Re: More than 200 AD Security Groups
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Fri, 20 Oct 2006 15:56:32 +0200
also see:
http://blogs.technet.com/mcs-ireland-infrastructure/archive/2006/10/14/active-directory-limits.aspx
http://blogs.technet.com/efleis/archive/2006/06/08/434255.aspx
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx> wrote in message
news:eqr$QvE9GHA.1256@xxxxxxxxxxxxxxxxxxxxxxx
Hi Joe,
Thank you veru much for you reply.
We actually used to be using Azman but we switch to AD. We had some issues
regarding ClickOnce, Windows 2003 AD Domain Level
Thanks
Henrik
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OhFhzof8GHA.1496@xxxxxxxxxxxxxxxxxxxxxxx
If it makes you feel better, we have about 60,000 groups in our AD and it
works fine.
However, I'd suggest you have them take a look at a Microsoft
authorization framework called AzMan. It provides a nice method for
doing granular application-level permissioning based on a concept called
"operations" that are mapped into roles and eventually into AD security
principals (users and groups).
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx> wrote in message
news:eXPMwHd8GHA.3620@xxxxxxxxxxxxxxxxxxxxxxx
Hi Tomasz,
The reason for the 200 groups is that the application is using the
groups as granular permissions which then aggregates up into roles which
also is permissions groups.
The application is checking for permissions using standard .NET
Framework methods, so that should be ok.
Thanks
Henrik.
"Tomasz Onyszko" <T.Onyszko_nospam_@xxxxxx> wrote in message
news:OpKYQEd8GHA.4552@xxxxxxxxxxxxxxxxxxxxxxx
Henrik Skak Pedersen wrote:
Hello,
I have an application which creates aprox. 200 AD security groups. I
have heard from a customer that there is a performance problem if you
have more that 200 ad groups, is this true?
Nope, there shouldn't be any if there isn't some badly written
application which is doing something weired with AD.
BTW - have You asked them what is a reason for 200 groups for single
app?
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
.
- References:
- More than 200 AD Security Groups
- From: Henrik Skak Pedersen
- Re: More than 200 AD Security Groups
- From: Tomasz Onyszko
- Re: More than 200 AD Security Groups
- From: Henrik Skak Pedersen
- Re: More than 200 AD Security Groups
- From: Joe Kaplan
- Re: More than 200 AD Security Groups
- From: Henrik Skak Pedersen
- More than 200 AD Security Groups
- Prev by Date: Re: AD - change user logon name in active directory
- Next by Date: Error migrating users/computers using ADMT
- Previous by thread: Re: More than 200 AD Security Groups
- Next by thread: Re: More than 200 AD Security Groups
- Index(es):
Relevant Pages
|
