The limits of Active Directory

A few years ago, at my first IT job, my manager told me that there was a server at Microsoft, and all day long it created objects in a test Active Directory Domain.  "This server has been running since Windows Server 2000 was released" he said, "and it still has not hit a limit on the number of objects AD can hold".

I'm pretty sure he was talking out of his arse at the time, but we really do test the limits of our software at Microsoft (both upper and lower).  Some limits are hardware driven (such as the limits of the 32-bit address space), some are hardcoded limits, and some are practical limits (such as how long it would take to restore in the event of a hardware failure).  As noted at Tomek's blog, the Active Directory Maximum Limits article was recently updated, so check it out if you are curious how many Group Policy Objects can be applied to a user account, or why each Active Directory domain controller can only create 2,147,483,393 objects during its lifetime (and how to work around that limitation).