Having read through most of the replies on this, it's interesting that there was an internal (to Microsoft - just to clarify) discussion on this same topic yesterday.
Seems that a customer was having problems with a function calling APIs for SID creation when the SID exceeded 68 bytes. I'll let you determine from that statement what the largest supported SID is. :o) So, take that number into 12000 and I suspect that will give you a clear idea of how memberships would begin to cause issues with Kerberos. However, as al mentions, this can be increased but I don't know what the max supported size is. And, as to figuring out the actual size of a SID, yes there is. I don't have the algorithm at my finger tips, but it can be derived pretty easily - more easily with C/C++, or Perl, IIRC. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad Sent: Friday, August 19, 2005 7:29 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] User SIDs... Hello All, Does anyone know the default length a users SID (Win2K DC's, WinXP SP2clients ) can be before problems such as http://support.microsoft.com/?kbid=327825 <http://support.microsoft.com/?kbid=327825> start occuring ? Also, there anyway to determine the actual length of a users SID??? TIA, Brad This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/