Daily IT Matters, this is the place where I post my daily findings on IT.

Sunday, October 15, 2006

Active Directory Limits

below is taken from a technet blog!


I've been doing a bit of research around the theoretical limits in an AD environment as part of a project I'm working on. It's unlikely that many people will ever actually hit these limits (if you do, you probably need to take a fundamental look at your infrastructure architecture and how you support it!) but I thought I'd post them anyhow - they may be useful to someone somewhere :-)
- maximum number of GPOs that can apply to a user/computer: 999
- maximum number of DNS servers in an AD-integrated zone (without manually adding the details): 850 (Windows 2000), 1300 (Windows 2003)
- maximum number of supported DCs in a given domain: 1200
- maximum number of members of a group: 5000 (Windows 2000), unlimited in Windows 2003
- maximum number of DHCP servers in a forest: 850 (Windows 2000 SP1 or RTM), unlimited (Windows 2000 SP2 or later and Windows 2003)
- maximum number of UPN suffixes that can be set through the UI: 850 (you can set more if you need to via ADSI scripts)
- maximum number of objects that can be created over the lifetime of a given DIT (i.e. the AD database on a given DC): 2 billion


No comments: