Normal and Maximum depth of nested groups in Active Directory ( LDAP in general )
What would be the normal depth of nested groups in Active Directory? LDAP in general?
What would be the maximum depth of nested groups in Active Directory? LDAP in general?
I have found in most examples and even on some of our servers that the normal depth of nested groups is about 5.
Server -> Domain Name -> Organization -> Organization Unit -> User
Do scenarios actually exist in which we could see this:
Server -> Domain Name -> Organization -> Organization Unit 1 -> Organization Unit 2 -> Some Other Qualifer 1 -> Some Other Qualifier 2 -> ... -> Some Other Qualifier X -> User
where 'X' could be 10 or 20 nested groups deep?
toolmania1
September 19th, 2012 11:14am
On Wed, 19 Sep 2012 15:08:23 +0000, toolmania1 wrote:
>What would be the normal depth of nested groups in Active Directory? LDAP in general?
The only answer to that is "it depends".
>What would be the maximum depth of nested groups in Active Directory? LDAP in general?
I don't know that there is any limit. LDAP has nothing to do with in
any case.
>I have found in most examples and even on some of our servers that the normal depth of nested groups is about 5.
>
>Server -> Domain Name -> Organization -> Organization Unit -> User
>
>Do scenarios actually exist in which we could see this:
>
>Server -> Domain Name -> Organization -> Organization Unit 1 -> Organization Unit 2 -> Some Other Qualifer 1 -> Some Other Qualifier 2 -> ... -> Some Other Qualifier X -> User
>
>where 'X' could be 10 or 20 nested groups deep?
"Could" it be? Sure. Do you allow it? That's up to your admins, I
suppose. How groups are structured usually depends a lot on how the
company is structured.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
September 19th, 2012 11:47am
Thanks for the reply.
I just wanted to be aware of any anomalies that could occur with bizarre / extreme structures so that we know what to test. I really doubt this will happen because how many sub departments can you have in a real organization?
Here would be a blown out of proportion example to illustrate why I ask about the maximum level depth:
Baseball -> Teams -> Yankess -> Players -> Pitchers -> Right Handed -> Under 40 -> Over 6 feet tall -> With a good curve ball -> etc.
Even in that example, the categories used for each nested group starts to get ridiculous. So, maybe this discussion is pointless...lol.toolmania1
September 19th, 2012 12:02pm
On Wed, 19 Sep 2012 15:56:09 +0000, toolmania1 wrote:
>I just wanted to be aware of any anomalies that could occur with bizarre / extreme structures so that we know what to test. I really doubt this will happen because how many sub departments can you have in a real organization?
Hmmm . . . Here's seven without really trying:
..All users
...Asia
....China
.....Province
......City
.......Building
........Floor
I've seen some pretty, errr, creative group structures over the years.
:-)
>Here would be a blown out of proportion example to illustrate why I ask about the maximum level depth:
>
>Baseball -> Teams -> Yankess -> Players -> Pitchers -> Right Handed -> Under 40 -> Over 6 feet tall -> With a good curve ball -> etc.
>
>Even in that example, the categories used for each nested group starts to get ridiculous. So, maybe this discussion is pointless...lol.
>
>
>toolmania1
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
September 19th, 2012 12:30pm
Ya, I see your point. Good to know also from your first hand experience. We will prepare for such structures then. Thanks!toolmania1
September 19th, 2012 1:09pm