SUMMARY
This article discusses domain limitations in terms of the numbers of users, groups, and computers in a domain, and the number of users in groups. The total number of users, groups, and computers in the domain determines the overall size of the security accounts manager (SAM) database. The way groups within a domain are implemented also affects the size of the SAM database.
The following table represents general guidelines, which assume that the computer functions only as a domain controller (DC) and that no other major Windows NT services are running on the computer. This includes the following services: SQL Server, SNA Server, Exchange, File and Print Services, Remote Access Service, WINS, DNS, and DHCP.
All values are listed in megabytes (MB). This also assumes that the paging file is at least 250 MB in size.
Number SAM Registry PagedPool CPU Paging RAM
of users size size size needed* file size
--------------------------------------------------------------------------
3,000 5 25 (default) 50 (default) 486DX/33 32 16
7,500 10 25 (default) 50 (default) 486DX/66 64 32
10,000 15 25 (default) 50 (default) P, M, or A 96 48
15,000 20 30 75 P, M, or A 128 64
20,000 30 50 100 P, M, or A 256 128
30,000 45 75 128 P, M, or A 332 166
40,000 60 102 128 SMP 394 197
50,000 75 153 192 SMP 512 256
60,000 80 153 192 SMP 1GB 512
* P, M, and A are used to represent Pentium, MIPS, or Alpha.
NOTE: The processor type is relatively unimportant in relation to the number of users supported on a domain controller. Processor type is more important when considering client authentication, and when domain controllers are used for more than one purpose. For large domain operations, Microsoft strongly recommends that your domain controllers be used only for user validation.