it's probably not logical for you to do this to yourself and thus there is not much to worry about. however, through a series of nesting groups, you can very well do this without thinking much about it. anyway, by the nature of the fact that I am posting this ... means I ran into it. :( for clarity, the group limitation is actually 1015 when you factor in well-known SIDs. the error message this is what you will see when attempting to log in: The system cannot log you on due to the following error: During a logon attempt, the user’s security context accumulated too many security IDs . Please try again or consult your system administrator . detecting the problem if you want to see how many groups you (or some other user account) is a member of, use the following kinds of commands (may produce different results*): powershell Get-QADUser myuserid | Select-Object -ExpandProperty allmemberof | measure cmd shell dsquery user -samid myuserid | dsget user -memberof -expand |
notes, ramblings, contemplations, transmutations, and otherwise ... on management and directory miscellanea.