...perhaps my original post was too long and boring... Does anyone know what kind of threshold is out there for Mixed Mode AD domains for how many domain local or global groups a user can be a member of? Too many results in a huge SAT and then the user can't really log on.
Does anyone know how many local groups someone can belong to on a member 2K server? This means not a big SAT, but I wonder how the LSA deals with a domain user being a member of, let's say 1500 local groups. Thanks, Alex -----Original Message----- From: Alexander Kha Do Sent: Friday, May 03, 2002 10:50 AM To: NT 2000 Discussions Subject: Too many SIDS in a SAT!! Hi all, We recently made the mistake of installing Frontpage 2002 server extensions ... on a Win2K DC. Wow - this bad boy was hosting all of our student webs, 700 of them. What it did was create 2 security groups for each web (later found out they were domain local). Then it asked if I wanted any user or group to be an administrator of all the webs, so I made a WWWAdmin group (global) that administrator. I had no idea that it would put that global group into 1400 if these web security groups. Well what it did was for anyone in that WWWAdmin group it blew up their Security Access Tokens so they couldn't get onto the Exchange server, they couldn't log in on Terminal Services, and all kinds of other authentication issues. We've since changed the security on the Frontpage server and removed these people from the group. I'll probably end up demoting that server or moving the webs to another server, but... My question is this - I cannot find any documentation on how many SIDS is too many in a SAT!!! We are running a mixed mode domain with 5 DC's. Was the problems we were seeing a result of these groups being domain local? If these groups were local groups on a member server, then the SAT's would not have gone through a token explosion, but would there still be problems logging into the FP Member-server-to-be?? If anyone knows anything about this, PLEASE HELP!!! Thanks, Alex ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
