Bulletin: 081507-1
Software Effected:
DomainReconfigure, GroupManagerPlus
Issue:
When creating, modifying, renaming or changing properties for a large number of objects in Windows Active Directory 2000 or 2003, at approximately 300 to 400 objects (users, groups, etc) the application stops the create, modify rename or properties change process. This is a Microsoft flaw in LDAP.
When creating LDAP ports (each time you change an entry in AD) Windows creates a LDAP connection. However, the connection does not close for 15 minutes. Therefore Windows runs out of available LDAP Ports and all operations stop working.
Solution:
Winzero and Microsoft have developed a solution to
address this issue.
On the computer running the Winzero application and the PDC Emulator
(see below how to find the PDC emulator) add or modify the
registry DWORD Value setting for:
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
MaxUserPort should be set to 65534 (decimal) or fffe (Hex)
If this entry does not exist create a DWORD value or modify it to the correct entry. This is the maximum value and it will give you enough ports to modify 10000 objects.
To find the PDC emulator, download our free utility DirectoryObjectExtractor and extract the PDC Emulator. Download Now
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.