Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎09-30-2016 08:48 AM Edited on ‎06-09-2022 03:09 PM By Anonymous

Article Id 194411

Technical Note: [Accelops KB] How to increase Max Page Size in Active Directory to Discover All Users

Description

Summary of Article

Active Directory can allow thousands of users who is then actually discoverable through AO.  AO has the capability to discover as many users as you have in AD.  Environmentally tested up to 30K so far.  There may be a configuration change that is needed in AD in order to properly pull all your users across.  Please follow the Steps below in order to pull all your users

 

Before this step, by default you should be able to discover about 1000 users by default.agodwin_FD39489_tn_FD39489-2.jpg

 

 

Steps

  1. Please Log into your Active Directory Domain Controller as the Domain Admin
  2. Open PowerShell as An Administrator (Right Click Powershell and Run As Administrator)
    • The following are commands you run in NTDSUTIL.EXE
  3. ntdsutil
  4. LDAP Policies
  5. Connections
  6. Connect To Server <LDAP DOMAIN NAME> [eg. mydomain.com]
    • Example Output:
    • Binding to mydomain.com ...
      Connected to mydomain.com using credentials of locally logged on user.
  7. q
  8. show values
    • Example Output:
    • Policy                          Current(New)

      MaxPoolThreads                  4
      MaxDatagramRecv                 4096
      MaxReceiveBuffer                        10485760
      InitRecvTimeout                 120
      MaxConnections                  5000
      MaxConnIdleTime                 900
      MaxPageSize                     1000
      MaxBatchReturnMessages                  0
      MaxQueryDuration                        120
      MaxTempTableSize                        10000
      MaxResultSetSize                        262144
      MinResultSets                   0
      MaxResultSetsPerConn                    0
      MaxNotificationPerConn                  5
      MaxValRange                     1500
      ThreadMemoryLimit                       0
      SystemMemoryLimitPercent                        0
  9. Set MaxPageSize to 12000
    • NOTE: If you have more users, please round up to the nearest 100th [eg. 5485 users then your value should be 5500]
  10. Commit Changes
  11. show values
    • Example Output:
    • Policy                          Current(New)

      MaxPoolThreads                  4
      MaxDatagramRecv                 4096
      MaxReceiveBuffer                        10485760
      InitRecvTimeout                 120
      MaxConnections                  5000
      MaxConnIdleTime                 900
      MaxPageSize                     12000
      MaxBatchReturnMessages                  0
      MaxQueryDuration                        120
      MaxTempTableSize                        10000
      MaxResultSetSize                        262144
      MinResultSets                   0
      MaxResultSetsPerConn                    0
      MaxNotificationPerConn                  5
      MaxValRange                     1500
      ThreadMemoryLimit                       0
      SystemMemoryLimitPercent                        0
  12. q
  13. q
    • You've just increase the discoverable window for your LDAP users!

Here's is an example of the results that you would receive with this configuration change:agodwin_FD39489_tn_FD39489-2.jpg

 

Additional Information

N/A

 

Version Affected

ALL

 

Labels:
2244
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.