Problem with opening a saved query as an .msc file

Question

Hello,

I have a pretty strange problem. I have two domains. I open mmc, add Active Directory Users snap-in, create a custom query for all users in an OU and then save this as an .msc file. When I do this for one of the domains, opening the .msc file works as expected. But when I do this for the other domain, the console gives an error and the .msc file doesn't open. What's even stranger on the "broken" domain if I query users in another OU, then it works. The problem seems to be with one OU, which is the main one, containing 10K+ users. The solution has been working for the past two years.

I'm trying this on the PDC for each of the domains and they have the same updates - KB5030214 (Server 2019).

How is it even possible to have the query as expected but it doesn't open when saved as an .msc file? Any ideas where to start looking will be appreciated.

Answer 1

Hello Martin Gospodinov,

Thank you for posting in Microsoft Community forum.

1. Based on the description "But when I do this for the other domain, the console gives an error and the .msc file doesn't open.", what error message did you receive?

2.How many Domain Controllers are there in the "broken" domain? If you have more than one DC, on another DC in the same domain, please check if you can create a custom query for all users in the same OU and then save this as an .msc file and try to open it.

If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

Answer 2

Hello Martin Gospodinov,

Thank you your reply.

Can I reproduce the issue in my lab? If so, would you please tell the detailed steps that I can do?

Then I will check the result in my lab.

Best Regards,
Daisy Zhou

Answer 3

Yes, sure, it's pretty easy reproducible. Here are the steps:

1. Create basic active directory infrastructure.
2. Log in to a domain controller > start mmc > import Active Directory Users and Computers snap-in > Create a custom Saved Query that gets users from one organizational unit > Save As the query on the desktop as .msc file. Open the .msc file --> it opens fine.
3. Create more than 10K users in the organizational unit that is the scope of the query so there are more than 10K results in the query.
4. Try to open again the .msc file --> crashes.
5. Reduce the number of users in the organizational unit to below 10K and open again the .msc file --> opens fine.

Answer 4

Hello Martin Gospodinov,

Thank you your reply.

In my lab, I have only several users.

I create a custom Saved Query that gets users from one organizational unit with several users and saved as .msc file, I can open it successfully.

I am sorry, I do not create more than 10K users in one OU (because it is too much work for me) and test it.

Based on your description and test, it seems there is limitation about it. But I am sorry, I cannot find any link or document to explain it currently.

Best Regards,
Daisy Zhou

Answer 5

Yesterday I created a new VM on my machine, raised a test domain, created users and the result is exactly the same. It seems this behavior is by default. Then I tried:

ntdsutil "ldap pol" conn "con to server localhost" q "show values" ldap policy: set MaxPageSize to 2000 ldap policy: Commit Changes ldap policy: set MaxTempTableSize to 20000 ldap policy: Commit Changes Also created a GPO with "Maximum size of Active Directory searches" set to a high number and yet the problem is the same. The error is generic. In event viewer:

And when opening saved query .msc file: