Update Active Directory maximum limits documentation #8120
Conversation
Added notes on schema object limits, transaction size, and attribute population limits in Active Directory.
HerbertMauerer
requested review from
robinharwood
and removed request for
a team
|
@HerbertMauerer : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
prmerger-automator
bot
added
ad-ds/subsvc
Change sent to author
windows-server/svc
labels
|
Learn Build status updates of commit 5aacf3c: ✅ Validation status: passed
For more details, please refer to the build report. |
There was a problem hiding this comment.
Pull request overview
This PR updates the Active Directory maximum limits documentation to add guidance around schema-object limits, transaction/admin-limit error behavior, and practical attribute-population ceilings.
Changes:
- Adds a note clarifying that nonlinked attribute limits also affect schema objects (classes/attributes).
- Documents an example
ADMIN_LIMIT_EXCEEDEDerror when exceeding database/object limits. - Adds observed limits for how many attributes can be populated on an AD object depending on database page size.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| For more information about the limit, see the [AD database details article](/previous-versions/windows/it-pro/windows-server-2003/cc772829(v=ws.10)#maximum-database-record-size), [many DNS records on a single DNS name](/troubleshoot/windows-server/identity/problems-with-dc-ad-integrated-dns-zones), and [Active Directory replication error 8304: The maximum size on an object has been exceeded](/troubleshoot/windows-server/identity/active-directory-replication-error-8304). | ||
|
|
||
| Note this also applies to schema objects, for example how many attributes you can add to a class with "maycontain" attribute values. In this case you can add additional attribtues through auxiliary classes. |
There was a problem hiding this comment.
This note introduces schema-specific terms but doesn't follow the document's existing formatting conventions. Consider converting it to a NOTE admonition (the doc already uses >[!NOTE] blocks) and formatting schema keywords as code (e.g., mayContain) rather than quoted strings; also use the canonical casing for the schema attribute name.
| Note this also applies to schema objects, for example how many attributes you can add to a class with "maycontain" attribute values. In this case you can add additional attribtues through auxiliary classes. | |
| > [!NOTE] | |
| > This limit also applies to schema objects, for example how many attributes you can add to a class with `mayContain` attribute values. In this case, you can add additional attributes through auxiliary classes. |
| When you want to add object data beyond the database limit, you get an error like: | ||
| The server side error is: 0x2024 The administrative limit for this request was exceeded. | ||
| The extended server error is: | ||
| 00002024: SvcErr: DSID-0205089D, problem 5008 (ADMIN_LIMIT_EXCEEDED), data -1026 |
There was a problem hiding this comment.
The error output example should be formatted as a fenced text code block for readability and consistency with earlier sections (for example, the LDAP bind error output is in a ```text block). Also consider using a consistent hex format (e.g., 0x00002024 to match `00002024`) and hyphenating "server-side".
|
|
||
| The maximum size of the Active Directory transactions that you can perform also affects the limit of how many group members you can have before link-value replication and how many transactions in group membership changes exist. | ||
|
|
||
| Another related limit is the number of attributes that can be populated on an AD object. In testing we find 830-950 non-linked attributes can be populated with 8KB database page size. With 32KB database pages, you can get to about 2500 attributes. If you have the need to store this many attributes, you should consider having additional child objects for your purpose. |
There was a problem hiding this comment.
This paragraph introduces new numeric limits but is inconsistent with terminology/number formatting used elsewhere in the doc (for example, earlier sections use "nonlinked" and thousands separators like "1,200"). Consider aligning to "nonlinked", using "8 KB"/"32 KB" spacing, and formatting "2,500" with a comma. Also, since these are testing-derived figures, add a citation or clearly scope the statement (for example, specify the test environment/Windows Server version) so readers understand how broadly it applies.
| Another related limit is the number of attributes that can be populated on an AD object. In testing we find 830-950 non-linked attributes can be populated with 8KB database page size. With 32KB database pages, you can get to about 2500 attributes. If you have the need to store this many attributes, you should consider having additional child objects for your purpose. | |
| Another related limit is the number of attributes that can be populated on an AD object. In internal Microsoft lab testing, we find that approximately 830-950 nonlinked attributes can be populated with an 8 KB database page size. With 32 KB database pages, you can get to about 2,500 attributes. If you have the need to store this many attributes, you should consider having additional child objects for your purpose. |
|
|
||
| For more information about the limit, see the [AD database details article](/previous-versions/windows/it-pro/windows-server-2003/cc772829(v=ws.10)#maximum-database-record-size), [many DNS records on a single DNS name](/troubleshoot/windows-server/identity/problems-with-dc-ad-integrated-dns-zones), and [Active Directory replication error 8304: The maximum size on an object has been exceeded](/troubleshoot/windows-server/identity/active-directory-replication-error-8304). | ||
|
|
||
| Note this also applies to schema objects, for example how many attributes you can add to a class with "maycontain" attribute values. In this case you can add additional attribtues through auxiliary classes. |
There was a problem hiding this comment.
Typo: "attribtues" should be "attributes".
| Note this also applies to schema objects, for example how many attributes you can add to a class with "maycontain" attribute values. In this case you can add additional attribtues through auxiliary classes. | |
| Note this also applies to schema objects, for example how many attributes you can add to a class with "maycontain" attribute values. In this case you can add additional attributes through auxiliary classes. |
|
#assign: @robinharwood, @dknappettmsft Can you review the proposed changes? #label:"aq-pr-triaged" @MicrosoftDocs/public-repo-pr-review-team |
|
Users robinharwood are already assigned. |
prmerger-automator
bot
added
the
aq-pr-triaged
4 participants
Added notes on schema object limits, transaction size, and attribute population limits in Active Directory.