Can we add 50K accounts to an AD security group?

GoodResource 371 Reputation points
2023-07-11T08:48:23.22+00:00

How many maximum user accounts can be added to AD security group (ON premise AD). We have a task to add ALL user accounts to a group which is almost 50K. Thanks.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,535 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 43,971 Reputation points
    2023-07-11T14:55:29.11+00:00

    Hello,

    Thank you for your question and for reaching out with your question today.

    In on-premises Active Directory, there is no hard limit on the number of user accounts that can be added to a security group. However, there are practical considerations to keep in mind:

    1. Performance: Adding a large number of user accounts to a single security group can impact the performance of Active Directory, especially when performing operations such as authentication or group membership checks.
    2. Usability: Managing a group with a very large number of members can become challenging from an administrative perspective. It may impact the efficiency of managing group membership, group policies, and access control.
    3. Nesting Limitations: There is a limit to the number of nested groups that can be expanded during authorization. If the group is used for authorization purposes and is heavily nested within other groups, it's important to ensure that the nesting limit is not exceeded.

    Considering these factors, it is generally recommended to limit the number of members in a single security group. Instead, you can consider using multiple smaller groups or implementing role-based access control (RBAC) strategies to achieve the desired access control requirements.

    If you need to add a large number of user accounts to a group, it's advisable to perform this operation in smaller batches to avoid potential performance issues. Additionally, monitoring the performance and usability impact on Active Directory after adding a significant number of users to a group is recommended.

    It's also worth noting that different versions of Active Directory may have different limits or recommendations, so it's a good practice to consult the documentation specific to your version of Active Directory for any limitations or best practices.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments No comments