By default, AD imposes a sizelimit of 1000 entries. This is the max number of entries that can be returned in a single bind request. There is no way to modify this (outside of AD) so we must use userBaseFilters and/or groupBaseFilters to reduce the number of entries returned.
A separate call is made on userBaseDN and groupBaseDN so the max is really 1000 user entries and 1000 group entries PER DN. If you specify multiple DNs in your configuration, multiple calls are made to AD, each which allows the max sizelimit.
A workaround?
Try using a more specific BaseDN. For example, instead of dc=SplunkSupport,dc=Com, use a combination of :
ou=People,ou=USA,dc=SplunkSupport,dc=Com;ou=People,ou=Canada,dc=SplunkSupport,dc=Com;
Use LDAP filters. See this blog post for examples of LDAP filters used to further reduce the number of entries returned.
Use the AD GC port.
... View more