Thank you for your question and for reaching out with your question today.
In on-premises Active Directory, there is no hard limit on the number of user accounts that can be added to a security group. However, there are practical considerations to keep in mind:
- Performance: Adding a large number of user accounts to a single security group can impact the performance of Active Directory, especially when performing operations such as authentication or group membership checks.
- Usability: Managing a group with a very large number of members can become challenging from an administrative perspective. It may impact the efficiency of managing group membership, group policies, and access control.
- Nesting Limitations: There is a limit to the number of nested groups that can be expanded during authorization. If the group is used for authorization purposes and is heavily nested within other groups, it's important to ensure that the nesting limit is not exceeded.
Considering these factors, it is generally recommended to limit the number of members in a single security group. Instead, you can consider using multiple smaller groups or implementing role-based access control (RBAC) strategies to achieve the desired access control requirements.
If you need to add a large number of user accounts to a group, it's advisable to perform this operation in smaller batches to avoid potential performance issues. Additionally, monitoring the performance and usability impact on Active Directory after adding a significant number of users to a group is recommended.
It's also worth noting that different versions of Active Directory may have different limits or recommendations, so it's a good practice to consult the documentation specific to your version of Active Directory for any limitations or best practices.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
If the reply was helpful, please don’t forget to upvote or accept as answer.