Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 944299 - Last Review: February 18, 2008 - Revision: 2.2
You receive unexpected search results when lots of groups and users access a SharePoint Server 2007 or a Windows SharePoint Services 3.0 site
For a Microsoft Office SharePoint Portal Server 2003 version of this article, see
885482Â
(http://kbalertz.com/Feedback.aspx?kbNumber=885482/
)
.
You perform a search on a Microsoft Office SharePoint Server 2007 site or on a Microsoft Windows SharePoint Services 3.0 site that is accessed by lots of Active Directory directory service groups and users. The groups and users access the site by using Forms-Based Authentication or Windows NTLM authentication.
When you do this, you receive unexpected search results. This behavior occurs even when you search for items that exist on the SharePoint Server 2007 or Windows SharePoint Services site.
This behavior occurs if the size of the discretionary access control list (DACL) is larger than 64 kilobytes (KB).
The maximum buffer size of the
InitializeAcl function is 64 KB. Therefore, the maximum size of a DACL in Windows is 64 KB. This includes the access control entries (ACEs) that are contained in the DACL.
SharePoint Server 2007 processes DACL information when the content index is processed.
When lots of groups and users are added to the portal site, and when the size of the DACL is larger than 64 KB, the index operation does not finish successfully.
To work around this behavior, use one of the following methods, as appropriate for your situation:
- Reduce the number of groups and of users who are added to the portal site.
For example, reduce the number of groups and of users on the portal site so that the portal site contains fewer than one thousand groups and users. - Create a new group in Active Directory, add the new group to the portal site, and then add all the groups and users who require access to the portal site to the new group.
There is no limit to the number of users, groups, memberships, and roles that can have permissions to access the SharePoint Server 2007 or Windows SharePoint Services site. Therefore, you can still access the site even when the size of the DACL reaches its limit of 64 KB.
To prevent this behavior, we recommend that you do not give access to the SharePoint Server 2007 or Windows SharePoint Services site to more than one thousand users, groups, memberships, and roles.
You can apply update 937832 to relax the size limit when you use Forms-Based Authentication.
For more information about update 937832, click the following article number to view the article in the Microsoft Knowledge Base:
937832Â
(http://kbalertz.com/Feedback.aspx?kbNumber=937832/
)
Description of the security update for SharePoint Server 2007: October 9, 2007
APPLIES TO
- Microsoft Office SharePoint Server 2007
- Microsoft Windows SharePoint Services 3.0
| kbharmony kbtshoot kbexpertiseadvanced KB944299 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate