Article ID: 944299 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
For a Microsoft Office SharePoint Portal Server 2003 version of this article, see 885482
You perform a search on a Microsoft Office SharePoint Server 2007 site or on a Microsoft Windows SharePoint Services 3.0 site that is accessed by lots of Active Directory directory service groups and users. The groups and users access the site by using Forms-Based Authentication or Windows NTLM authentication.
When you do this, you receive unexpected search results. This behavior occurs even when you search for items that exist on the SharePoint Server 2007 or Windows SharePoint Services site.
This behavior occurs if the size of the discretionary access control list (DACL) is larger than 64 kilobytes (KB).
The maximum buffer size of the InitializeAcl function is 64 KB. Therefore, the maximum size of a DACL in Windows is 64 KB. This includes the access control entries (ACEs) that are contained in the DACL. SharePoint Server 2007 processes DACL information when the content index is processed.
When lots of groups and users are added to the portal site, and when the size of the DACL is larger than 64 KB, the index operation does not finish successfully.
To work around this behavior, use one of the following methods, as appropriate for your situation:
To prevent this behavior, we recommend that you do not give access to the SharePoint Server 2007 or Windows SharePoint Services site to more than one thousand users, groups, memberships, and roles.
You can apply update 937832 to relax the size limit when you use Forms-Based Authentication.
For more information about update 937832, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/937832/ )Description of the security update for SharePoint Server 2007: October 9, 2007