what is the limtation on creating Number of AAD groups on Azure Tenant?

NM Babu 1 Reputation point

What is the limitation on creation of number of AAD groups on Azure Tenant?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,294 questions
{count} votes

3 answers

Sort by: Most helpful
  1. 2023-03-06T10:00:33.8466667+00:00

    A maximum of 50,000 Azure AD resources can be created in a single tenant

    0 comments No comments

  2. Vasil Michev 94,131 Reputation points MVP

    The limit depends on "edition" of your Azure AD instance. Refer to the official documentation: https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions

    0 comments No comments

  3. JamesTran-MSFT 36,351 Reputation points Microsoft Employee

    @NM Babu

    Thank you for your post!

    I understand you're looking for the Azure AD service limits and restrictions on how many Azure AD Groups can be created within a single Azure tenant. Referencing the documentation shared by @Vasil Michev - the usage constraints and other service limits for the creation of Azure AD Groups can be found below.

    Note: By default, a maximum of 50,000 Azure AD resources can be created in a single tenant by users of the Azure Active Directory Free edition. If you have at least one verified domain, the default Azure AD service quota for your organization is extended to 300,000 Azure AD resources.

    Azure AD service limits and restrictions:

    • A non-admin user can create a maximum of 250 groups in an Azure AD organization. Any Azure AD admin who can manage groups in the organization can also create an unlimited number of groups (up to the Azure AD object limit). If you assign a role to a user to remove the limit for that user, assign a less privileged, built-in role such as User Administrator or Groups Administrator.
    • An Azure AD organization can have a maximum of 5,000 dynamic groups and dynamic administrative units combined.
    • A maximum of 500 role-assignable groups can be created in a single Azure AD organization (tenant).
    • A maximum of 100 users can be owners of a single group.
    • Any number of Azure AD resources can be members of a single group.
    • A user can be a member of any number of groups. When security groups are being used in combination with SharePoint Online, a user can be a part of 2,049 security groups in total. This includes both direct and indirect group memberships. When this limit is exceeded, authentication and search results become unpredictable.
    • By default, the number of members in a group that you can synchronize from your on-premises Active Directory to Azure Active Directory by using Azure AD Connect is limited to 50,000 members. If you need to sync a group membership that's over this limit, you must onboard the Azure AD Connect Sync V2 endpoint API.
    • When you select a list of groups, you can assign a group expiration policy to a maximum of 500 Microsoft 365 groups. There is no limit when the policy is applied to all Microsoft 365 groups.

    Additional Link:

    I hope this helps! If you have any other questions, please let me know.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.