- maximum number of GPOs that can apply to a user/computer: 999
- maximum number of DNS servers in an AD-integrated zone (without manually adding the details): 850 (Windows 2000), 1300 (Windows 2003)
- maximum number of supported DCs in a given domain: 1200
- maximum number of members of a group: 5000 (Windows 2000), unlimited in Windows 2003
- maximum number of DHCP servers in a forest: 850 (Windows 2000 SP1 or RTM), unlimited (Windows 2000 SP2 or later and Windows 2003)
- maximum number of UPN suffixes that can be set through the UI: 850 (you can set more if you need to via ADSI scripts)
- maximum number of objects that can be created over the lifetime of a given DIT (i.e. the AD database on a given DC): 2 billion
- maximum number of DNS servers in an AD-integrated zone (without manually adding the details): 850 (Windows 2000), 1300 (Windows 2003)
- maximum number of supported DCs in a given domain: 1200
- maximum number of members of a group: 5000 (Windows 2000), unlimited in Windows 2003
- maximum number of DHCP servers in a forest: 850 (Windows 2000 SP1 or RTM), unlimited (Windows 2000 SP2 or later and Windows 2003)
- maximum number of UPN suffixes that can be set through the UI: 850 (you can set more if you need to via ADSI scripts)
- maximum number of objects that can be created over the lifetime of a given DIT (i.e. the AD database on a given DC): 2 billion
이때 upnSuffixes attribute의 값 속성과 제한이 OS version 별로 차이가 있는지 확인이 필요해 관련 KB(http://support.microsoft.com/kb/269441, http://social.technet.microsoft.com/Forums/en/winserverDS/thread/22fe2cd4-0d4f-4306-ab64-751a120d77fb )를 찾아보니 딱히 원하는 정보를 찾기 어렵네..
uPNSuffixes schema에 대한 정보는 다음과 같다.
This attribute specifies the list of User-Principal-Name suffixes for a forest.
cn: UPN-Suffixes ldapDisplayName: uPNSuffixes attributeId: 1.2.840.113556.1.4.890 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE schemaIdGuid: 032160bf-9824-11d1-aec0-0000f80367c1 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
해당 uPNSuffixes의 attribute는 multi-value 이긴 하지만, 그 최대값이 Windows 2008 R2에서 얼마인지 확인이 어렵네..
다른 글을 찾아보니
- GUI limits number of suffixes possible to be entered at forest level to 850 (Andrew Levicki), more can be added with scripts
- more means ~1300 in Windows 2003 and later UPN suffixes which can be stored in upnSuffixes attribute on CN=Partitions,
and with script you can enter whatever you like for specific user (joe). It is UI which enforces forest wide suffixes on user object. And You have to be careful if it is configuration with forest trust [1]. But for that number of users and suffixes probably GUI won’t be preferred tool. - We have explicit and implicit types of UPNs (Rick S.). See also KB 929272.
- If you want to use GUI anyway you can easily extend context menu with some script which will allow you to set desired UPN suffix for a user (Jorge).
AD사용자 및 컴퓨터 관리도구 UI에서는 850개까지이고 scripts를 사용할 경우에는 1300이 최대한일 듯 싶다.
댓글 없음:
댓글 쓰기