While working on a issue recently, we found that the Unix attribute tab has a GUI limitation on the number of groups it can display.
Customer came with an issue where they had provisioned about 1500 groups but from ADUC ==> User’s properties ==> Unix attribute tab, all the groups were not listed. For example refer the image below:
Based on our research we found that the GUI is designed to show 1000 groups by default. Nisprop.dll makes LDAP calls to the Active Directory to query groups which are provisioned for Unix.
One of the work around for the issue given to the customer was to add the gidNumber of the group which are not displayed through the Unix attribute tab.
The same can be achieved from Windows 2008 R2 DC, through the attribute editor tab.
But the questions still remains that, if there is another option to manage the number for group displayed through the Unix attribute tab.
You can increase the MaxPageSize(which is by default 1000). Changing value over 1000 to something as applicable will do the trick. However, there may cause some performance issues. So, please try it out in your test environment first.
Steps: (To be performed on a Domain controller)
1) From the command line, type NTDSUTIL and press enter.
2) At the NTDSUTIL: prompt, type LDAP Policies and press enter.
3) At the LDAP Policy: prompt, type Connections and press enter.
4) At the Connections: prompt, type Connect to Server <domain controller name> and press enter.
5) At the Connections: prompt, type Quit and press enter.
6) At the LDAP Policy: prompt, type Set MaxPageSize to <number, eg. 1500 > and press enter.
7) At the LDAP Policy: prompt, type Commit Changes and press enter.
8) At the LDAP Policy: prompt, type Quit and press enter.
9) At the NTDSUTIL: prompt, type Quit and press enter.
This will list the additional groups through ADUC .