I came across an interesting bunch of statistics the other day when researching a problem I was having. These are the maximum limits for Active Directory
-Maximum number of GPOs that can apply to a user/computer: 999
-Maximum number of DNS servers in an AD-integrated zone (without manually adding the details): 850 (Windows 2000), 1300 (Windows 2003)
-Maximum number of supported DCs in a given domain: 1200
-Maximum number of members of a group: 5000 (Windows 2000), unlimited in Windows 2003
-Maximum number of DHCP servers in a forest: 850 (Windows 2000 SP1 or RTM), unlimited (Windows 2000 SP2 or later and Windows 2003)
-Maximum number of UPN suffixes that can be set through the UI: 850 (you can set more if you need to via ADSI scripts)
-Maximum number of objects that can be created over the lifetime of a given DIT (i.e. the AD database on a given DC): 2 billion
The last one is interesting. This means that no matter what, you can only create 2 billion objects in AD. Even if you delete previous items – it will never use the same ID again.
I decided to calculate when this would be exhausted if you created and deleted an AD object every second – 63 years.
Hopefully the server would have been upgraded by then 🙂
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools