Re: Net::LDAP retrieval of Active Directory group members (multi-valued attributes that exceed the server side limit.)

Most likely, you are running into this limit: (From MS KB 315071):

MaxValRange - This value controls the number of values that are returned for an attribute of an object, independent of how many attributes that object has, or of how many objects were in the search result. In Windows 2000, this control is "hard" coded at 1,000. If an attribute has more than the number of values that are specified by the MaxValRange value, you must use value range controls in LDAP to retrieve values that exceed the MaxValRange value. MaxValueRange controls the number of values that are returned on a single attribute on a single object.
Default value:

Windows 2000 - 1,024

Windows Server 2003 - 1,500

You will probably need to fix it in AD, using ntdsutil.

"XML is like violence: if it doesn't solve your problem, use more."

Comment on Re: Net::LDAP retrieval of Active Directory group members (multi-valued attributes that exceed the server side limit.)