Question : LDAP- Linked Server Query - 2 Scenarios

I am working with the AD and I am using almost 2 identical queries, but one brings the results and the other does not.

--The Following brings the Account info - one row.
SELECT mail,sAMAccountName , employeeId
FROM OPENQUERY(AD, 'SELECT Name, sAMAccountName, mail, employeeId FROM ''LDAP://DC=Domain,DC=Com''
where sAMAccountName =''aaa'' and objectCategory = ''Person''')
order by sAMAccountName

--The following does not return any row.
SELECT Name,sAMAccountName , employeeId
FROM OPENQUERY(AD, 'SELECT Name, sAMAccountName, mail, employeeId FROM ''LDAP://DC=Domain,DC=Com''
where objectCategory = ''Person''')
where sAMAccountName ='aaa'
order by sAMAccountName

It is interesting that the first query works, because it will not take a 'in' clause within the LDAP inner query.
http://www.experts-exchange.com/Programming/Languages/SQL_Syntax/Q_24676946.html

Are you able to see what I am missing in the second query?
Thanks

Answer : LDAP- Linked Server Query - 2 Scenarios

"The second query with the commented row returns 1000 records"

Was the account you were looking for among the 1000 rows? If not then it might be a LDAP setting as said above to only return the first 1000 rows; maybe there is a way to specify that number inside the OPENQUERY.

Here is form the article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q299410

Limitations
The process of using the OPENQUERY statement to pull information from an LDAP server does suffer from some limitations. The limitations can be circumvented in some cases, but in others the application design must be altered. An external application or COM object that uses ADSI to retrieve the information from the LDAP server and then build a table in SQL by using ADO or other data access methods is another viable method.

The first limitation is that multivalued properties cannot be returned in the result set to SQL Server. ADSI will read schema information from the LDAP server that defines the structure and syntax of the classes and attributes used by the server. If the attribute that is requested from the LDAP server is defined in the schema as being multi-valued it cannot be returned in an OPENQUERY statement.

It is typical for a directory server to enforce a server limitation on the number of objects that will be returned for a given query. This is to prevent denial-of-service attacks and network overloading. To properly query the directory server, large queries should be broken up into many smaller ones. One way to do this is through a process called paging. While paging is available through ADSI's OLEDB provider, there is currently no way available to perform it from a SQL distributed query. This means that the total number of objects that can be returned for a query is the server limit. In the Windows 2000 Active Directory, the default server limit is 1,000 objects.

More information on paging can be found under the following MSDN Library topic:
Paging with IDirectorySearch
http://msdn.microsoft.com/en-us/library/aa746414(VS.85).aspx

For more information about how to modify the server limit for maxPageSize by using NTDSUtil, click the following article number to view the article in the Microsoft Knowledge Base:
315071 How to view and set LDAP policy in Active Directory by using Ntdsutil.exe

Random Solutions

Window server 2003 site to site vpn

Network configuration for fastest possible speed

Inbound calls not terminating properly on FXO port

Remote control agent fail; can't get on network

agent will not run scheduled

Windows 2003 active directory computer creation - who done it?

Question on external IP

2 Domain controllers, 2 subnets, one domain

Windows XP Winsock missing after Office 2000 installation.

Catalyst 4006 CATos %SYS-4-P2_WARN Host is flapping