What is the maximum number of security groups a user can be a member in windows active directory and azure active directory ?
What is the maximum number of security groups a user can be a member in windows active directory and azure active directory ?
Hi,
The maximum number of security groups a user can be a member in windows active directory is 1024.
So, if a user is a member of more than about 1,010 custom security groups, the total number of SIDs can exceed the 1,024 SID limit.
For more details you can refer to: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/logging-on-user-account-fails
The maximum number of security groups a user can be a member in azure active directory: A user can be a member of any number of groups. For more details you can refer to: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions
Best Regards,
Azure Active directory
- A non-admin user can create a maximum of 250 groups in an Azure AD organization. Any Azure AD admin who can manage groups in the organization can also create unlimited number of groups (up to the Azure AD object limit). If you assign a role to remove the limit for a user, assign them to a less privileged built-in role such as User Administrator or Groups Administrator.
- An Azure AD organization can have a maximum of 5000 dynamic groups.
- A maximum of 100 users can be owners of a single group.
- Any number of Azure AD resources can be members of a single group.
- A user can be a member of any number of groups.
- By default, the number of members in a group that you can synchronize from your on-premises Active Directory to Azure Active Directory by using Azure AD Connect is limited to 50,000 members. If you need to synch a group membership that's over this limit, you must onboard the Azure AD Connect Sync V2 endpoint API.
refer- https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits
Windows Active directory
Group Memberships for Security Principals
Security principals (that is, user, group, and computer accounts) can be members of a maximum of approximately 1,015 groups.
Maximum Number of Group Policy Objects Applied
There is a limit of 999 Group Policy objects (GPOs) that you can apply to a user account or computer account.
refer- https://www.agileit.com/news/active-directory-limits-maximum-objects-attributes-servers-trusts-domain-controllers-etc/
If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.
21 people are following this question.
Active Directory Password Policy Complexity enable all 4 categories
GPO password minimum length limited to 14 characters
Schedule PC reboot via group policy with user interactoins
Active directory and screen lockout
How to add a user in a different group of the Active Directory with Azure AD Connect