Article ID: 927068 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
On a Microsoft Windows Server 2003-based domain controller, you run one of the following command lines to report the permissions for all the organizational units in a domain:
No ACEs for domain\principalname
This issue occurs because the report range of the Dsrevoke tool is limited by the MaxPageSize setting.
To resolve this issue, run the following command to individually search organizational unit trees so that the total number of organizational units is less than the value of the MaxPageSize setting:
dsrevoke /report /root:ou=OU_Name
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
The Dsrevoke tool cannot report permissions when you use the (/) character in the name of an organizational unit. If there is an organizational unit whose name contains the (/) character, the Dsrevoke tool will return the following error message:
Error occurred in finding ACEs
For more information about the MaxPageSize setting, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/315071/ )How to view and set LDAP policy in Active Directory by using Ntdsutil.exe
Article ID: 927068 - Last Review: January 16, 2015 - Revision: 2.0