Active Directory Limits

I faced few questions in past about the maximum numbers in Active Directory. I managed to findout below and happy to share with you all.

Q1 : Maximum number of objects that can be created in active directory?
A : A little bit less than 2.15 billion.

Q2 : Maximum number of {users & computers & Groups} active directory can have?
A : ~ 1 billion.

Q3 : A user/computer/group can be member of how many groups at a time?
A : ~1,015 groups at max.

Q4 : What is the maximum length for FQDN Active Directory?
A : Should not exceed 64 characters.

Q5 : How big my OU name can be?
A : 64 characters max.

Q6 : What is the maximum no. of GPOs that can be applied to a user or a computer?
A : 999. No surprise..!! This is in place for performance reasons. But don’t relate it with no. of GPOs a Active directory system can have.

Q7 : How many accounts a LDAP transaction can hold?
A : 5000. This you can see when writing scripts. A roll back can happen if this limit is exceeded. Don’t compare it with ADODB objects 1000 limit. Both are different.

Q8 : How many objects a group can hold?
A : M$ hasn’t defined any limit yet. But few production environments proved up to 4 million objects. For windows 2000 active directory the static limit is 5000.

Q9 : Any limits on no. of domains a forest can have?
A : Yes, of course. Recommended Maximum no. of domains in a windows 2003 forest is limited to 1,200 and windows 2000 forest is 800.

Q10: How many Domain Controllers a domain can have?
A : Recommended maximum no. of DCs in a domain is limited to 1,200.

I hope this is informative. Please feel free to make any corrections and new additions.

