SharePoint : UPA OU selection control in AD Sync Connection cannot list more than 1000 objects
You have a SharePoint 2010/2013 environment with User profile Service application configured for FIM Synchronization . You create an AD connection to sync Users from AD . When you try to enumerate the users from an organizational unit (OU), We see only first 1000 items displayed in the view .
It can be a huge problem if a customer want to exclude some OU ?users from the import where they have more than 1000 objects. It can happen that they cannot deselect the OU that they don’t want to import obviously because it is not listed.
Captured network traffic to see what is happening in the background , while a LDAP request that is sent to the DC, it seems that the limitation with the fixed sizeLimit attribute which is explicitly set to 1000.
searchRequest
baseObject: CN=Partitions,CN=Configuration,DC=CONTOSO,DC=COM
scope: singleLevel (1)
derefAliases: neverDerefAliases (0)
sizeLimit: 1000
timeLimit: 0
typesOnly: False
Filter: (objectClass=*)
filter: present (7)
present: objectClass
attributes: 0 items
We have few workarounds that will address this requirement.
1. Put all the users you want to import into SharePoint into their own OU and configure the synchronization connection to pull data from just that OU(s).
2. Populate an unused attribute on the users you wish to import and create a connection filter based on that attribute.