通过

Active Directory limits

  • 项目

I've been doing a bit of research around the theoretical limits in an AD environment as part of a project I'm working on. It's unlikely that many people will ever actually hit these limits (if you do, you probably need to take a fundamental look at your infrastructure architecture and how you support it!) but I thought I'd post them anyhow - they may be useful to someone somewhere :-)

- maximum number of GPOs that can apply to a user/computer: 999
- maximum number of DNS servers in an AD-integrated zone (without manually adding the details): 850 (Windows 2000), 1300 (Windows 2003)
- maximum number of supported DCs in a given domain: 1200
- maximum number of members of a group: 5000 (Windows 2000), unlimited in Windows 2003
- maximum number of DHCP servers in a forest: 850 (Windows 2000 SP1 or RTM), unlimited (Windows 2000 SP2 or later and Windows 2003)
- maximum number of UPN suffixes that can be set through the UI: 850 (you can set more if you need to via ADSI scripts)
- maximum number of objects that can be created over the lifetime of a given DIT (i.e. the AD database on a given DC): 2 billion

Comments

  • Anonymous
    January 01, 2003
    The difference between hard and soft is irrelevant if the limits are those that are "supported". There is no difference between something the product will not do, and which it will potentially do if either scenario is not supported by Microsoft. We will work on identifying the sources for each in another post - that's a great idea.

  • Anonymous
    January 01, 2003
    In terms of the "soft" limit of 5k members per group - this is in terms of the impact due to the replication mechanism in w2k versus w2k3. In w2k the limit was indeed soft, but exceeding it could lead to undesirable replication overhead. With the change in replication in w2k3, this soft limit was no longer an issue because only the deltas would get replicated as opposed to the entire group membership. Of course, if you add a large number of members to a group at once you will get replication overhead regardless as you say - however the number of real world scenarios where this would happen is very small - apart from perhaps a migration context which in itself should be treated as a special case from an operational perspective.

  • Anonymous
    January 01, 2003
    nice blog.. http://blogs.technet.com/mcs-ireland-infrastructure/archive/2006/10/14/active-directory-limits.aspx...

  • Anonymous
    January 01, 2003
    Daca sunteti curiosi care sunt limitele teoretice ale resurselor intr-un mediu Active Directory puteti...

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    For more info on AD limit's, check out Eric's DIT blog at:  http://blogs.technet.com/efleis/archive/2006/06/08/434255.aspx