New Active Directory Documents for IT Pros
Did you know that there are certain pre-defined limits of Active Directory? For example, there is a maximum on the number of objects (users, groups, computers, organizational units, group policies, etc.) that can exist in Active Directory; specifically, not more than 2.15 billion objects can exist in the directory and only about 1 billion security principles (users, groups, and computers) can exist. To learn more about specific limitations of Active Directory, check out the article Active Directory Maximum Limits.
This posting is provided "AS IS" with no warranties, and confers no rights.
There is a limit of approximately 1 billion security identifiers (SIDs) over the life of a domain. This limit is due to the size of the global relative identifier (RID) pool of 30 bits that makes each SID (that is assigned to user, group, and computer accounts) in a domain unique. The actual limit is 230 or 1,073,741,823 RIDs. Because RIDs are not reused—even if security principals are deleted—the maximum limit applies, even if there are less than 1 billion security principals in the domain.
Vishal G Nar