Producing a list of multivalued linked attributes

Active Directory objects can have several different types of attributes. The two basic types are single valued and multivalued. The most frequently asked question regarding attributes that I have seen is that regarding the member attribute because it comes into play when discussing the maximum number of members (users) you can have in a group. In Windows 2000 Active Directory, the recommendation was to have not more than 5,000 members in each group. However, in Windows Server 2003 (as long as you have a forest functional level of Windows Server 2003 interim) there is no stated limit on group membership and millions of members per group are possible (and up to 500 million have been tested). This is explained in the Active Directory Maximum Limits (https://technet.microsoft.com/en-us/library/cc756101.aspx) article. Since this is made possible through the use and replication of multivalued linked attributes, some people have asked for a list of the multivalued linked attributes in Active Directory. To generate such a list, since it might be different depending on your specific version and what you’ve got installed, you can use Ldp. Search the Active Directory Schema for isSingleValued=FALSE and LinkID=* to generate the list. I show a couple of examples in the figures below: the first one using Windows Server 2003 R2 for the Contoso.com schema and the second one using Windows Server 2008 R2 on the Fineartschool.net schema.

This posting is provided "AS IS" with no warranties, and confers no rights.

image image

Notice in the second query that I’ve specified attributes adminDisplayName; adminDescription, which reports all the information I need for a list. Often the adminDescription is exactly the same as the display name, but on some attributes you’ll actually see additional information. An example portion of the output generated by the query above in the following figure:

image

You can also set the attribute output in the Windows Server 2003 version of Ldp, just click the Options button to access those options. To learn more about performing Ldp queries, see the Ldp Overview and its subordinate topics (https://technet.microsoft.com/en-us/library/cc772839.aspx).

 

LiveJournal Tags: LDP,LDAP query,multivalued linked attributes,Active Directory,Active Directory Scalability,AD scale,directory scaling

 

This posting is provided "AS IS" with no warranties, and confers no rights.