question

QuyenNguyen-5002 avatar image
0 Votes"
QuyenNguyen-5002 asked QuyenNguyen-5002 commented

What is the maximum number of security groups a user can be a member

What is the maximum number of security groups a user can be a member in windows active directory and azure active directory ?

azure-active-directorywindows-active-directorywindows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,

The maximum number of security groups a user can be a member in windows active directory is 1024.
So, if a user is a member of more than about 1,010 custom security groups, the total number of SIDs can exceed the 1,024 SID limit.
For more details you can refer to: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/logging-on-user-account-fails

The maximum number of security groups a user can be a member in azure active directory: A user can be a member of any number of groups. For more details you can refer to: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

learn2skills avatar image
0 Votes"
learn2skills answered QuyenNguyen-5002 commented

Hi @QuyenNguyen-5002

Azure Active directory
- A non-admin user can create a maximum of 250 groups in an Azure AD organization. Any Azure AD admin who can manage groups in the organization can also create unlimited number of groups (up to the Azure AD object limit). If you assign a role to remove the limit for a user, assign them to a less privileged built-in role such as User Administrator or Groups Administrator.
- An Azure AD organization can have a maximum of 5000 dynamic groups.
- A maximum of 100 users can be owners of a single group.
- Any number of Azure AD resources can be members of a single group.
- A user can be a member of any number of groups.
- By default, the number of members in a group that you can synchronize from your on-premises Active Directory to Azure Active Directory by using Azure AD Connect is limited to 50,000 members. If you need to synch a group membership that's over this limit, you must onboard the Azure AD Connect Sync V2 endpoint API.
refer- https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits
Windows Active directory
Group Memberships for Security Principals
Security principals (that is, user, group, and computer accounts) can be members of a maximum of approximately 1,015 groups.
Maximum Number of Group Policy Objects Applied
There is a limit of 999 Group Policy objects (GPOs) that you can apply to a user account or computer account.
refer- https://www.agileit.com/news/active-directory-limits-maximum-objects-attributes-servers-trusts-domain-controllers-etc/


If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you very much

0 Votes 0 ·