Active Directory帐户可以成为多少个组?
是否有任何硬性限制,或者您是否知道当您超过一定数量的团体会员资格时可能出现的其他问题?
背景:我们有一个帐户是ca的成员. 400个(可能是嵌套的)组,我们开始在此帐户的组策略处理中看到问题.
不,由于委托人的安全令牌的大小,它仅限于1015(包括嵌套组).
Here’s an article that discusses AD limits,包括团体会员资格.查看安全主体的组成员身份标题.
Here’s another KB article具体谈到集团成员资格.
在处理委托人所属的域之外的域本地组时有例外.从链接到上面的KB:
The only exception to this behavior is that not all domain local security groups that the user is a member of will show up in the user’s token. The only domain local security groups that will show up (in the user’s token) are those groups that the user is a member of that also reside in the domain that contains the computer account that the user is logging on to.