Question

Locked

Active Directory Maximum Group Membership

By abhill ·
Does anyone know if there's a max limit to group membership (global security groups) in AD 2003? I have a supplier who insists we add every user to a specific group for their product because their product can't handle nested groups! My worry is whether taking such action would have any performance issues for AD (in essence this is like duplicating the "Domain Users" group).

Can anyone advise?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Issues

by scott_heath In reply to Active Directory Maximum ...

It shouldn't cause any issues unless it is a Universal group due to the way it replicates group information.

Collapse -

Security Groups

by abhill In reply to Issues

Is the Gobal Catalog affected by Security Groups?

Collapse -

I tried to find...

by scott_heath In reply to Security Groups

... a reference site with more details, but I couldn't and I don't have much more time to Google for it. Basically if you have a single domain controller there isn't much to worry about. When you have multiple DCs when you have 20,000 users in a group and it has to replicate the whole group you are increasing traffic. of course if your DCs sit on a fiber backbone in the same datacenter, that doesn't matter much either.

Do some Google-ing and see what you find. I don't think you will have any issues though. I doubt we are talking about more than a couple thousand objects, correct?

Collapse -

10 million objects

by CG IT In reply to I tried to find...

10 million objects is the maximum in W2K environment users, computers, groups, OUs, security policies.

you can nest groups and assign permissions to users that way, but the administrative and documentation effort can be daunting.

Collapse -

10,000 Users in a group

by abhill In reply to I tried to find...

Thanks for post Scott. I'm probably looking at adding up to 10,000 users to a single group. That would replicated round 4 DCs across two campuses which will be connected by fibre. I tried Googling for answers but didn't come up with much. Can't even find much related to this (with AD 2003) on Microsoft site. Maybe I should send the question to Mr Gates!

Back to Software Forum
5 total posts (Page 1 of 1)  

Related Forums