|
Did a
google search...came up with the following:
When you
change a user-account attribute under NT 4.0, NT replicates the user's entire
record; AD replicates only the changed attribute. However, AD stores a group's
membership as one attribute. The list of a group's users and machines (yes,
groups can contain machine accounts in AD) resides in that attribute. The catch
is that attributes have a maximum size in the AD database, and AD doesn't have
room for more than 5000 SIDs in a group's membership attribute. (This gotcha
doesn't limit the built-in Domain Users group, however, which apparently doesn't
suffer from the 5000-member cap.)
An
interesting read, anyone else have any more information?
Regards,
Benton
Chase Wink
-------------------------------------------------
Benton Chase Wink, CCNA
MCSE
McCombs School of
Business
LAN Administrator,
Network Team
512-471-9938
512-619-9016
A
global group is a global group, is a global group, is a global
group..
But
if your script enumerated the groups within the group to find nested members,
then that would be reasonable to find 10,000
After my last response... I hesitate, but...
If
I'm not mistaken, I read somewhere that the Domain Users group (at least I
*think* it
was
that one) isn't actually a group in the strictest sense of the
word.
Correct away... (crossing my fingers ;)
T.
-----------------------
Tony Bowman, MCSE, MCSA, CCNA
Harvest,
AL
[EMAIL PROTECTED]
Does this apply to
the "Domain Users" group ?!?
I ran a script
against our Domain and returned over 10,000 users that are a member of
"Domain Users"
-----Original
Message-----
From:
Hutchins, Mike [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 2:46
PM
To:
'[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Active
Directory Limitations - max 5000 users per group?
The
5000 user limit is not a 5000 "user" limit, it is a 5000 Direct member limit. I
don't think anyone in their right mind would have 5000 users in one group. I
would suggest nesting them to make them more manageable
anyways.
FYI,
.NET removes this limitation for the nutty people.
-----Original
Message-----
From: AMAN,
ALICE L. (JSC-GT4) (NASA) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 1:34
PM
To:
'[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Active
Directory Limitations - max 5000 users per group?
Someone on
slashdot.org (pro-linux site) indicated real-world problems with
AD
"Groups aren't scalable, supporting max
5000 users."
I want
to recommend that we keep our people directory flat but if groups have a
maximum of
5000
users, this will be an obstacle. Would anyone care to
comment?
-----Original
Message-----
From: Gil
Kirkpatrick [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 11:49
AM
To:
'[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Active
Directory Limitations
Actually the size
of the directory itself doesn't really affect replication traffic (except
when you bring up a new domain controller). Its the amount of data that is
changed, and how frequently it is changed, that drives the replication
traffic.
-----Original
Message-----
From: T
Bowman [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 9:04
AM
To:
[EMAIL PROTECTED]
Subject: RE: [ActiveDir] Active
Directory Limitations
I do not
believe there is a hard limit. I do know it is capable of handling
millions of objects.
However, keep in
mind that the size will affect replication and thus your
network.
-----------------------
Tony
Bowman, MCSE, MCSA, CCNA
Harvest, AL
[EMAIL PROTECTED]
-----Original
Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eoin
Mooney
Sent: Tuesday,
June 04, 2002 10:48 AM
To:
'[EMAIL PROTECTED]'
Subject: [ActiveDir] Active
Directory Limitations
Hi all,
I know this is probably a very general question
, but is there a limit with relation to active directory
size.
Number of folders created , data stored
,etc,etc
Regards
Eoin
|
