only first 560 objects and either get a timeout,
or app is never stopped.

Well, it seems that the problem is somewhere on DC. I tried to connect
to another DC and I received more than 560 objects (about 2000) but
then the same error occured again. So, currently I decided to
enumerate all OUs and used "OU=...,DC=..." to search. This approach
returns duplicates but finally I'm able to get all computers within
the domain.

 

[Joe Kaplan]

What if you try setting the ServerPageTimeLimit property on the
DirectorySearcher to a value less that the server's max query time (which is
usually two minutes but might be different on your DC; you can look it up)?
That time limit is supposed to define how long a particular page in a paged
search will execute before it gives up and returns partial results.

By using a small page size and a small page time limit, you'll make sure
search more chatty, but less likely to error out on the server.

I'd also suggest using objectCategory=computer as your filter criteria as
objectClass is not usually indexed in AD but objectCategory is. It might
improve your query perf.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

I'm searching in AD for computers (objectClass=computer) in a few
domains. The search works just fine in "small" domains with less than
1,000 of computer entries, and failed on domain with more than 4,000
entries. I do receive only first 560 objects and either get a timeout,
or app is never stopped.

Well, it seems that the problem is somewhere on DC. I tried to connect
to another DC and I received more than 560 objects (about 2000) but
then the same error occured again. So, currently I decided to
enumerate all OUs and used "OU=...,DC=..." to search. This approach
returns duplicates but finally I'm able to get all computers within
the domain.

 

[Guest]

What if you try setting the ServerPageTimeLimit property on the
DirectorySearcher to a value less that the server's max query time (which is
usually two minutes but might be different on your DC; you can look it up)?
That time limit is supposed to define how long a particular page in a paged
search will execute before it gives up and returns partial results.

By using a small page size and a small page time limit, you'll make sure
search more chatty, but less likely to error out on the server.

I'd also suggest using objectCategory=computer as your filter criteria as
objectClass is not usually indexed in AD but objectCategory is.  It might
improve your query perf.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net



Well, it seems that the problem is somewhere on DC. I tried to connect
to another DC and I received more than 560 objects (about 2000) but
then the same error occured again. So, currently I decided to
enumerate all OUs and used "OU=...,DC=..." to search. This approach
returns duplicates but finally I'm able to get all computers within
the domain.

I tried today a number of options to solve that issue, including

searcher.ServerPageTimeLimit = new TimeSpan((long)(30 *
TimeSpan.TicksPerSecond));
searcher.ServerTimeLimit = new TimeSpan((long)(30 *
TimeSpan.TicksPerSecond));
searcher.CacheResults = false;
searcher.ReferralChasing = ReferralChasingOption.None;
searcher.ServerTimeLimit = new TimeSpan(0, 0, 30);
searcher.ClientTimeout = new TimeSpan(0, 1, 0);

...and no luck