ADAM: Multi-valued (string) attributes: maximum number of values?

Discussion in 'Active Directory' started by Michael Herman \(Parallelspace\), Nov 24, 2004.

  1. Is there a maximum limit on the number of values a multi-valued attribute
    can have?

    ....if so, is it based on the number of values? ...combined total storage of
    the values?

    My requirement is to store as many as a million values in a single attribute
    (vs. having to create entity container).

    Michael.

    --
    Michael Herman
    Parallelspace Corporation
    Developers of Advanced Business Collaboration Solutions for Microsoft
    SharePoint, Microsoft Live Communications Server, Active Directory and
    Groove Workspace
    Portal and Content Migration Specialists:
    http://www.parallelspace.net/sharepoint
    SharePoint Migration Knowledge Center:
    http://groups.yahoo.com/group/sharepointmigration
     
    Michael Herman \(Parallelspace\), Nov 24, 2004
    #1
    1. Advertisements

  2. My understanding is that there is no real limit for link value attributes
    (DN syntax), but the limit for other types (strings and such) is around 850
    for AD 2K3 and ADAM. Dmitri can probably confirm the exact numbers. I
    think it is based on the number of values, not on the size.

    Joe K.

    "Michael Herman (Parallelspace)"
     
    Joe Kaplan \(MVP - ADSI\), Nov 24, 2004
    #2
    1. Advertisements

  3. That's correct. In ADAM and AD (w2k3 forest mode) the limit is around 1300
    values, total per object, non-linked only, regardless of value size. In AD
    (pre-w2k3 forest mode) the limit is approximately 850 values.

    Now, the way people get around this is by creating a linked DN-string (or
    DN-binary) attribute. This is the syntax that allows to append a string (a
    blob) to a DN value. Then you can have unlimited number of values, you just
    have to set the DN part to something.

    The downside of this approach is that you can not index such attribute. You
    can set the index bit, but it will have no effect. Linked attributes are
    always implicitly indexed, and this index only includes the DN part.

    We keep talking about removing the max value count limitation (which comes
    from esent), but I don't think this is coming any time soon...

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Dmitri Gavrilov [MSFT], Nov 24, 2004
    #3
  4. Thanks Dmitri,

    Re: creating a linked DN-string (or DN-binary) attribute

    I found the MSDN reference for DN-String (2.5.5.14) here:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/choosing_a_syntax.asp

    ....and they're also mentioned here in the context of Linked Attributes:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/linked_attributes.asp

    ....and a DN-String attribute declaration sample can be found here:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/ldif_scripts.asp

    QUESTION: So I understand attributes when they're simple things like strings
    and integers. In the case of DN-String, is it correct to think of the value
    of a DN-String attribute being a 2-tuple (or loosely, a name-value pair)
    consisting of a DN and a String?


    Re: you can have unlimited number of values, you just have to set the DN
    part to something

    CONFIRMATION: So the idea is to use the String part as a string blob and not
    really use the DN part?


    QUESTION: What are some examples of where DN-Strings are typically used?


    QUESTION: What are some examples of where Linked DN-Strings are typically
    used?



    Thanks,
    Michael.
     
    Michael Herman \(Parallelspace\), Nov 25, 2004
    #4
  5. See inline.

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm

    "Michael Herman (Parallelspace)"
    Well yes. You *can* use the DN part too, if you want to.
    Normally, you'd use them when you need a DN value with an additional string
    qualifier. There are no dn-string attributes in the default AD schema, but
    there are a few DN-binary ones. See, for example,
    http://msdn.microsoft.com/library/en-us/adschema/adschema/a_wellknownobjects.asp
    Again, whenever you need a linked attribute with an attached string value.

    You can also use this syntax when you need to have more than 850/1300 values
    per object. AD does not use this by itself, but some of our customers do
    this. Cert services, for example.

    One other warning -- don't use empty DN as your dn value. We recently fixed
    a bug (fix to come in SP1), which involved disallowing creating such values.
    Always put some DN in -- even if you don't need it. Point to something --
    self or perhaps domain head. Note you are not wasting any space doing this.
    Any DN value (even empty one) is represented by a DWORD in the database.
     
    Dmitri Gavrilov [MSFT], Nov 25, 2004
    #5
  6. Another thing to watch out for is that DNBinary and DNString are somewhat
    painful to deal with using the managed code APIs (System.DirectoryServices).
    This is because you need to use the ADSI wrapper types to manipulate them
    via COM interop. There isn't a lot of information on this as these types
    are very rarely used, but most of the relevant documentation will be in the
    ADSI SDK, not in S.DS.

    This isn't to say that you can't make this work, though. Just that it is a
    little extra work.

    Joe K.
     
    Joe Kaplan \(MVP - ADSI\), Nov 25, 2004
    #6
  7. Thank you Dimtri and Joe for the detailed feedback,

    Michael.
     
    Michael Herman \(Parallelspace\), Nov 29, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.