NethServer release 7.7.1908
Kernel release 3.10.0-1062.9.1.el7.x86_64
Active Directory remote accounts provide
After the domain connection to a very large domain (300,000 users), listing the accounts takes an extremely long time (several hours).
tasks with >60%:
list-users & count-accounts
You can then no longer log on via the web interface port 980, or log on takes a few hours.
The 9090 web interface works, but it takes a long time to call up modules.
Can you limit the connection to a domain to an OU?!
Really? 300.000 is a huge number of users, it’s far more than a “small-medium enterprise”. At that scale it is not possible to list every user on the same page without hitting some resource/time limit.
In my tests I assume 10.000 users that is a respectable number.
Yes it is possible, but I cannot ensure the restriction is observed by all applications.
Log in as root
Go to Users&Groups > Account Provider > Edit provider
There should appear be a similar dialog window:
As you have so many users probably the page never loads… Go to a root shell and type
Yes, there are so many users in the entire forest.
Even so, it was not quite right.
In one specific subdomain there may be only 100,000 users - but still too many.
According to Microsoft, we have the largest “contiguous” Active Directory worldwide.
And this is almost too big.
I’m going to test the OU filter.
Many thanks for the help.