Maximum objects in an OU (Full Version)

All Forums >> [Management Products] >> Active Directory and Group Policy



Message

rtimson -> Maximum objects in an OU (4/15/2008 6:53:25 AM)

Hi,

Can anyone advise me if there is a theoretical maximum to the number of objects that can be added to and AD OU?

I know the maximum search with the inbuilt AD users and computers find is 10,000 but this can be negated by using a tool such as dsquery.

Thanks in advance.

Rob



jsandys -> RE: Maximum objects in an OU (4/15/2008 10:07:56 AM)

There is no theoretical limit.  There are practical limits based on managebility.  The limit for ADUC is actually 2,000 and it's not really a limit on ADUC, it's the default LDAP query result limit and it is not set in stone; it is controlled by the LDAP server (DC) but can be modified: http://support.microsoft.com/kb/315071.  The reason other tools seem to get around this is because it's actually a page limit and these other tools know how to request multiple pages, ADUC doesn't.

Orignial tests by HP/Compaq on AD 2000 ran with 30 million+ total objects.  I know this doesn't specifically answer your question, but there isn't really an answer to your question.  It all depends on your environment and what you are comfortable with.  Personally, I would say that an OU with more than 5,000 objects in it is too big, but that depends on what you are using the OU for and how big your organization is.  It might make sense for folks like AT&T that have more 100,000 users.



kdsrazor -> RE: Maximum objects in an OU (4/16/2008 3:39:09 PM)

There are some limitations, like group membership.  There are limits in AD 2000 that they worked to resolve in AD 2003.  As far as number of objects in an OU, I'm not sure I've heard of any limitations myself.
There are many practical reasons to break it down from a management perspective, but I realize that is not part of your question.

I know last year I imported about 10K users into an OU to do some testing.  Performance was sluggish all around.  Even though it was a test network, and no users were logging in (other than myself logging in with the odd test account here and there), everything was noticably slower.  I even did this in a domain with one DC... so replication wasn't the bottleneck.  Just having that many objects in AD caused the system to respond slower.  So, this is something to consider when sizing your servers.



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.171875