Whats the maximum number of groups a user can be a member of in a 2003 domain ? I have users that are members of 1,000 + groups that started to get the error : 'During a logon attempt the user's security context accumulated too many security ids' I have implemented the Cred SSPI fix to set the token size to 65,535 but some uses with a large group membership cannot logon until I remove some groups. Is there a way round this ? If this resolved in 2008 R2 domain and forest level ? Thanks

Hello, the maximum is 1015 doesn't matter which OS is used: http://technet.microsoft.com/en-us/library/active-directory-maximum-limits-scalability(WS.10).aspxBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Note that this limit is the total number of security group memberships. It includes direct group membership, the "primary" group of the user, and all security group memberships due to group nesting. It does not include distribution groups. Richard Mueller - MVP Directory Services

Hi, Besides the above suggestion, please also have a look at this article: Users who are members of more than 1,015 groups may fail logon authentication http://support.microsoft.com/kb/328889 Hope it helps. Regards, Bruce This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.