Asking for a large set of results via ldapsearch to an Active Directory (AD) you will get a "size limit exceeded" error message. Searches of Active Directory performed without paging are limited to returning a maximum of the first 1000 records.
If you ask for a large set of results to an Active Directory (AD) you will get a "size limit exceeded" error message: searches of Active Directory performed without paging are limited to returning a maximum of the first 1000 records.
A way to get around this search size limit is getting "pages" of results, via ldapsearch as well.
Ldapsearch provides '-E' option that allows to perform paged searches.
We can ask for all items of a large result set simply by providing the right paging policy.
For example, we can use -E and provide a value of pr=1000/noprompt in order to return all pages, with 1000 result items per page, without further user interaction (noprompt).
ldapsearch -E pr=1000/noprompt -x
-h adhost.domain.com
-p 389
-D cn=administrator,cn=users,dc=domain,dc=com
-w password
-s sub -b "OU=Users,DC=domain,DC=com"
"(objectClass=user)" dn
Good 