[Active Directory] AD_UsersGet not returning all users from AD

Forge Component
(14)
Published on 20 May by Renato Pauleta
14 votes
Published on 20 May by Renato Pauleta

Hi,

I am currently trying to load all AD users into an entity table that I created. What I have noticed is the AD_UsersGet function is only returning 1000 AD user records. I found this out by displaying all records from my database table and it only returned 1000 rows.

I also confirmed this by performing a search query with the 1000 records and couldn't my own AD user record but when I searched myself using AD_UserGetDetails I can see all my information.

Is there any way I can retrieve all users from AD? I don't want it to be limited to 1000 rows only. 


Cheers,

Dalen

Hi Dalen,

The component doesn't have a max record limitation. Are you able to the debug ActiveDirectoryCore and check how many records does it return? Are you using a timer to load the users? Can you send me a sample of your code?

Cheers.

Renato Pauleta wrote:

Hi Dalen,

The component doesn't have a max record limitation. Are you able to the debug ActiveDirectoryCore and check how many records does it return? Are you using a timer to load the users? Can you send me a sample of your code?

Cheers.

I have checked how many records returned by the AD_UsersGet action by assigning AD_UsersGet.ADUsers.length to a variable (AmountOfUsers) and used it to display to the screen. 


This action happens on page preparation but I have also tried it with a button (binding the action to it) but same issue persists.

The entity table is called ADUsers2 and I have a local variable with a data type of ADUsers2 (entity record). For each row returned from AD_UsersGet, I am assigning the GUID, DisplayName, EmailAddress, and SamAccountName from ADUsers list to the local variable before passing it to CreateOrUpdateADUsers2.

Initially, I thought it was my application so I tried loading all the users to the entity table by calling the action in the preparation action for ADConfigurations Homepage. Again, not all users are fully loaded, however I checked the database and can see there are 53 more records now (1053). Could there be some kind of page or CreateOrUpdateADUsers2 action timeout happening? Please advise.


Cheers,

Dalen

I also tried setting the maximum iterations amount for the "For Each" to a very high number (over 9000) but that didn't help.

Solution

Thank you so very much for this! After a bit of search, I've realized that the AD search for objects was limited to the server default of 1000.

I've changed the code so that now you'll get all results, just install the latest version and let me know how it goes.

Solution

Thanks for your help, Renato. I am now able to retrieve all the users and store it in the database. :)

Hi,

Does anyone knows, how can I get user picture (thumbnail) from Active Directory?

Renato Pauleta wrote:

Thank you so very much for this! After a bit of search, I've realized that the AD search for objects was limited to the server default of 1000.

I've changed the code so that now you'll get all results, just install the latest version and let me know how it goes.

Hi Renato,

How did you change the limit of 1000? Is it a part of AD server configuration? Or OutSystems server configuration?

I am having the same issue with LDAP search. Please advise.


Regards,

Michal


Hi Michal,

Just changed the code in the extension. If you set the "PageSize" parameter before doing the search it will get all the results, if not then it will limit to 1000.

Don't know how you will do that in the LDAP search extension, but it must be something very similar.

Cheers.

Renato Pauleta wrote:

Hi Michal,

Just changed the code in the extension. If you set the "PageSize" parameter before doing the search it will get all the results, if not then it will limit to 1000.

Don't know how you will do that in the LDAP search extension, but it must be something very similar.

Cheers.

Hi,

Thanks for your response.

I have changed the parameter MaxResults in LDAP_Search system action to 10.000 but it didn't work. It seems that LDAP itself has the limitation that must be changed.

Regards,

Michal


Michal Witek wrote:

Renato Pauleta wrote:

Hi Michal,

Just changed the code in the extension. If you set the "PageSize" parameter before doing the search it will get all the results, if not then it will limit to 1000.

Don't know how you will do that in the LDAP search extension, but it must be something very similar.

Cheers.

Hi,

Thanks for your response.

I have changed the parameter MaxResults in LDAP_Search system action to 10.000 but it didn't work. It seems that LDAP itself has the limitation that must be changed.

Regards,

Michal



Hi Renato,


Good day. I'm using the latest version (2.0.11) for Outsystems 10 and using AD_UsersGet action. Initially I do not populate the ADContainer value and no result. Then I did populate it with value with the lowest OU and was able to get some result. Is there a workaround so that I can get all the result of the whole domain where the users are on sub sub OU's? Thanks in advance.

Hi Michal,


We normally don't use the container and it should work when it's empty and search the entire AD. It might have to do with AD permissions on the root.

Does the user you have configured in the token have permissions in the root of the AD? (admin might be a good test)

Renato Pauleta wrote:

Hi Michal,


We normally don't use the container and it should work when it's empty and search the entire AD. It might have to do with AD permissions on the root.

Does the user you have configured in the token have permissions in the root of the AD? (admin might be a good test)


Hi Renato,


I did use a domain admin account when I configure the token. 

I did create a screen and a simple button and call the AD_UsersGet action. then I put some logs but the logs does not show any user is being retrieve. I get the length of the output as per screenshots below


Thanks for the update.

It's hard to understand what it might be without debugging.


When you've configured the token you just used the domain, username and password, right? 

Because you can also specify a default domain container on the token and if you do not provide the container when calling the AD_UsersGet action it will use the default. Usually we set the default empty, just want to make sure you have everything empty.

If it's empty and it's not working, we would need to find a way to debug it (inside the .NET code).

Renato Pauleta wrote:

Thanks for the update.

It's hard to understand what it might be without debugging.


When you've configured the token you just used the domain, username and password, right? 

Because you can also specify a default domain container on the token and if you do not provide the container when calling the AD_UsersGet action it will use the default. Usually we set the default empty, just want to make sure you have everything empty.

If it's empty and it's not working, we would need to find a way to debug it (inside the .NET code).


Hi Renato, 

I have configured the token using a username, password and a specific container. I was able to make it work and was able to count the number of users.

The problem that I'm facing now is when I do a for each and try to create these 209 items on an entity as I'm getting an error. Actually we do have around 11, 000 user.

Doing some checking, I did put an input box where I can set the maximum iterations for the for each action. When I set the max iteration to say something like 20, I will not encounter the issue. If I set it to 209 which is the count of user in a specific container, I again get the error.