What is the LDAP filter string length limit in Active Directory?
https://stackoverflow.com/questions/553293
-
23-08-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Can anyone point me to a resource that defines the maximum allowable length of the LDAP filter string in Active Directory?
Solution
According to Technet: How Active Directory Searches Work, the maximum LDAP request size that the server attempts to process defaults to 10,485,760 bytes.
If the server receives a request that is larger than this value, it closes the connection. Hope that helps.
OTHER TIPS
If you're using the AD Users and Groups GUI interface to contruct the query you are limited to 464 characters. If you're using dsquery from the command line you are not limited to 464 characters. I don't know the upper bounds for filter length on dsquery, but I assume it's inline with the LDAP spec.
According to the specification in RFC1558, there is not a hard limit imposed on the length of LDAP filter strings. Different implementations might have their own limits though.
