Re: More than 200 AD Security Groups

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Joe,

Thank you veru much for you reply.

We actually used to be using Azman but we switch to AD. We had some issues
regarding ClickOnce, Windows 2003 AD Domain Level

Thanks
Henrik

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OhFhzof8GHA.1496@xxxxxxxxxxxxxxxxxxxxxxx
If it makes you feel better, we have about 60,000 groups in our AD and it
works fine.

However, I'd suggest you have them take a look at a Microsoft
authorization framework called AzMan. It provides a nice method for doing
granular application-level permissioning based on a concept called
"operations" that are mapped into roles and eventually into AD security
principals (users and groups).

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx> wrote in message
news:eXPMwHd8GHA.3620@xxxxxxxxxxxxxxxxxxxxxxx
Hi Tomasz,

The reason for the 200 groups is that the application is using the groups
as granular permissions which then aggregates up into roles which also is
permissions groups.

The application is checking for permissions using standard .NET Framework
methods, so that should be ok.

Thanks

Henrik.

"Tomasz Onyszko" <T.Onyszko_nospam_@xxxxxx> wrote in message
news:OpKYQEd8GHA.4552@xxxxxxxxxxxxxxxxxxxxxxx
Henrik Skak Pedersen wrote:
Hello,

I have an application which creates aprox. 200 AD security groups. I
have heard from a customer that there is a performance problem if you
have more that 200 ad groups, is this true?

Nope, there shouldn't be any if there isn't some badly written
application which is doing something weired with AD.

BTW - have You asked them what is a reason for 200 groups for single
app?

--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)






.

Relevant Pages

  • Re: More than 200 AD Security Groups
    ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... as granular permissions which then aggregates up into roles which also is ... The application is checking for permissions using standard .NET Framework ... BTW - have You asked them what is a reason for 200 groups for single app? ...
    (microsoft.public.windows.server.active_directory)
  • Azman, AD, and Windows 7 Fun!
    ... permissions controlled through Azman which in turn is linked to AD groups. ... VS or Windows 7 is replacing it with the newer version. ... we have two AD groups placed in a Azman role (each AD group with ...
    (microsoft.public.windows.server.active_directory)
  • Re: Azman, AD, and Windows 7 Fun!
    ... If you talk about the permissions did you disable UAC on Windows 7 during testing? ... that has permissions controlled through Azman which in turn is linked ... Azman role. ...
    (microsoft.public.windows.server.active_directory)
  • Re: .Net Integration and Application Permission Control
    ... I'd suggest you check out the AzMan authorization framework. ... from .NET or native code. ... AzMan gives you the flexibility to consume other types of principals ... approx 65 different permissions that are growing as the system grows. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Using local AzMan XML store from Win32 Service
    ... AzMan is IIRC not supported under XP. ... > XML store from a process running as a Win32 service. ... > permissions and validated in the AzMan MMC plug-in) so that pretty ... > Windows Server 2003 but doesn't work on Windows XP. ...
    (microsoft.public.dotnet.security)