We frequently get this question in many newsgroups and forums - what's the maximum number of members you can add to a Distribution group? The member attribute of groups - both Distribution and Security groups, is a multi-valued attribute. So the answer is more about how many values can a multi-valued Active Directory attribute hold.
Many of you may remember the recommendation of 5000 values in a multi-valued attribute in Windows 2000, and the fact that the limitation no longer exists in subsequent versions. So what's the actual limit? Or is there a limit at all?
To find out more, we queried our friends in the Directory Services team, who quickly researched it and added this information to Active Directory Maximum Limits. The doc, which answers all kinds of questions about maximum limits and recommendations, has some interesting factoids:
- Maximum number of objects in Active Directory: A little less than 2.15 billion
- Maximum number of SIDs in a domain: About 1 billion
- Maximum number of group memberships for Security Principals: 1015*
*This is for Security groups. Each Security group you're a member of results in its SID being added to your access token at logon.
The doc provides more nuanced answers, recommendations, and workarounds to overcome some limitations, for those times when you absolutely must create more than 2 billion Active Directory objects.
You Had Me at EHLO.