What is the maximum number of security groups a user can be a member

Quyen Nguyen 81 Reputation points
2021-04-12T03:44:38.607+00:00

What is the maximum number of security groups a user can be a member in windows active directory and azure active directory ?

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,716 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,806 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,325 questions
0 comments
Accepted answer
  1. Fan Fan 15,291 Reputation points Microsoft Vendor
    2021-04-12T05:38:35.75+00:00

    Hi,

    The maximum number of security groups a user can be a member in windows active directory is 1024.
    So, if a user is a member of more than about 1,010 custom security groups, the total number of SIDs can exceed the 1,024 SID limit.
    For more details you can refer to: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/logging-on-user-account-fails

    The maximum number of security groups a user can be a member in azure active directory: A user can be a member of any number of groups. For more details you can refer to: https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions

    Best Regards,

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 13,921 Reputation points MVP
    2021-04-12T05:20:43.9+00:00

    Hi @Quyen Nguyen

    Azure Active directory

    • A non-admin user can create a maximum of 250 groups in an Azure AD organization. Any Azure AD admin who can manage groups in the organization can also create unlimited number of groups (up to the Azure AD object limit). If you assign a role to remove the limit for a user, assign them to a less privileged built-in role such as User Administrator or Groups Administrator.
    • An Azure AD organization can have a maximum of 5000 dynamic groups.
    • A maximum of 100 users can be owners of a single group.
    • Any number of Azure AD resources can be members of a single group.
    • A user can be a member of any number of groups.
    • By default, the number of members in a group that you can synchronize from your on-premises Active Directory to Azure Active Directory by using Azure AD Connect is limited to 50,000 members. If you need to synch a group membership that's over this limit, you must onboard the Azure AD Connect Sync V2 endpoint API.
      refer- https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits
      Windows Active directory
      Group Memberships for Security Principals
      Security principals (that is, user, group, and computer accounts) can be members of a maximum of approximately 1,015 groups.
      Maximum Number of Group Policy Objects Applied
      There is a limit of 999 Group Policy objects (GPOs) that you can apply to a user account or computer account.
      refer- https://www.agileit.com/news/active-directory-limits-maximum-objects-attributes-servers-trusts-domain-controllers-etc/

    If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.

    1 person found this answer helpful.