Re: More than 200 AD Security Groups

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 17 Oct 2006 09:40:32 -0500

If it makes you feel better, we have about 60,000 groups in our AD and it
works fine.

However, I'd suggest you have them take a look at a Microsoft authorization
framework called AzMan. It provides a nice method for doing granular
application-level permissioning based on a concept called "operations" that
are mapped into roles and eventually into AD security principals (users and
groups).

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx> wrote in message
news:eXPMwHd8GHA.3620@xxxxxxxxxxxxxxxxxxxxxxx

Hi Tomasz,

The reason for the 200 groups is that the application is using the groups
as granular permissions which then aggregates up into roles which also is
permissions groups.

The application is checking for permissions using standard .NET Framework
methods, so that should be ok.

Thanks

Henrik.

"Tomasz Onyszko" <T.Onyszko_nospam_@xxxxxx> wrote in message
news:OpKYQEd8GHA.4552@xxxxxxxxxxxxxxxxxxxxxxx

Henrik Skak Pedersen wrote:

Hello,

I have an application which creates aprox. 200 AD security groups. I
have heard from a customer that there is a performance problem if you
have more that 200 ad groups, is this true?

Nope, there shouldn't be any if there isn't some badly written
application which is doing something weired with AD.

BTW - have You asked them what is a reason for 200 groups for single app?

--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)

Follow-Ups:
- Re: More than 200 AD Security Groups
  - From: Henrik Skak Pedersen

References:
- More than 200 AD Security Groups
  - From: Henrik Skak Pedersen
- Re: More than 200 AD Security Groups
  - From: Tomasz Onyszko
- Re: More than 200 AD Security Groups
  - From: Henrik Skak Pedersen

Prev by Date: Re: Microsoft Exchange System Objects Container
Next by Date: Re: Object Type GUID List
Previous by thread: Re: More than 200 AD Security Groups
Next by thread: Re: More than 200 AD Security Groups
Index(es):
- Date
- Thread

Relevant Pages

Re: Permissions
... I couldn't delete a bunch of stuff in "documents and settings". ... Changing the permissions on a file doesn't seem to help, ... I don't want anything automatically updating. ... There is no reason for media player to run at all. ...
(microsoft.public.windows.vista.security)
Re: Permissions
... Changing the permissions on a file doesn't seem to help, ... WINDOWS DOING STUFF THAT I DIDN'T ASK FOR. ... I don't want anything automatically updating. ... There is no reason for media player to run at all. ...
(microsoft.public.windows.vista.security)
Re: Permissions
... I couldn't delete a bunch of stuff in "documents and settings". ... Changing the permissions on a file doesn't seem to help, ... I don't want anything automatically updating. ... There is no reason for media player to run at all. ...
(microsoft.public.windows.vista.security)
Re: Permissions
... Changing the permissions on a file doesn't seem to help, ... WINDOWS DOING STUFF THAT I DIDN'T ASK FOR. ... I don't want anything automatically updating. ... There is no reason for media player to run at all. ...
(microsoft.public.windows.vista.security)
Re: Finding out if user has privileges to a diectory.
... still have to deal with the exception. ... Is this your only reason for wanting to perform the pre-write ... > If the user has no permissions whatsoever on the directory, ...
(microsoft.public.dotnet.security)