Thursday, October 1, 2020
  • Home
  •             

Active Directory limits

October 16th, 2006 by Patrick S

We started MSBLOG with the intention of blogging about Windows Server most of the time (well that was my aim anyway :P) So lets bring it on back to earth. One of the guys over at the Technet Ireland Blog have done some research around the theoretical limits in an AD environment as part of a project they are working on.

It’s pretty unlikely that many people will ever actually hit these limits (if you do, you probably need to take a fundamental look at your infrastructure architecture and how you support it!) but I thought I’d post them anyhow – they may be useful to someone somewhere 🙂

  • maximum number of GPOs that can apply to a user/computer: 999 
  • maximum number of DNS servers in an AD-integrated zone (without manually adding the details): 850 (Windows 2000), 1300 (Windows 2003)
  • maximum number of supported DCs in a given domain: 1200
  • maximum number of members of a group: 5000 (Windows 2000), unlimited in Windows 2003
  • maximum number of DHCP servers in a forest: 850 (Windows 2000 SP1 or RTM), unlimited (Windows 2000 SP2 or later and Windows 2003)
  • maximum number of UPN suffixes that can be set through the UI: 850 (you can set more if you need to via ADSI scripts)
  • maximum number of objects that can be created over the lifetime of a given DIT (i.e. the AD database on a given DC): 2 billion

Server Rocks 😉

Posted in Windows Server System | 1 Comment »


This entry was posted on Monday, October 16th, 2006 at 1:21 am and is filed under Windows Server System. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


One Response

  1. Active Directory Limits « MogBlog Says:

    […] link […]