question

brajkishorSingh-1326 avatar image
0 Votes"
brajkishorSingh-1326 asked VickyWang-MFST answered

HOW TO CHAGE DEFAULT LDAP VALUE FOR ONE DOMAIN CONTROLLER IN FOREST

Hi guys
please help how to change the ldap default value from 120 sec for (InitrecvTimeout & MaxQueryDuration)only for one domain controller across the forest .I gone thorough the below article but could not achieve as we required

can anyone help on this pls

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/view-set-ldap-policy-using-ntdsutil


102552-image.png



regards

windows-active-directory
image.png (23.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered brajkishorSingh-1326 commented

Open ADSI Edit.

In the Configuration partition, browse to Services → Windows NT → Directory Service → Query Policies.

In the left pane, click on the Query Policies container, then right-click on the Default Query Policy object in the right pane, and select Properties.

Double-click on the lDAPAdminLimits attribute.

Click on the attribute you want to modify and click Remove.

Modify the value in the Value to add box and click Add.

Click OK twice.

Using a command-line interface
To view the current settings, use the following command:

reference: https://www.oreilly.com/library/view/active-directory-cookbook/0596004648/ch04s24.html

Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.

Hope this information can help you

Best wishes

Vicky

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Vicky for your kind response

My requirement is to change the LDAP policy value for two domain controller across the forest.As per the above steps it will change default LDAP policy value.If in case I will change on one of DC it will be replicate across the forest & the new value would be same of all the domain controller across the forest .Thanks why we do not want to change default Ldap query policy .

Hope you understand my concern & requirement

Please let me know if in case more info required
Thanks

0 Votes 0 ·
VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,
Thank you for your reply and waiting.

Instructions for configuring per domain controller or per site policy
Create a new query policy under CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, forest root.

Set the domain controller or site to point to the new policy by entering the distinguished name of the new policy in the Query-Policy-Object attribute. The location of the attribute is as follows:

The location for the domain controller is CN=NTDS Settings, CN= DomainControllerName, CN=Servers,CN= site name,CN=Sites,CN=Configuration, forest root.

The location for the site is CN=NTDS Site Settings,CN= site name,CN=Sites,CN=Configuration, forest root.


After the policy is created, it needs to be configured on the DC that requires the new value to take effect

Not after the policy is created, all DCs will be applied

Hope this information can help you

Best wishes

Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered brajkishorSingh-1326 commented

Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Vicky

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your answer

ijust to double check "Not after the policy is created, all DCs will be applied" you mean all for the selective DCs where we have mapped new Query policy under attribute editor with Query-Policy-Object (value Not Set to mapped as per new query policy & it will not change the default query policy for other Dcs as well ? or other dcs policy would be same as have currently am i correct ?

Thanks

0 Votes 0 ·
VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Welcome to share your current situation if there are any updates.

Please feel free to let us know if you need further assistance.


Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Thank you for waiting and replying

》》other dcs policy would be same as have currently am i correct ?


This is ok

Hope this information can help you

Best wishes

Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.