that's not a problem for AD with respect to storage or
replication. Realize you still have the limitation of not adding or removing
more than approx. 5000 members at once, since otherwise you still run into the
same jet database issues. Any tool you use for provisioning group-memberships
should take this under consideration. Groups in 2003 FFL have been
tested by MSFT with 1million members.
I've not heard of interoperability constraints other than
the aforementioned - however, if you have an app that doesn't rely on a user's
token to determine his permission or group membership, but instead reads all the
members from such a large AD group, you'll have to make sure it's
capable of handling these numbers as well.
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mr Oteece
Sent: Dienstag, 25. April 2006 03:51
To: [email protected]
Subject: [ActiveDir] Practical limits on AD group size in Windows Server 2003
What is the practical limit on group size in AD when running Windows Server
2003 native mode? Linked value replication solves the 5000 user "limit" and I
understand the limitations of reading out membership of large groups and the use
of ranged retrieval ( http://msdn2.microsoft.com/en-us/library/ms180907(VS.80).aspx).
But are there any other gotchas? Interoperability constraints? Tool constraints?
Replication issues?
How large have people out there made their groups? I am looking at groups
with membership on the order of 100K.
Thanks!
