Share via

What is the maximum number of security groups a user can be a member

Quyen Nguyen 81 Reputation points
2021-04-12T03:44:38.607+00:00

What is the maximum number of security groups a user can be a member in windows active directory and azure active directory ?

Windows for business Windows Client for IT Pros Directory services Active Directory
Microsoft Security Microsoft Entra Microsoft Entra ID
Windows for business Windows Client for IT Pros User experience Other
0 comments
Accepted answer
  1. Anonymous
    2021-04-12T05:38:35.75+00:00

    Hi,

    The maximum number of security groups a user can be a member in windows active directory is 1024.
    So, if a user is a member of more than about 1,010 custom security groups, the total number of SIDs can exceed the 1,024 SID limit.
    For more details you can refer to: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/logging-on-user-account-fails

    The maximum number of security groups a user can be a member in azure active directory: A user can be a member of any number of groups. For more details you can refer to: https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions

    Best Regards,

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 15,256 Reputation points MVP Volunteer Moderator
    2021-04-12T05:20:43.9+00:00

    Hi @Quyen Nguyen

    Azure Active directory

    • A non-admin user can create a maximum of 250 groups in an Azure AD organization. Any Azure AD admin who can manage groups in the organization can also create unlimited number of groups (up to the Azure AD object limit). If you assign a role to remove the limit for a user, assign them to a less privileged built-in role such as User Administrator or Groups Administrator.
    • An Azure AD organization can have a maximum of 5000 dynamic groups.
    • A maximum of 100 users can be owners of a single group.
    • Any number of Azure AD resources can be members of a single group.
    • A user can be a member of any number of groups.
    • By default, the number of members in a group that you can synchronize from your on-premises Active Directory to Azure Active Directory by using Azure AD Connect is limited to 50,000 members. If you need to synch a group membership that's over this limit, you must onboard the Azure AD Connect Sync V2 endpoint API.
      refer- https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits
      Windows Active directory
      Group Memberships for Security Principals
      Security principals (that is, user, group, and computer accounts) can be members of a maximum of approximately 1,015 groups.
      Maximum Number of Group Policy Objects Applied
      There is a limit of 999 Group Policy objects (GPOs) that you can apply to a user account or computer account.
      refer- https://www.agileit.com/news/active-directory-limits-maximum-objects-attributes-servers-trusts-domain-controllers-etc/

    If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.