No announcement yet.

Group Membership in Active Directory

  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Membership in Active Directory

    Hi, there!

    I have a quick question, on which I was unable to find an answer so far.

    Is there a limit number of members a group can have in Active Directory (Domain Local or Global Groups)?

  • #2
    It depends. In W2K (theoreticaly), a group size is limited to around 5K objects. The limitation is a result of the way the changes are replicated in W2K AD.
    In the case of a group, the moment the group membership changes, the AD will try to replicate the whole "member" attribute of the group object. As the replication of single change to an attibute is limited to a single replication operation, you are limited in the size of the packet that will contain the change. "member" is a multi-value attribute and W2K will try to replicate all it's values.

    You can overcome this behavior by creating groups of size smaller than 5K and nesting them.

    W2K3 presents a feature called LVR (Linked Value Replication), which overcomes the above limitation, hence you can have groups (theoreticaly) not limited in size.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"